directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [08/19] directory-fortress-core git commit: FC-109 - break core package cycles
Date Mon, 01 Jun 2015 23:02:13 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java b/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java
index bf0f808..12657ef 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java
@@ -29,6 +29,8 @@ import java.util.TreeSet;
 import java.util.concurrent.locks.ReadWriteLock;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 
+import org.apache.directory.fortress.core.model.Hier;
+import org.apache.directory.fortress.core.model.Relationship;
 import org.jgrapht.graph.SimpleDirectedGraph;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -50,7 +52,7 @@ import org.apache.directory.fortress.core.util.attr.VUtil;
  * </ol>
  * This class...
  * <ol>
- * <li>manipulates data that is stored as singleton inside other classes with vertices of {@code String}, and edges, as {@link Relationship}s</li>
+ * <li>manipulates data that is stored as singleton inside other classes with vertices of {@code String}, and edges, as {@link org.apache.directory.fortress.core.model.Relationship}s</li>
  * <li>utilizes open source library, see <a href="http://www.jgrapht.org/">JGraphT</a>.</li>
  * <li>processes general hierarchical data structure i.e. allows multiple inheritance with parents.</li>
  * <li>constructs and parses simple directed graphs.</li>
@@ -210,12 +212,12 @@ final class HierUtil
 
 
     /**
-     * This method Convert from logical, {@code org.jgrapht.graph.SimpleDirectedGraph} to ldap entity, {@link org.apache.directory.fortress.core.rbac.Hier}.
+     * This method Convert from logical, {@code org.jgrapht.graph.SimpleDirectedGraph} to ldap entity, {@link org.apache.directory.fortress.core.model.Hier}.
      * The conversion iterates over all edges in the graph and loads the corresponding {@link Relationship} data
      * into the ldap entity.  The ldap entity stores this data physically in the {@code ftRels} attribute of {@code ftHier} object class.
      *
      * @param graph contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return reference to hierarchical ldap entity {@link org.apache.directory.fortress.core.rbac.Hier}.
+     * @return reference to hierarchical ldap entity {@link org.apache.directory.fortress.core.model.Hier}.
      */
     static Hier toHier( SimpleDirectedGraph<String, Relationship> graph )
     {
@@ -718,7 +720,7 @@ final class HierUtil
      *
      * @param graph contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
      * @param relationship contains parent-child relationship targeted for addition.
-     * @param op   used to pass the ldap op {@link Hier.Op#ADD}, {@link Hier.Op#MOD}, {@link org.apache.directory.fortress.core.rbac.Hier.Op#REM}
+     * @param op   used to pass the ldap op {@link Hier.Op#ADD}, {@link Hier.Op#MOD}, {@link org.apache.directory.fortress.core.model.Hier.Op#REM}
      * @throws org.apache.directory.fortress.core.SecurityException in the event of a system error.
      */
     static void updateHier( SimpleDirectedGraph<String, Relationship> graph, Relationship relationship, Hier.Op op )

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java b/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java
index 6422885..5fc263d 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java
@@ -21,11 +21,14 @@ package org.apache.directory.fortress.core.rbac;
 
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.ValidationException;
+import org.apache.directory.fortress.core.model.FortEntity;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 /**
  * Abstract class allows outside clients to manage security and multi-tenant concerns within the Fortress runtime.
- * The {@link #setAdmin(org.apache.directory.fortress.core.rbac.Session)} method allows A/RBAC sessions to be loaded and allows authorization
+ * The {@link #setAdmin(org.apache.directory.fortress.core.model.Session)} method allows A/RBAC sessions to be loaded and allows authorization
  * to be performed on behalf of the user who is contained within the Session object itself.
  * The ARBAC permissions will be checked each time outside client makes calls into Fortress API.
  * This interface also allows Fortress clients to operate in a multi-tenant fashion using {@link #setContextId(String)}.
@@ -70,7 +73,7 @@ public abstract class Manageable implements org.apache.directory.fortress.core.M
      *
      * @param className contains the class name.
      * @param opName contains operation name.
-     * @param entity contains {@link org.apache.directory.fortress.core.rbac.FortEntity} instance.
+     * @param entity contains {@link org.apache.directory.fortress.core.model.FortEntity} instance.
      * @throws org.apache.directory.fortress.core.SecurityException
      *          in the event of data validation or system error.
      */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/Mod.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Mod.java b/src/main/java/org/apache/directory/fortress/core/rbac/Mod.java
deleted file mode 100755
index 1f828e1..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Mod.java
+++ /dev/null
@@ -1,350 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-import java.io.Serializable;
-import java.util.List;
-
-
-/**
- * This entity class contains OpenLDAP slapd access log records that correspond to modifications made to the directory.
- * <p/>
- * <p/>
- * The auditModify Structural object class is used to store Fortress update and delete events that can later be queried via ldap API.<br />
- * The deletions can be recorded in this manner and associated with Fortress context because deletions will perform a modification first
- * if audit is enabled.
- * <p/>
- * <code>The Modify operation contains a description  of  modifications  in  the</code><br />
- * <code>reqMod  attribute,  which  was  already  described  above  in  the  Add</code><br />
- * <code>operation. It may optionally  contain  the  previous  contents  of  any</code><br />
- * <code>modified  attributes  in the reqOld attribute, using the same format as</code><br />
- * <code>described above for the Delete operation.  The reqOld attribute is only</code><br />
- * <code>populated  if  the  entry  being modified matches the configured logold</code><br />
- * <code>filter.</code><br />
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code>objectclass (  1.3.6.1.4.1.4203.666.11.5.2.9</code>
- * <li> <code>NAME 'auditModify'</code>
- * <li> <code>DESC 'Modify operation'</code>
- * <li> <code>SUP auditWriteObject STRUCTURAL</code>
- * <li> <code>MAY reqOld MUST reqMod )</code>
- * <li> ------------------------------------------
- * </ul>
- * <p/>
- * Note this class uses descriptions pulled from man pages on slapd access log.
- * <p/>
-
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortMod")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "mod", propOrder =
-    {
-        "reqSession",
-        "objectClass",
-        "reqAuthzID",
-        "reqDN",
-        "reqResult",
-        "reqStart",
-        "reqEnd",
-        "reqMod",
-        "reqType",
-        "sequenceId"
-})
-public class Mod extends FortEntity implements Serializable
-{
-    /** Default serialVersionUID */
-    private static final long serialVersionUID = 1L;
-    private String reqSession;
-    private String objectClass;
-    private String reqAuthzID;
-    private String reqDN;
-    private String reqResult;
-    private String reqStart;
-    private String reqEnd;
-    private String reqType;
-    @XmlElement(nillable = true)
-    private List<String> reqMod;
-    private long sequenceId;
-
-
-    /**
-     * The reqMod attribute carries all of the attributes of the original entry being added.
-     * (Or in the case of a Modify operation, all of the modifications being performed.)
-     * The values are formatted as attribute:<+|-|=|#> [ value] Where '+' indicates an Add of a value,
-     * '-' for Delete, '=' for Replace, and '#' for Increment. In an Add operation, all of  the
-     * reqMod  values will have the '+' designator.
-     *
-     * @return collection of Strings that map to 'reqMod' attribute on 'auditModify' object class.
-     */
-    public List<String> getReqMod()
-    {
-        return reqMod;
-    }
-
-
-    /**
-     * The reqMod attribute carries all of the attributes of the original entry being added.
-     * (Or in the case of a Modify operation, all of the modifications being performed.)
-     * The values are formatted as attribute:<+|-|=|#> [ value] Where '+' indicates an Add of a value,
-     * '-' for Delete, '=' for Replace, and '#' for Increment. In an Add operation, all of  the
-     * reqMod  values will have the '+' designator.
-     *
-     * @param reqMod contains collection of Strings that map to 'reqMod' attribute on 'auditModify' object class.
-     */
-    public void setReqMod( List<String> reqMod )
-    {
-        this.reqMod = reqMod;
-    }
-
-
-    /**
-     * reqEnd provide the end time of the operation. It uses generalizedTime syntax.
-     *
-     * @return value that maps to 'reqEnd' attribute on 'auditModify' object class.
-     */
-    public String getReqEnd()
-    {
-        return reqEnd;
-    }
-
-
-    /**
-     * reqEnd provide the end time of the operation. It uses generalizedTime syntax.
-     *
-     * @param reqEnd value that maps to same name on 'auditModify' object class.
-     */
-    public void setReqEnd( String reqEnd )
-    {
-        this.reqEnd = reqEnd;
-    }
-
-
-    /**
-     * The reqSession attribute is an implementation-specific identifier  that
-     * is  common to all the operations associated with the same LDAP session.
-     * Currently this is slapd's internal connection ID, stored in decimal.
-     *
-     * @return value that maps to 'reqSession' attribute on 'auditModify' object class.
-     */
-    public String getReqSession()
-    {
-        return reqSession;
-    }
-
-
-    /**
-     * The reqSession attribute is an implementation-specific identifier  that
-     * is  common to all the operations associated with the same LDAP session.
-     * Currently this is slapd's internal connection ID, stored in decimal.
-     *
-     * @param reqSession maps to same name on 'auditModify' object class.
-     */
-    public void setReqSession( String reqSession )
-    {
-        this.reqSession = reqSession;
-    }
-
-
-    /**
-     * Get the object class name of the audit record.  For this entity, this value will always be 'auditModify'.
-     *
-     * @return value that maps to 'objectClass' attribute on 'auditModify' obejct class.
-     */
-    public String getObjectClass()
-    {
-        return objectClass;
-    }
-
-
-    /**
-     * Set the object class name of the audit record.  For this entity, this value will always be 'auditModify'.
-     *
-     * @param objectClass value that maps to same name on 'auditModify' obejct class.
-     */
-    public void setObjectClass( String objectClass )
-    {
-        this.objectClass = objectClass;
-    }
-
-
-    /**
-     * The  reqAuthzID  attribute  is  the  distinguishedName of the user that
-     * performed the operation.  This will usually be the  same  name  as  was
-     * established  at  the  start of a session by a Bind request (if any) but
-     * may be altered in various circumstances.
-     * For Fortress bind operations this will map to {@link User#userId}
-     *
-     * @return value that maps to 'reqAuthzID' on 'auditModify' object class.
-     */
-    public String getReqAuthzID()
-    {
-        return reqAuthzID;
-    }
-
-
-    /**
-     * The  reqAuthzID  attribute  is  the  distinguishedName of the user that
-     * performed the operation.  This will usually be the  same  name  as  was
-     * established  at  the  start of a session by a Bind request (if any) but
-     * may be altered in various circumstances.
-     * For Fortress bind operations this will map to {@link User#userId}
-     *
-     */
-    public void setReqAuthzID( String reqAuthzID )
-    {
-        this.reqAuthzID = reqAuthzID;
-    }
-
-
-    /**
-     * The reqDN attribute is the  distinguishedName  of  the  target  of  the
-     * operation.  E.g.,for a Bind request, this is the Bind DN. For an Add
-     * request, this is the DN of the entry being added. For a Search request,
-     * this is the base DN of the search.
-     *
-     * @return value that map to 'reqDN' attribute on 'auditModify' object class.
-     */
-    public String getReqDN()
-    {
-        return reqDN;
-    }
-
-
-    /**
-     * The reqDN attribute is the  distinguishedName  of  the  target  of  the
-     * operation. E.g., for a Bind request, this is the Bind DN. For an Add
-     * request, this is the DN of the entry being added. For a Search request,
-     * this is the base DN of the search.
-     *
-     * @param reqDN maps to 'reqDN' attribute on 'auditModify' object class.
-     */
-    public void setReqDN( String reqDN )
-    {
-        this.reqDN = reqDN;
-    }
-
-
-    /**
-     * The reqResult attribute is the numeric LDAP result code of the
-     * operation, indicating either success or a particular LDAP  error  code.
-     * An  error code may be accompanied by a text error message which will be
-     * recorded in the reqMessage attribute.
-     *
-     * @return value that maps to 'reqResult' attribute on 'auditModify' object class.
-     */
-    public String getReqResult()
-    {
-        return reqResult;
-    }
-
-
-    /**
-     * The reqResult attribute is the numeric LDAP result code of the
-     * operation, indicating either success or a particular LDAP  error  code.
-     * An  error code may be accompanied by a text error message which will be
-     * recorded in the reqMessage attribute.
-     *
-     * @param reqResult maps to same name on 'auditModify' object class.
-     */
-    public void setReqResult( String reqResult )
-    {
-        this.reqResult = reqResult;
-    }
-
-
-    /**
-     * reqStart provide the start of the operation, They use generalizedTime syntax.
-     * The reqStart attribute is also used as the RDN for each log entry.
-     *
-     * @return value that maps to 'reqStart' attribute on 'auditModify' object class.
-     */
-    public String getReqStart()
-    {
-        return reqStart;
-    }
-
-
-    /**
-     * reqStart provide the start of the operation, They use generalizedTime syntax.
-     * The reqStart attribute is also used as the RDN for each log entry.
-     *
-     * @param reqStart maps to same name on 'auditModify' object class.
-     */
-    public void setReqStart( String reqStart )
-    {
-        this.reqStart = reqStart;
-    }
-
-
-    /**
-     * The reqType attribute is a simple string containing the type of
-     * operation being logged, e.g.  add, delete, search,  etc.  For  extended
-     * operations, the  type also includes the OID of the extended operation,
-     * e.g. extended(1.1.1.1)
-     *
-     * @return value that maps to 'reqType' attribute on 'auditModify' object class.
-     */
-    public String getReqType()
-    {
-        return reqType;
-    }
-
-
-    /**
-     * The reqType attribute is a simple string containing the type of
-     * operation being logged, e.g. add, delete, search, etc. For extended
-     * operations,  the  type also includes the OID of the extended operation,
-     * e.g.extended(1.1.1.1)
-     *
-     * @param reqType maps to same name on 'auditModify' object class.
-     */
-    public void setReqType( String reqType )
-    {
-        this.reqType = reqType;
-    }
-
-
-    /**
-     * Sequence id is used internal to Fortress.
-     * @return long value contains sequence id.
-     */
-    public long getSequenceId()
-    {
-        return sequenceId;
-    }
-
-
-    /**
-     * Sequence id is used internal to Fortress
-     * @param sequenceId contains sequence to use.
-     */
-    public void setSequenceId( long sequenceId )
-    {
-        this.sequenceId = sequenceId;
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnit.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnit.java b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnit.java
deleted file mode 100755
index c50cdaa..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnit.java
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.io.Serializable;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlEnum;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- * All entities ({@link AdminRole}, {@link OrgUnit},
- * {@link org.apache.directory.fortress.core.rbac.SDSet} etc...) are used to carry data between three Fortress
- * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
- * (3) DAO layer where persistence with the OpenLDAP server occurs.
- * <h4>Fortress Processing Layers</h4>
- * <ol>
- * <li>Manager layer:  {@link DelAdminMgrImpl}, {@link DelAccessMgrImpl}, {@link DelReviewMgrImpl},...</li>
- * <li>Process layer:  {@link AdminRoleP}, {@link OrgUnitP},...</li>
- * <li>DAO layer: {@link AdminRoleDAO}, {@link OrgUnitDAO},...</li>
- * </ol>
- * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
- * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #name} and {@link #type} set before passing into {@link DelAdminMgrImpl} or  {@link DelReviewMgrImpl} APIs.
- * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
- * <p/>
- * This entity implements both User and Permission OU pool functionality that defines org membership of entities for ARBAC02 style admin checks..
- * <br />The unique key to locate an OrgUnit entity (which is subsequently assigned both to Users and Permissions) is 'OrgUnit.name' and 'OrgUnit.Type'.<br />
- * <p/>
- * An OrgUnit name may contain alphanumeric and simple symbols that are safe text (.,:;-_).  Any non-safe text will be
- * encoded before persistence.  Valid names include:
- * <ol>
- * <li>123</li>
- * <li>OneTwoThree</li>
- * <li>One-Two-Three</li>
- * <li>One_Two_Three</li>
- * <li>One:2:3</li>
- * <li>1:2:3</li>
- * <li>1.2.3</li>
- * <li>1,2,3</li>
- * <li>1_2_3</li>
- * <li>etc...</li>
- * </ol>
- * <p/>
- * There is a Many-to-One relationship between a User and OrgUnit.
- * <h3>{@link org.apache.directory.fortress.core.rbac.User}*<->1 {@link OrgUnit}</h3>
- * <p/>
- * There is a Many-to-One relationship between a {@link PermObj} object and {@link OrgUnit}.
- * <h3>{@link PermObj}*<->1 {@link OrgUnit}</h3>
- * <p/>
- * Example to create new ARBAC User OrgUnit:
- * <p/>
- * <code>OrgUnit myUserOU = new OrgUnit("MyUserOrgName", OrgUnit.Type.USER);</code><br />
- * <code>myUserOU.setDescription("This is a test User OrgUnit");</code><br />
- * <code>DelAdminMgr delAdminMgr = DelAdminMgrFactory.createInstance();</code><br />
- * <code>delAdminMgr.add(myUserOU);</code><br />
- * <p/>
- * This will create a User OrgUnit that can be used as a target for User OU and AdminRole OS-U assignments.
- * <p/>
- * Example to create new ARBAC Perm OrgUnit:
- * <p/>
- * <code>OrgUnit myPermOU = new OrgUnit("MyPermOrgName", OrgUnit.Type.PERM);</code><br />
- * <code>myPermOU.setDescription("This is a test Perm OrgUnit");</code><br />
- * <code>DelAdminMgr delAdminMgr = DelAdminMgrFactory.createInstance();</code><br />
- * <code>delAdminMgr.add(myPermOU);</code><br />
- * <p/>
- * This will create a Perm OrgUnit that can be used as a target for Perm OU and AdminRole OS-P assignments.
- * <p/>
- * <h4>OrgUnit Schema</h4>
- * The Fortress OrgUnit entity is a composite of the following other Fortress structural and aux object classes:
- * <p/>
- * 1. organizationalUnit Structural Object Class is used to store basic attributes like ou and description.
- * <pre>
- * ------------------------------------------
- * objectclass ( 2.5.6.5 NAME 'organizationalUnit'
- *  DESC 'RFC2256: an organizational unit'
- *  SUP top STRUCTURAL
- *  MUST ou
- *  MAY (
- *      userPassword $ searchGuide $ seeAlso $ businessCategory $
- *      x121Address $ registeredAddress $ destinationIndicator $
- *      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- *      telephoneNumber $ internationaliSDNNumber $
- *      facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- *      postalAddress $ physicalDeliveryOfficeName $ st $ l $ description
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 2. ftOrgUnit Structural objectclass is used to store the OrgUnit internal id.
- * <pre>
- * ------------------------------------------
- * Fortress Organizational Structural Object Class
- * objectclass    ( 1.3.6.1.4.1.38088.2.6
- *  NAME 'ftOrgUnit'
- *  DESC 'Fortress OrgUnit Structural Object Class'
- *  SUP organizationalunit
- *  STRUCTURAL
- *  MUST (
- *      ftId
- *  )
- *  MAY (
- *      ftParents
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
- * <pre>
- * ------------------------------------------
- * Fortress Audit Modification Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.4
- *  NAME 'ftMods'
- *  DESC 'Fortress Modifiers AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftModifier $
- *      ftModCode $
- *      ftModId
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortOrgUnit")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "orgUnit", propOrder =
-    {
-        "children",
-        "description",
-        "id",
-        "name",
-        "parents",
-        "type"
-})
-public class OrgUnit extends FortEntity implements Graphable, Serializable
-{
-    private static final long serialVersionUID = 1L;
-
-    /**
-     * Maps to the location for a particular OrgUnit entity to either the User, 
-     * {@code ou=OS-U}, or Permission, {@code ou=OS-P}, tree in ldap.
-     */
-    public Type type;
-
-    /** The name required attribute of the OrgUnit object */
-    private String name;
-
-    /** the internal id that is associated with OrgUnit */
-    private String id;
-
-    /** The description that is associated with OrgUnit */
-    private String description;
-
-    /** The names of orgUnits that are parents (direct ascendants) of this orgUnit */
-    @XmlElement(nillable = true)
-    private Set<String> parents;
-
-    /** The set of child orgUnit names (direct descendants) of this orgUnit */
-    @XmlElement(nillable = true)
-    private Set<String> children;
-
-
-    /**
-     * Default constructor is used by internal Fortress classes.
-     */
-    public OrgUnit()
-    {
-    }
-
-
-    /**
-     * Construct a OrgUnit entity with a given ou name.
-     *
-     * @param ou maps to same name on on 'organizationalUnit' object class.
-     */
-    public OrgUnit( String ou )
-    {
-        this.name = ou;
-    }
-
-
-    /**
-     * Construct a OrgUnit entity with a given ou name and specified type - 'USER' or 'PERM'.
-     *
-     * @param ou   maps to same name on on 'organizationalUnit' object class.
-     * @param type is used to determine which OrgUnit tree is being targeted - 'USER' or 'PERM'.
-     */
-    public OrgUnit( String ou, Type type )
-    {
-        this.name = ou;
-        this.type = type;
-    }
-
-
-    /**
-     * Get the name required attribute of the OrgUnit object
-     *
-     * @return attribute maps to 'ou' attribute on 'organizationalUnit' object class.
-     */
-    public String getName()
-    {
-        return name;
-    }
-
-
-    /**
-     * Sets the required name attribute on the OrgUnit object
-     *
-     */
-    public void setName( String name )
-    {
-        this.name = name;
-    }
-
-
-    /**
-     * Return the internal id that is associated with OrgUnit.  This attribute is generated automatically
-     * by Fortress when new OrgUnit is added to directory and is not known or changeable by external client.
-     *
-     * @return attribute maps to 'ftId' in 'ftOrgUnit' object class.
-     */
-    public String getId()
-    {
-        return id;
-    }
-
-
-    /**
-     * Set the internal Id that is associated with OrgUnit.  This method is used by DAO class and
-     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
-     * This method can be used by client for search purposes only.
-     *
-     * @param id maps to 'ftId' in 'ftOrgUnit' object class.
-     */
-    public void setId( String id )
-    {
-        this.id = id;
-    }
-
-
-    /**
-     * Generate an internal Id that is associated with OrgUnit.  This method is used by DAO class and
-     * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftOrgUnit' object class.
-     */
-    public void setId()
-    {
-        // generate a unique id that will be used as the rDn for this entry:
-        UUID uuid = UUID.randomUUID();
-        this.id = uuid.toString();
-    }
-
-    /**
-     * The OrgUnit 'Type' attribute is required and used to specify which OrgUnit tree a particular entity is in reference to.
-     */
-    @XmlType(name = "type")
-    @XmlEnum
-    public enum Type
-    {
-        /**
-         * Type {@link org.apache.directory.fortress.core.rbac.User} nodes reside in User OU pool.
-         */
-        USER,
-        /**
-         * Type {@link Permission} nodes reside in Perm OU pool.
-         */
-        PERM
-    }
-
-
-    /**
-     * Return the type of OrgUnit for this entity.  This field is required for this entity.
-     *
-     * @return Type contains 'PERM' or 'USER'.
-     */
-    public Type getType()
-    {
-        return type;
-    }
-
-
-    /**
-     * Get the type of OrgUnit for this entity.  This field is required for this entity.
-     *
-     * @param type contains 'PERM' or 'USER'.
-     */
-    public void setType( Type type )
-    {
-        this.type = type;
-    }
-
-
-    /**
-     * Returns optional description that is associated with OrgUnit.  This attribute is validated but not constrained by Fortress.
-     *
-     * @return value that is mapped to 'description' in 'organizationalUnit' object class.
-     */
-    public String getDescription()
-    {
-        return description;
-    }
-
-
-    /**
-     * Sets the optional description that is associated with OrgUnit.  This attribute is validated but not constrained by Fortress.
-     *
-     * @param description that is mapped to same name in 'organizationalUnit' object class.
-     */
-    public void setDescription( String description )
-    {
-        this.description = description;
-    }
-
-
-    /**
-     * Get the names of orgUnits that are parents (direct ascendants) of this orgUnit.
-     * @return Set of parent orgUnit names assigned to this orgUnit.
-     */
-    public Set<String> getParents()
-    {
-        return parents;
-    }
-
-
-    /**
-     * Set the names of orgUnit names that are parents (direct ascendants) of this orgUnit.
-     * @param parents contains the Set of parent orgUnit names assigned to this orgUnit.
-     */
-    public void setParents( Set<String> parents )
-    {
-        this.parents = parents;
-    }
-
-
-    /**
-     * Set the occupant attribute with the contents of the User dn.
-     * @param parent maps to 'ftParents' attribute on 'ftRls' object class.
-     */
-    public void setParent( String parent )
-    {
-        if ( this.parents == null )
-        {
-            this.parents = new HashSet<>();
-        }
-
-        this.parents.add( parent );
-    }
-
-
-    /**
-     * Set the occupant attribute with the contents of the User dn.
-     * @param parent maps to 'ftParents' attribute on 'ftRls' object class.
-     */
-    public void delParent( String parent )
-    {
-        if ( this.parents != null )
-        {
-            this.parents.remove( parent );
-        }
-    }
-
-
-    /**
-     * Return the Set of child orgUnit names (direct descendants) of this orgUnit.
-     * @return Set of child orgUnit names assigned to this orgUnit.
-     */
-    public Set<String> getChildren()
-    {
-        return children;
-    }
-
-
-    /**
-     * Set the Set of child orgUnit names (direct descendants) of this orgUnit
-     * @param children contains the Set of child orgUnit names assigned to this orgUnit.
-     */
-    public void setChildren( Set<String> children )
-    {
-        this.children = children;
-    }
-
-
-    /**
-     * @param thatObj
-     * @return boolean value of 'true if objects match
-     */
-    public boolean equals( Object thatObj )
-    {
-        if ( this == thatObj )
-        {
-            return true;
-        }
-
-        if ( this.getName() == null )
-        {
-            return false;
-        }
-
-        if ( !( thatObj instanceof OrgUnit ) )
-        {
-            return false;
-        }
-
-        OrgUnit thatOrg = ( OrgUnit ) thatObj;
-
-        if ( thatOrg.getName() == null )
-        {
-            return false;
-        }
-
-        return thatOrg.getName().equalsIgnoreCase( this.getName() );
-    }
-
-
-    @Override
-    public int hashCode()
-    {
-        int result = type != null ? type.hashCode() : 0;
-        result = 31 * result + ( name != null ? name.hashCode() : 0 );
-        result = 31 * result + ( id != null ? id.hashCode() : 0 );
-        result = 31 * result + ( description != null ? description.hashCode() : 0 );
-        result = 31 * result + ( parents != null ? parents.hashCode() : 0 );
-        result = 31 * result + ( children != null ? children.hashCode() : 0 );
-        return result;
-    }
-
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "OrgUnit object: \n" );
-
-        sb.append( "    name : " ).append( name ).append( '\n' );
-        sb.append( "    id : " ).append( id ).append( '\n' );
-        sb.append( "    description : " ).append( description ).append( '\n' );
-        sb.append( "    type : " ).append( type ).append( '\n' );
-
-        if ( parents != null )
-        {
-            sb.append( "    parents : " );
-
-            boolean isFirst = true;
-
-            for ( String parent : parents )
-            {
-                if ( isFirst )
-                {
-                    isFirst = false;
-                }
-                else
-                {
-                    sb.append( ", " );
-                }
-
-                sb.append( parent );
-            }
-
-            sb.append( '\n' );
-        }
-
-        if ( children != null )
-        {
-            sb.append( "    children : " );
-
-            boolean isFirst = true;
-
-            for ( String child : children )
-            {
-                if ( isFirst )
-                {
-                    isFirst = false;
-                }
-                else
-                {
-                    sb.append( ", " );
-                }
-
-                sb.append( child );
-            }
-
-            sb.append( '\n' );
-        }
-
-        return sb.toString();
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitAnt.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitAnt.java b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitAnt.java
deleted file mode 100755
index 7bbfd43..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitAnt.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import java.io.Serializable;
-
-
-/**
- * Entity is used by custom Apache Ant task for special handling of collections.  This is necessary because the
- * Ant parser cannot deal with complex data attribute types.  The class extends a base entity.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class OrgUnitAnt extends OrgUnit implements Serializable
-{
-    /** Default serialVersionUID */
-    private static final long serialVersionUID = 1L;
-
-    private String typeName;
-
-
-    /**
-     * Return the type of OU in string format.
-     *
-     * @return String that represents static or dynamic relations.
-     */
-    public String getTypeName()
-    {
-        return typeName;
-    }
-
-
-    /**
-     * Method accepts a String variable that maps to its parent's set type.
-     *
-     * @param typeName String value represents perm or user ou data sets.
-     */
-    public void setTypeName( String typeName )
-    {
-        this.typeName = typeName;
-        if ( typeName != null && typeName.equalsIgnoreCase( "PERM" ) )
-        {
-            setType( OrgUnit.Type.PERM );
-        }
-        else
-        {
-            setType( OrgUnit.Type.USER );
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java
index b32dbcc..c2f4ea7 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java
@@ -40,6 +40,7 @@ import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
 import org.apache.directory.api.ldap.model.message.SearchScope;
 import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.api.util.Strings;
+import org.apache.directory.fortress.core.model.OrgUnit;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java
index 390fd5c..7ebf2c8 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java
@@ -25,6 +25,7 @@ import java.util.Set;
 import java.util.concurrent.locks.ReadWriteLock;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 
+import org.apache.directory.fortress.core.model.OrgUnit;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.directory.fortress.core.GlobalErrIds;
@@ -37,12 +38,12 @@ import org.apache.directory.fortress.core.util.cache.CacheMgr;
 
 /**
  * Process module for the OrgUnit entity. The Fortress OrgUnit data set can be associated with two entities:
- * {@link org.apache.directory.fortress.core.rbac.User} class or {@link org.apache.directory.fortress.core.rbac.PermObj} class.  The OrgUnit entity itself is stored in two separate locations in the ldap tree one
- * for each entity listed above.  The type of OU entity is set via the enum attribute {@link org.apache.directory.fortress.core.rbac.OrgUnit.Type} which is equal to 'PERM' or 'USER'.
+ * {@link org.apache.directory.fortress.core.model.User} class or {@link org.apache.directory.fortress.core.model.PermObj} class.  The OrgUnit entity itself is stored in two separate locations in the ldap tree one
+ * for each entity listed above.  The type of OU entity is set via the enum attribute {@link org.apache.directory.fortress.core.model.OrgUnit.Type} which is equal to 'PERM' or 'USER'.
  * This class performs data validations.  The methods of this class are called by internal Fortress manager impl classes
  * {@link DelAdminMgrImpl} and {@link DelReviewMgrImpl} but is also called by {@link org.apache.directory.fortress.core.rbac.PermP#validate} method and {@link org.apache.directory.fortress.core.rbac.UserP#validate} functions
  * which ensure the entities are related to valid OU entries. This class is not intended to be called external
- * to Fortress Core itself.  This class will accept Fortress entity {@link org.apache.directory.fortress.core.rbac.OrgUnit}, validate its contents and forward on to it's
+ * to Fortress Core itself.  This class will accept Fortress entity {@link org.apache.directory.fortress.core.model.OrgUnit}, validate its contents and forward on to it's
  * corresponding DAO class {@link OrgUnitDAO} for data access.
  * <p>
  * Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitRelationship.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitRelationship.java b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitRelationship.java
deleted file mode 100755
index 108348f..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitRelationship.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import java.io.Serializable;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- * This entity is used by en masse to communicate parent and child {@link org.apache.directory.fortress.core.rbac.OrgUnit} information to the server.
- * <p/>
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortOrgUnitRelationship")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "orgrelationship", propOrder = {
-    "child",
-    "parent"
-})
-public class OrgUnitRelationship extends FortEntity implements Serializable
-{
-    private static final long serialVersionUID = 1L;
-    
-    private OrgUnit parent;
-    private OrgUnit child;
-
-    public OrgUnit getParent()
-    {
-        return parent;
-    }
-
-    
-    public void setParent(OrgUnit parent)
-    {
-        this.parent = parent;
-    }
-
-    
-    public OrgUnit getChild()
-    {
-        return child;
-    }
-
-    
-    public void setChild(OrgUnit child)
-    {
-        this.child = child;
-    }
-
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "OrgUnitRelationship object: \n" );
-
-        sb.append( "    parent :" ).append( parent ).append( '\n' );
-        sb.append( "    child :" ).append( child ).append( '\n' );
-
-        return sb.toString();
-    }
-}
-

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PermDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/PermDAO.java
index fec111d..2452a1d 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PermDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/PermDAO.java
@@ -40,6 +40,13 @@ import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueEx
 import org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException;
 import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
 import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.fortress.core.model.AdminRole;
+import org.apache.directory.fortress.core.model.OrgUnit;
+import org.apache.directory.fortress.core.model.PermObj;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.fortress.core.CreateException;
 import org.apache.directory.fortress.core.FinderException;
@@ -816,8 +823,8 @@ final class PermDAO extends ApacheDsDataProvider
      * It performs ldap operations:  read and (optionally) compare.  The first is to pull back the permission to see if user has access or not.  The second is to trigger audit
      * record storage on ldap server but can be disabled.
      *
-     * @param session contains {@link Session#getUserId()}, for rbac check {@link org.apache.directory.fortress.core.rbac.Session#getRoles()}, for arbac check: {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()}.
-     * @param inPerm  must contain required attributes {@link Permission#objName} and {@link Permission#opName}.  {@link Permission#objId} is optional.
+     * @param session contains {@link Session#getUserId()}, for rbac check {@link org.apache.directory.fortress.core.model.Session#getRoles()}, for arbac check: {@link org.apache.directory.fortress.core.model.Session#getAdminRoles()}.
+     * @param inPerm  must contain required attributes {@link Permission#objName} and {@link Permission#opName}.  {@link org.apache.directory.fortress.core.model.Permission#objId} is optional.
      * @return boolean containing result of check.
      * @throws org.apache.directory.fortress.core.FinderException
      *          In the event system error occurs looking up data on ldap server.
@@ -939,10 +946,10 @@ final class PermDAO extends ApacheDsDataProvider
     /**
      * This function will first compare the userId from the session object with the list of users attached to permission object.
      * If match does not occur there, determine if there is a match between the authorized roles of user with roles attached to permission object.
-     * For this use {@link org.apache.directory.fortress.core.rbac.Permission#isAdmin()} to determine if admin permissions or normal permissions have been passed in by caller.
+     * For this use {@link org.apache.directory.fortress.core.model.Permission#isAdmin()} to determine if admin permissions or normal permissions have been passed in by caller.
      *
-     * @param session contains the {@link org.apache.directory.fortress.core.rbac.Session#getUserId()},{@link Session#getRoles()} or {@link org.apache.directory.fortress.core.rbac.Session#getAdminRoles()}.
-     * @param permission contains {@link org.apache.directory.fortress.core.rbac.Permission#getUsers()} and {@link Permission#getRoles()}.
+     * @param session contains the {@link org.apache.directory.fortress.core.model.Session#getUserId()},{@link Session#getRoles()} or {@link org.apache.directory.fortress.core.model.Session#getAdminRoles()}.
+     * @param permission contains {@link org.apache.directory.fortress.core.model.Permission#getUsers()} and {@link Permission#getRoles()}.
      * @return binary result.
      */
     private boolean isAuthorized( Session session, Permission permission )

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PermGrant.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PermGrant.java b/src/main/java/org/apache/directory/fortress/core/rbac/PermGrant.java
deleted file mode 100755
index bd4f9b9..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PermGrant.java
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import java.io.Serializable;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-/**
- * This entity is used by {@link org.apache.directory.fortress.core.ant.FortressAntTask} to add {@link Permission} grants to
- * RBAC {@link org.apache.directory.fortress.core.rbac.Role}, or ARBAC {@link org.apache.directory.fortress.core.rbac.AdminRole}.
- * Can also be used to grant Permissions directly to {@link org.apache.directory.fortress.core.rbac.User}s.
- * This entity is used for Ant and En Masse processing only.
- * <p/>
-
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortGrant")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "permGrant", propOrder = {
-    "objName",
-    "opName",
-    "objId",
-    "userId",
-    "roleNm",
-    "admin"
-})
-public class PermGrant extends FortEntity implements Serializable
-{
-    private static final long serialVersionUID = 1L;
-    
-    /** The permission object name */
-    private String objName;
-    
-    /** The permission operation name */
-    private String opName;
-    
-    /** The permission object ID */
-    private String objId;
-    
-    /** The userId attribute from this entity */
-    private String userId;
-    
-    /** The role name associated from this entity */
-    private String roleNm;
-    
-    /** Tells if the entity is stored with administrative permissions */
-    private boolean admin;
-
-    /**
-     * Return the permission object name.
-     * @return maps to 'ftObjNm' attribute on 'ftOperation' object class.
-     */
-    public String getObjName()
-    {
-        return objName;
-    }
-    
-
-    /**
-     * Set the permission object name.
-     * @param objName maps to 'ftObjNm' attribute on 'ftOperation' object class.
-     */
-    public void setObjName(String objName)
-    {
-        this.objName = objName;
-    }
-    
-
-    /**
-     * Return the permission object id.
-     * @return maps to 'ftObjId' attribute on 'ftOperation' object class.
-     */
-    public String getObjId()
-    {
-        return objId;
-    }
-    
-
-    /**
-     * Set the permission object id.
-     * @param objId maps to 'ftObjId' attribute on 'ftOperation' object class.
-     */
-    public void setObjId(String objId)
-    {
-        this.objId = objId;
-    }
-    
-
-    /**
-     * Return the permission operation name.
-     * @return maps to 'ftOpNm' attribute on 'ftOperation' object class.
-     */
-    public String getOpName()
-    {
-        return opName;
-    }
-    
-
-    /**
-     * Set the permission operation name.
-     * @param opName maps to 'ftOpNm' attribute on 'ftOperation' object class.
-     */
-    public void setOpName(String opName)
-    {
-        this.opName = opName;
-    }
-    
-
-    /**
-     * Get the userId attribute from this entity.
-     *
-     * @return maps to 'ftUsers' attribute on 'ftOperation' object class.
-     */
-    public String getUserId()
-    {
-        return userId;
-    }
-
-    
-    /**
-     * Set the userId attribute on this entity.
-     *
-     * @param userId maps to 'ftUsers' attribute on 'ftOperation' object class.
-     */
-    public void setUserId(String userId)
-    {
-        this.userId = userId;
-    }
-    
-
-    /**
-     * Get the role name associated from this entity.
-     *
-     * @return maps to 'ftRoles' attribute on 'ftOperation' object class.
-     */
-    public String getRoleNm()
-    {
-        return roleNm;
-    }
-    
-
-    /**
-     * Set the role name associated with this entity.
-     *
-     * @param roleNm maps to 'ftRoles' attribute on 'ftOperation' object class.
-     */
-    public void setRoleNm(String roleNm)
-    {
-        this.roleNm = roleNm;
-    }
-
-
-    /**
-     * If set to true entity will be stored in ldap subdirectory associated with administrative permissions {@link org.apache.directory.fortress.core.GlobalIds#ADMIN_PERM_ROOT}.
-     * otherwise will be RBAC permissions {@link org.apache.directory.fortress.core.GlobalIds#PERM_ROOT}
-     * @return boolean if administrative entity.
-     */
-    public boolean isAdmin()
-    {
-        return admin;
-    }
-    
-
-    /**
-     * Return boolean value that will be set to true if this entity will be stored in Administrative Permissions.
-     * @param admin will be true if administrative entity.
-     */
-    public void setAdmin(boolean admin)
-    {
-        this.admin = admin;
-    }
-
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "PermGrant object: \n" );
-
-        sb.append( "    roleNm :" ).append( roleNm ).append( '\n' );
-        sb.append( "    objName :" ).append( objName ).append( '\n' );
-        sb.append( "    objId :" ).append( objId ).append( '\n' );
-        sb.append( "    userId :" ).append( userId ).append( '\n' );
-        sb.append( "    opName :" ).append( opName ).append( '\n' );
-        sb.append( "    isAdmin :" ).append( admin ).append( '\n' );
-
-        return sb.toString();
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PermObj.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PermObj.java b/src/main/java/org/apache/directory/fortress/core/rbac/PermObj.java
deleted file mode 100755
index d912d81..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PermObj.java
+++ /dev/null
@@ -1,583 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.io.Serializable;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Properties;
-import java.util.UUID;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- * All entities ({@link org.apache.directory.fortress.core.rbac.User}, {@link org.apache.directory.fortress.core.rbac.Role}, {@link Permission},
- * {@link PwPolicy} {@link org.apache.directory.fortress.core.rbac.SDSet} etc...) are used to carry data between three Fortress
- * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
- * (3) DAO layer where persistence with the OpenLDAP server occurs.
- * <h4>Fortress Processing Layers</h4>
- * <ol>
- * <li>Manager layer:  {@link AdminMgrImpl}, {@link AccessMgrImpl}, {@link ReviewMgrImpl},...</li>
- * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.UserP}, {@link org.apache.directory.fortress.core.rbac.RoleP}, {@link org.apache.directory.fortress.core.rbac.PermP},...</li>
- * <li>DAO layer: {@link UserDAO}, {@link RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
- * </ol>
- * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
- * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #objName} and {@link #ou} attributes set before passing into {@link AdminMgrImpl} or  {@link ReviewMgrImpl} APIs.
- * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
- * <p/>
- * <h4>PermObj entity attribute usages include</h4>
- * <ul>
- * <li>{@link #setObjName} and {@link #setOu} attributes set before calling {@link AdminMgrImpl#addPermObj(PermObj)}.
- * <li>{@link #addProperty} may be set before calling {@link AdminMgrImpl#addPermObj(PermObj)}.
- * <li>{@link #getProperty} may be set after calling {@link ReviewMgrImpl#findPermObjs(PermObj)}.
- * </ul>
- * <p/>
- * <h4>More Permission entity notes</h4>
- * <ul>
- * <li>The {@link PermObj} entity is not used for authorization checks, rather contains {@link Permission} which are themselves authorization targets.<br />
- * <li>This entity must be associated with a valid Perm OU {@link org.apache.directory.fortress.core.rbac.OrgUnit.Type#PERM} that is contained within the {@code ou=OS-P,ou=ARBAC,dc=example,dc=com} location in ldap.
- * <li>The object to operation pairings enable application resources to be mapped to Fortress permissions in a way that is natural for object oriented programming.
- * <li>Permissions = Object {@link PermObj} 1<->* Operations {@link Permission}
- * <p/>
- * <img src="../doc-files/RbacCore.png">
- * <li>The unique key to locate an Fortress PermObj entity is {@code PermObj#objName}.
- * <li>For sample code usages check out {@link Permission} javadoc.
- * </ul>
- * <p/>
- * <h4>PermObj Schema</h4>
- * The Fortress PermObj Entity Class is a composite of 3 different LDAP Schema object classes:
- * <p/>
- * 1. ftObject STRUCTURAL Object Class is used to store object name, id and type variables on target entity.
- * <pre>
- * Fortress Permission Structural Object Class
- * objectclass    ( 1.3.6.1.4.1.38088.2.2
- *  NAME 'ftObject'
- *  DESC 'Fortress Permission Object Class'
- *  SUP organizationalunit
- *  STRUCTURAL
- *  MUST (
- *      ftId $
- *      ftObjNm
- *  )
- *  MAY (
- *      ftType
- *  )
- * )
- * 2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.
- * This aux object class can be used to store custom attributes<br />
- * The properties collections consist of name/value pairs and are not constrainted by Fortress.<br />
- * <pre>
- * ------------------------------------------
- * AC2: Fortress Properties Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.2
- *  NAME 'ftProperties'
- *  DESC 'Fortress Properties AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftProps
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
- * <pre>
- * ------------------------------------------
- * Fortress Audit Modification Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.4
- *  NAME 'ftMods'
- *  DESC 'Fortress Modifiers AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftModifier $
- *      ftModCode $
- *      ftModId
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortObject")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "permObj", propOrder =
-    {
-        "objName",
-        "description",
-        "internalId",
-        "ou",
-        "type",
-        "props",
-        "admin"
-})
-public class PermObj extends FortEntity implements Serializable
-{
-    private static final long serialVersionUID = 1L;
-
-    private boolean admin;
-    private String internalId;
-    private String objName;
-    private String description;
-    @XmlElement(nillable = true)
-    private Props props = new Props();
-    //private Properties props;
-    private String ou;
-    private String type;
-    @XmlTransient
-    private String dn;
-
-
-    /**
-     * Default Constructor used internal to Fortress.
-     */
-    public PermObj()
-    {
-
-    }
-
-
-    /**
-     * Construct an Fortress PermObj entity given an object name.
-     *
-     * @param objName maps to 'ftObjNm' attribute in 'ftObject' object class.
-     */
-    public PermObj( String objName )
-    {
-        this.objName = objName;
-    }
-
-
-    /**
-     * Construct an Fortress PermObj entity given an object and perm ou name.
-     *
-     * @param objName maps to 'ftObjNm' attribute in 'ftObject' object class.
-     * @param ou maps to 'ou' attribute in 'ftObject' object class.
-     */
-    public PermObj( String objName, String ou )
-    {
-        this.objName = objName;
-        this.ou = ou;
-    }
-
-
-    /**
-     * Get the authorization target's object name.  This is typically mapped to the class name for component
-     * that is the target for Fortress authorization check. For example 'PatientRelationshipInquire'.
-     *
-     * @return the name of the object which maps to 'ftObjNm' attribute in 'ftObject' object class.
-     */
-    public String getObjName()
-    {
-        return objName;
-    }
-
-
-    /**
-     * This attribute is required and sets the authorization target object name.  This name is typically derived from the class name
-     * for component that is the target for Fortress authorization check. For example 'CustomerCheckOutPage'.
-     *
-     */
-    public void setObjName( String objName )
-    {
-        this.objName = objName;
-    }
-
-
-    /**
-     * This attribute is required but is set automatically by Fortress DAO class before object is persisted to ldap.
-     * This generated internal id is associated with PermObj.  This method is used by DAO class and
-     * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftObject' object class.
-     */
-    public void setInternalId()
-    {
-        // generate a unique id that will be used as the rDn for this entry:
-        UUID uuid = UUID.randomUUID();
-        this.internalId = uuid.toString();
-
-        //UID iid = new UID();
-        // assign the unique id to the internal id of the entity:
-        //this.internalId = iid.toString();
-    }
-
-
-    /**
-     * Set the internal id that is associated with PermObj.  This method is used by DAO class and
-     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
-     * This method can be used by client for search purposes only.
-     *
-     * @param internalId maps to 'ftId' in 'ftObject' object class.
-     */
-    public void setInternalId( String internalId )
-    {
-        this.internalId = internalId;
-    }
-
-
-    /**
-     * Return the internal id that is associated with PermObj.  This attribute is generated automatically
-     * by Fortress when new PermObj is added to directory and is not known or changeable by external client.
-     *
-     * @return attribute maps to 'ftId' in 'ftObject' object class.
-     */
-    public String getInternalId()
-    {
-        return internalId;
-    }
-
-
-    /**
-     * If set to true, this entity will be loaded into the Admin Permission data set.
-     *
-     * @return boolean indicating if entity is an RBAC (false) or Admin (true) Permission Object.
-     */
-    public boolean isAdmin()
-    {
-        return admin;
-    }
-
-
-    /**
-     * If set to true, this entity will be loaded into the Admin Permission data set.
-     *
-     * @param admin boolean variable indicates if entity is an RBAC or ARBAC Permission Object.
-     */
-
-    public void setAdmin( boolean admin )
-    {
-        this.admin = admin;
-    }
-
-
-    /**
-     * Sets the optional description that is associated with PermObj.  This attribute is validated but not constrained by Fortress.
-     *
-     * @param description that is mapped to same name in 'organizationalUnit' object class.
-     */
-    public void setDescription( String description )
-    {
-        this.description = description;
-    }
-
-
-    /**
-     * Returns optional description that is associated with PermObj.  This attribute is validated but not constrained by Fortress.
-     *
-     * @return value that is mapped to 'description' in 'organizationalUnit' object class.
-     */
-    public String getDescription()
-    {
-        return description;
-    }
-
-
-    /**
-      * Gets the value of the Props property.  This method is used by Fortress and En Masse and should not be called by external programs.
-      *
-      * @return
-      *     possible object is
-      *     {@link Props }
-      *
-      */
-    public Props getProps()
-    {
-        return props;
-    }
-
-
-    /**
-     * Sets the value of the Props property.  This method is used by Fortress and En Masse and should not be called by external programs.
-     *
-     * @param value
-     *     allowed object is
-     *     {@link Props }
-     *
-     */
-    public void setProps( Props value )
-    {
-        this.props = value;
-    }
-
-
-    /**
-     * Add name/value pair to list of properties associated with PermObj.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param key   contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     * @param value
-     */
-    public void addProperty( String key, String value )
-    {
-        Props.Entry entry = new Props.Entry();
-        entry.setKey( key );
-        entry.setValue( value );
-        this.props.getEntry().add( entry );
-    }
-
-
-    /**
-     * Get a name/value pair attribute from list of properties associated with PermObj.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param key contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     * @return value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public String getProperty( String key )
-    {
-        List<Props.Entry> props = this.props.getEntry();
-        Props.Entry keyObj = new Props.Entry();
-        keyObj.setKey( key );
-
-        String value = null;
-        int indx = props.indexOf( keyObj );
-        if ( indx != -1 )
-        {
-            Props.Entry entry = props.get( props.indexOf( keyObj ) );
-            value = entry.getValue();
-        }
-
-        return value;
-    }
-
-
-    /**
-     * Add new collection of name/value pairs to attributes associated with PermObj.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param props contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public void addProperties( Properties props )
-    {
-        if ( props != null )
-        {
-            for ( Enumeration<?> e = props.propertyNames(); e.hasMoreElements(); )
-            {
-                // This LDAP attr is stored as a name-value pair separated by a ':'.
-                String key = ( String ) e.nextElement();
-                String val = props.getProperty( key );
-                addProperty( key, val );
-            }
-        }
-    }
-
-
-    /**
-     * Return the collection of name/value pairs to attributes associated with PermObj.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @return Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public Properties getProperties()
-    {
-        Properties properties = null;
-        List<Props.Entry> props = this.props.getEntry();
-        if ( props.size() > 0 )
-        {
-            properties = new Properties();
-            //int size = props.size();
-            for ( Props.Entry entry : props )
-            {
-                String key = entry.getKey();
-                String val = entry.getValue();
-                properties.setProperty( key, val );
-            }
-        }
-        return properties;
-    }
-
-
-    /**
-    * Add name/value pair to list of properties associated with PermObj.  These values are not constrained by Fortress.
-    * Properties are optional.
-    *
-    * @param key   contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-    * @param value
-    */
-    //public void addProperty(String key, String value)
-    //{
-    //    if (props == null)
-    //    {
-    //        props = new Properties();
-    //    }
-
-    //    this.props.setProperty(key, value);
-    //}
-
-    /**
-     * Add new collection of name/value pairs to attributes associated with PermObj.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param props contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    //public void addProperties(Properties props)
-    //{
-    //    this.props = props;
-    //}
-
-    /**
-     * Return the collection of name/value pairs to attributes associated with PermObj.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @return Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    //public Properties getProperties()
-    //{
-    //    return this.props;
-    //}
-
-    /**
-     * Set the orgUnit name associated with PermObj.  This attribute is validated and constrained by Fortress and must contain name of existing Perm OU.
-     * This attribute is required on add but not on read.
-     *
-     * @param ou mapped to same name in 'ftObject' object class.
-     */
-    public void setOu( String ou )
-    {
-        this.ou = ou;
-    }
-
-
-    /**
-     * Return orgUnit name for PermObj.  This attribute is validated and constrained by Fortress and must contain name of existing Perm OU.
-     * This attribute is required on add but not on read.
-     *
-     * @return value that is mapped to 'ou' in 'ftObject' object class.
-     */
-    public String getOu()
-    {
-        return ou;
-    }
-
-
-    /**
-     * Sets the type attribute of the Perm object.  Currently the type is not constrained to any
-     * preexisting Fortress data set meaning the type is user defined and can be used for grouping like permissions.
-     *
-     * @param type maps to attribute name 'ftType' in 'ftObject' object class.
-     */
-    public void setType( String type )
-    {
-        this.type = type;
-    }
-
-
-    /**
-     * Get the type attribute of the Perm object.  Currently the type is not constrained to any
-     * preexisting Fortress data set meaning the type is user defined and can be used for grouping like permissions.
-     *
-     * @return maps to attribute name 'ftType' in 'ftObject' object class.
-     */
-    public String getType()
-    {
-        return type;
-    }
-
-
-    /**
-     * Set distinguished name associated with PermObj.  This attribute is used by DAO and is not allowed for outside classes.
-     * This attribute should not be set by external callers.
-     *
-     * @param dn that is mapped to same name in 'organizationalUnit' object class.
-     */
-    public void setDn( String dn )
-    {
-        this.dn = dn;
-    }
-
-
-    /**
-     * Returns distinguished name associated with PermObj.  This attribute is generated by DAO and is not allowed for outside classes to modify.
-     * This attribute is for internal user only and need not be processed by external clients.
-     *
-     * @return value that is mapped to 'dn' in 'organizationalUnit' object class.
-     */
-    public String getDn()
-    {
-        return dn;
-    }
-
-
-    @Override
-    public int hashCode()
-    {
-        int result = ( admin ? 1 : 0 );
-        result = 31 * result + ( internalId != null ? internalId.hashCode() : 0 );
-        result = 31 * result + ( objName != null ? objName.hashCode() : 0 );
-        result = 31 * result + ( description != null ? description.hashCode() : 0 );
-        result = 31 * result + ( props != null ? props.hashCode() : 0 );
-        result = 31 * result + ( ou != null ? ou.hashCode() : 0 );
-        result = 31 * result + ( type != null ? type.hashCode() : 0 );
-        result = 31 * result + ( dn != null ? dn.hashCode() : 0 );
-        return result;
-    }
-
-
-    /**
-     * Matches the objName from two PermObj entities.
-     *
-     * @param thatObj contains a PermObj entity.
-     * @return boolean indicating both objects contain matching objNames.
-     */
-    public boolean equals( Object thatObj )
-
-    {
-        if ( this == thatObj )
-        {
-            return true;
-        }
-
-        if ( this.getObjName() == null )
-        {
-            return false;
-        }
-
-        if ( !( thatObj instanceof PermObj ) )
-        {
-            return false;
-        }
-
-        PermObj thatPermObj = ( PermObj ) thatObj;
-
-        if ( thatPermObj.getObjName() == null )
-        {
-            return false;
-        }
-
-        return thatPermObj.getObjName().equalsIgnoreCase( this.getObjName() );
-    }
-
-
-    @Override
-    public String toString()
-    {
-        return "Permission Object {" +
-            "name='" + objName + '\'' +
-            '}';
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PermP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PermP.java b/src/main/java/org/apache/directory/fortress/core/rbac/PermP.java
index 1cd5a3a..1b6eacd 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PermP.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/PermP.java
@@ -27,6 +27,13 @@ import org.apache.directory.fortress.core.FinderException;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.ValidationException;
+import org.apache.directory.fortress.core.model.AdminRole;
+import org.apache.directory.fortress.core.model.OrgUnit;
+import org.apache.directory.fortress.core.model.PermObj;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 


Mime
View raw message