directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject [02/10] directory-fortress-core git commit: Fixed the Javadoc
Date Wed, 06 Jan 2016 15:51:11 GMT
Fixed the Javadoc

Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/f7dd2497
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/f7dd2497
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/f7dd2497

Branch: refs/heads/master
Commit: f7dd2497250f87074370d88feef2c0e84067b78c
Parents: b2a5229
Author: Emmanuel L├ęcharny <elecharny@symas.com>
Authored: Wed Jan 6 07:40:10 2016 +0100
Committer: Emmanuel L├ęcharny <elecharny@symas.com>
Committed: Wed Jan 6 07:40:10 2016 +0100

----------------------------------------------------------------------
 .../directory/fortress/core/DelAccessMgr.java   | 68 ++++++++++++--------
 .../fortress/core/DelAccessMgrFactory.java      |  3 +-
 2 files changed, 41 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f7dd2497/src/main/java/org/apache/directory/fortress/core/DelAccessMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/DelAccessMgr.java b/src/main/java/org/apache/directory/fortress/core/DelAccessMgr.java
index c9eefb1..6dbe186 100755
--- a/src/main/java/org/apache/directory/fortress/core/DelAccessMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/DelAccessMgr.java
@@ -31,18 +31,22 @@ import java.util.Set;
 
 
 /**
- * This interface prescribes the API for performing runtime delegated access control operations
on objects that are provisioned Fortress ARBAC entities
- * that reside in LDAP directory.
- * These APIs map directly to similar named APIs specified by ARBAC02 functions.  The ARBAC
Functional specification describes delegated administrative
- * operations for the creation and maintenance of ARBAC element sets and relations.  Delegated
administrative review functions for performing administrative queries
- * and system functions for creating and managing ARBAC attributes on user sessions and making
delegated administrative access control decisions.
+ * This interface prescribes the API for performing runtime delegated access control operations
on objects that are 
+ * provisioned Fortress ARBAC entities that reside in LDAP directory.
+ * These APIs map directly to similar named APIs specified by ARBAC02 functions.  The ARBAC
Functional specification 
+ * describes delegated administrative operations for the creation and maintenance of ARBAC
element sets and relations.  
+ * Delegated administrative review functions for performing administrative queries and system
functions for creating and 
+ * managing ARBAC attributes on user sessions and making delegated administrative access
control decisions.
  * <h3>Administrative Role Based Access Control (ARBAC)</h3>
- * <img src="./doc-files/ARbac.png">
- * <p/>
- * Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration.
 ARBAC provides large enterprises the capability to delegate administrative authority to users
that reside outside of the security admin group.
- * Decentralizing administration helps because it provides security provisioning capability
to work groups without sacrificing regulations for accountability or traceability.
- * <p/>
- * This interface's implementer will NOT be thread safe if parent instance variables ({@link
Manageable#setContextId(String)} or {@link Manageable#setAdmin(org.apache.directory.fortress.core.model.Session)})
are set.
+ * <img src="./doc-files/ARbac.png" alt="">
+ * <p>
+ * Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration.
 ARBAC provides large enterprises 
+ * the capability to delegate administrative authority to users that reside outside of the
security admin group.
+ * Decentralizing administration helps because it provides security provisioning capability
to work groups without 
+ * sacrificing regulations for accountability or traceability.
+ * <p>
+ * This interface's implementer will NOT be thread safe if parent instance variables ({@link
Manageable#setContextId(String)} 
+ * or {@link Manageable#setAdmin(org.apache.directory.fortress.core.model.Session)}) are
set.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
@@ -52,7 +56,8 @@ public interface DelAccessMgr extends Manageable
      * This function will determine if the user contains an AdminRole that is authorized
assignment control over
      * User-Role Assignment (URA).  This adheres to the ARBAC02 functional specification
for can-assign URA.
      *
-     * @param session This object must be instantiated by calling {@link AccessMgr#createSession(org.apache.directory.fortress.core.model.User,
boolean)} before passing into the method.  No variables need to be set by client after returned
from createSession.
+     * @param session This object must be instantiated by calling 
+     * {@link AccessMgr#createSession(org.apache.directory.fortress.core.model.User, boolean)}
before passing into the method.  No variables need to be set by client after returned from
createSession.
      * @param user    Instantiated User entity requires only valid userId attribute set.
      * @param role    Instantiated Role entity requires only valid role name attribute set.
      * @return boolean value true indicates access allowed.
@@ -67,7 +72,9 @@ public interface DelAccessMgr extends Manageable
      * This function will determine if the user contains an AdminRole that is authorized
revoke control over
      * User-Role Assignment (URA).  This adheres to the ARBAC02 functional specification
for can-revoke URA.
      *
-     * @param session This object must be instantiated by calling {@link AccessMgr#createSession}
method before passing into the method.  No variables need to be set by client after returned
from createSession.     * @param user    Instantiated User entity requires only valid userId
attribute set.
+     * @param session This object must be instantiated by calling {@link AccessMgr#createSession}
method before passing into 
+     * the method.  No variables need to be set by client after returned from createSession.
    
+     * @param user    Instantiated User entity requires only valid userId attribute set.
      * @param role    Instantiated Role entity requires only valid role name attribute set.
      * @return boolean value true indicates access allowed.
      * @throws SecurityException
@@ -81,7 +88,9 @@ public interface DelAccessMgr extends Manageable
      * This function will determine if the user contains an AdminRole that is authorized
assignment control over
      * Permission-Role Assignment (PRA).  This adheres to the ARBAC02 functional specification
for can-assign-p PRA.
      *
-     * @param session This object must be instantiated by calling {@link AccessMgr#createSession}
method before passing into the method.  No variables need to be set by client after returned
from createSession.     * @param perm    Instantiated Permission entity requires valid object
name and operation name attributes set.
+     * @param session This object must be instantiated by calling {@link AccessMgr#createSession}
method before passing 
+     * into the method.  No variables need to be set by client after returned from createSession.
    
+     * @param perm    Instantiated Permission entity requires valid object name and operation
name attributes set.
      * @param role    Instantiated Role entity requires only valid role name attribute set.
      * @return boolean value true indicates access allowed.
      * @throws SecurityException
@@ -95,7 +104,9 @@ public interface DelAccessMgr extends Manageable
      * This function will determine if the user contains an AdminRole that is authorized
revoke control over
      * Permission-Role Assignment (PRA).  This adheres to the ARBAC02 functional specification
for can-revoke-p PRA.
      *
-     * @param session This object must be instantiated by calling {@link AccessMgr#createSession}
method before passing into the method.  No variables need to be set by client after returned
from createSession.     * @param perm    Instantiated Permission entity requires valid object
name and operation name attributes set.
+     * @param session This object must be instantiated by calling {@link AccessMgr#createSession}
method before passing 
+     * into the method.  No variables need to be set by client after returned from createSession.
    
+     * @param perm    Instantiated Permission entity requires valid object name and operation
name attributes set.
      * @param role    Instantiated Role entity requires only valid role name attribute set.
      * @return boolean value true indicates access allowed.
      * @throws SecurityException In the event of data validation error (i.e. invalid perm
or role name) or system error.
@@ -113,9 +124,10 @@ public interface DelAccessMgr extends Manageable
      * one of the session's active roles. This implementation will verify the roles or userId
correspond
      * to the subject's active roles are registered in the object's access control list.
      *
-     * @param perm    object contains obj attribute which is a String and contains the name
of the object user is trying to access;
-     *                perm object contains operation attribute which is also a String and
contains the operation name for the object.
-     * @param session This object must be instantiated by calling {@link AccessMgr#createSession}
method before passing into the method.  No variables need to be set by client after returned
from createSession.
+     * @param perm    object contains obj attribute which is a String and contains the name
of the object user is trying to 
+     * access; perm object contains operation attribute which is also a String and contains
the operation name for the object.
+     * @param session This object must be instantiated by calling {@link AccessMgr#createSession}
method before passing into 
+     * the method.  No variables need to be set by client after returned from createSession.
      * @return True of user has access, false otherwise.
      * @throws SecurityException
      *          is thrown if runtime error occurs with system.
@@ -129,11 +141,11 @@ public interface DelAccessMgr extends Manageable
      * <p>
      * The function is valid if and only if:
      * <ul>
-     * <li> the user is a member of the USERS data set
-     * <li> the role is a member of the ADMIN ROLES data set
-     * <li> the session is a valid Fortress session
-     * <li> the user is authorized to that admin role
-     * <li> the session is owned by that user.
+     *   <li>the user is a member of the USERS data set</li>
+     *   <li>the role is a member of the ADMIN ROLES data set</li>
+     *   <li>the session is a valid Fortress session</li>
+     *   <li>the user is authorized to that admin role</li>
+     *   <li>the session is owned by that user.</li>
      * </ul>
      * <p>
      *
@@ -165,7 +177,7 @@ public interface DelAccessMgr extends Manageable
      * and only if the session is a valid Fortress session.
      *
      * @param session object contains the user's returned ARBAC session from the createSession
method.
-     * @return List<UserAdminRole> containing all adminRoles active in user's session.
 This will NOT contain inherited roles.
+     * @return List&lt;UserAdminRole&gt; containing all adminRoles active in user's
session.  This will NOT contain inherited roles.
      * @throws SecurityException
      *          is thrown if session invalid or system. error.
      */
@@ -174,11 +186,11 @@ public interface DelAccessMgr extends Manageable
 
 
     /**
-     * This function returns the authorized admin roles associated with a session based on
hierarchical relationships. The function is valid if
-     * and only if the session is a valid Fortress session.
+     * This function returns the authorized admin roles associated with a session based on
hierarchical relationships. 
+     * The function is valid if and only if the session is a valid Fortress session.
      *
      * @param session object contains the user's returned ARBAC session from the createSession
method.
-     * @return Set<String> containing all adminRoles authorized in user's session.
 This will contain inherited roles.
+     * @return Set&lt;String&gt; containing all adminRoles authorized in user's session.
 This will contain inherited roles.
      * @throws SecurityException is thrown if session invalid or system. error.
      */
     Set<String> authorizedAdminRoles( Session session )
@@ -190,7 +202,7 @@ public interface DelAccessMgr extends Manageable
      * to its authorized admin roles. The function is valid if and only if the session is
a valid Fortress session.
      *
      * @param session object contains the user's returned ARBAC session from the createSession
method.
-     * @return List<Permission> containing admin permissions (op, obj) active for user's
session.
+     * @return List&lt;Permission&gt; containing admin permissions (op, obj) active
for user's session.
      * @throws SecurityException in the event runtime error occurs with system.
      */
     List<Permission> sessionPermissions( Session session )

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f7dd2497/src/main/java/org/apache/directory/fortress/core/DelAccessMgrFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/DelAccessMgrFactory.java b/src/main/java/org/apache/directory/fortress/core/DelAccessMgrFactory.java
index d86fb6f..2b5b555 100755
--- a/src/main/java/org/apache/directory/fortress/core/DelAccessMgrFactory.java
+++ b/src/main/java/org/apache/directory/fortress/core/DelAccessMgrFactory.java
@@ -29,10 +29,9 @@ import org.apache.directory.fortress.core.util.VUtil;
 
 /**
  * Creates an instance of the DelAccessMgr object.
- * <p/>
+ * <p>
  * The default implementation class is specified as {@link DelAccessMgrImpl} but can be overridden
by
  * adding the {@link GlobalIds#DELEGATED_ACCESS_IMPLEMENTATION} config property.
- * <p/>
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */


Mime
View raw message