directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject [03/10] directory-fortress-core git commit: Fixed the Javadoc
Date Wed, 06 Jan 2016 15:51:12 GMT
Fixed the Javadoc

Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/d73afb53
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/d73afb53
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/d73afb53

Branch: refs/heads/master
Commit: d73afb53566d35af321f40215c587a3f82ac94d2
Parents: f7dd249
Author: Emmanuel L├ęcharny <elecharny@symas.com>
Authored: Wed Jan 6 08:30:21 2016 +0100
Committer: Emmanuel L├ęcharny <elecharny@symas.com>
Committed: Wed Jan 6 08:30:21 2016 +0100

----------------------------------------------------------------------
 .../directory/fortress/core/DelAdminMgr.java    | 809 +++++++++++++------
 1 file changed, 556 insertions(+), 253 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/d73afb53/src/main/java/org/apache/directory/fortress/core/DelAdminMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/DelAdminMgr.java b/src/main/java/org/apache/directory/fortress/core/DelAdminMgr.java
index bc86a17..e1586c1 100755
--- a/src/main/java/org/apache/directory/fortress/core/DelAdminMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/DelAdminMgr.java
@@ -31,17 +31,20 @@ import org.apache.directory.fortress.core.model.User;
 /**
  * This class prescribes the ARBAC02 DelAdminMgr interface for performing policy administration of Fortress ARBAC entities
  * that reside in LDAP directory.
- * These APIs map directly to similar named APIs specified by ARBAC02 functions.  The ARBAC Functional specification describes delegated administrative
- * operations for the creation and maintenance of ARBAC element sets and relations.  Delegated administrative review functions for performing administrative queries
- * and system functions for creating and managing ARBAC attributes on user sessions and making delegated administrative access control decisions.
- * <p/>
+ * These APIs map directly to similar named APIs specified by ARBAC02 functions.  The ARBAC Functional specification 
+ * describes delegated administrative operations for the creation and maintenance of ARBAC element sets and relations.  
+ * Delegated administrative review functions for performing administrative queries and system functions for creating and 
+ * managing ARBAC attributes on user sessions and making delegated administrative access control decisions.
  * <h3>Administrative Role Based Access Control (ARBAC)</h3>
- * <img src="./doc-files/ARbac.png">
- * <p/>
- * Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration.  ARBAC provides large enterprises the capability to delegate administrative authority to users that reside outside of the security admin group.
- * Decentralizing administration helps because it provides security provisioning capability to work groups without sacrificing regulations for accountability or traceability.
- * <p/>
- * This interface's implementer will NOT be thread safe if parent instance variables ({@link Manageable#setContextId(String)} or {@link Manageable#setAdmin(org.apache.directory.fortress.core.model.Session)}) are set.
+ * <img src="./doc-files/ARbac.png" alt="">
+ * <p>
+ * Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration.  ARBAC provides large enterprises 
+ * the capability to delegate administrative authority to users that reside outside of the security admin group.
+ * Decentralizing administration helps because it provides security provisioning capability to work groups without 
+ * sacrificing regulations for accountability or traceability.
+ * <p>
+ * This interface's implementer will NOT be thread safe if parent instance variables ({@link Manageable#setContextId(String)} 
+ * or {@link Manageable#setAdmin(org.apache.directory.fortress.core.model.Session)}) are set.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
@@ -51,33 +54,55 @@ public interface DelAdminMgr extends Manageable
      * This command creates a new admin role. The command is valid if and only if the new admin role is not
      * already a member of the ADMIN ROLES data set. The ADMIN ROLES data set is updated.
      * Initially, no user or permission is assigned to the new role.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link AdminRole#name} - contains the name of the new AdminRole being targeted for addition to LDAP</li>
+     *   <li>{@link AdminRole#name} - contains the name of the new AdminRole being targeted for addition to LDAP</li>
      * </ul>
-     * <p/>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link AdminRole#description} - contains any safe text</li>
-     * <li>{@link AdminRole#osPs} * - multi-occurring attribute used to set associations to existing PERMS OrgUnits</li>
-     * <li>{@link AdminRole#osUs} * - multi-occurring attribute used to set associations to existing USERS OrgUnits</li>
-     * <li>{@link AdminRole#beginRange} - contains the name of an existing RBAC Role that represents the lowest role in hierarchy that administrator (whoever has this AdminRole activated) controls</li>
-     * <li>{@link AdminRole#endRange} - contains the name of an existing RBAC Role that represents that highest role in hierarchy that administrator may control</li>
-     * <li>{@link AdminRole#beginInclusive} - if 'true' the RBAC Role specified in beginRange is also controlled by the posessor of this AdminRole</li>
-     * <li>{@link AdminRole#endInclusive} - if 'true' the RBAC Role specified in endRange is also controlled by the administratrator</li>
-     * <li>{@link AdminRole#beginTime} - HHMM - determines begin hour adminRole may be activated into user's ARBAC session</li>
-     * <li>{@link AdminRole#endTime} - HHMM - determines end hour adminRole may be activated into user's ARBAC session.</li>
-     * <li>{@link AdminRole#beginDate} - YYYYMMDD - determines date when adminRole may be activated into user's ARBAC session</li>
-     * <li>{@link AdminRole#endDate} - YYYYMMDD - indicates latest date adminRole may be activated into user's ARBAC session</li>
-     * <li>{@link AdminRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
-     * <li>{@link AdminRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
-     * <li>{@link AdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's ARBAC session</li>
+     *   <li>{@link AdminRole#description} - contains any safe text</li>
+     *   <li>{@link AdminRole#osPs} * - multi-occurring attribute used to set associations to existing PERMS OrgUnits</li>
+     *   <li>{@link AdminRole#osUs} * - multi-occurring attribute used to set associations to existing USERS OrgUnits</li>
+     *   <li>
+     *     {@link AdminRole#beginRange} - contains the name of an existing RBAC Role that represents the lowest role in 
+     *     hierarchy that administrator (whoever has this AdminRole activated) controls
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#endRange} - contains the name of an existing RBAC Role that represents that highest role in 
+     *     hierarchy that administrator may control
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#beginInclusive} - if 'true' the RBAC Role specified in beginRange is also controlled by the 
+     *     possessor of this AdminRole
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#endInclusive} - if 'true' the RBAC Role specified in endRange is also controlled by the 
+     *     administrator
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#beginTime} - HHMM - determines begin hour adminRole may be activated into user's ARBAC session
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#endTime} - HHMM - determines end hour adminRole may be activated into user's ARBAC session.
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#beginDate} - YYYYMMDD - determines date when adminRole may be activated into user's ARBAC 
+     *     session
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#endDate} - YYYYMMDD - indicates latest date adminRole may be activated into user's ARBAC 
+     *     session
+     *   </li>
+     *   <li>{@link AdminRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     *   <li>{@link AdminRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     *   <li>{@link AdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated 
+     *   into user's ARBAC session</li>
      * </ul>
      *
      * @param role Contains role name and description.
      * @return AdminRole contains reference to entity added.
-     * @throws SecurityException
-     *          thrown in the event of data validation or system error.
+     * @throws SecurityException thrown in the event of data validation or system error.
      */
     AdminRole addRole( AdminRole role )
         throws SecurityException;
@@ -87,15 +112,14 @@ public interface DelAdminMgr extends Manageable
      * This command deletes an existing admin role from the ARBAC database. The command is valid
      * if and only if the role to be deleted is a member of the ADMIN ROLES data set.  This command will
      * also deassign role from all users.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link AdminRole#name} - contains the name of the new AdminRole being targeted for removal</li>
+     *   <li>{@link AdminRole#name} - contains the name of the new AdminRole being targeted for removal</li>
      * </ul>
-     * <p/>
      *
      * @param role Contains role name.
-     * @throws SecurityException
-     *          Thrown in the event of data validation or system error.
+     * @throws SecurityException Thrown in the event of data validation or system error.
      */
     void deleteRole( AdminRole role )
         throws SecurityException;
@@ -103,33 +127,55 @@ public interface DelAdminMgr extends Manageable
 
     /**
      * Method will update an AdminRole entity in the directory.  The role must exist in directory prior to this call.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link AdminRole#name} - contains the name of the new AdminRole being targeted for updating</li>
+     *   <li>{@link AdminRole#name} - contains the name of the new AdminRole being targeted for updating</li>
      * </ul>
-     * <p/>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link AdminRole#description} - contains any safe text</li>
-     * <li>{@link AdminRole#osPs} * - multi-occurring attribute used to set associations to existing PERMS OrgUnits</li>
-     * <li>{@link AdminRole#osUs} * - multi-occurring attribute used to set associations to existing USERS OrgUnits</li>
-     * <li>{@link AdminRole#beginRange} - contains the name of an existing RBAC Role that represents the lowest role in hierarchy that administrator (whoever has this AdminRole activated) controls</li>
-     * <li>{@link AdminRole#endRange} - contains the name of an existing RBAC Role that represents that highest role in hierarchy that administrator may control</li>
-     * <li>{@link AdminRole#beginInclusive} - if 'true' the RBAC Role specified in beginRange is also controlled by the posessor of this AdminRole</li>
-     * <li>{@link AdminRole#endInclusive} - if 'true' the RBAC Role specified in endRange is also controlled by the administratrator</li>
-     * <li>{@link AdminRole#beginTime} - HHMM - determines begin hour adminRole may be activated into user's ARBAC session</li>
-     * <li>{@link AdminRole#endTime} - HHMM - determines end hour adminRole may be activated into user's ARBAC session.</li>
-     * <li>{@link AdminRole#beginDate} - YYYYMMDD - determines date when adminRole may be activated into user's ARBAC session</li>
-     * <li>{@link AdminRole#endDate} - YYYYMMDD - indicates latest date adminRole may be activated into user's ARBAC session</li>
-     * <li>{@link AdminRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
-     * <li>{@link AdminRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
-     * <li>{@link AdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's ARBAC session</li>
+     *   <li>{@link AdminRole#description} - contains any safe text</li>
+     *   <li>{@link AdminRole#osPs} * - multi-occurring attribute used to set associations to existing PERMS OrgUnits</li>
+     *   <li>{@link AdminRole#osUs} * - multi-occurring attribute used to set associations to existing USERS OrgUnits</li>
+     *   <li>
+     *     {@link AdminRole#beginRange} - contains the name of an existing RBAC Role that represents the lowest role in 
+     *     hierarchy that administrator (whoever has this AdminRole activated) controls
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#endRange} - contains the name of an existing RBAC Role that represents that highest role in 
+     *     hierarchy that administrator may control
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#beginInclusive} - if 'true' the RBAC Role specified in beginRange is also controlled by the 
+     *     possessor of this AdminRole
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#endInclusive} - if 'true' the RBAC Role specified in endRange is also controlled by the 
+     *     administrator
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#beginTime} - HHMM - determines begin hour adminRole may be activated into user's ARBAC session
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#endTime} - HHMM - determines end hour adminRole may be activated into user's ARBAC session.
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#beginDate} - YYYYMMDD - determines date when adminRole may be activated into user's ARBAC session
+     *   </li>
+     *   <li>
+     *     {@link AdminRole#endDate} - YYYYMMDD - indicates latest date adminRole may be activated into user's ARBAC session
+     *   </li>
+     *   <li>{@link AdminRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     *   <li>{@link AdminRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     *   <li>
+     *     {@link AdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into 
+     *     user's ARBAC session
+     *   </li>
      * </ul>
      *
      * @param role Contains role name and new description.
      * @return AdminRole contains reference to entity operated on.
-     * @throws SecurityException
-     *          Thrown in the event of data validation or system error.
+     * @throws SecurityException Thrown in the event of data validation or system error.
      */
     AdminRole updateRole( AdminRole role )
         throws SecurityException;
@@ -138,60 +184,86 @@ public interface DelAdminMgr extends Manageable
     /**
      * This command assigns a user to an admin role.
      * Successful completion of this op, the following occurs:
-     * <p>
      * <ul>
-     * <li> User entity (resides in people container) has role assignment added to aux object class attached to actual user record.
-     * <li> AdminRole entity (resides in admin role container) has userId added as role occupant.
-     * <li> (optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
-     * <ul>
-     * <li> timeout - number in seconds of session inactivity time allowed.
-     * <li> beginDate - YYYYMMDD - determines date when role may be activated.
-     * <li> endDate - YYMMDD - indicates latest date role may be activated.
-     * <li> beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
-     * <li> endLockDate - YYMMDD - determines end of enforced inactive status.
-     * <li> beginTime - HHMM - determines begin hour role may be activated in user's session.
-     * <li> endTime - HHMM - determines end hour role may be activated in user's session.*
-     * <li> dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.
-     * </ul>
-     * </ul>
+     *   <li>
+     *     User entity (resides in people container) has role assignment added to aux object class attached to actual user 
+     *     record.
+     *   </li>
+     *   <li>AdminRole entity (resides in admin role container) has userId added as role occupant.</li>
+     *   <li>(optional) Temporal constraints may be associated with <code>ftUserAttrs</code> aux object class based on:
+     *     <ul>
+     *       <li>timeout - number in seconds of session inactivity time allowed.</li>
+     *       <li>beginDate - YYYYMMDD - determines date when role may be activated.</li>
+     *       <li>endDate - YYMMDD - indicates latest date role may be activated.</li>
+     *       <li>beginLockDate - YYYYMMDD - determines beginning of enforced inactive status</li>
+     *       <li>endLockDate - YYMMDD - determines end of enforced inactive status.</li>
+     *       <li>beginTime - HHMM - determines begin hour role may be activated in user's session.</li>
+     *       <li>endTime - HHMM - determines end hour role may be activated in user's session.*</li>
+     *       <li>dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of week role may be activated.</li>
+     *     </ul>
+     *   </li>
+     * </ul>
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link UserAdminRole#name} - contains the name for already existing AdminRole to be assigned</li>
-     * <li>{@link UserAdminRole#userId} - contains the userId for existing User</li>
+     *   <li>{@link UserAdminRole#name} - contains the name for already existing AdminRole to be assigned</li>
+     *   <li>{@link UserAdminRole#userId} - contains the userId for existing User</li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link UserAdminRole#beginTime} - HHMM - determines begin hour AdminRole may be activated into user's RBAC session</li>
-     * <li>{@link UserAdminRole#endTime} - HHMM - determines end hour AdminRole may be activated into user's RBAC session.</li>
-     * <li>{@link UserAdminRole#beginDate} - YYYYMMDD - determines date when AdminRole may be activated into user's RBAC session</li>
-     * <li>{@link UserAdminRole#endDate} - YYYYMMDD - indicates latest date AdminRole may be activated into user's RBAC session</li>
-     * <li>{@link UserAdminRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
-     * <li>{@link UserAdminRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
-     * <li>{@link UserAdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's ARBAC session</li>
+     *   <li>
+     *     {@link UserAdminRole#beginTime} - HHMM - determines begin hour AdminRole may be activated into user's RBAC session
+     *   </li>
+     *   <li>
+     *     {@link UserAdminRole#endTime} - HHMM - determines end hour AdminRole may be activated into user's RBAC session.
+     *   </li>
+     *   <li>
+     *     {@link UserAdminRole#beginDate} - YYYYMMDD - determines date when AdminRole may be activated into user's RBAC 
+     *     session
+     *   </li>
+     *   <li>
+     *     {@link UserAdminRole#endDate} - YYYYMMDD - indicates latest date AdminRole may be activated into user's RBAC 
+     *     session
+     *   </li>
+     *   <li>{@link UserAdminRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     *   <li>{@link UserAdminRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     *   <li>
+     *     {@link UserAdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated 
+     *     into user's ARBAC session
+     *   </li>
      * </ul>
      *
-     * @param uAdminRole entity contains {@link org.apache.directory.fortress.core.model.User#userId} and {@link org.apache.directory.fortress.core.model.AdminRole#name} and optional {@code Constraints}..
-     * @throws SecurityException
-     *          in the event data error in user or role objects or system error.
+     * @param uAdminRole entity contains {@link org.apache.directory.fortress.core.model.User#userId} and 
+     * {@link org.apache.directory.fortress.core.model.AdminRole#name} and optional {@code Constraints}..
+     * @throws SecurityException in the event data error in user or role objects or system error.
      */
     void assignUser( UserAdminRole uAdminRole )
         throws SecurityException;
 
 
     /**
-     * This method removes assigned admin role from user entity.  Both user and admin role entities must exist and have role relationship
-     * before calling this method.
+     * This method removes assigned admin role from user entity.  Both user and admin role entities must exist and have role 
+     * relationship before calling this method.
      * Successful completion:
+     * <pre>
      * del Role to User assignment in User data set
      * AND
      * User to Role assignment in Admin Role data set.
+     * </pre>
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.UserAdminRole#name} - contains the name for already existing AdminRole to be deassigned</li>
-     * <li>{@link org.apache.directory.fortress.core.model.UserAdminRole#userId} - contains the userId for existing User</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.UserAdminRole#name} - contains the name for already existing 
+     *     AdminRole to be deassigned
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.UserAdminRole#userId} - contains the userId for existing User
+     *   </li>
      * </ul>
      *
-     * @param uAdminRole entity contains {@link org.apache.directory.fortress.core.model.User#userId} and {@link org.apache.directory.fortress.core.model.AdminRole#name}.
+     * @param uAdminRole entity contains {@link org.apache.directory.fortress.core.model.User#userId} and 
+     * {@link org.apache.directory.fortress.core.model.AdminRole#name}.
      * @throws SecurityException - in the event data error in user or role objects or system error.
      */
     void deassignUser( UserAdminRole uAdminRole )
@@ -201,20 +273,27 @@ public interface DelAdminMgr extends Manageable
     /**
      * Commands adds a new OrgUnit entity to OrgUnit dataset.  The OrgUnit can be either User or Perm and is
      * set by setting type attribute.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new USERS or PERMS OrgUnit to be added</li>
-     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OU:  {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new USERS or PERMS OrgUnit 
+     *     to be added
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OU:  
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}
+     *   </li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#description} - contains any safe text</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.OrgUnit#description} - contains any safe text</li>
      * </ul>
      *
      * @param entity contains OrgUnit name and type.
      * @return OrgUnit contains reference to entity added.
-     * @throws SecurityException
-     *          in the event of data validation or system error.
+     * @throws SecurityException in the event of data validation or system error.
      */
     OrgUnit add( OrgUnit entity )
         throws SecurityException;
@@ -223,20 +302,27 @@ public interface DelAdminMgr extends Manageable
     /**
      * Commands updates existing OrgUnit entity to OrgUnit dataset.  The OrgUnit can be either User or Perm and is
      * set by setting type attribute.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new USERS or PERMS OrgUnit to be updated</li>
-     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OU:  {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new USERS or PERMS OrgUnit 
+     *     to be updated
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OU:  
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}
+     *   </li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#description} - contains any safe text</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.OrgUnit#description} - contains any safe text</li>
      * </ul>
      *
      * @param entity contains OrgUnit name and type.
      * @return OrgUnit contains reference to entity operated on.
-     * @throws SecurityException
-     *          in the event of data validation or system error.
+     * @throws SecurityException in the event of data validation or system error.
      */
     OrgUnit update( OrgUnit entity )
         throws SecurityException;
@@ -245,16 +331,23 @@ public interface DelAdminMgr extends Manageable
     /**
      * Commands deletes existing OrgUnit entity to OrgUnit dataset.  The OrgUnit can be either User or Perm and is
      * set by setting type attribute.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new USERS or PERMS OrgUnit to be removed</li>
-     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OU:  {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new USERS or PERMS OrgUnit 
+     *     to be removed
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OU:  
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}
+     *   </li>
      * </ul>
      *
      * @param entity contains OrgUnit name and type.
      * @return OrgUnit contains reference to entity operated on.
-     * @throws SecurityException
-     *          in the event of data validation or system error.
+     * @throws SecurityException in the event of data validation or system error.
      */
     OrgUnit delete( OrgUnit entity )
         throws SecurityException;
@@ -266,30 +359,42 @@ public interface DelAdminMgr extends Manageable
      * <p>
      * The command is valid if and only if:
      * <ul>
-     * <li> The child orgunit is not a member of the ORGUNITS data set.
-     * <li> The parent orgunit is a member of the ORGUNITS data set.
+     *   <li>The child orgunit is not a member of the ORGUNITS data set.</li>
+     *   <li>The parent orgunit is a member of the ORGUNITS data set.</li>
      * </ul>
-     * <p>
      * <p> This method:
      * <ul>
-     * <li> Adds new orgunit.
-     * <li> Assigns orgunit relationship between new child and pre-existing parent.
+     *   <li>Adds new orgunit.</li>
+     *   <li>Assigns orgunit relationship between new child and pre-existing parent.</li>
      * </ul>
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to be parent</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OrgUnit targeted: {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new OrgUnit to be child</li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit 
+     *     to be parent
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OrgUnit targeted:
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new OrgUnit to be 
+     *     child
+     *   </li>
      * </ul>
      * <h4>optional parameters child</h4>
      * <ul>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.OrgUnit#description} - maps to description attribute on organizationalUnit object class for new child</li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.OrgUnit#description} - maps to description attribute 
+     *     on organizationalUnit object class for new child
+     *   </li>
      * </ul>
      *
      * @param parent This entity must be present in ORGUNIT data set.  Success will add rel with child.
      * @param child  This entity must not be present in ORGUNIT data set.  Success will add the new entity to ORGUNIT data set.
-     * @throws SecurityException
-     *          thrown in the event of data validation or system error.
+     * @throws SecurityException thrown in the event of data validation or system error.
      */
     void addDescendant( OrgUnit parent, OrgUnit child )
         throws SecurityException;
@@ -301,81 +406,116 @@ public interface DelAdminMgr extends Manageable
      * <p>
      * The command is valid if and only if:
      * <ul>
-     * <li> The parent is not a member of the ORGUNITS data set.
-     * <li> The child is a member of the ORGUNITS data set.
+     *   <li>The parent is not a member of the ORGUNITS data set.</li>
+     *   <li>The child is a member of the ORGUNITS data set.</li>
      * </ul>
      * <p>
-     * <p> This method:
+     * This method:
      * <ul>
-     * <li> Adds new orgunit.
-     * <li> Assigns orgunit relationship between new parent and pre-existing child.
+     *   <li>Adds new orgunit.</li>
+     *   <li>Assigns orgunit relationship between new parent and pre-existing child.</li>
      * </ul>
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>child - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to be parent</li>
-     * <li>parent - {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OrgUnit targeted: {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}</li>
-     * <li>parent - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new OrgUnit to be child</li>
+     *   <li>
+     *     child - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to 
+     *     be parent
+     *   </li>
+     *   <li>
+     *     parent - {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OrgUnit targeted: 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}
+     *   </li>
+     *   <li>
+     *     parent - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of new OrgUnit to be 
+     *     child
+     *   </li>
      * </ul>
      * <h4>optional parameters child</h4>
      * <ul>
-     * <li>parent - {@link OrgUnit#description} - maps to description attribute on organizationalUnit object class for new child</li>
+     *   <li>
+     *     parent - {@link OrgUnit#description} - maps to description attribute on organizationalUnit object class for new 
+     *     child
+     *   </li>
      * </ul>
      *
      * @param parent completion of op assigns new child relationship with child orgunit.
      * @param child  completion of op assigns new parent relationship with parent orgunit.
-     * @throws SecurityException
-     *          thrown in the event of data validation or system error.
+     * @throws SecurityException thrown in the event of data validation or system error.
      */
     void addAscendant( OrgUnit child, OrgUnit parent )
         throws SecurityException;
 
 
     /**
-     * This command establishes a new immediate inheritance relationship with parent orgunit <<-- child orgunit
-     * <p/>
+     * This command establishes a new immediate inheritance relationship with parent orgunit &lt;&lt;-- child orgunit
+     * <p>
      * The command is valid if and only if:
      * <ul>
-     * <li> The parent and child are members of the ORGUNITS data set.
-     * <li> The parent is not an immediate ascendant of child.
-     * <li> The child does not properly inherit parent (in order to avoid cycle creation).
+     *   <li> The parent and child are members of the ORGUNITS data set.</li>
+     *   <li> The parent is not an immediate ascendant of child.</li>
+     *   <li> The child does not properly inherit parent (in order to avoid cycle creation).</li>
      * </ul>
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>parent - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to be parent</li>
-     * <li>parent - {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OrgUnit targeted: {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}</li>
-     * <li>child - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to be child</li>
+     *   <li>
+     *     parent - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to 
+     *     be parent
+     *   </li>
+     *   <li>
+     *     parent - {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OrgUnit targeted: 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}
+     *   </li>
+     *   <li>
+     *     child - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to 
+     *     be child
+     *   </li>
      * </ul>
      *
      * @param parent completion of op deassigns child relationship with child orgunit.
      * @param child  completion of op deassigns parent relationship with parent orgunit.
-     * @throws SecurityException
-     *          thrown in the event of data validation or system error.
+     * @throws SecurityException thrown in the event of data validation or system error.
      */
     void addInheritance( OrgUnit parent, OrgUnit child )
         throws SecurityException;
 
 
     /**
-     * This command deletes an existing immediate inheritance relationship parent <<-- child.
-     * <p/>
+     * This command deletes an existing immediate inheritance relationship parent &lt;&lt;-- child.
+     * <p>
      * The command is valid if and only if:
      * <ul>
-     * <li> The orgunits parent and child are members of the ORGUNITS data set.
-     * <li> The parent is an immediate ascendant of child.
-     * <li> The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
-     * relation resulted after deleting the relationship parent <<-- child.
+     *   <li>The orgunits parent and child are members of the ORGUNITS data set.</li>
+     *   <li>The parent is an immediate ascendant of child.</li>
+     *   <li>
+     *     The new inheritance relation is computed as the reflexive-transitive closure of the immediate inheritance
+     *     relation resulted after deleting the relationship parent &lt;&lt;-- child.
+     *   </li>
      * </ul>
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>parent - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to remove as parent</li>
-     * <li>parent - {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OrgUnit targeted: {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}</li>
-     * <li>child - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to remove as child</li>
+     *   <li>
+     *     parent - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to 
+     *     remove as parent
+     *   </li>
+     *   <li>
+     *     parent - {@link org.apache.directory.fortress.core.model.OrgUnit#type} - contains the type of OrgUnit targeted: 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} or 
+     *     {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}
+     *   </li>
+     *   <li>
+     *     child - {@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains the name of existing OrgUnit to 
+     *     remove as child
+     *   </li>
      * </ul>
      *
      * @param parent completion of op removes child relationship with childRole.
      * @param child  completion of op removes parent relationship with parentRole.
-     * @throws SecurityException
-     *          thrown in the event of data validation or system error.
+     * @throws SecurityException thrown in the event of data validation or system error.
      */
     void deleteInheritance( OrgUnit parent, OrgUnit child )
         throws SecurityException;
@@ -383,33 +523,66 @@ public interface DelAdminMgr extends Manageable
 
     /**
      * This command creates a new role childRole, and inserts it in the role hierarchy as an immediate descendant of
-     * the existing role parentRole. The command is valid if and only if childRole is not a member of the ADMINROLES data set,
-     * and parentRole is a member of the ADMINROLES data set.
-     * <p/>
+     * the existing role parentRole. The command is valid if and only if childRole is not a member of the ADMINROLES data 
+     * set, and parentRole is a member of the ADMINROLES data set.
+     * <p>
      * This method:
-     * 1 - Adds new role.
-     * 2 - Assigns role relationship between new childRole and pre-existing parentRole.
+     * <ol>
+     *   <li>Adds new role.</li>
+     *   <li>Assigns role relationship between new childRole and pre-existing parentRole.</li>
+     * </ol>
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing Role to be parent</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of new Role to be child</li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing Role 
+     *     to be parent
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of new Role to be 
+     *     child
+     *   </li>
      * </ul>
      * <h4>optional parameters childRole</h4>
      * <ul>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#description} - maps to description attribute on organizationalRole object class for new child</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginTime} - HHMM - determines begin hour role may be activated into user's session for new child</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#endTime} - HHMM - determines end hour role may be activated into user's session for new child</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's session for new child</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's session for new child</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new child</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new child</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's session for new child</li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#description} - maps to description attribute 
+     *     on organizationalRole object class for new child
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginTime} - HHMM - determines begin hour 
+     *     role may be activated into user's session for new child
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#endTime} - HHMM - determines end hour role 
+     *     may be activated into user's session for new child
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginDate} - YYYYMMDD - determines date when 
+     *     role may be activated into user's session for new child
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#endDate} - YYYYMMDD - indicates latest date 
+     *     role may be activated into user's session for new chil
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginLockDate} - YYYYMMDD - determines 
+     *     beginning of enforced inactive status for new child
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#endLockDate} - YYYYMMDD - determines end of 
+     *     enforced inactive status for new child
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, 
+     *     etc - specifies which day role may be activated into user's session for new child
+     *   </li>
      * </ul>
      *
      * @param parentRole This entity must be present in ADMINROLES data set.  Success will add role rel with childRole.
-     * @param childRole  This entity must not be present in ADMINROLES data set.  Success will add the new role entity to ADMINROLES data set.
-     * @throws SecurityException
-     *          thrown in the event of data validation or system error.
+     * @param childRole  This entity must not be present in ADMINROLES data set.  Success will add the new role entity to 
+     * ADMINROLES data set.
+     * @throws SecurityException thrown in the event of data validation or system error.
      */
     void addDescendant( AdminRole parentRole, AdminRole childRole )
         throws SecurityException;
@@ -420,23 +593,56 @@ public interface DelAdminMgr extends Manageable
      * the existing role childRole. The command is valid if and only if parentRole is not a member of the ADMINROLES data set,
      * and childRole is a member of the ADMINROLES data set.
      * This method:
-     * 1 - Adds new role.
-     * 2 - Assigns role relationship between new parentRole and pre-existing childRole.
+     * <ol>
+     *   <li>Adds new role.</li>
+     *   <li>Assigns role relationship between new parentRole and pre-existing childRole.</li>
+     * </ol>
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing Role to be child</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of new Role to be added as parent</li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing Role 
+     *     to be child
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of new Role to be 
+     *     added as parent
+     *   </li>
      * </ul>
      * <h4>optional parameters parentRole</h4>
      * <ul>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#description} - maps to description attribute on organizationalRole object class for new parent</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginTime} - HHMM - determines begin hour role may be activated into user's session for new parent</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#endTime} - HHMM - determines end hour role may be activated into user's session for new parent</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginDate} - YYYYMMDD - determines date when role may be activated into user's session for new parent</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's session for new parent</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status for new parent</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status for new parent</li>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated into user's session for new parent</li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#description} - maps to description 
+     *     attribute on organizationalRole object class for new parent
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginTime} - HHMM - determines begin hour 
+     *     role may be activated into user's session for new parent
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#endTime} - HHMM - determines end hour role 
+     *     may be activated into user's session for new parent
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginDate} - YYYYMMDD - determines date 
+     *     when role may be activated into user's session for new parent
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#endDate} - YYYYMMDD - indicates latest date 
+     *     role may be activated into user's session for new parent
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#beginLockDate} - YYYYMMDD - determines 
+     *     beginning of enforced inactive status for new parent
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#endLockDate} - YYYYMMDD - determines end 
+     *     of enforced inactive status for new parent
+     *   </li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, 
+     *     etc - specifies which day role may be activated into user's session for new parent
+     *   </li>
      * </ul>
      *
      * @param parentRole completion of op assigns new child relationship with childRole.
@@ -448,63 +654,99 @@ public interface DelAdminMgr extends Manageable
 
 
     /**
-     * This command establishes a new immediate inheritance relationship parentRole <<-- childRole between existing
-     * roles parentRole, childRole. The command is valid if and only if parentRole and childRole are members of the ADMINROLES data
-     * set, parentRole is not an immediate ascendant of childRole, and childRole does not properly inherit parentRole (in order to
-     * avoid cycle creation).
+     * This command establishes a new immediate inheritance relationship parentRole &lt;&lt;-- childRole between existing
+     * roles parentRole, childRole. The command is valid if and only if parentRole and childRole are members of the 
+     * ADMINROLES data set, parentRole is not an immediate ascendant of childRole, and childRole does not properly inherit 
+     * parentRole (in order to avoid cycle creation).
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing AdminRole to be parent</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing AdminRole to be child</li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing AdminRole 
+     *     to be parent
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing AdminRole 
+     *     to be child
+     *   </li>
      * </ul>
      *
      * @param parentRole completion of op deassigns child relationship with childRole.
      * @param childRole  completion of op deassigns parent relationship with parentRole.
-     * @throws SecurityException
-     *          thrown in the event of data validation or system error.
+     * @throws SecurityException thrown in the event of data validation or system error.
      */
     void addInheritance( AdminRole parentRole, AdminRole childRole )
         throws SecurityException;
 
 
     /**
-     * This command deletes an existing immediate inheritance relationship parentRole <<-- childRole. The command is
+     * This command deletes an existing immediate inheritance relationship parentRole &lt;&lt;-- childRole. The command is
      * valid if and only if the roles parentRole and childRole are members of the ADMINROLES data set, and parentRole is an
      * immediate ascendant of childRole. The new inheritance relation is computed as the reflexive-transitive
-     * closure of the immediate inheritance relation resulted after deleting the relationship parentRole <<-- childRole.
+     * closure of the immediate inheritance relation resulted after deleting the relationship parentRole &lt;&lt;-- childRole.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing AdminRole to remove as parent</li>
-     * <li>childRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing AdminRole to remove as child</li>
+     *   <li>
+     *     parentRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing 
+     *     AdminRole to remove as parent
+     *   </li>
+     *   <li>
+     *     childRole - {@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the name of existing 
+     *     AdminRole to remove as child
+     *   </li>
      * </ul>
      *
      * @param parentRole completion of op removes child relationship with childRole.
      * @param childRole  completion of op removes parent relationship with parentRole.
-     * @throws SecurityException
-     *          thrown in the event of data validation or system error.
+     * @throws SecurityException thrown in the event of data validation or system error.
      */
     void deleteInheritance( AdminRole parentRole, AdminRole childRole )
         throws SecurityException;
 
 
     /**
-     * This method will add an administrative permission operation to an existing permission object which resides under {@code ou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com} container in directory information tree.
-     * The perm operation entity may have {@link org.apache.directory.fortress.core.model.AdminRole} or {@link org.apache.directory.fortress.core.model.User} associations.  The target {@link org.apache.directory.fortress.core.model.Permission} must not exist prior to calling.
-     * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: ({@link org.apache.directory.fortress.core.model.PermObj}*->{@link org.apache.directory.fortress.core.model.Permission}).
+     * This method will add an administrative permission operation to an existing permission object which resides under 
+     * {@code ou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com} container in directory information tree.
+     * The perm operation entity may have {@link org.apache.directory.fortress.core.model.AdminRole} or 
+     * {@link org.apache.directory.fortress.core.model.User} associations.  The target 
+     * {@link org.apache.directory.fortress.core.model.Permission} must not exist prior to calling.
+     * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored 
+     * in ldap tree: ({@link org.apache.directory.fortress.core.model.PermObj}*-&gt;
+     * {@link org.apache.directory.fortress.core.model.Permission}).
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being targeted for the permission add</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the name of new permission operation being added</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being 
+     *     targeted for the permission add
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#opName} - contains the name of new permission operation 
+     *     being added
+     *   </li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
-     * <li>{@link Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
-     * <li>{@link Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
-     * <li>{@link Permission#type} - any safe text</li>
+     *   <li>
+     *     {@link Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being 
+     *     granted to
+     *   </li>
+     *   <li>
+     *     {@link Permission#users} * - multi occurring attribute contains Users that permission operation is being granted 
+     *     to
+     *   </li>
+     *   <li>
+     *     {@link Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g. 
+     *     mykey1:myvalue1
+     *   </li>
+     *   <li>
+     *     {@link Permission#type} - any safe text
+     *   </li>
      * </ul>
      *
-     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link Permission#opName}, that identifies target along with optional other attributes..
+     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and 
+     * operation, {@link Permission#opName}, that identifies target along with optional other attributes..
      * @return copy of Permission entity.
      * @throws SecurityException - thrown in the event of perm object data or system error.
      */
@@ -513,64 +755,103 @@ public interface DelAdminMgr extends Manageable
 
 
     /**
-     * This method will update administrative permission operation pre-existing in target directory under {@code ou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com} container in directory information tree.
-     * The perm operation entity may also contain {@link org.apache.directory.fortress.core.model.AdminRole} or {@link org.apache.directory.fortress.core.model.User} associations to add or remove using this function.
+     * This method will update administrative permission operation pre-existing in target directory under 
+     * {@code ou=AdminPerms,ou=ARBAC,dc=yourHostName,dc=com} container in directory information tree.
+     * The perm operation entity may also contain {@link org.apache.directory.fortress.core.model.AdminRole} or 
+     * {@link org.apache.directory.fortress.core.model.User} associations to add or remove using this function.
      * The perm operation must exist before making this call.  Only non-null attributes will be updated.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being targeted for the permission update</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the name of existing permission operation being updated</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being 
+     *     targeted for the permission update
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#opName} - contains the name of existing permission 
+     *     operation being updated
+     *   </li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is being granted to</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#users} * - multi occurring attribute contains Users that permission operation is being granted to</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#type} - any safe text</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#roles} * - multi occurring attribute contains RBAC 
+     *     Roles that permission operation is being granted to
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#users} * - multi occurring attribute contains Users 
+     *     that permission operation is being granted to
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#props} * - multi-occurring property key and values are 
+     *     separated with a ':'.  e.g. mykey1:myvalue1
+     *   </li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#type} - any safe text</li>
      * </ul>
      *
-     * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, that identifies target and any optional data to update.  Null or empty attributes will be ignored.
+     * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, that 
+     * identifies target and any optional data to update.  Null or empty attributes will be ignored.
      * @return copy of Permission entity.
-     * @throws SecurityException
-     *          - thrown in the event of perm object data or system error.
+     * @throws SecurityException thrown in the event of perm object data or system error.
      */
     Permission updatePermission( Permission perm )
         throws SecurityException;
 
 
     /**
-     * This method will remove administrative permission operation entity from permission object. A Fortress permission is (object->operation).
+     * This method will remove administrative permission operation entity from permission object. A Fortress permission is 
+     * (object-&gt;operation).
      * The perm operation must exist before making this call.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being targeted for the permission delete</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the name of existing permission operation being removed</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being 
+     *     targeted for the permission delete
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.Permission#opName} - contains the name of existing permission 
+     *     operation being removed
+     *   </li>
      * </ul>
      *
-     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
-     * @throws SecurityException
-     *          - thrown in the event of perm object data or system error.
+     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and 
+     * operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
+     * @throws SecurityException thrown in the event of perm object data or system error.
      */
     void deletePermission( Permission perm )
         throws SecurityException;
 
 
     /**
-     * This method will add administrative permission object to admin perms container in directory. The perm object must not exist before making this call.
-     * A {@link org.apache.directory.fortress.core.model.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.model.PermObj}*->{@link org.apache.directory.fortress.core.model.Permission}).
+     * This method will add administrative permission object to admin perms container in directory. The perm object must not 
+     * exist before making this call.
+     * A {@link org.apache.directory.fortress.core.model.PermObj} instance exists in a hierarchical, one-many relationship 
+     * between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.model.PermObj}*
+     * -&gt; {@link org.apache.directory.fortress.core.model.Permission}).
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#objName} - contains the name of new object being added</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.PermObj#objName} - contains the name of new object being added
+     *   </li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.PermObj#ou} - contains the name of an existing PERMS OrgUnit this 
+     *     object is associated with
+     *   </li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#description} - any safe text</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#type} - contains any safe text</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.PermObj#description} - any safe text</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.PermObj#type} - contains any safe text</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.PermObj#props} * - multi-occurring property key and values are 
+     *     separated with a ':'.  e.g. mykey1:myvalue1
+     *   </li>
      * </ul>
      *
-     * @param pObj must contain the {@link org.apache.directory.fortress.core.model.PermObj#objName} and {@link org.apache.directory.fortress.core.model.PermObj#ou}.  The other attributes are optional.
+     * @param pObj must contain the {@link org.apache.directory.fortress.core.model.PermObj#objName} and 
+     * {@link org.apache.directory.fortress.core.model.PermObj#ou}.  The other attributes are optional.
      * @return copy of PermObj entity.
      * @throws SecurityException - thrown in the event of perm object data or system error.
      */
@@ -579,39 +860,57 @@ public interface DelAdminMgr extends Manageable
 
 
     /**
-     * This method will update administrative permission object in perms container in directory.  The perm object must exist before making this call.
-     * A {@link org.apache.directory.fortress.core.model.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.model.PermObj}*->{@link org.apache.directory.fortress.core.model.Permission}).
+     * This method will update administrative permission object in perms container in directory.  The perm object must exist 
+     * before making this call.
+     * A {@link org.apache.directory.fortress.core.model.PermObj} instance exists in a hierarchical, one-many relationship 
+     * between itself and children as stored in ldap tree: ({@link org.apache.directory.fortress.core.model.PermObj}*
+     * -&gt; {@link org.apache.directory.fortress.core.model.Permission}).
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#objName} - contains the name of existing object being updated</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.PermObj#objName} - contains the name of existing object being 
+     *     updated
+     *   </li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#description} - any safe text</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#type} - contains any safe text</li>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g. mykey1:myvalue1</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.PermObj#ou} - contains the name of an existing PERMS OrgUnit this 
+     *     object is associated with
+     *   </li>
+     *   <li>{@link org.apache.directory.fortress.core.model.PermObj#description} - any safe text</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.PermObj#type} - contains any safe text</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.PermObj#props} * - multi-occurring property key and values are 
+     *     separated with a ':'.  e.g. mykey1:myvalue1
+     *   </li>
      * </ul>
      *
-     * @param pObj must contain the {@link org.apache.directory.fortress.core.model.PermObj#objName}. Only non-null attributes will be updated.
+     * @param pObj must contain the {@link org.apache.directory.fortress.core.model.PermObj#objName}. Only non-null 
+     * attributes will be updated.
      * @return copy of newly updated PermObj entity.
-     * @throws SecurityException
-     *          - thrown in the event of perm object data or system error.
+     * @throws SecurityException thrown in the event of perm object data or system error.
      */
     PermObj updatePermObj( PermObj pObj )
         throws SecurityException;
 
 
     /**
-     * This method will remove administrative permission object from perms container in directory.  This method will also remove
-     * in associated permission objects that are attached to this object.
+     * This method will remove administrative permission object from perms container in directory.  This method will also 
+     * remove in associated permission objects that are attached to this object.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.PermObj#objName} - contains the name of existing object targeted for removal</li>
+     *   <li>
+     *     {@link org.apache.directory.fortress.core.model.PermObj#objName} - contains the name of existing object targeted 
+     *     for removal
+     *   </li>
      * </ul>
      *
-     * @param pObj must contain the {@link org.apache.directory.fortress.core.model.PermObj#objName} of object targeted for removal.
-     * @throws SecurityException - thrown in the event of perm object data or system error.
+     * @param pObj must contain the {@link org.apache.directory.fortress.core.model.PermObj#objName} of object targeted for 
+     * removal.
+     * @throws SecurityException thrown in the event of perm object data or system error.
      */
     void deletePermObj( PermObj pObj )
         throws SecurityException;
@@ -623,17 +922,18 @@ public interface DelAdminMgr extends Manageable
      * the object involved.
      * The command is valid if and only if the pair (operation, object) represents a permission,
      * and the adminRole is a member of the ADMIN_ROLES data set.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the object name</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the operation name</li>
-     * <li>{@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the adminRole name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the object name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the operation name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the adminRole name</li>
      * </ul>
      *
-     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
+     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and 
+     * operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
      * @param role must contains {@link org.apache.directory.fortress.core.model.AdminRole#name}.
-     * @throws SecurityException
-     *          Thrown in the event of data validation or system error.
+     * @throws SecurityException Thrown in the event of data validation or system error.
      */
     void grantPermission( Permission perm, AdminRole role )
         throws SecurityException;
@@ -645,11 +945,12 @@ public interface DelAdminMgr extends Manageable
      * list of the object involved.
      * The command is valid if and only if the pair (operation, object) represents a permission,
      * the role is a member of the ADMIN_ROLES data set, and the permission is assigned to that AdminRole.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the object name</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the operation name</li>
-     * <li>{@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the adminRole name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the object name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the operation name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.AdminRole#name} - contains the adminRole name</li>
      * </ul>
      *
      * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
@@ -666,17 +967,18 @@ public interface DelAdminMgr extends Manageable
      * the object involved.
      * The command is valid if and only if the pair (operation, object) represents an administrative permission,
      * and the user is a member of the USERS data set.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the object name</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the operation name</li>
-     * <li>{@link org.apache.directory.fortress.core.model.User#userId} - contains the userId</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the object name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the operation name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.User#userId} - contains the userId</li>
      * </ul>
      *
-     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
+     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and 
+     * operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
      * @param user must contain {@link org.apache.directory.fortress.core.model.User#userId} of target User entity.
-     * @throws SecurityException
-     *          Thrown in the event of data validation or system error.
+     * @throws SecurityException Thrown in the event of data validation or system error.
      */
     void grantPermission( Permission perm, User user )
         throws SecurityException;
@@ -688,18 +990,19 @@ public interface DelAdminMgr extends Manageable
      * list of the object involved.
      * The command is valid if and only if the pair (operation, object) represents an administrative permission,
      * the user is a member of the USERS data set, and the permission is assigned to that user.
+     * <h3></h3>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the object name</li>
-     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the operation name</li>
-     * <li>{@link org.apache.directory.fortress.core.model.User#userId} - contains the userId</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the object name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the operation name</li>
+     *   <li>{@link org.apache.directory.fortress.core.model.User#userId} - contains the userId</li>
      * </ul>
      *
-     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
+     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and 
+     * operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target.
      * @param user must contain {@link org.apache.directory.fortress.core.model.User#userId} of target User entity.
      * @throws SecurityException Thrown in the event of data validation or system error.
      */
     void revokePermission( Permission perm, User user )
         throws SecurityException;
-
 }
\ No newline at end of file


Mime
View raw message