directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [25/51] [partial] directory-fortress-core git commit: FC-109 - rename rbac package to impl
Date Tue, 02 Jun 2015 18:36:50 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java
deleted file mode 100755
index 8029a69..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java
+++ /dev/null
@@ -1,687 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.directory.api.ldap.model.constants.SchemaConstants;
-import org.apache.directory.api.ldap.model.cursor.CursorException;
-import org.apache.directory.api.ldap.model.cursor.SearchCursor;
-import org.apache.directory.api.ldap.model.entry.DefaultEntry;
-import org.apache.directory.api.ldap.model.entry.DefaultModification;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.Modification;
-import org.apache.directory.api.ldap.model.entry.ModificationOperation;
-import org.apache.directory.api.ldap.model.exception.LdapException;
-import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
-import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
-import org.apache.directory.api.ldap.model.message.SearchScope;
-import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.fortress.core.CreateException;
-import org.apache.directory.fortress.core.FinderException;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.model.ObjectFactory;
-import org.apache.directory.fortress.core.RemoveException;
-import org.apache.directory.fortress.core.UpdateException;
-import org.apache.directory.fortress.core.ldap.ApacheDsDataProvider;
-import org.apache.directory.fortress.core.model.PwPolicy;
-
-
-/**
- * This DAO class maintains the OpenLDAP Password Policy entity which is a composite of the following structural and aux object classes:
- * <h4>1. organizationalRole Structural Object Class is used to store basic attributes like cn and description</h4>
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code> objectclass ( 2.5.6.14 NAME 'device'</code>
- * <li> <code>DESC 'RFC2256: a device'</code>
- * <li> <code>SUP top STRUCTURAL</code>
- * <li> <code>MUST cn</code>
- * <li> <code>MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )</code>
- * <li>  ------------------------------------------
- * </ul>
- * <h4>2. pwdPolicy AUXILIARY Object Class is used to store OpenLDAP Password Policies</h4>
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1</code>
- * <li> <code>NAME 'pwdPolicy'</code>
- * <li> <code>SUP top</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MUST ( pwdAttribute )</code>
- * <li> <code>MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $</code>
- * <li> <code>pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $</code>
- * <li> <code>pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $</code>
- * <li> <code>pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )</code>
- * <li> <code></code>
- * <li> <code></code>
- * <li>  ------------------------------------------
- * </ul>
- * <h4>3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity</h4>
- * <ul>
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.4</code>
- * <li> <code>NAME 'ftMods'</code>
- * <li> <code>DESC 'Fortress Modifiers AUX Object Class'</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MAY (</code>
- * <li> <code>ftModifier $</code>
- * <li> <code>ftModCode $</code>
- * <li> <code>ftModId ) )</code>
- * <li>  ------------------------------------------
- * </ul>
- * <p/>
- * This class is thread safe.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-final class PolicyDAO extends ApacheDsDataProvider
-{
-    /*
-      *  *************************************************************************
-      *  **  OPENLDAP PW POLICY ATTRIBUTES AND CONSTANTS
-      *  ************************************************************************
-      */
-    private static final String OLPW_POLICY_EXTENSION = "2.5.4.35";
-    private static final String OLPW_POLICY_CLASS = "pwdPolicy";
-    /**
-     * This object class combines OpenLDAP PW Policy schema with the Fortress audit context.
-     */
-    private static final String OAM_PWPOLICY_OBJ_CLASS[] =
-        {
-            SchemaConstants.TOP_OC,
-            SchemaConstants.DEVICE_OC,
-            OLPW_POLICY_CLASS,
-            GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME
-    };
-
-    private static final String OLPW_ATTRIBUTE = "pwdAttribute";
-    private static final String OLPW_MIN_AGE = "pwdMinAge";
-    private static final String OLPW_MAX_AGE = "pwdMaxAge";
-    private static final String OLPW_IN_HISTORY = "pwdInHistory";
-    private static final String OLPW_CHECK_QUALITY = "pwdCheckQuality";
-    private static final String OLPW_MIN_LENGTH = "pwdMinLength";
-    private static final String OLPW_EXPIRE_WARNING = "pwdExpireWarning";
-    private static final String OLPW_GRACE_LOGIN_LIMIT = "pwdGraceAuthNLimit";
-    private static final String OLPW_LOCKOUT = "pwdLockout";
-    private static final String OLPW_LOCKOUT_DURATION = "pwdLockoutDuration";
-    private static final String OLPW_MAX_FAILURE = "pwdMaxFailure";
-    private static final String OLPW_FAILURE_COUNT_INTERVAL = "pwdFailureCountInterval";
-    private static final String OLPW_MUST_CHANGE = "pwdMustChange";
-    private static final String OLPW_ALLOW_USER_CHANGE = "pwdAllowUserChange";
-    private static final String OLPW_SAFE_MODIFY = "pwdSafeModify";
-    private static final String[] PASSWORD_POLICY_ATRS =
-        {
-            SchemaConstants.CN_AT, OLPW_MIN_AGE, OLPW_MAX_AGE, OLPW_IN_HISTORY, OLPW_CHECK_QUALITY,
-            OLPW_MIN_LENGTH, OLPW_EXPIRE_WARNING, OLPW_GRACE_LOGIN_LIMIT, OLPW_LOCKOUT,
-            OLPW_LOCKOUT_DURATION, OLPW_MAX_FAILURE, OLPW_FAILURE_COUNT_INTERVAL,
-            OLPW_MUST_CHANGE, OLPW_ALLOW_USER_CHANGE, OLPW_SAFE_MODIFY,
-    };
-
-    private static final String[] PASSWORD_POLICY_NAME_ATR =
-        {
-            SchemaConstants.CN_AT
-    };
-
-
-    /**
-     * @param entity
-     * @return
-     * @throws org.apache.directory.fortress.core.CreateException
-     *
-     */
-    PwPolicy create( PwPolicy entity )
-        throws CreateException
-    {
-        LdapConnection ld = null;
-        String dn = getDn( entity );
-
-        try
-        {
-            Entry entry = new DefaultEntry( dn );
-            entry.add( SchemaConstants.OBJECT_CLASS_AT, OAM_PWPOLICY_OBJ_CLASS );
-            entry.add( SchemaConstants.CN_AT, entity.getName() );
-            entry.add( OLPW_ATTRIBUTE, OLPW_POLICY_EXTENSION );
-
-            if ( entity.getMinAge() != null )
-            {
-                entry.add( OLPW_MIN_AGE, entity.getMinAge().toString() );
-            }
-
-            if ( entity.getMaxAge() != null )
-            {
-                entry.add( OLPW_MAX_AGE, entity.getMaxAge().toString() );
-            }
-
-            if ( entity.getInHistory() != null )
-            {
-                entry.add( OLPW_IN_HISTORY, entity.getInHistory().toString() );
-            }
-
-            if ( entity.getCheckQuality() != null )
-            {
-                entry.add( OLPW_CHECK_QUALITY, entity.getCheckQuality().toString() );
-            }
-
-            if ( entity.getMinLength() != null )
-            {
-                entry.add( OLPW_MIN_LENGTH, entity.getMinLength().toString() );
-            }
-
-            if ( entity.getExpireWarning() != null )
-            {
-                entry.add( OLPW_EXPIRE_WARNING, entity.getExpireWarning().toString() );
-            }
-
-            if ( entity.getGraceLoginLimit() != null )
-            {
-                entry.add( OLPW_GRACE_LOGIN_LIMIT, entity.getGraceLoginLimit().toString() );
-            }
-
-            if ( entity.getLockout() != null )
-            {
-                /**
-                 * For some reason OpenLDAP requires the pwdLockout boolean value to be upper case:
-                 */
-                entry.add( OLPW_LOCKOUT, entity.getLockout().toString().toUpperCase() );
-            }
-
-            if ( entity.getLockoutDuration() != null )
-            {
-                entry.add( OLPW_LOCKOUT_DURATION, entity.getLockoutDuration().toString() );
-            }
-
-            if ( entity.getMaxFailure() != null )
-            {
-                entry.add( OLPW_MAX_FAILURE, entity.getMaxFailure().toString() );
-            }
-
-            if ( entity.getFailureCountInterval() != null )
-            {
-                entry.add( OLPW_FAILURE_COUNT_INTERVAL, entity.getFailureCountInterval().toString() );
-            }
-
-            if ( entity.getMustChange() != null )
-            {
-                /**
-                 * OpenLDAP requires the boolean values to be upper case:
-                 */
-                entry.add( OLPW_MUST_CHANGE, entity.getMustChange().toString().toUpperCase() );
-            }
-
-            if ( entity.getAllowUserChange() != null )
-            {
-                /**
-                 * OpenLDAP requires the boolean values to be upper case:
-                 */
-                entry.add( OLPW_ALLOW_USER_CHANGE, entity.getAllowUserChange().toString()
-                    .toUpperCase() );
-            }
-
-            if ( entity.getSafeModify() != null )
-            {
-                /**
-                 * OpenLDAP requires the boolean values to be upper case:
-                 */
-                entry.add( OLPW_SAFE_MODIFY, entity.getSafeModify().toString().toUpperCase() );
-            }
-
-            ld = getAdminConnection();
-            add( ld, entry, entity );
-        }
-        catch ( LdapException e )
-        {
-            String error = "create name [" + entity.getName() + "] caught LdapException=" + e.getMessage();
-            throw new CreateException( GlobalErrIds.PSWD_CREATE_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return entity;
-    }
-
-
-    /**
-     * @param entity
-     * @throws org.apache.directory.fortress.core.UpdateException
-     *
-     */
-    void update( PwPolicy entity ) throws UpdateException
-    {
-        LdapConnection ld = null;
-        String dn = getDn( entity );
-
-        try
-        {
-            List<Modification> mods = new ArrayList<Modification>();
-
-            if ( entity.getMinAge() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_MIN_AGE, entity.getMinAge().toString() ) );
-            }
-
-            if ( entity.getMaxAge() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_MAX_AGE, entity.getMaxAge().toString() ) );
-            }
-
-            if ( entity.getInHistory() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_IN_HISTORY, entity.getInHistory().toString() ) );
-            }
-
-            if ( entity.getCheckQuality() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_CHECK_QUALITY, entity.getCheckQuality().toString() ) );
-            }
-
-            if ( entity.getMinLength() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_MIN_LENGTH, entity.getMinLength().toString() ) );
-            }
-
-            if ( entity.getExpireWarning() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_EXPIRE_WARNING, entity.getExpireWarning().toString() ) );
-            }
-
-            if ( entity.getGraceLoginLimit() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_GRACE_LOGIN_LIMIT, entity.getGraceLoginLimit().toString() ) );
-            }
-
-            if ( entity.getLockout() != null )
-            {
-                /**
-                 * OpenLDAP requires the boolean values to be upper case:
-                 */
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_LOCKOUT, entity.getLockout().toString().toUpperCase() ) );
-            }
-
-            if ( entity.getLockoutDuration() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_LOCKOUT_DURATION, entity.getLockoutDuration().toString() ) );
-            }
-
-            if ( entity.getMaxFailure() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_MAX_FAILURE, entity.getMaxFailure().toString() ) );
-            }
-
-            if ( entity.getFailureCountInterval() != null )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_FAILURE_COUNT_INTERVAL, entity.getFailureCountInterval().toString() ) );
-            }
-
-            if ( entity.getMustChange() != null )
-            {
-                /**
-                 * OpenLDAP requires the boolean values to be upper case:
-                 */
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_MUST_CHANGE, entity.getMustChange().toString().toUpperCase() ) );
-            }
-
-            if ( entity.getAllowUserChange() != null )
-            {
-                /**
-                 * OpenLDAP requires the boolean values to be upper case:
-                 */
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_ALLOW_USER_CHANGE, entity.getAllowUserChange().toString().toUpperCase() ) );
-            }
-
-            if ( entity.getSafeModify() != null )
-            {
-                /**
-                 * OpenLDAP requires the boolean values to be upper case:
-                 */
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE,
-                    OLPW_SAFE_MODIFY, entity.getSafeModify().toString().toUpperCase() ) );
-            }
-
-            if ( mods != null && mods.size() > 0 )
-            {
-                ld = getAdminConnection();
-                modify( ld, dn, mods, entity );
-            }
-        }
-        catch ( LdapException e )
-        {
-            String error = "update name [" + entity.getName() + "] caught LdapException=" + e.getMessage();
-            throw new UpdateException( GlobalErrIds.PSWD_UPDATE_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-    }
-
-
-    /**
-     * @param entity
-     * @throws org.apache.directory.fortress.core.RemoveException
-     */
-    void remove( PwPolicy entity ) throws RemoveException
-    {
-        LdapConnection ld = null;
-        String dn = getDn( entity );
-
-        try
-        {
-            ld = getAdminConnection();
-            delete( ld, dn, entity );
-        }
-        catch ( LdapException e )
-        {
-            String error = "remove name [" + entity.getName() + "] caught LdapException=" + e.getMessage();
-            throw new RemoveException( GlobalErrIds.PSWD_DELETE_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-    }
-
-
-    /**
-     * @param policy
-     * @return
-     * @throws org.apache.directory.fortress.core.FinderException
-     *
-     */
-    PwPolicy getPolicy( PwPolicy policy ) throws FinderException
-    {
-        PwPolicy entity = null;
-        LdapConnection ld = null;
-        String dn = getDn( policy );
-
-        try
-        {
-            ld = getAdminConnection();
-            Entry findEntry = read( ld, dn, PASSWORD_POLICY_ATRS );
-            entity = unloadLdapEntry( findEntry, 0 );
-        }
-        catch ( LdapNoSuchObjectException e )
-        {
-            String warning = "getPolicy Obj COULD NOT FIND ENTRY for dn [" + dn + "]";
-            throw new FinderException( GlobalErrIds.PSWD_NOT_FOUND, warning );
-        }
-        catch ( LdapException e )
-        {
-            String error = "getPolicy name [" + policy.getName() + "] caught LdapException="
-                + e.getMessage();
-            throw new FinderException( GlobalErrIds.PSWD_READ_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return entity;
-    }
-
-
-    /**
-     *
-     * @param le
-     * @param sequence
-     * @return
-     * @throws LdapInvalidAttributeValueException 
-     * @throws LdapException
-     */
-    private PwPolicy unloadLdapEntry( Entry le, long sequence ) throws LdapInvalidAttributeValueException
-    {
-        PwPolicy entity = new ObjectFactory().createPswdPolicy();
-        entity.setSequenceId( sequence );
-        entity.setName( getAttribute( le, SchemaConstants.CN_AT ) );
-        String val = getAttribute( le, OLPW_MIN_AGE );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setMinAge( Integer.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_MAX_AGE );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setMaxAge( Long.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_IN_HISTORY );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setInHistory( Short.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_CHECK_QUALITY );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setCheckQuality( Short.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_MIN_LENGTH );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setMinLength( Short.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_EXPIRE_WARNING );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setExpireWarning( Long.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_GRACE_LOGIN_LIMIT );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setGraceLoginLimit( Short.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_LOCKOUT );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setLockout( Boolean.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_LOCKOUT_DURATION );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setLockoutDuration( Integer.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_MAX_FAILURE );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setMaxFailure( Short.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_FAILURE_COUNT_INTERVAL );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setFailureCountInterval( Short.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_MUST_CHANGE );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            //noinspection BooleanConstructorCall
-            entity.setMustChange( Boolean.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_ALLOW_USER_CHANGE );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setAllowUserChange( Boolean.valueOf( val ) );
-        }
-
-        val = getAttribute( le, OLPW_SAFE_MODIFY );
-
-        if ( StringUtils.isNotEmpty( val ) )
-        {
-            entity.setSafeModify( Boolean.valueOf( val ) );
-        }
-
-        return entity;
-    }
-
-
-    /**
-     * @param policy
-     * @return
-     * @throws org.apache.directory.fortress.core.FinderException
-     *
-     */
-    List<PwPolicy> findPolicy( PwPolicy policy ) throws FinderException
-    {
-        List<PwPolicy> policyArrayList = new ArrayList<>();
-        LdapConnection ld = null;
-        String policyRoot = getPolicyRoot( policy.getContextId() );
-        String searchVal = null;
-
-        try
-        {
-            searchVal = encodeSafeText( policy.getName(), GlobalIds.PWPOLICY_NAME_LEN );
-            String filter = GlobalIds.FILTER_PREFIX + OLPW_POLICY_CLASS + ")("
-                + GlobalIds.POLICY_NODE_TYPE + "=" + searchVal + "*))";
-            ld = getAdminConnection();
-            SearchCursor searchResults = search( ld, policyRoot,
-                SearchScope.ONELEVEL, filter, PASSWORD_POLICY_ATRS, false, GlobalIds.BATCH_SIZE );
-            long sequence = 0;
-
-            while ( searchResults.next() )
-            {
-                policyArrayList.add( unloadLdapEntry( searchResults.getEntry(), sequence++ ) );
-            }
-        }
-        catch ( LdapException e )
-        {
-            String error = "findPolicy name [" + searchVal + "] caught LdapException=" + e.getMessage();
-            throw new FinderException( GlobalErrIds.PSWD_SEARCH_FAILED, error, e );
-        }
-        catch ( CursorException e )
-        {
-            String error = "findPolicy name [" + searchVal + "] caught CursorException=" + e.getMessage();
-            throw new FinderException( GlobalErrIds.PSWD_SEARCH_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return policyArrayList;
-    }
-
-
-    /**
-     * @return
-     * @throws FinderException
-     */
-    Set<String> getPolicies( String contextId )
-        throws FinderException
-    {
-        Set<String> policySet = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
-        LdapConnection ld = null;
-        String policyRoot = getPolicyRoot( contextId );
-
-        try
-        {
-            String filter = "(objectclass=" + OLPW_POLICY_CLASS + ")";
-            ld = getAdminConnection();
-            SearchCursor searchResults = search( ld, policyRoot,
-                SearchScope.ONELEVEL, filter, PASSWORD_POLICY_NAME_ATR, false, GlobalIds.BATCH_SIZE );
-
-            while ( searchResults.next() )
-            {
-                policySet.add( getAttribute( searchResults.getEntry(), SchemaConstants.CN_AT ) );
-            }
-        }
-        catch ( LdapException e )
-        {
-            String error = "getPolicies caught LdapException=" + e.getMessage();
-            throw new FinderException( GlobalErrIds.PSWD_SEARCH_FAILED, error, e );
-        }
-        catch ( CursorException e )
-        {
-            String error = "getPolicies caught LdapException=" + e.getMessage();
-            throw new FinderException( GlobalErrIds.PSWD_SEARCH_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return policySet;
-    }
-
-
-    private String getDn( PwPolicy policy )
-    {
-        return GlobalIds.POLICY_NODE_TYPE + "=" + policy.getName() + "," + getPolicyRoot( policy.getContextId() );
-    }
-
-
-    private String getPolicyRoot( String contextId )
-    {
-        return getRootDn( contextId, GlobalIds.PPOLICY_ROOT );
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java b/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
deleted file mode 100755
index e2dba03..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
+++ /dev/null
@@ -1,439 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.util.List;
-import java.util.Set;
-import java.util.concurrent.locks.ReadWriteLock;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.directory.fortress.core.model.PwPolicy;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.ValidationException;
-import org.apache.directory.fortress.core.util.cache.Cache;
-import org.apache.directory.fortress.core.util.cache.CacheMgr;
-
-
-/**
- * Process module for the OpenLDAP Password Policy entity.  This class performs data validations and error mapping.
- * It is typically called by internal Fortress manager class {@link PwPolicyMgrImpl} but also
- * needed by {@link org.apache.directory.fortress.core.rbac.UserP#validate(org.apache.directory.fortress.core.model.User, boolean)}
- * This class is not intended to be used by external programs.  This class will accept Fortress entity, {@link org.apache.directory.fortress.core.model.PwPolicy}, on its
- * methods, validate contents and forward on to it's corresponding DAO class {@link PolicyDAO}.
- * <p/>
- * Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system
- * error internal to DAO object. This class will forward DAO exceptions ({@link org.apache.directory.fortress.core.FinderException},
- *
- * {@link org.apache.directory.fortress.core.CreateException},{@link org.apache.directory.fortress.core.UpdateException},{@link org.apache.directory.fortress.core.RemoveException}),
- * or {@link org.apache.directory.fortress.core.ValidationException} as {@link SecurityException}s with appropriate
- * error id from {@link org.apache.directory.fortress.core.GlobalErrIds}.
- * <p/>
- * This class uses one reference to synchronized data set {@link #policyCache} but is thread safe.
- * <p/>
-
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public final class PolicyP
-{
-    private static final String CLS_NM = PolicyP.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-    // This is 5 years duration in seconds:
-    private static final int MAX_AGE = 157680000;
-
-    // DAO class for ol pw policy data sets must be initialized before the other statics:
-    private static final PolicyDAO olDao = new PolicyDAO();
-    // this field is used to synchronize access to the above static data set:
-    private static final ReadWriteLock policySetLock = new ReentrantReadWriteLock();
-    // static field holds the list of names for all valid pw policies in effect:
-    private static Cache policyCache;
-    private static final int MIN_PW_LEN = 20;
-    private static final int MAX_FAILURE = 100;
-    private static final int MAX_GRACE_COUNT = 10;
-    private static final int MAX_HISTORY = 100;
-    private static final String POLICIES = "policies";
-    private static final String FORTRESS_POLICIES = "fortress.policies";
-
-    static
-    {
-        CacheMgr cacheMgr = CacheMgr.getInstance();
-        PolicyP.policyCache = cacheMgr.getCache( FORTRESS_POLICIES );
-    }
-
-
-    /**
-     * Package private constructor.
-     */
-    PolicyP()
-    {
-    }
-
-
-    /**
-     * This function uses a case insensitive search.
-     *
-     * @param policy
-     * @return true if valid, false otherwise.
-     */
-    boolean isValid( PwPolicy policy )
-    {
-        boolean result = false;
-
-        try
-        {
-            policySetLock.readLock().lock();
-
-            Set<String> policySet = getPolicySet( policy.getContextId() );
-
-            if ( policySet != null )
-            {
-                result = policySet.contains( policy.getName() );
-            }
-
-            return result;
-        }
-        finally
-        {
-            policySetLock.readLock().unlock();
-        }
-    }
-
-
-    /**
-     * This method will return the password policy entity to the caller.  This command is valid
-     * if and only if the policy entry is present in the POLICIES data set.
-     *
-     * @param policy contains the name of the policy entity.
-     * @return PswdPolicy entity returns fully populated with attributes.
-     * @throws SecurityException In the event policy entry not found, data validation or system error.
-     */
-    PwPolicy read( PwPolicy policy ) throws SecurityException
-    {
-        // Call the finder method for the primary key.
-        return olDao.getPolicy( policy );
-    }
-
-
-    /**
-     * This method will add a new policy entry to the POLICIES data set.  This command is valid
-     * if and only if the policy entry is not already present in the POLICIES data set.
-     *
-     * @param policy Object contains the password policy attributes.
-     * @throws SecurityException In the event of data validation or system error.
-     */
-    void add( PwPolicy policy ) throws SecurityException
-    {
-        validate( policy );
-        olDao.create( policy );
-
-        try
-        {
-            policySetLock.writeLock().lock();
-
-            Set<String> policySet = getPolicySet( policy.getContextId() );
-
-            if ( policySet != null )
-            {
-                policySet.add( policy.getName() );
-            }
-        }
-        finally
-        {
-            policySetLock.writeLock().unlock();
-        }
-    }
-
-
-    /**
-     * This method will update an exiting policy entry to the POLICIES data set.  This command is valid
-     * if and only if the policy entry is already present in the POLICIES data set.
-     *
-     * @param policy Object must contain the name of the policy entity.  All non-null attributes will
-     *               be updated.  null attributes will be ignored.
-     * @throws SecurityException In the event policy not found , data validation or system error.
-     */
-    void update( PwPolicy policy ) throws SecurityException
-    {
-        validate( policy );
-        olDao.update( policy );
-    }
-
-
-    /**
-     * This method will delete exiting policy entry from the POLICIES data set.  This command is valid
-     * if and only if the policy entry is already present in the POLICIES data set.  Existing users that
-     * are assigned this policy will be removed from association.
-     *
-     * @param policy Object must contain the name of the policy entity.
-     * @throws SecurityException In the event policy entity not found or system error.
-     */
-    void delete( PwPolicy policy ) throws SecurityException
-    {
-        olDao.remove( policy );
-
-        try
-        {
-            policySetLock.writeLock().lock();
-
-            Set<String> policySet = getPolicySet( policy.getContextId() );
-
-            if ( policySet != null )
-            {
-                policySet.remove( policy.getName() );
-            }
-        }
-        finally
-        {
-            policySetLock.writeLock().unlock();
-        }
-    }
-
-
-    /**
-     * This method will return a list of all password policy entities that match a particular search string.
-     * This command will return an empty list of no matching entries are found.
-     *
-     * @param policy contains the leading chars of a policy entity.  This search is not case sensitive.
-     * @return List<PswdPolicy> contains all matching password policy entities. If no records found this will be empty.
-     * @throws SecurityException In the event of data validation or system error.
-     */
-    List<PwPolicy> search( PwPolicy policy ) throws SecurityException
-    {
-        return olDao.findPolicy( policy );
-    }
-
-
-    /**
-     * Method will perform simple validations to ensure the integrity of the OpenLDAP Password Policy entity targeted for insertion
-     * or updating in directory.  Data reasonability checks will be performed on all non-null attributes.
-     *
-     * @param policy contains data targeted for insertion or update.
-     * @throws ValidationException in the event of data validation error or DAO error on Org validation.
-     */
-    private void validate( PwPolicy policy ) throws ValidationException
-    {
-        int length = policy.getName().length();
-
-        if ( length < 1 || length > GlobalIds.PWPOLICY_NAME_LEN )
-        {
-            String error = "validate policy name [" + policy.getName() + "] INVALID LENGTH [" + length + "]";
-            LOG.error( error );
-            throw new ValidationException( GlobalErrIds.PSWD_NAME_INVLD_LEN, error );
-        }
-
-        if ( policy.getCheckQuality() != null )
-        {
-            try
-            {
-                if ( policy.getCheckQuality() < 0 || policy.getCheckQuality() > 2 )
-                {
-                    String error = "validate policy name [" + policy.getName() + "] value checkQuality ["
-                        + policy.getCheckQuality() + "] INVALID INT VALUE";
-                    LOG.error( error );
-                    throw new ValidationException( GlobalErrIds.PSWD_QLTY_INVLD, error );
-                }
-            }
-            catch ( java.lang.NumberFormatException nfe )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value checkQuality ["
-                    + policy.getCheckQuality() + "] INVALID INT VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_QLTY_INVLD, error );
-            }
-        }
-
-        if ( policy.getMaxAge() != null )
-        {
-            if ( policy.getMaxAge() > MAX_AGE )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value maxAge [" + policy.getMaxAge()
-                    + "] INVALID INT VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_MAXAGE_INVLD, error );
-            }
-        }
-
-        if ( policy.getMinAge() != null )
-        {
-            // policy.minAge
-            if ( policy.getMinAge() > MAX_AGE )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value minAge [" + policy.getMinAge()
-                    + "] INVALID INT VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_MINAGE_INVLD, error );
-            }
-        }
-
-        if ( policy.getMinLength() != null )
-        {
-            if ( policy.getMinLength() > MIN_PW_LEN )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value minLength ["
-                    + policy.getMinLength() + "] INVALID INT VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_MINLEN_INVLD, error );
-            }
-        }
-
-        if ( policy.getFailureCountInterval() != null )
-        {
-            if ( policy.getFailureCountInterval() > MAX_AGE )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value failureCountInterval ["
-                    + policy.getFailureCountInterval() + "] INVALID INT VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_INTERVAL_INVLD, error );
-            }
-        }
-
-        if ( policy.getMaxFailure() != null )
-        {
-            if ( policy.getMaxFailure() > MAX_FAILURE )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value maxFailure ["
-                    + policy.getMaxFailure() + "] INVALID INT VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_MAXFAIL_INVLD, error );
-            }
-        }
-
-        if ( policy.getInHistory() != null )
-        {
-            if ( policy.getInHistory() > MAX_HISTORY )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value inHistory ["
-                    + policy.getInHistory() + "] INVALID VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_HISTORY_INVLD, error );
-            }
-        }
-
-        if ( policy.getGraceLoginLimit() != null )
-        {
-            if ( policy.getGraceLoginLimit() > MAX_GRACE_COUNT )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value graceLoginLimit ["
-                    + policy.getGraceLoginLimit() + "] INVALID VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_GRACE_INVLD, error );
-            }
-        }
-
-        if ( policy.getLockoutDuration() != null )
-        {
-            if ( policy.getLockoutDuration() > MAX_AGE )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value lockoutDuration ["
-                    + policy.getLockoutDuration() + "] INVALID VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_LOCKOUTDUR_INVLD, error );
-            }
-        }
-
-        if ( policy.getExpireWarning() != null )
-        {
-            if ( policy.getExpireWarning() > MAX_AGE )
-            {
-                String error = "validate policy name [" + policy.getName() + "] value expireWarning ["
-                    + policy.getExpireWarning() + "] INVALID VALUE";
-                LOG.error( error );
-                throw new ValidationException( GlobalErrIds.PSWD_EXPWARN_INVLD, error );
-            }
-        }
-    }
-
-
-    /**
-     * Load the cache with read only list of valid openldap policy names.
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of unique names.
-     */
-    private static Set<String> loadPolicySet( String contextId )
-    {
-        Set<String> policySet = null;
-
-        try
-        {
-            policySet = olDao.getPolicies( contextId );
-        }
-        catch ( SecurityException se )
-        {
-            String warning = "loadPolicySet static initializer caught SecurityException=" + se;
-            LOG.info( warning );
-        }
-
-        policyCache.put( getKey( contextId ), policySet );
-
-        return policySet;
-    }
-
-
-    /**
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return set containing list of policy names active.
-     */
-    private static Set<String> getPolicySet( String contextId )
-    {
-        try
-        {
-            policySetLock.readLock().lock();
-
-            Set<String> policySet = ( Set<String> ) policyCache.get( getKey( contextId ) );
-
-            if ( policySet == null )
-            {
-                policySet = loadPolicySet( contextId );
-            }
-
-            return policySet;
-        }
-        finally
-        {
-            policySetLock.readLock().unlock();
-        }
-    }
-
-
-    /**
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return key for tenant's cache entry.
-     */
-    private static String getKey( String contextId )
-    {
-        String key = POLICIES;
-
-        if ( StringUtils.isNotEmpty( contextId ) && !contextId.equalsIgnoreCase( GlobalIds.NULL ) )
-        {
-            key += ":" + contextId;
-        }
-
-        return key;
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java b/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java
deleted file mode 100755
index b4cdcbb..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java
+++ /dev/null
@@ -1,315 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.util.List;
-import java.util.Set;
-import java.util.TreeSet;
-import java.util.concurrent.locks.ReadWriteLock;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.directory.fortress.core.model.Graphable;
-import org.apache.directory.fortress.core.model.Hier;
-import org.apache.directory.fortress.core.model.OrgUnit;
-import org.apache.directory.fortress.core.model.Relationship;
-import org.apache.directory.fortress.core.util.ObjUtil;
-import org.jgrapht.graph.SimpleDirectedGraph;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.ValidationException;
-import org.apache.directory.fortress.core.model.VUtil;
-import org.apache.directory.fortress.core.util.cache.Cache;
-import org.apache.directory.fortress.core.util.cache.CacheMgr;
-
-
-/**
- * This utility wraps {@link HierUtil} methods to provide hierarchical functionality using the {@link org.apache.directory.fortress.core.model.OrgUnit} data set
- * for Permissions, {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}.
- * The {@code cn=Hierarchies, ou=OS-P} data contains Permission OU pools and within a data cache, {@link #psoCache}, contained within this class.  The parent-child edges are contained in LDAP,
- * in {@code ftParents} attribute.  The ldap data is retrieved {@link OrgUnitP#getAllDescendants(org.apache.directory.fortress.core.model.OrgUnit)} and loaded into {@code org.jgrapht.graph.SimpleDirectedGraph}.
- * The graph...
- * <ol>
- * <li>is stored as singleton in this class with vertices of {@code String}, and edges, as {@link org.apache.directory.fortress.core.model.Relationship}s</li>
- * <li>utilizes open source library, see <a href="http://www.jgrapht.org/">JGraphT</a>.</li>
- * <li>contains a general hierarchical data structure i.e. allows multiple inheritance with parents.</li>
- * <li>is a simple directed graph thus does not allow cycles.</li>
- * </ol>
- * After update is performed to ldap, the singleton is refreshed with latest info.
- * <p/>
- * Static methods on this class are intended for use by other Fortress classes, i.e. {@link DelAdminMgrImpl}.
- * and cannot be directly invoked by outside programs.
- * <p/>
- * This class contains singleton that can be updated but is thread safe.
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public final class PsoUtil
-{
-    private static final Cache psoCache;
-    private static OrgUnitP orgUnitP = new OrgUnitP();
-    private static final String CLS_NM = PsoUtil.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-
-    /**
-     * Initialize the Perm OU hierarchies.  This will read the {@link org.apache.directory.fortress.core.model.Hier} data set from ldap and load into
-     * the JGraphT simple digraph that referenced statically within this class.
-     */
-    static
-    {
-        CacheMgr cacheMgr = CacheMgr.getInstance();
-        psoCache = cacheMgr.getCache( "fortress.pso" );
-    }
-
-
-    /**
-     * Recursively traverse the {@link org.apache.directory.fortress.core.model.OrgUnit} graph and return all of the descendants of a given parent {@link org.apache.directory.fortress.core.model.OrgUnit#name}.
-     *
-     * @param name      {@link org.apache.directory.fortress.core.model.OrgUnit#name} maps on 'ftOrgUnit' object class.
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of names of descendants {@link org.apache.directory.fortress.core.model.OrgUnit}s of given parent.
-     */
-    static Set<String> getDescendants( String name, String contextId )
-    {
-        return HierUtil.getDescendants( name, getGraph( contextId ) );
-    }
-
-
-    /**
-     * Recursively traverse the {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} graph and return all of the ascendants of a given child ou.
-     *
-     * @param name      maps to logical {@link org.apache.directory.fortress.core.model.OrgUnit#name} on 'ftOrgUnit' object class.
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of ou names that are ascendants of given child.
-     */
-    static Set<String> getAscendants( String name, String contextId )
-    {
-        return HierUtil.getAscendants( name, getGraph( contextId ) );
-    }
-
-
-    /**
-     * Traverse one level of the {@link org.apache.directory.fortress.core.model.OrgUnit} graph and return all of the children (direct descendants) of a given parent {@link org.apache.directory.fortress.core.model.OrgUnit#name}.
-     *
-     * @param name      {@link org.apache.directory.fortress.core.model.OrgUnit#name} maps on 'ftOrgUnit' object class.
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of names of children {@link org.apache.directory.fortress.core.model.OrgUnit}s of given parent.
-     */
-    public static Set<String> getChildren( String name, String contextId )
-    {
-        return HierUtil.getChildren( name, getGraph( contextId ) );
-    }
-
-
-    /**
-     * Traverse one level of the {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} graph and return all of the parents (direct ascendants) of a given child ou.
-     *
-     * @param name      maps to logical {@link org.apache.directory.fortress.core.model.OrgUnit#name} on 'ftOrgUnit' object class.
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of ou names that are parents of given child.
-     */
-    static Set<String> getParents( String name, String contextId )
-    {
-        return HierUtil.getParents( name, getGraph( contextId ) );
-    }
-
-
-    /**
-     * Recursively traverse the {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM} graph and return number of children a given parent ou has.
-     *
-     * @param name      maps to logical {@link org.apache.directory.fortress.core.model.OrgUnit#name} on 'ftOrgUnit' object class.
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return int value contains the number of children of a given parent ou.
-     */
-    static int numChildren( String name, String contextId )
-    {
-        return HierUtil.numChildren( name, getGraph( contextId ) );
-    }
-
-
-    /**
-     * Return Set of {@link org.apache.directory.fortress.core.model.OrgUnit#name}s ascendants contained within {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}.
-     *
-     * @param ous       contains list of {@link org.apache.directory.fortress.core.model.OrgUnit}s.
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return contains Set of all descendants.
-     */
-    static Set<String> getInherited( List<OrgUnit> ous, String contextId )
-    {
-        // create Set with case insensitive comparator:
-        Set<String> iOUs = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
-        if ( ObjUtil.isNotNullOrEmpty( ous ) )
-        {
-            for ( OrgUnit ou : ous )
-            {
-                String name = ou.getName();
-                iOUs.add( name );
-                Set<String> parents = HierUtil.getAscendants( name, getGraph( contextId ) );
-
-                if ( ObjUtil.isNotNullOrEmpty( parents ) )
-                {
-                    iOUs.addAll( parents );
-                }
-            }
-        }
-        return iOUs;
-    }
-
-
-    /**
-     * This api is used by {@link DelAdminMgrImpl} to determine parentage for Permission OU processing.
-     * It calls {@link HierUtil#validateRelationship(org.jgrapht.graph.SimpleDirectedGraph, String, String, boolean)} to evaluate three OU relationship expressions:
-     * <ol>
-     * <li>If child equals parent</li>
-     * <li>If mustExist true and parent-child relationship exists</li>
-     * <li>If mustExist false and parent-child relationship does not exist</li>
-     * </ol>
-     * Method will throw {@link org.apache.directory.fortress.core.ValidationException} if rule check fails meaning caller failed validation
-     * attempt to add/remove hierarchical relationship failed.
-     *
-     * @param child     contains {@link org.apache.directory.fortress.core.model.OrgUnit#name} of child.
-     * @param parent    contains {@link org.apache.directory.fortress.core.model.OrgUnit#name} of parent.
-     * @param mustExist boolean is used to specify if relationship must be true.
-     * @throws org.apache.directory.fortress.core.ValidationException
-     *          in the event it fails one of the 3 checks.
-     */
-    static void validateRelationship( OrgUnit child, OrgUnit parent, boolean mustExist )
-        throws ValidationException
-    {
-        HierUtil.validateRelationship( getGraph( child.getContextId() ), child.getName(), parent.getName(), mustExist );
-    }
-
-
-    /**
-     * This api allows synchronized access to allow updates to hierarchical relationships.
-     * Method will update the hierarchical data set and reload the JGraphT simple digraph with latest.
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @param relationship contains parent-child relationship targeted for addition.
-     * @param op   used to pass the ldap op {@link org.apache.directory.fortress.core.model.Hier.Op#ADD}, {@link org.apache.directory.fortress.core.model.Hier.Op#MOD}, {@link org.apache.directory.fortress.core.model.Hier.Op#REM}
-     * @throws org.apache.directory.fortress.core.SecurityException in the event of a system error.
-     */
-    static void updateHier( String contextId, Relationship relationship, Hier.Op op ) throws SecurityException
-    {
-        HierUtil.updateHier( getGraph( contextId ), relationship, op );
-    }
-
-
-    /**
-     * Read this ldap record,{@code cn=Hierarchies, ou=OS-P} into this entity, {@link Hier}, before loading into this collection class,{@code org.jgrapht.graph.SimpleDirectedGraph}
-     * using 3rd party lib, <a href="http://www.jgrapht.org/">JGraphT</a>.
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return handle to simple digraph containing perm ou hierarchies.
-     */
-    private static SimpleDirectedGraph<String, Relationship> loadGraph( String contextId )
-    {
-        Hier inHier = new Hier( Hier.Type.ROLE );
-        inHier.setContextId( contextId );
-        LOG.info( "loadGraph initializing PSO context [{}]", inHier.getContextId() );
-        List<Graphable> descendants = null;
-
-        try
-        {
-            OrgUnit orgUnit = new OrgUnit();
-            orgUnit.setType( OrgUnit.Type.PERM );
-            orgUnit.setContextId( contextId );
-            descendants = orgUnitP.getAllDescendants( orgUnit );
-        }
-        catch ( SecurityException se )
-        {
-            LOG.info( "loadGraph caught SecurityException={}", se );
-        }
-
-        Hier hier = HierUtil.loadHier( contextId, descendants );
-        SimpleDirectedGraph<String, Relationship> graph;
-
-        graph = HierUtil.buildGraph( hier );
-        psoCache.put( getKey( contextId ), graph );
-
-        return graph;
-    }
-
-
-    /**
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return handle to simple digraph containing perm ou hierarchies.
-     */
-    private static SimpleDirectedGraph<String, Relationship> getGraph( String contextId )
-    {
-        ReadWriteLock hierLock = HierUtil.getLock( contextId, HierUtil.Type.PSO );
-        String key = getKey( contextId );
-
-        try
-        {
-            hierLock.readLock().lock();
-            SimpleDirectedGraph<String, Relationship> graph = ( SimpleDirectedGraph<String, Relationship> ) psoCache
-                .get( key );
-
-            if ( graph == null )
-            {
-                try
-                {
-                    hierLock.readLock().unlock();
-                    hierLock.writeLock().lock();
-
-                    // TODO: determine why this (code that was commented out) creates a deadlock:
-                    //graph = ( SimpleDirectedGraph<String, Relationship> ) psoCache.get( key );
-
-                    //if ( graph == null )
-                    //{
-                    graph = loadGraph( contextId );
-                    //}
-
-                    hierLock.readLock().lock();
-                }
-                finally
-                {
-                    hierLock.writeLock().unlock();
-                }
-            }
-
-            return graph;
-        }
-        finally
-        {
-            hierLock.readLock().unlock();
-        }
-    }
-
-
-    /**
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return key to this tenant's cache entry.
-     */
-    private static String getKey( String contextId )
-    {
-        String key = HierUtil.Type.PSO.toString();
-        if ( StringUtils.isNotEmpty( contextId ) && !contextId.equalsIgnoreCase( GlobalIds.NULL ) )
-        {
-            key += ":" + contextId;
-        }
-        return key;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyControl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyControl.java b/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyControl.java
deleted file mode 100755
index 56ed76b..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyControl.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import org.apache.directory.fortress.core.model.PwMessage;
-
-/**
- * Interface is used to allow pluggable password policy interrogation.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public interface PwPolicyControl
-{
-    /**
-     * Check the password policy controls returned from server and sets the PwMessage with what it finds.
-     *
-     * @param controls ldap controls object.
-     * @param isAuthenticated set to 'true' if password checks pass.
-     * @param pwMsg describes the outcome of the policy checks.
-     */
-    void checkPasswordPolicy( Object[] controls, boolean isAuthenticated, PwMessage pwMsg );
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java
deleted file mode 100755
index e14c909..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.PwPolicyMgr;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.model.PwPolicy;
-import org.apache.directory.fortress.core.model.User;
-import org.apache.directory.fortress.core.model.VUtil;
-
-import java.util.List;
-
-/**
- * This class is used to perform administrative and review functions on the PWPOLICIES and USERS data sets.
- * <p/>
- * <h4>Password Policies</h4>
- * <a href="http://www.openldap.org/">OpenLDAP</a> supports the IETF draft <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">Password Policies for LDAP directories</a></li>.  Policies may be applied at the user, group or global level.
- * <p/>
- * <img src="../doc-files/PasswordPolicy.png">
- * <p/>
- * Password enforcement options include:
- * <ol>
- * <li>A configurable limit on failed authentication attempts.</li>
- * <li>A counter to track the number of failed authentication attempts.</li>
- * <li>A time frame in which the limit of consecutive failed authentication attempts must happen before action is taken.</li>
- * <li>The action to be taken when the limit is reached. The action will either be nothing, or the account will be locked.</li>
- * <li>An amount of time the account is locked (if it is to be locked) This can be indefinite.</li>
- * <li>Password expiration.</li>
- * <li>Expiration warning</li>
- * <li>Grace authentications</li>
- * <li>Password history</li>
- * <li>Password minimum age</li>
- * <li>Password minimum length</li>
- * <li>Password Change after Reset</li>
- * <li>Safe Modification of Password</li>
- * </ol>
- * <p/>
- * This class is NOT thread safe if parent instance variables ({@link #contextId} or {@link #adminSess}) are set.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class PwPolicyMgrImpl  extends Manageable implements PwPolicyMgr
-{
-    private static final String CLS_NM = PwPolicyMgrImpl.class.getName();
-    private static final PolicyP policyP = new PolicyP();
-    private static final UserP userP = new UserP();
-
-    /**
-     * This method will add a new policy entry to the POLICIES data set.  This command is valid
-     * if and only if the policy entry is not already present in the POLICIES data set.
-     * <h4>required parameters</h4>
-     * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#name} - Maps to name attribute of pwdPolicy object class being added.</li>
-     * </ul>
-     * <h4>optional parameters</h4>
-     * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#minAge} - This attribute holds the number of seconds that must elapse between
-     * modifications to the password.  If this attribute is not present, 0
-     * seconds is assumed.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#maxAge} - This attribute holds the number of seconds after which a modified
-     * password will expire. If this attribute is not present, or if the value is 0 the password
-     * does not expire.  If not 0, the value must be greater than or equal
-     * to the value of the pwdMinAge.
-     * </li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#inHistory} - This attribute specifies the maximum number of used passwords stored
-     * in the pwdHistory attribute. If this attribute is not present, or if the value is 0, used
-     * passwords are not stored in the pwdHistory attribute and thus may be reused.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#minLength} - When quality checking is enabled, this attribute holds the minimum
-     * number of characters that must be used in a password.  If this
-     * attribute is not present, no minimum password length will be
-     * enforced.  If the server is unable to check the length (due to a
-     * hashed password or otherwise), the server will, depending on the
-     * value of the pwdCheckQuality attribute, either accept the password
-     * without checking it ('0' or '1') or refuse it ('2').</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#expireWarning} - This attribute specifies the maximum number of seconds before a
-     * password is due to expire that expiration warning messages will be
-     * returned to an authenticating user.  If this attribute is not present, or if the value is 0 no warnings
-     * will be returned.  If not 0, the value must be smaller than the value
-     * of the pwdMaxAge attribute.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#graceLoginLimit} - This attribute specifies the number of times an expired password can
-     * be used to authenticate.  If this attribute is not present or if the
-     * value is 0, authentication will fail. </li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#lockout} - This attribute indicates, when its value is "TRUE", that the password
-     * may not be used to authenticate after a specified number of
-     * consecutive failed bind attempts.  The maximum number of consecutive
-     * failed bind attempts is specified in pwdMaxFailure.  If this attribute is not present, or if the
-     * value is "FALSE", the password may be used to authenticate when the number of failed bind
-     * attempts has been reached.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#lockoutDuration} - This attribute holds the number of seconds that the password cannot
-     * be used to authenticate due to too many failed bind attempts.  If
-     * this attribute is not present, or if the value is 0 the password
-     * cannot be used to authenticate until reset by a password
-     * administrator.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#maxFailure} - This attribute specifies the number of consecutive failed bind
-     * attempts after which the password may not be used to authenticate.
-     * If this attribute is not present, or if the value is 0, this policy
-     * is not checked, and the value of pwdLockout will be ignored.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#failureCountInterval} - This attribute holds the number of seconds after which the password
-     * failures are purged from the failure counter, even though no
-     * successful authentication occurred.  If this attribute is not present, or if its value is 0, the failure
-     * counter is only reset by a successful authentication.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#mustChange} - This attribute specifies with a value of "TRUE" that users must
-     * change their passwords when they first bind to the directory after a
-     * password is set or reset by a password administrator.  If this
-     * attribute is not present, or if the value is "FALSE", users are not
-     * required to change their password upon binding after the password
-     * administrator sets or resets the password.  This attribute is not set
-     * due to any actions specified by this document, it is typically set by
-     * a password administrator after resetting a user's password.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#allowUserChange} - This attribute indicates whether users can change their own
-     * passwords, although the change operation is still subject to access
-     * control.  If this attribute is not present, a value of "TRUE" is
-     * assumed.  This attribute is intended to be used in the absence of an access control mechanism.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#safeModify} - This attribute specifies whether or not the existing password must be
-     * sent along with the new password when being changed.  If this
-     * attribute is not present, a "FALSE" value is assumed.</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#checkQuality} - This attribute indicates how the password quality will be verified
-     * while being modified or added.  If this attribute is not present, or
-     * if the value is '0', quality checking will not be enforced.  A value
-     * of '1' indicates that the server will check the quality, and if the
-     * server is unable to check it (due to a hashed password or other
-     * reasons) it will be accepted.  A value of '2' indicates that the
-     * server will check the quality, and if the server is unable to verify
-     * it, it will return an error refusing the password. </li>
-     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#attribute} - This holds the name of the attribute to which the password policy is
-     * applied.  For example, the password policy may be applied to the
-     * userPassword attribute </li>
-     * </ul>
-     *
-     * @param policy Object must contain {@link org.apache.directory.fortress.core.model.PwPolicy#name} and optionally other attributes.
-     * @throws SecurityException In the event of data validation or system error.
-     */
-    @Override
-    public void add(PwPolicy policy)
-        throws SecurityException
-    {
-        String methodName = "add";
-        assertContext(CLS_NM, methodName, policy, GlobalErrIds.PSWD_PLCY_NULL);
-        setEntitySession(CLS_NM, methodName, policy);
-        policyP.add(policy);
-    }
-
-
-    /**
-     * This method will update an exiting policy entry to the POLICIES data set.  This command is valid
-     * if and only if the policy entry is already present in the POLICIES data set.
-     * <h4>required parameters</h4>
-     * <ul>
-     * <li>{@link PwPolicy#name} - Maps to name attribute of pwdPolicy object class being updated.</li>
-     * </ul>
-     * <h4>optional parameters</h4>
-     * <ul>
-     * <li>{@link PwPolicy#minAge} - This attribute holds the number of seconds that must elapse between
-     * modifications to the password.  If this attribute is not present, 0
-     * seconds is assumed.</li>
-     * <li>{@link PwPolicy#maxAge} - This attribute holds the number of seconds after which a modified
-     * password will expire. If this attribute is not present, or if the value is 0 the password
-     * does not expire.  If not 0, the value must be greater than or equal
-     * to the value of the pwdMinAge.
-     * </li>
-     * <li>{@link PwPolicy#inHistory} - This attribute specifies the maximum number of used passwords stored
-     * in the pwdHistory attribute. If this attribute is not present, or if the value is 0, used
-     * passwords are not stored in the pwdHistory attribute and thus may be reused.</li>
-     * <li>{@link PwPolicy#minLength} - When quality checking is enabled, this attribute holds the minimum
-     * number of characters that must be used in a password.  If this
-     * attribute is not present, no minimum password length will be
-     * enforced.  If the server is unable to check the length (due to a
-     * hashed password or otherwise), the server will, depending on the
-     * value of the pwdCheckQuality attribute, either accept the password
-     * without checking it ('0' or '1') or refuse it ('2').</li>
-     * <li>{@link PwPolicy#expireWarning} - This attribute specifies the maximum number of seconds before a
-     * password is due to expire that expiration warning messages will be
-     * returned to an authenticating user.  If this attribute is not present, or if the value is 0 no warnings
-     * will be returned.  If not 0, the value must be smaller than the value
-     * of the pwdMaxAge attribute.</li>
-     * <li>{@link PwPolicy#graceLoginLimit} - This attribute specifies the number of times an expired password can
-     * be used to authenticate.  If this attribute is not present or if the
-     * value is 0, authentication will fail. </li>
-     * <li>{@link PwPolicy#lockout} - This attribute indicates, when its value is "TRUE", that the password
-     * may not be used to authenticate after a specified number of
-     * consecutive failed bind attempts.  The maximum number of consecutive
-     * failed bind attempts is specified in pwdMaxFailure.  If this attribute is not present, or if the
-     * value is "FALSE", the password may be used to authenticate when the number of failed bind
-     * attempts has been reached.</li>
-     * <li>{@link PwPolicy#lockoutDuration} - This attribute holds the number of seconds that the password cannot
-     * be used to authenticate due to too many failed bind attempts.  If
-     * this attribute is not present, or if the value is 0 the password
-     * cannot be used to authenticate until reset by a password
-     * administrator.</li>
-     * <li>{@link PwPolicy#maxFailure} - This attribute specifies the number of consecutive failed bind
-     * attempts after which the password may not be used to authenticate.
-     * If this attribute is not present, or if the value is 0, this policy
-     * is not checked, and the value of pwdLockout will be ignored.</li>
-     * <li>{@link PwPolicy#failureCountInterval} - This attribute holds the number of seconds after which the password
-     * failures are purged from the failure counter, even though no
-     * successful authentication occurred.  If this attribute is not present, or if its value is 0, the failure
-     * counter is only reset by a successful authentication.</li>
-     * <li>{@link PwPolicy#mustChange} - This attribute specifies with a value of "TRUE" that users must
-     * change their passwords when they first bind to the directory after a
-     * password is set or reset by a password administrator.  If this
-     * attribute is not present, or if the value is "FALSE", users are not
-     * required to change their password upon binding after the password
-     * administrator sets or resets the password.  This attribute is not set
-     * due to any actions specified by this document, it is typically set by
-     * a password administrator after resetting a user's password.</li>
-     * <li>{@link PwPolicy#allowUserChange} - This attribute indicates whether users can change their own
-     * passwords, although the change operation is still subject to access
-     * control.  If this attribute is not present, a value of "TRUE" is
-     * assumed.  This attribute is intended to be used in the absence of an access control mechanism.</li>
-     * <li>{@link PwPolicy#safeModify} - This attribute specifies whether or not the existing password must be
-     * sent along with the new password when being changed.  If this
-     * attribute is not present, a "FALSE" value is assumed.</li>
-     * <li>{@link PwPolicy#checkQuality} - This attribute indicates how the password quality will be verified
-     * while being modified or added.  If this attribute is not present, or
-     * if the value is '0', quality checking will not be enforced.  A value
-     * of '1' indicates that the server will check the quality, and if the
-     * server is unable to check it (due to a hashed password or other
-     * reasons) it will be accepted.  A value of '2' indicates that the
-     * server will check the quality, and if the server is unable to verify
-     * it, it will return an error refusing the password. </li>
-     * <li>{@link PwPolicy#attribute} - This holds the name of the attribute to which the password policy is
-     * applied.  For example, the password policy may be applied to the
-     * userPassword attribute </li>
-     * </ul>
-     *
-     * @param policy Object must contain {@link PwPolicy#name} and optionally all non-null attributes will be updated.  null attributes will be ignored.
-     * @throws SecurityException In the event policy not found , data validation or system error.
-     */
-    @Override
-    public void update(PwPolicy policy)
-        throws SecurityException
-    {
-        String methodName = "update";
-        assertContext(CLS_NM, methodName, policy, GlobalErrIds.PSWD_PLCY_NULL);
-        setEntitySession(CLS_NM, methodName, policy);
-        policyP.update(policy);
-    }
-
-
-    /**
-     * This method will delete exiting policy entry from the POLICIES data set.  This command is valid
-     * if and only if the policy entry is already present in the POLICIES data set.  Existing users that
-     * are assigned this policy will be removed from association.
-     * <h4>required parameters</h4>
-     * <ul>
-     * <li>{@link PwPolicy#name} - Maps to name attribute of pwdPolicy object class being removed.</li>
-     * </ul>
-     *
-     * @param policy Object must contain {@link PwPolicy#name} of the policy entity to remove.
-     * @throws org.apache.directory.fortress.core.SecurityException In the event policy entity not found or system error.
-     */
-    @Override
-    public void delete(PwPolicy policy)
-        throws SecurityException
-    {
-        String methodName = "delete";
-        assertContext(CLS_NM, methodName, policy, GlobalErrIds.PSWD_PLCY_NULL);
-        policy.setAdminSession(adminSess);
-        setEntitySession(CLS_NM, methodName, policy);
-        policyP.delete(policy);
-    }
-
-
-    /**
-     * This method will return the password policy entity to the caller.  This command is valid
-     * if and only if the policy entry is present in the POLICIES data set.
-     * <h4>required parameters</h4>
-     * <ul>
-     * <li>{@link PwPolicy#name} - Maps to name attribute of pwdPolicy object class being read.</li>
-     * </ul>
-     *
-     * @return PswdPolicy entity returns fully populated with attributes.
-     * @return PswdPolicy entity returns fully populated with attributes.
-     * @throws SecurityException In the event policy entry not found, data validation or system error.
-     */
-    @Override
-    public PwPolicy read(String name)
-        throws SecurityException
-    {
-        String methodName = "read";
-        VUtil.assertNotNullOrEmpty(name, GlobalErrIds.PSWD_NAME_NULL, CLS_NM + "." + methodName);
-        checkAccess(CLS_NM, methodName);
-        PwPolicy policy = new PwPolicy(name);
-        policy.setContextId(this.contextId);
-        return policyP.read(policy);
-    }
-
-
-    /**
-     * This method will return a list of all password policy entities that match a particular search string.
-     * This command will return an empty list of no matching entries are found.
-     *
-     * @param searchVal String contains the leading chars of a policy entity.  This search is not case sensitive.
-     * @return List<PswdPolicy> contains all matching password policy entities. If no records found this will be empty.
-     * @throws SecurityException In the event of data validation or system error.
-     */
-    @Override
-    public List<PwPolicy> search(String searchVal)
-        throws SecurityException
-    {
-        String methodName = "search";
-        VUtil.assertNotNull(searchVal, GlobalErrIds.PSWD_NAME_NULL, CLS_NM + "." + methodName);
-        checkAccess(CLS_NM, methodName);
-        PwPolicy policy = new PwPolicy(searchVal);
-        policy.setContextId(this.contextId);
-        return policyP.search(policy);
-    }
-
-
-    /**
-     * This method will associate a user entity with a password policy entity.  This function is valid
-     * if and only if the user is a member of the USERS data set and the policyName refers to a
-     * policy that is a member of the PWPOLICIES data set.
-     *
-     * @param userId     Contains {@link org.apache.directory.fortress.core.model.User#userId} of a User entity in USERS data set.
-     * @param policyName String contains the {@link PwPolicy#name} of a pw policy entity contained within the PWPOLICIES data set.
-     * @throws SecurityException thrown in the event either user or policy not valid or system error.
-     */
-    @Override
-    public void updateUserPolicy(String userId, String policyName)
-        throws SecurityException
-    {
-        String methodName = "updateUserPolicy";
-        VUtil.assertNotNullOrEmpty(userId, GlobalErrIds.USER_NULL, CLS_NM + "." + methodName);
-        VUtil.assertNotNullOrEmpty(policyName, GlobalErrIds.PSWD_NAME_NULL, CLS_NM + "." + methodName);
-        User user = new User(userId);
-        user.setPwPolicy(policyName);
-        user.setAdminSession(adminSess);
-        setEntitySession(CLS_NM, methodName, user);
-        userP.update(user);
-    }
-
-
-    /**
-     * This method will remove the pw policy assignment from a user entity.  This function is valid
-     * if and only if the user is a member of the USERS data set and the policy attribute is assigned.
-     * Removal of pw policy assignment will revert the user's policy to use the global default for OpenLDAP
-     * instance that contains user.
-     *
-     * @param userId Contains {@link org.apache.directory.fortress.core.model.User#userId} of a User entity in USERS data set.
-     * @throws SecurityException Thrown in the event either user not valid or system error.
-     */
-    @Override
-    public void deletePasswordPolicy(String userId)
-        throws SecurityException
-    {
-        String methodName = "deletePasswordPolicy";
-        VUtil.assertNotNullOrEmpty(userId, GlobalErrIds.USER_NULL, CLS_NM + "." + methodName);
-        User user = new User(userId);
-        user.setAdminSession(adminSess);
-        setEntitySession(CLS_NM, methodName, user);
-        userP.deletePwPolicy(user);
-    }
-}
-


Mime
View raw message