directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [05/19] directory-fortress-core git commit: FC-109 - break core package cycles
Date Mon, 01 Jun 2015 23:02:10 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/SdP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/SdP.java b/src/main/java/org/apache/directory/fortress/core/rbac/SdP.java
index aa342c5..57eb996 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/SdP.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/SdP.java
@@ -25,6 +25,8 @@ import java.util.Set;
 
 import org.apache.directory.fortress.core.GlobalIds;
 import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.SDSet;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 
@@ -34,10 +36,10 @@ import org.apache.directory.fortress.core.util.attr.VUtil;
  * <li>Static Separation of Duties (SSD)</li>
  * <li>Dynamic Separation of Duties (DSD)</li>
  * </ol>
- * The SDSet entity itself distinguishes which is being targeted by {@link SDSet.SDType} which is equal to {@link SDSet.SDType#STATIC} or {@link SDSet.SDType#DYNAMIC}.
+ * The SDSet entity itself distinguishes which is being targeted by {@link org.apache.directory.fortress.core.model.SDSet.SDType} which is equal to {@link org.apache.directory.fortress.core.model.SDSet.SDType#STATIC} or {@link org.apache.directory.fortress.core.model.SDSet.SDType#DYNAMIC}.
  * This class performs data validations and error mapping in addition to calling DAO methods.  It is typically called
  * by internal Fortress Manager classes ({@link org.apache.directory.fortress.core.AdminMgr}, {@link org.apache.directory.fortress.core.ReviewMgr}) and also by internal SD utils.
- * This class is not intended to be called externally or outside of Fortress Core itself.  This class will accept {@link SDSet},
+ * This class is not intended to be called externally or outside of Fortress Core itself.  This class will accept {@link org.apache.directory.fortress.core.model.SDSet},
  * validate its contents and forward on to it's corresponding DAO {@link org.apache.directory.fortress.core.rbac.SdDAO}.
  * <p>
  * Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/Session.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Session.java b/src/main/java/org/apache/directory/fortress/core/rbac/Session.java
deleted file mode 100755
index 8e82991..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Session.java
+++ /dev/null
@@ -1,772 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.UUID;
-
-/**
- * This contains attributes related to a user's RBAC session.
- * The following example shows the mapping to Session attributes on this entity:
- * <p/>
- * <ul> <li><code>Session</code>
- * <li> <code>session.getUserId() => demoUser4</code>
- * <li> <code>session.getInternalUserId() => be2dd2e:12a82ba707e:-7fee</code>
- * <li> <code>session.getMessage() => Fortress checkPwPolicies userId <demouser4> VALIDATION GOOD</code>
- * <li> <code>session.getErrorId() => 0</code>
- * <li> <code>session.getWarningId() => 11</code>
- * <li> <code>session.getExpirationSeconds() => 469831</code>
- * <li> <code>session.getGraceLogins() => 0</code>
- * <li> <code>session.getIsAuthenticated() => true</code>
- * <li> <code>session.getLastAccess() => 1283623680440</code>
- * <li> <code>session.getSessionId() => -7410986f:12addeea576:-7fff</code>
- * <li>  ------------------------------------------
- * <li> <code>User user = session.getUser();</code>
- * <ul> <li> <code>user.getUserId() => demoUser4</code>
- * <li> <code>user.getInternalId() => be2dd2e:12a82ba707e:-7fee</code>
- * <li> <code>user.getCn() => JoeUser4</code>
- * <li> <code>user.getDescription() => Demo Test User 4</code>
- * <li> <code>user.getOu() => test</code>
- * <li> <code>user.getSn() => User4</code>
- * <li> <code>user.getBeginDate() => 20090101</code>
- * <li> <code>user.getEndDate() => none</code>
- * <li> <code>user.getBeginLockDate() => none</code>
- * <li> <code>user.getEndLockDate() => none</code>
- * <li> <code>user.getDayMask() => 1234567</code>
- * <li> <code>user.getTimeout() => 60</code>
- * <li> <code>List<UserRole> roles = session.getRoles();</code>
- * <ul> <li><code>UserRole userRole = roles.get(i);</code>
- * <li> <code>userRole.getName() => role1</code>
- * <li> <code>userRole.getBeginTime() => 0000</code>
- * <li> <code>userRole.getEndTime() => 0000</code>
- * <li> <code>userRole.getBeginDate() => none</code>
- * <li> <code>userRole.getEndDate() => none</code>
- * <li> <code>userRole.getBeginLockDate() => null</code>
- * <li> <code>userRole.getEndLockDate() => null</code>
- * <li> <code>userRole.getDayMask() => null</code>
- * <li> <code>userRole.getTimeout() => 0</code>
- * <li> <code>List<UserAdminRole> adminRoles = session.getAdminRoles();</code>
- * </ul>
- * <ul> <li><code>UserAdminRole userAdminRole = adminRoles.get(i);</code>
- * <li> <code>userAdminRole.getName() => DemoAdminUsers</code>
- * <li> <code>userAdminRole.getBeginTime() => 0000</code>
- * <li> <code>userAdminRole.getEndTime() => 0000</code>
- * <li> <code>userAdminRole.getBeginDate() => none</code>
- * <li> <code>userAdminRole.getEndDate() => none</code>
- * <li> <code>userAdminRole.getBeginLockDate() => null</code>
- * <li> <code>userAdminRole.getEndLockDate() => null</code>
- * <li> <code>userAdminRole.getDayMask() => null</code>
- * <li> <code>userAdminRole.getTimeout() => 0</code>
- * <li> <code>userAdminRole.getOsPs() => [ftT3POrg10, ftT4POrg10]</code>
- * <li> <code>userAdminRole.getOsUs() => [ftT1UOrg10, ftT2UOrg10]</code>
- * <li> <code>userAdminRole.getBeginRange() => ftT14Role1</code>
- * <li> <code>userAdminRole.getEndRange() => ftT14Role10</code>
- * <li> <code>userAdminRole.getBeginInclusive() => true</code>
- * <li> <code>userAdminRole.getEndInclusive() => false</code>
- * </ul>
- * </ul>
- * <p/>
- * Sample Data data contained within this Entity.
- * <p/>
- * Ses UID      [demoUser4]:<br />
- * Ses IID      [ccbb2929-bf01-413d-b768-529de4d428e5]<br />
- * Ses ERR      [0]<br />
- * Ses WARN     [10]<br />
- * Ses MSG      [checkPwPolicies for userId <demouser4> PASSWORD CHECK SUCCESS]<br />
- * Ses EXP      [0]<br />
- * Ses GRAC     [0]<br />
- * Ses AUTH     [true]<br />
- * Ses LAST     [1297408501356]<br />
- * Ses SID      [fc228713-1242-4061-9d8a-d4860bf8d3d8]<br />
- * ------------------------------------------<br />
- * Usr UID      [demoUser4]<br />
- * Usr IID      [ccbb2929-bf01-413d-b768-529de4d428e5]<br />
- * Usr CN       [JoeUser4]<br />
- * Usr DESC     [Demo Test User 4]<br />
- * Usr OU       [demousrs1]<br />
- * Usr SN       [User4]<br />
- * Usr BDTE     [20090101]<br />
- * Usr EDTE     [20990101]<br />
- * Usr BLDT     [none]<br />
- * Usr ELDT     [none]<br />
- * Usr DMSK     [1234567]<br />
- * Usr TO       [60]<br />
- * Usr REST     [false]<br />
- * Usr PROP1    [customerNumber, 3213432]<br />
- * <p/>
- * USER RBAC ROLE[0]:<br />
- * Rle  role name       [role1]<br />
- * Rle  begin time      [0000]<br />
- * Rle  end time        [0000]<br />
- * Rle  begin date      [20110101]<br />
- * Rle  end date        [none]<br />
- * Rle  begin lock      [none]<br />
- * Rle  end lock        [none]<br />
- * Rle  day mask        [all]<br />
- * Rle  time out        [60]<br />
- * <p/>
- * USER ADMIN ROLE[0]:<br />
- * Adm  admin role name [DemoAdminUsers]<br />
- * Adm  OsU             [Dev1]<br />
- * Adm  OsP             [App1]<br />
- * Adm  begin range     [role1]<br />
- * Adm  end range       [role3]<br />
- * Adm  begin time      [0000]<br />
- * Adm  end time        [0000]<br />
- * Adm  begin date      [20110101]<br />
- * Adm  end date        [none]<br />
- * Adm  begin lock      [none]<br />
- * Adm  end lock        [none]<br />
- * Adm  day mask        [23456]<br />
- * Adm  time out        [30]<br />
- * <p/>
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortSession")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "session", propOrder = {
-    "user",
-    "isAuthenticated",
-    "sessionId",
-    "lastAccess",
-    "timeout",
-    "errorId",
-    "expirationSeconds",
-    "graceLogins",
-    "message",
-    "warnings"
-/*    "warningId"*/
-})
-public class Session  extends FortEntity implements PwMessage, Serializable
-{
-    private static final long serialVersionUID = 1L;
-    private User user;
-    private String sessionId;
-    private long lastAccess;
-    private int timeout;
-/*    private int warningId;*/
-    private int errorId;
-    private int graceLogins;
-    private int expirationSeconds;
-    private boolean isAuthenticated;
-    private String message;
-    @XmlElement(nillable = true)
-    private List<Warning> warnings;
-
-    /**
-     * A 'true' value here indicates user successfully authenticated with Fortress.
-     *
-     * @return boolean indicating successful authentication.
-     */
-    public boolean isAuthenticated()
-    {
-        return isAuthenticated;
-    }
-    
-
-    private void init()
-    {
-        // generate a unique id that will be used as the id for this session:
-        UUID uuid = UUID.randomUUID();
-        this.sessionId = uuid.toString();
-    }
-    
-
-    /**
-     * Copy values from incoming Session object.
-     *
-     * @param inSession contains Session values.
-     */
-    public void copy( Session inSession )
-    {
-        this.user = inSession.getUser();
-        // don't copy session id:
-        //this.sessionId = inSession.getSessionId();
-        this.lastAccess = inSession.getLastAccess();
-        this.timeout = inSession.getTimeout();
-/*        this.warningId = inSession.getWarningId();*/
-        this.errorId = inSession.getErrorId();
-        this.graceLogins = inSession.getGraceLogins();
-        this.expirationSeconds = inSession.expirationSeconds;
-        this.isAuthenticated = inSession.isAuthenticated();
-        this.message = inSession.getMsg();
-        this.warnings = inSession.getWarnings();
-    }
-    
-
-    /**
-     * Default constructor for Fortress Session.
-     */
-    public Session()
-    {
-        init();
-        // this class will not check for null on user object.
-        user = new User();
-    }
-    
-
-    /**
-     * Construct a new Session instance with given User entity.
-     *
-     * @param user contains the User attributes that are associated with the Session.
-     */
-    public Session( User user )
-    {
-        init();
-        this.user = user;
-    }
-    
-
-    /**
-     * Construct a new Session instance with given User entity.
-     *
-     * @param user contains the User attributes that are associated with the Session.
-     */
-    public Session (User user, String sessionId )
-    {
-        this.sessionId = sessionId;
-        this.user = user;
-    }
-    
-
-    /**
-     * Return the unique id that is associated with User.  This attribute is generated automatically
-     * by Fortress when new Session is created and is not known or changeable by external client.
-     *
-     * @return attribute maps to unique sessionId associated with user's session.
-     */
-    public String getSessionId()
-    {
-        return sessionId;
-    }
-
-
-    /**
-     * Return the User entity that is associated with this entity.
-     *
-     * Sample User data contained in Session object:
-     * <p/>
-     * ------------------------------------------<br />
-     * U   UID  [demoUser4]<br />
-     * U   IID  [ccbb2929-bf01-413d-b768-529de4d428e5]<br />
-     * U   CN   [JoeUser4]<br />
-     * U   DESC [Demo Test User 4]<br />
-     * U   OU   [demousrs1]<br />
-     * U   SN   [User4]<br />
-     * U   BDTE [20090101]<br />
-     * U   EDTE [20990101]<br />
-     * U   BLDT [none]<br />
-     * U   ELDT [none]<br />
-     * U   DMSK [1234567]<br />
-     * U   TO   [60]<br />
-     * U   REST [false]<br />
-     * U   PROP[0]=customerNumber VAL=3213432<br />
-     * <p/>
-     * USER ROLE[0]:<br />
-     * role name <role1><br />
-     * begin time <0000><br />
-     * end time <0000><br />
-     * begin date <none><br />
-     * end date <none><br />
-     * begin lock <none><br />
-     * end lock <none><br />
-     * day mask <all><br />
-     * time out <0><br />
-     * <p/>
-     * USER ADMIN ROLE[0]:<br />
-     * admin role name <DemoAdminUsers><br />
-     * OsU <null><br />
-     * OsP <null><br />
-     * begin range <null><br />
-     * end range <null><br />
-     * begin time <0000><br />
-     * end time <0000><br />
-     * begin date <none><br />
-     * end date <none><br />
-     * begin lock <none><br />
-     * end lock <none><br />
-     * day mask <all><br />
-     * time out <0><br />
-     * <p/>
-     * @return User entity that contains userid, roles and other attributes valid for Session.
-     */
-    public User getUser()
-    {
-        return this.user;
-    }
-    
-
-    /**
-     * Return the userId that is associated with this Session object.
-     *
-     * @return userId maps to the 'uid' attribute on the 'inetOrgPerson' object class.
-     */
-    public String getUserId()
-    {
-        return this.user.getUserId();
-    }
-    
-
-    /**
-     * Return the internal userId that is associated with User.  This attribute is generated automatically
-     * by Fortress when new User is added to directory and is not known or changeable by external client.
-     *
-     * @return attribute maps to 'ftId' in 'ftUserAttrs' object class.
-     */
-    public String getInternalUserId()
-    {
-        return this.user.getInternalId();
-    }
-    
-
-    /**
-     * Return the list of User's RBAC Roles that have been activated into User's session.  This list will not include
-     * ascendant RBAC roles which may be retrieved using {@link AccessMgrImpl#authorizedRoles(Session)}.
-     *
-     * @return List containing User's RBAC roles.  This list may be empty if User not assigned RBAC.
-     */
-    public List<UserRole> getRoles()
-    {
-        List<UserRole> roles = null;
-
-        if ( user != null )
-        {
-            roles = user.getRoles();
-        }
-
-        return roles;
-    }
-    
-
-    /**
-     * Return a list of User's Admin Roles  that have been activated into User's session.  This list will not include
-     * ascendant ARBAC roles which may be retrieved using {@link org.apache.directory.fortress.core.DelAccessMgr#authorizedAdminRoles(Session)}.
-     *
-     * @return List containing User's Admin roles.  This list may be empty if User not assigned Administrative role.
-     */
-    public List<UserAdminRole> getAdminRoles()
-    {
-        List<UserAdminRole> roles = null;
-
-        if ( user != null )
-        {
-            roles = user.getAdminRoles();
-        }
-
-        return roles;
-    }
-
-    /**
-     * Returns the last access time in milliseconds. Note that while the unit of time of the return value is a millisecond,
-     * the granularity of the value depends on the underlying operating system and may be larger. For example, many
-     * operating systems measure time in units of tens of milliseconds.
-     *
-     * @return the difference, measured in milliseconds, between the last access time and midnight, January 1, 1970 UTC.
-     */
-    public long getLastAccess()
-    {
-        return lastAccess;
-    }
-    
-
-    /**
-     * Gets the message that is associated with the user's last authentication attempt.
-     *
-     * @return String contains text explaining result of user's last authentication.
-     */
-    public String getMsg()
-    {
-        return message;
-    }
-    
-
-    /**
-     * Gets the attribute that specifies the number of times an expired password can
-     * be used to authenticate before failure.
-     *
-     * @return The number of logins the user has left before password fails.
-     */
-    public int getGraceLogins()
-    {
-        return graceLogins;
-    }
-    
-
-    /**
-     * This attribute specifies the maximum number of seconds before a
-     * password is due to expire that expiration warning messages will be
-     * returned to an authenticating user.
-     * <p/>
-     * If this attribute is not present, or if the value is 0 no warnings
-     * will be returned.  If not 0, the value must be smaller than the value
-     * of the pwdMaxAge attribute.
-     *
-     * @return attribute is computed based on last time user has changed their password.
-     */
-    public int getExpirationSeconds()
-    {
-        return expirationSeconds;
-    }
-    
-
-    /**
-     * Get the integer timeout that contains max time (in seconds) that User's session may remain inactive.
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return int maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    private int getTimeout()
-    {
-        return timeout;
-    }
-    
-
-    /**
-     * Get the value that will be set to 'true' if user has successfully authenticated with Fortress for this Session.  This value is set by
-     * the Fortress DAO object.
-     *
-     * @return value indicates result of authentication.
-     */
-    public boolean setAuthenticated()
-    {
-        return isAuthenticated;
-    }
-    
-
-    /**
-     * Return the error id that is associated with the password policy checks.  a '0' indicates no errors.
-     * <ul>
-     * <li> <code>INVALID_PASSWORD_MESSAGE = -10;</code>
-     * <li> <code>GOOD = 0;</code>
-     * <li> <code>PASSWORD_HAS_EXPIRED = 100;</code>
-     * <li> <code>ACCOUNT_LOCKED = 101;</code>
-     * <li> <code>CHANGE_AFTER_RESET = 102;</code>
-     * <li> <code>NO_MODIFICATIONS = 103;</code>
-     * <li> <code>MUST_SUPPLY_OLD = 104;</code>
-     * <li> <code>INSUFFICIENT_QUALITY = 105;</code>
-     * <li> <code>PASSWORD_TOO_SHORT = 106;</code>
-     * <li> <code>PASSWORD_TOO_YOUNG = 107;</code>
-     * <li> <code>HISTORY_VIOLATION = 108;</code>
-     * <li> <code>ACCOUNT_LOCKED_CONSTRAINTS = 109;</code>
-     * </ul>
-     * <p/>
-     *
-     * @return int contains the error id that was generated on the user's last authentication.
-     */
-    public int getErrorId()
-    {
-        return errorId;
-    }
-
-    
-    /**
-     * Set a User entity into the Session.
-     * Sample User data contained in Session object:
-     * <p/>
-     * ------------------------------------------<br />
-     * U   UID  [demoUser4]<br />
-     * U   IID  [ccbb2929-bf01-413d-b768-529de4d428e5]<br />
-     * U   CN   [JoeUser4]<br />
-     * U   DESC [Demo Test User 4]<br />
-     * U   OU   [demousrs1]<br />
-     * U   SN   [User4]<br />
-     * U   BDTE [20090101]<br />
-     * U   EDTE [20990101]<br />
-     * U   BLDT [none]<br />
-     * U   ELDT [none]<br />
-     * U   DMSK [1234567]<br />
-     * U   TO   [60]<br />
-     * U   REST [false]<br />
-     * U   PROP[0]=customerNumber VAL=3213432<br />
-     * <p/>
-     * USER ROLE[0]:<br />
-     * role name <role1><br />
-     * begin time <0000><br />
-     * end time <0000><br />
-     * begin date <none><br />
-     * end date <none><br />
-     * begin lock <none><br />
-     * end lock <none><br />
-     * day mask <all><br />
-     * time out <0><br />
-     * <p/>
-     * USER ADMIN ROLE[0]:<br />
-     * admin role name <DemoAdminUsers><br />
-     * OsU <null><br />
-     * OsP <null><br />
-     * begin range <null><br />
-     * end range <null><br />
-     * begin time <0000><br />
-     * end time <0000><br />
-     * begin date <none><br />
-     * end date <none><br />
-     * begin lock <none><br />
-     * end lock <none><br />
-     * day mask <all><br />
-     * time out <0><br />
-     * <p/>
-     * @param user Contains userId, roles and other security attributes used for access control.
-     */
-    public void setUser( User user )
-    {
-        this.user = user;
-    }
-    
-
-    /**
-     * Set the internal userId that is associated with User.  This method is used by DAO class and
-     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
-     * This method can be used by client for search purposes only.
-     *
-     * @param internalUserId maps to 'ftId' in 'ftUserAttrs' object class.
-     */
-    public void setInternalUserId( String internalUserId )
-    {
-        this.user.setInternalId( internalUserId );
-    }
-    
-
-    /**
-     * Set the value to 'true' indicating that user has successfully authenticated with Fortress.  This value is set by
-     * the Fortress DAO object.
-     *
-     * @param authenticated indicates result of authentication.
-     */
-    public void setAuthenticated( boolean authenticated )
-    {
-        isAuthenticated = authenticated;
-    }
-    
-
-    /**
-     * Set the userId that is associated with User.  UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
-     *
-     * @param userId maps to 'uid' attribute in 'inNetOrgPerson' object class.
-     */
-    public void setUserId( String userId )
-    {
-        user.setUserId( userId );
-    }
-
-
-    /**
-     * Add a list of RBAC Roles to this entity that have been activated into Session or are under consideration for activation.
-     *
-     * @param roles List of type UserRole that contains at minimum UserId and Role name.
-     */
-    public void setRoles( List<UserRole> roles )
-    {
-        user.setRoles( roles );
-    }
-    
-
-    /**
-     * Add a single user-role object to the list of UserRoles for User.
-     *
-     * @param role UserRole contains at least userId and role name (activation) and additional constraints (assignment)
-     */
-    public void setRole( UserRole role )
-    {
-        user.setRole( role );
-    }
-    
-
-    /**
-     * Set the integer timeout that contains max time (in seconds) that User's session may remain inactive.
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param timeout maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    private void setTimeout(int timeout)
-    {
-        this.timeout = timeout;
-    }
-    
-
-    /**
-     * Set the last access time in milliseconds. Note that while the unit of time of the return value is a millisecond,
-     * the granularity of the value depends on the underlying operating system and may be larger. For example, many
-     * operating systems measure time in units of tens of milliseconds.
-     */
-    public void setLastAccess()
-    {
-        lastAccess = System.currentTimeMillis();
-    }
-    
-
-    /**
-     * Set the message that is associated with the user's last authentication attempt.
-     *
-     * @param message Contains text explaining result of user's last authentication.
-     */
-    public void setMsg( String message )
-    {
-        this.message = message;
-    }
-    
-
-    /**
-     * Set the error id that is associated with the password policy checks.  a '0' indicates no errors.
-     * <ul>
-     * <li> <code>INVALID_PASSWORD_MESSAGE = -10;</code>
-     * <li> <code>GOOD = 0;</code>
-     * <li> <code>PASSWORD_HAS_EXPIRED = 100;</code>
-     * <li> <code>ACCOUNT_LOCKED = 101;</code>
-     * <li> <code>CHANGE_AFTER_RESET = 102;</code>
-     * <li> <code>NO_MODIFICATIONS = 103;</code>
-     * <li> <code>MUST_SUPPLY_OLD = 104;</code>
-     * <li> <code>INSUFFICIENT_QUALITY = 105;</code>
-     * <li> <code>PASSWORD_TOO_SHORT = 106;</code>
-     * <li> <code>PASSWORD_TOO_YOUNG = 107;</code>
-     * <li> <code>HISTORY_VIOLATION = 108;</code>
-     * <li> <code>ACCOUNT_LOCKED_CONSTRAINTS = 109;</code>
-     * </ul>
-     * <p/>
-     *
-     * @param error contains the error id that was generated on the user's last authentication.
-     */
-    public void setErrorId( int error )
-    {
-        this.errorId = error;
-    }
-    
-
-    /**
-     * This attribute specifies the number of times an expired password can
-     * be used to authenticate.
-     *
-     * @param grace The number of logins the user has left before password fails.
-     */
-    public void setGraceLogins( int grace )
-    {
-        this.graceLogins = grace;
-    }
-    
-
-    /**
-     * This attribute specifies the maximum number of seconds before a
-     * password is due to expire that expiration warning messages will be
-     * returned to an authenticating user.
-     * <p/>
-     * If this attribute is not present, or if the value is 0 no warnings
-     * will be returned.  If not 0, the value must be smaller than the value
-     * of the pwdMaxAge attribute.
-     *
-     * @param expire attribute is computed based on last time user has changed their password.
-     */
-    public void setExpirationSeconds( int expire )
-    {
-        this.expirationSeconds = expire;
-    }
-    
-
-    /**
-     * Get the warnings attached to this Session.  Used for processing password policy scenarios, e.g.. password expiring message.
-     *
-     * @return null value, zero or more objects of type {@link Warning} will be returned.  Note: the caller of this method must ensure a not null condition before use.
-     */
-    public List<Warning> getWarnings()
-    {
-        return warnings;
-    }
-    
-
-    /**
-     * Set the warnings on this Session.  Used for processing password policy scenarios, e.g.. password expiring message.
-     * Not intended for use outside of Fortress packages.
-     *
-     * @param warnings zero or more objects of type warning may be set on a Fortress session.
-     */
-    public void setWarnings( List<Warning> warnings )
-    {
-        this.warnings = warnings;
-    }
-    
-
-    /**
-     * Add a warning to the collection into Fortress Session object.  Used for processing password policy scenarios, e.g.. password expiring message.
-     * Not intended for use outside of Fortress packages.
-     *
-     * @param warning one object of type warning will be added to Fortress session.
-     */
-    public void setWarning( Warning warning )
-    {
-        if ( warnings == null )
-        {
-            warnings = new ArrayList<Warning>();
-        }
-        
-        this.warnings.add( warning );
-    }
-
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "Session object: \n" );
-
-        sb.append( "    sessionId :" ).append( sessionId ).append( '\n' );
-        sb.append( "    user :" ).append( user ).append( '\n' );
-        sb.append( "    isAuthenticated :" ).append( isAuthenticated ).append( '\n' );
-        sb.append( "    lastAccess :" ).append( lastAccess ).append( '\n' );
-        sb.append( "    timeout :" ).append( timeout ).append( '\n' );
-        sb.append( "    graceLogins :" ).append( graceLogins ).append( '\n' );
-        sb.append( "    expirationSeconds :" ).append( expirationSeconds ).append( '\n' );
-        sb.append( "    errorId :" ).append( errorId ).append( '\n' );
-        sb.append( "    message :" ).append( message ).append( '\n' );
-
-        if ( warnings != null )
-        {
-            sb.append( "    warnings : " );
-
-            boolean isFirst = true;
-
-            for ( Warning warning : warnings )
-            {
-                if ( isFirst )
-                {
-                    isFirst = false;
-                }
-                else
-                {
-                    sb.append( ", " );
-                }
-
-                sb.append( warning );
-            }
-
-            sb.append( '\n' );
-        }
-
-        return sb.toString();
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/User.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/User.java b/src/main/java/org/apache/directory/fortress/core/rbac/User.java
deleted file mode 100755
index 239962d..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/User.java
+++ /dev/null
@@ -1,1685 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Properties;
-import java.util.UUID;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
-import javax.xml.bind.annotation.XmlType;
-
-import org.apache.directory.fortress.core.util.time.Constraint;
-
-
-/**
- * All entities ({@link User}, {@link org.apache.directory.fortress.core.rbac.Role}, {@link Permission},
- * {@link PwPolicy} {@link SDSet} etc...) are used to carry data between three Fortress
- * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
- * (3) DAO layer where persistence with the OpenLDAP server occurs.
- * <p/>
- * <h4>Fortress Processing Layers</h4>
- * <ol>
- * <li>Manager layer:  {@link AdminMgrImpl}, {@link AccessMgrImpl}, {@link ReviewMgrImpl},...</li>
- * <li>Process layer:  {@link UserP}, {@link RoleP}, {@link PermP},...</li>
- * <li>DAO layer: {@link UserDAO}, {@link org.apache.directory.fortress.core.rbac.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
- * </ol>
- * Fortress clients must first instantiate the data entity before invoking one of the Manager APIs.  The caller must first
- * provide enough information to uniquely identity target record for the particular ldap operation performed.<br />
- * For example the User entity requires the {@link User#setUserId} attribute to be set before calling a Manager API.
- * The unique key to locate a User entity in the Fortress DIT is simply the userId field.<br />
- * Other ldap operations on User may require additional attributes to be set.
- * <p/>
- * <h4>User entity attribute usages include</h4>
- * <ul>
- * <li>{@link #setPassword(char[])} must be set before calling {@link AccessMgrImpl#authenticate} and {@link AccessMgrImpl#createSession(User, boolean)} (unless trusted).
- * <li>{@link #setOu} is required before calling {@link AdminMgrImpl#addUser(User)} to add a new user to ldap.
- * <li>{@link #setRoles} will be set for {@link AccessMgrImpl#createSession(User, boolean)} when selective RBAC Role activation is required.
- * <li>{@link #setAdminRoles} will be set for {@link AccessMgrImpl#createSession(User, boolean)} when selective Administrative Role activation is required.
- * <li>{@link #setPwPolicy} may be set for {@link AdminMgrImpl#updateUser(User)} to assign User to a policy {@link PwPolicy}.
- * <li>{@link #password} is the only case sensitive attribute on this entity.
- * </ul>
- * <p/>
- * Example to create new Fortress User:
- * <pre>
- * try
- * {
- *  // Instantiate the AdminMgr first
- *  AdminMgr adminMgr = AdminMgrFactory.createInstance();
- *
- *  User myUser = new User("myUserId", "myPassword".toCharArray(), myRoleName", "myOU");
- *  adminMgr.addUser(myUser);
- * }
- * catch (SecurityException ex)
- * {
- *  // log or throw
- * }</pre>
- * The above code will persist to LDAP a User object that has a userId of "myUserId", a password of "myPassword", a role assignment to "myRoleName", and assigned to organzational unit named "myOU".
- * This User can be used as a target for subsequent User-Role assignments, User-Permission grants, authentication, authorization and more.
- *
- * This entity aggregates one standard LDAP structural object class, {@code inetOrgPerson} see <a href="http://www.ietf.org/rfc/rfc2798.txt">RFC 2798</a>,
- * along with three auxiliary object extensions supplied by Fortress:  {@code ftUserAttrs}, {@code ftProperties}, {@code ftMods}.
- * The combination of the standard and custom object classes form a single entry within the directory and is represented in this entity class.
- *
- * <h4>Fortress User Schema</h4>
- *
- * 1. InetOrgPerson Structural Object Class. <br />
- * <code># The inetOrgPerson represents people who are associated with an</code><br />
- * <code># organization in some way.  It is a structural class and is derived</code><br />
- * <code># from the organizationalPerson which is defined in X.521 [X521].</code><br />
- * <pre>
- * ------------------------------------------
- * objectclass ( 2.16.840.1.113730.3.2.2
- *  NAME 'inetOrgPerson'
- *  DESC 'RFC2798: Internet Organizational Person'
- *  SUP organizationalPerson
- *  STRUCTURAL
- *  MAY (
- *      audio $ businessCategory $ carLicense $ departmentNumber $
- *      displayName $ employeeNumber $ employeeType $ givenName $
- *      homePhone $ homePostalAddress $ initials $ jpegPhoto $
- *      labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $
- *      roomNumber $ secretary $ uid $ userCertificate $
- *      x500uniqueIdentifier $ preferredLanguage $
- *      userSMIMECertificate $ userPKCS12
- *  )
- * )
- * ------------------------------------------
- * </pre>
- *
- * 2. organizationalPerson Structural Object Class.
- * <pre>
- * ------------------------------------------
- * objectclass ( 2.5.6.7
- *  NAME 'organizationalPerson'
- *  DESC 'RFC2256: an organizational person'
- *  SUP person
- *  STRUCTURAL
- *  MAY (
- *      title $ x121Address $ registeredAddress $ destinationIndicator $
- *      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- *      telephoneNumber $ internationaliSDNNumber $
- *      facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
- *      postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l
- *  )
- * )
- * ------------------------------------------
- * </pre>
- *
- * 3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.<br />
- * <code># This aux object class can be used to store custom attributes.</code><br />
- * <code># The properties collections consist of name/value pairs and are not constrainted by Fortress.</code><br />
- * <pre>
- * ------------------------------------------
- * AC2: Fortress Properties Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.2
- *  NAME 'ftProperties'
- *  DESC 'Fortress Properties AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftProps
- *  )
- * )
- * ------------------------------------------
- * </pre>
- *
- * 4. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.
- * <pre>
- * ------------------------------------------
- * Fortress User Attributes Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.1
- *  NAME 'ftUserAttrs'
- *  DESC 'Fortress User Attribute AUX Object Class'
- *  AUXILIARY
- *  MUST (
- *      ftId
- *  )
- *  MAY (
- *      ftRC $
- *      ftRA $
- *      ftARC $
- *      ftARA $
- *      ftCstr $
- *      ftSystem
- *  )
- * )
- * ------------------------------------------
- * </pre>
- *
- * 5. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
- * <pre>
- * ------------------------------------------
- * Fortress Audit Modification Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.4
- *  NAME 'ftMods'
- *  DESC 'Fortress Modifiers AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftModifier $
- *      ftModCode $
- *      ftModId
- *  )
- * )
- * ------------------------------------------
- * </pre>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-
-@XmlRootElement(name = "fortUser")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "user", propOrder =
-    {
-        "userId",
-        "description",
-        "name",
-        "internalId",
-        "ou",
-        "pwPolicy",
-        "sn",
-        "cn",
-        "dn",
-        "displayName",
-        "employeeType",
-        "title",
-        "address",
-        "phones",
-        "mobiles",
-        "emails",
-        "props",
-        "locked",
-        "reset",
-        "system",
-        "beginTime",
-        "endTime",
-        "beginDate",
-        "endDate",
-        "beginLockDate",
-        "endLockDate",
-        "dayMask",
-        "timeout",
-        "roles",
-        "adminRoles",
-        "password",
-        "newPassword",
-        "uidNumber",
-        "gidNumber",
-        "homeDirectory",
-        "loginShell",
-        "gecos"
-    /*        "jpegPhoto"*/
-})
-public class User extends FortEntity implements Constraint, Serializable
-{
-    /**
-     * The serialVersionUID needed for Serializable classes
-     */
-    private static final long serialVersionUID = 1L;
-
-    private String userId;
-    @XmlElement(nillable = true)
-    private char[] password;
-    @XmlElement(nillable = true)
-    private char[] newPassword;
-    private String internalId;
-    @XmlElement(nillable = true)
-    private List<UserRole> roles;
-    @XmlElement(nillable = true)
-    private List<UserAdminRole> adminRoles;
-    private String pwPolicy;
-    private String cn;
-    private String sn;
-    private String dn;
-    private String ou;
-    private String displayName;
-    private String description;
-    private String beginTime;
-    private String endTime;
-    private String beginDate;
-    private String endDate;
-    private String beginLockDate;
-    private String endLockDate;
-    private String dayMask;
-    private String name;
-    private String employeeType;
-    private String title;
-    private int timeout;
-    private boolean reset;
-    private boolean locked;
-    private Boolean system;
-    @XmlElement(nillable = true)
-    private Props props = new Props();
-    @XmlElement(nillable = true)
-    private Address address;
-    @XmlElement(nillable = true)
-    private List<String> phones;
-    @XmlElement(nillable = true)
-    private List<String> mobiles;
-    @XmlElement(nillable = true)
-    private List<String> emails;
-    @XmlTransient
-    private byte[] jpegPhoto;
-
-    // RFC2307bis:
-    /*
-    MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
-    MAY ( userPassword $ loginShell $ gecos $ description ) )
-     */
-    private String uidNumber;
-    private String gidNumber;
-    private String homeDirectory;
-    private String loginShell;
-    private String gecos;
-
-
-    public String getUidNumber()
-    {
-        return uidNumber;
-    }
-
-
-    public void setUidNumber( String uidNumber )
-    {
-        this.uidNumber = uidNumber;
-    }
-
-
-    public String getGidNumber()
-    {
-        return gidNumber;
-    }
-
-
-    public void setGidNumber( String gidNumber )
-    {
-        this.gidNumber = gidNumber;
-    }
-
-
-    public String getHomeDirectory()
-    {
-        return homeDirectory;
-    }
-
-
-    public void setHomeDirectory( String homeDirectory )
-    {
-        this.homeDirectory = homeDirectory;
-    }
-
-
-    public String getLoginShell()
-    {
-        return loginShell;
-    }
-
-
-    public void setLoginShell( String loginShell )
-    {
-        this.loginShell = loginShell;
-    }
-
-
-    public String getGecos()
-    {
-        return gecos;
-    }
-
-
-    public void setGecos( String gecos )
-    {
-        this.gecos = gecos;
-    }
-
-
-    /**
-     * Default constructor not intended for external use and is typically used by internal Fortress classes.
-     * User entity constructed in this manner cannot be used by other until additional attributes (i.e. userId) are set.
-     */
-    public User()
-    {
-    }
-
-
-    /**
-     * Construct User given userId.   Once loaded this entity can be passed to AccessMgr.createSession iff trusted == 'true'..
-     *
-     * @param userId String validated using simple length test and optional regular expression, i.e. safe text.
-     */
-    public User( String userId )
-    {
-        this.userId = userId;
-    }
-
-
-    /**
-     * Construct User given userId and password.  Once loaded this entity can be passed to AccessMgr.createSession.
-     *
-     * @param userId   String validated using simple length test and optional regular expression, i.e. safe text.
-     * @param password validated using simple length test and OpenLDAP password policies.
-     */
-    public User( String userId, char[] password )
-    {
-        this.userId = userId;
-
-        if ( password != null )
-        {
-            this.password = password.clone();
-        }
-    }
-
-
-    /**
-     * Construct User given userId and password.  Once loaded this entity can be passed to AccessMgr.createSession.
-     *
-     * @param userId   String validated using simple length test and optional regular expression, i.e. safe text.
-     * @param password validated using simple length test and OpenLDAP password policies.
-     * @param roleName contains role that caller is requesting activation.
-     */
-    public User( String userId, char[] password, String roleName )
-    {
-        this.userId = userId;
-
-        if ( password != null )
-        {
-            this.password = password.clone();
-        }
-
-        setRole( new UserRole( roleName ) );
-    }
-
-
-    /**
-     * Construct User given userId and password.  Once loaded this entity can be passed to AccessMgr.createSession.
-     *
-     * @param userId   String validated using simple length test and optional regular expression, i.e. safe text.
-     * @param password validated using simple length test and OpenLDAP password policies.
-     * @param roleNames contains array of roleNames that caller is requesting activation.
-     */
-    public User( String userId, char[] password, String[] roleNames )
-    {
-        this.userId = userId;
-
-        if ( password != null )
-        {
-            this.password = password.clone();
-        }
-
-        if ( roleNames != null )
-        {
-            for ( String name : roleNames )
-            {
-                setRole( new UserRole( name ) );
-            }
-        }
-    }
-
-
-    /**
-     * Construct User given userId and password.  Once loaded this entity can be passed to AccessMgr.createSession.
-     *
-     * @param userId   String validated using simple length test and optional regular expression, i.e. safe text.
-     * @param password validated using simple length test and OpenLDAP password policies.
-     * @param roleName contains role that caller is requesting activation (see {@link org.apache.directory.fortress.core.AccessMgr#createSession(User, boolean)}) or assignment (see {@link org.apache.directory.fortress.core.AdminMgr#addUser(User)}).
-     * @param ou org unit name that caller is requesting assigned to newly created User (see {@link org.apache.directory.fortress.core.AdminMgr#addUser(User)}).
-     */
-    public User( String userId, char[] password, String roleName, String ou )
-    {
-        this.userId = userId;
-
-        if ( password != null )
-        {
-            this.password = password.clone();
-        }
-
-        setRole( new UserRole( roleName ) );
-        this.ou = ou;
-    }
-
-
-    /**
-     * Used to retrieve User's valid userId attribute.  The Fortress userId maps to 'uid' for InetOrgPerson object class.
-     *
-     * @return String containing the userId.
-     */
-    @Override
-    public String toString()
-    {
-        return "User{" +
-            "userId='" + userId + '\'' +
-            ", internalId='" + internalId + '\'' +
-            ", roles=" + roles +
-            ", adminRoles=" + adminRoles +
-            ", pwPolicy='" + pwPolicy + '\'' +
-            ", cn='" + cn + '\'' +
-            ", sn='" + sn + '\'' +
-            ", dn='" + dn + '\'' +
-            ", ou='" + ou + '\'' +
-            ", description='" + description + '\'' +
-            ", beginTime='" + beginTime + '\'' +
-            ", endTime='" + endTime + '\'' +
-            ", beginDate='" + beginDate + '\'' +
-            ", endDate='" + endDate + '\'' +
-            ", beginLockDate='" + beginLockDate + '\'' +
-            ", endLockDate='" + endLockDate + '\'' +
-            ", dayMask='" + dayMask + '\'' +
-            ", name='" + name + '\'' +
-            ", employeeType='" + employeeType + '\'' +
-            ", title='" + title + '\'' +
-            ", timeout=" + timeout +
-            ", reset=" + reset +
-            ", locked=" + locked +
-            ", system=" + system +
-            ", props=" + props +
-            ", address=" + address +
-            ", phones=" + phones +
-            ", mobiles=" + mobiles +
-            ", emails=" + emails +
-            '}';
-    }
-
-
-    /**
-     * Required by Constraint Interface but not needed for user entity. Not intended for external use.
-     *
-     * @return String containing constraint data ready for ldap.
-     * @throws UnsupportedOperationException
-     */
-    public String getRawData()
-    {
-        throw new UnsupportedOperationException( "not allowed for user" );
-    }
-
-
-    /**
-     * This is used internally by Fortress for Constraint operations.
-     *
-     * @return String contains name attribute used internally for constraint checking.
-     */
-    public String getName()
-    {
-        return name;
-    }
-
-
-    /**
-     * This is used internally by Fortress for Constraint operations.  Values set here by external caller will be ignored.
-     *
-     * @param name contains attribute used internally for constraint checking.
-     */
-    public void setName( String name )
-    {
-        this.name = name;
-    }
-
-
-    /**
-     * Used to identify the employer to employee relationship.  Typical values used will be "Contractor", "Employee", "Intern", "Temp",
-     * "External", and "Unknown" but any value may be used.
-     *
-     * @return  attribute maps to 'employeeType' attribute in 'inetOrgPerson' object class.
-     */
-    public String getEmployeeType()
-    {
-        return employeeType;
-    }
-
-
-    /**
-     * Used to identify the employer to employee relationship.  Typical values used will be "Contractor", "Employee", "Intern", "Temp",
-     * "External", and "Unknown" but any value may be used.
-     *
-     * @param employeeType maps to 'employeeType' attribute in 'inetOrgPerson' object class.
-     */
-    public void setEmployeeType( String employeeType )
-    {
-        this.employeeType = employeeType;
-    }
-
-
-    /**
-     * The honorific prefix(es) of the User, or "Title" in most Western languages (e.g.  Ms. given the full name Ms.
-     * Barbara Jane Jensen, III.).
-     *
-     * @return maps to 'title' attribute in 'inetOrgPerson' objectclass.
-     */
-    public String getTitle()
-    {
-        return title;
-    }
-
-
-    /**
-     * The honorific prefix(es) of the User, or "Title" in most Western languages (e.g.  Ms. given the full name Ms.
-     * Barbara Jane Jensen, III.).
-     *
-     * @param title maps to 'title' attribute in 'inetOrgPerson' objectclass.
-     */
-    public void setTitle( String title )
-    {
-        this.title = title;
-    }
-
-
-    /**
-     * Return the name of the OpenLDAP password policy that is set for this user.  This attribute may be null.
-     * The attribute maps to 'pwdPolicySubentry' attribute from pwpolicy ldap object class.
-     *
-     * @return name maps to name of OpenLDAP policy in effect for User.
-     */
-    public String getPwPolicy()
-    {
-        return pwPolicy;
-    }
-
-
-    /**
-     * Sets the OpenLDAP password policy name to enable for User.  This attribute is optional but if set, will be validated to ensure
-     * contains actual OpenLDAP password policy name.
-     *
-     * @param pwPolicy parameter must contain valid OpenLDAP policy name.
-     */
-    public void setPwPolicy( String pwPolicy )
-    {
-        this.pwPolicy = pwPolicy;
-    }
-
-
-    /**
-     * Return a list of User's RBAC Roles.
-     *
-     * @return List containing User's RBAC roles.  This list may be empty if User not assigned RBAC.
-     */
-    public List<UserRole> getRoles()
-    {
-        // do not return a null List to caller:
-        if ( roles == null )
-        {
-            roles = new ArrayList<>();
-        }
-
-        return roles;
-    }
-
-
-    /**
-     * Add a list of RBAC Roles to this entity be considered for later processing:
-     * AccessMgr (user-role activation) or AdminMgr (user-role assignment).
-     *
-     * @param roles List of type UserRole that contains at minimum UserId and Role name.
-     */
-    public void setRoles( List<UserRole> roles )
-    {
-        this.roles = roles;
-    }
-
-
-    /**
-     * Add a single user-role object to the list of UserRoles for User.
-     *
-     * @param role UserRole contains {@link UserRole#name} to target for activation into {@link Session}.
-     */
-    public void setRole( UserRole role )
-    {
-        if ( roles == null )
-        {
-            roles = new ArrayList<>();
-        }
-
-        roles.add( role );
-    }
-
-
-    /**
-     * Add a single user-role object to the list of UserRoles for User.
-     *
-     * @param roleName contains role name to target for activation into {@link Session}.
-     */
-    public void setRole( String roleName )
-    {
-        if ( roles == null )
-        {
-            roles = new ArrayList<>();
-        }
-
-        roles.add( new UserRole( roleName ) );
-    }
-
-
-    /**
-     * Removes a user-role object from the list of UserRoles.
-     *
-     * @param role UserRole must contain userId and role name.
-     */
-    public void delRole( UserRole role )
-    {
-        if ( roles != null )
-        {
-            roles.remove( role );
-        }
-    }
-
-
-    /**
-     * Return a list of User's Admin Roles.
-     *
-     * @return List containing User's Admin roles.  This list may be empty if User not assigned Administrative role.
-     */
-    public List<UserAdminRole> getAdminRoles()
-    {
-        // do not return a null List to caller:
-        if ( adminRoles == null )
-        {
-            adminRoles = new ArrayList<>();
-        }
-
-        return adminRoles;
-    }
-
-
-    /**
-     * Add a single user-adminRole object to the list of UserAdminRoles for User.
-     *
-     * @param roles UserAdminRole contains at least userId and admin role name (activation) and additional constraints (assignment)
-     */
-    public void setAdminRoles( List<UserAdminRole> roles )
-    {
-        this.adminRoles = roles;
-    }
-
-
-    /**
-     * Add a single user-adminRole object to the list of UserAdminRoles for User.
-     *
-     * @param role UserAdminRole contains at least userId and adminRole name (activation) and additional constraints (assignment)
-     */
-    public void setAdminRole( UserAdminRole role )
-    {
-        if ( adminRoles == null )
-        {
-            adminRoles = new ArrayList<>();
-        }
-
-        adminRoles.add( role );
-    }
-
-
-    /**
-     * Add a single user-adminRole object to the list of UserAdminRoles for User.
-     *
-     * @param roleName contrains adminRole name.
-     */
-    public void setAdminRole( String roleName )
-    {
-        if ( adminRoles == null )
-        {
-            adminRoles = new ArrayList<>();
-        }
-
-        adminRoles.add( new UserAdminRole( userId, roleName ) );
-    }
-
-
-    /**
-     * Removes a user-adminRole object from the list of UserAdminRoles.
-     *
-     * @param adminRole UserAdminRole must contain userId and adminRole name.
-     */
-    public void delAdminRole( UserAdminRole adminRole )
-    {
-        if ( adminRoles != null )
-        {
-            adminRoles.remove( adminRole );
-        }
-    }
-
-
-    /**
-     * Return the userId that is associated with User.  UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
-     *
-     * @return attribute maps to 'uid' in 'inetOrgPerson' object class.
-     */
-    public String getUserId()
-    {
-        return userId;
-    }
-
-
-    /**
-     * Set the userId that is associated with User.  UserId is required attribute and must be set on add, update, delete, createSession, authenticate, etc..
-     *
-     * @param userId maps to 'uid' attribute in 'inNetOrgPerson' object class.
-     */
-    public void setUserId( String userId )
-    {
-        this.userId = userId;
-    }
-
-
-    /**
-     * Return the internal userId that is associated with User.  This attribute is generated automatically
-     * by Fortress when new User is added to directory and is not known or changeable by external client.
-     *
-     * @return attribute maps to 'ftId' in 'ftUserAttrs' object class.
-     */
-    public String getInternalId()
-    {
-        return internalId;
-    }
-
-
-    /**
-     * Set the internal userId that is associated with User.  This method is used by DAO class and
-     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
-     * This method can be used by client for search purposes only.
-     *
-     * @param internalId maps to 'ftId' in 'ftUserAttrs' object class.
-     */
-    public void setInternalId( String internalId )
-    {
-        this.internalId = internalId;
-    }
-
-
-    /**
-     * Generate an internal userId that is associated with User.  This method is used by DAO class and
-     * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftUserAttrs' object class.
-     */
-    public void setInternalId()
-    {
-        UUID uuid = UUID.randomUUID();
-        internalId = uuid.toString();
-    }
-
-
-    /**
-     * Returns optional description that is associated with User.  This attribute is validated but not constrained by Fortress.
-     *
-     * @return value that is mapped to 'description' in 'inetOrgPerson' object class.
-     */
-    public String getDescription()
-    {
-        return description;
-    }
-
-
-    /**
-     * Sets the optional description that is associated with User.  This attribute is validated but not constrained by Fortress.
-     *
-     * @param description that is mapped to same name in 'inetOrgPerson' object class.
-     */
-    public void setDescription( String description )
-    {
-        this.description = description;
-    }
-
-
-    /**
-     * Return the optional password attribute for User.  Note this will only return values that were set by client
-     * as the Fortress User DAO class does not return the value of stored password to caller.
-     *
-     * @return attribute containing User password.
-     */
-    public char[] getPassword()
-    {
-        if ( password != null )
-        {
-            char[] copy = new char[password.length];
-            System.arraycopy( password, 0, copy, 0, password.length );
-
-            return copy;
-        }
-        else
-        {
-            return null;
-        }
-    }
-
-
-    /**
-     * Set the optional password attribute associated for a User.  Note, this value is required before User will pass Fortress
-     * authentication in {@link AccessMgrImpl#createSession(User, boolean)}.
-     * Even though password is char[] format here it will be stored on the ldap server (using server-side controls) in configurable and standard hashed formats.
-     *
-     * @param password maps to 'userPassword' attribute in 'inetOrgPerson' object class.
-     */
-    public void setPassword( char[] password )
-    {
-        if ( password != null )
-        {
-            // Copy the password
-            this.password = new char[password.length];
-            System.arraycopy( password, 0, this.password, 0, password.length );
-        }
-        else
-        {
-            this.password = null;
-        }
-    }
-
-
-    public char[] getNewPassword()
-    {
-        if ( newPassword != null )
-        {
-            char[] copy = new char[newPassword.length];
-            System.arraycopy( newPassword, 0, copy, 0, newPassword.length );
-
-            return copy;
-        }
-        else
-        {
-            return null;
-        }
-    }
-
-
-    public void setNewPassword( char[] newPassword )
-    {
-        if ( newPassword != null )
-        {
-            // Copy the newPassword
-            this.newPassword = new char[newPassword.length];
-            System.arraycopy( newPassword, 0, this.newPassword, 0, newPassword.length );
-        }
-        else
-        {
-            this.newPassword = null;
-        }
-    }
-
-
-    /**
-     * Returns common name associated with User.  This attribute is validated but not constrained by Fortress.
-     * cn is not required but if not supplied by caller on create, will default to same value as {@link #userId} attribute.
-     *
-     * @return value that is mapped to 'cn' in 'inetOrgPerson' object class.
-     */
-    public String getCn()
-    {
-        return cn;
-    }
-
-
-    /**
-     * Set the common name associated with User.  This attribute is validated but not constrained by Fortress.
-     * cn is not required but if not supplied by caller on create, will default to same value as {@link #userId} attribute.
-     *
-     * @param cn mapped to same name in 'inetOrgPerson' object class.
-     */
-    public void setCn( String cn )
-    {
-        this.cn = cn;
-    }
-
-
-    /**
-     * Returns surname associated with User.  This attribute is validated but not constrained by Fortress.
-     * sn is not required but if not supplied by caller on create, will default to same value as {@link #userId} attribute.
-     *
-     * @return value that is mapped to 'sn' in 'inetOrgPerson' object class.
-     */
-    public String getSn()
-    {
-        return sn;
-    }
-
-
-    /**
-     * Set the surname associated with User.  This attribute is validated but not constrained by Fortress.
-     * sn is not required but if not supplied by caller on create, will default to same value as {@link #userId} attribute.
-     *
-     * @param sn mapped to same name in 'inetOrgPerson' object class.
-     */
-    public void setSn( String sn )
-    {
-        this.sn = sn;
-    }
-
-
-    /**
-     * Returns distinguished name associated with User.  This attribute is generated by DAO and is not allowed for outside classes to modify.
-     * This attribute is for internal user only and need not be processed by external clients.
-     *
-     * @return value that is mapped to 'dn' in 'inetOrgPerson' object class.
-     */
-    public String getDn()
-    {
-        return dn;
-    }
-
-
-    /**
-     * Set distinguished name associated with User.  This attribute is used by DAO and is not allowed for outside classes.
-     * This attribute cannot be set by external callers.
-     *
-     * @param dn that is mapped to same name in 'inetOrgPerson' object class.
-     */
-    public void setDn( String dn )
-    {
-        this.dn = dn;
-    }
-
-
-    /**
-     * Returns orgUnit name for User.  This attribute is validated and constrained by Fortress and must contain name of existing User OU.
-     * This attribute is required on {@link AdminMgrImpl#addUser(User)} but not on {@link ReviewMgrImpl#readUser(User)}.
-     *
-     * @return value that is mapped to 'ou' in 'inetOrgPerson' object class.
-     */
-    public String getOu()
-    {
-        return ou;
-    }
-
-
-    /**
-     * Set the orgUnit name associated with User.  This attribute is validated and constrained by Fortress and must contain name of existing User OU.
-     * This attribute is required on {@link AdminMgrImpl#addUser(User)} but not on {@link ReviewMgrImpl#readUser(User)}.
-     *
-     * @param ou mapped to same name in 'inetOrgPerson' object class.
-     */
-    public void setOu( String ou )
-    {
-        this.ou = ou;
-    }
-
-
-    /**
-     * Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.
-     *
-     * @return value that is mapped to 'displayName' in 'inetOrgPerson' object class.
-     */
-    public String getDisplayName()
-    {
-        return displayName;
-    }
-
-
-    /**
-     * Optional attribute maps to 'displayName' attribute on inetOrgPerson object class.
-     *
-     * @param displayName maps to attribute of same name in 'inetOrgPerson' object class.
-     */
-    public void setDisplayName( String displayName )
-    {
-        this.displayName = displayName;
-    }
-
-
-    /**
-     * temporal boolean flag is used by internal Fortress components.
-     *
-     * @return boolean indicating if temporal constraints are placed on user.
-     */
-    @Override
-    public boolean isTemporalSet()
-    {
-        //return (beginTime != null && endTime != null && beginDate != null && endDate != null && beginLockDate != null && endLockDate != null && dayMask != null);
-        return ( beginTime != null || endTime != null || beginDate != null || endDate != null || beginLockDate != null
-            || endLockDate != null || dayMask != null );
-    }
-
-
-    /**
-     * Contains the begin time of day user is allowed to signon to system.  The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public String getBeginTime()
-    {
-        return beginTime;
-    }
-
-
-    /**
-     * Set the begin time of day user is allowed to signon to system.  The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param beginTime maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public void setBeginTime( String beginTime )
-    {
-        this.beginTime = beginTime;
-    }
-
-
-    /**
-     * Contains the end time of day user is allowed to occupy system.  The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public String getEndTime()
-    {
-        return endTime;
-    }
-
-
-    /**
-     * Set the end time of day user is allowed to signon to system.  The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param endTime maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public void setEndTime( String endTime )
-    {
-        this.endTime = endTime;
-    }
-
-
-    /**
-     * Contains the begin date when user is allowed to signon to system.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public String getBeginDate()
-    {
-        return beginDate;
-    }
-
-
-    /**
-     * Set the beginDate when user is allowed to signon to system.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param beginDate maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public void setBeginDate( String beginDate )
-    {
-        this.beginDate = beginDate;
-    }
-
-
-    /**
-     * Contains the end date when user is allowed to signon to system.  The format is - YYYYMMDD, i.e. 20101231 (December 31, 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public String getEndDate()
-    {
-        return endDate;
-    }
-
-
-    /**
-     * Set the end date when user is not allowed to signon to system.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param endDate maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public void setEndDate( String endDate )
-    {
-        this.endDate = endDate;
-    }
-
-
-    /**
-     * Contains the begin lock date when user is temporarily not allowed to signon to system.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public String getBeginLockDate()
-    {
-        return beginLockDate;
-    }
-
-
-    /**
-     * Set the begin lock date when user is temporarily not allowed to signon to system.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param beginLockDate maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public void setBeginLockDate( String beginLockDate )
-    {
-        this.beginLockDate = beginLockDate;
-    }
-
-
-    /**
-     * Contains the end lock date when user is allowed to signon to system once again.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public String getEndLockDate()
-    {
-        return endLockDate;
-    }
-
-
-    /**
-     * Set the end lock date when user is allowed to signon to system once again.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param endLockDate maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public void setEndLockDate( String endLockDate )
-    {
-        this.endLockDate = endLockDate;
-    }
-
-
-    /**
-     * Get the daymask that indicates what days of week user is allowed to signon to system.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public String getDayMask()
-    {
-        return dayMask;
-    }
-
-
-    /**
-     * Set the daymask that specifies what days of week user is allowed to signon to system.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param dayMask maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public void setDayMask( String dayMask )
-    {
-        this.dayMask = dayMask;
-    }
-
-
-    /**
-     * Return the integer timeout that contains total time (in seconds) that User's session may remain inactive.
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @return attribute maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public Integer getTimeout()
-    {
-        return timeout;
-    }
-
-
-    /**
-     * Set the integer timeout that contains max time (in seconds) that User's session may remain inactive.
-     * This attribute is optional but if set will be validated for reasonableness.
-     *
-     * @param timeout maps to 'ftCstr' attribute in 'ftUserAttrs' object class.
-     */
-    @Override
-    public void setTimeout( Integer timeout )
-    {
-        this.timeout = timeout;
-    }
-
-
-    /**
-     * If set to true User's password has been reset by administrator.
-     * This attribute will be ignored if set by external callers.
-     *
-     * @return boolean value maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
-     */
-    public boolean isReset()
-    {
-        return reset;
-    }
-
-
-    /**
-     * If set to true User's password has been reset by administrator.
-     * This attribute will be ignored if set by external callers.
-     *
-     * @param reset contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
-     */
-    public void setReset( boolean reset )
-    {
-        this.reset = reset;
-    }
-
-
-    /**
-     * If set to true User's password has been locked by administrator or directory itself due to password policy violations.
-     * This attribute will be ignored if set by external callers.
-     *
-     * @return boolean value maps to 'pwdLockedTime' in OpenLDAP's pwpolicy object class.
-     */
-    public boolean isLocked()
-    {
-        return locked;
-    }
-
-
-    /**
-     * If set to true User's password has been locked by administrator or directory itself due to password policy violations.
-     * This attribute will be ignored if set by external callers.
-     *
-     * @param locked contains boolean value which maps to 'pwdResetTime' in OpenLDAP's pwpolicy object class.
-     */
-    public void setLocked( boolean locked )
-    {
-        this.locked = locked;
-    }
-
-
-    /**
-     * Gets the value of the Props property.  This method is used by Fortress and En Masse and should not be called by external programs.
-     *
-     * @return
-     *     possible object is
-     *     {@link Props }
-     *
-     */
-    public Props getProps()
-    {
-        return props;
-    }
-
-
-    /**
-     * Sets the value of the Props property.  This method is used by Fortress and En Masse and should not be called by external programs.
-     *
-     * @param value
-     *     allowed object is
-     *     {@link Props }
-     *
-     */
-    public void setProps( Props value )
-    {
-        this.props = value;
-    }
-
-
-    /**
-     * Add name/value pair to list of properties associated with User.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param key   contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     * @param value
-     */
-    public void addProperty( String key, String value )
-    {
-        Props.Entry entry = new Props.Entry();
-        entry.setKey( key );
-        entry.setValue( value );
-        props.getEntry().add( entry );
-    }
-
-
-    /**
-     * Get a name/value pair attribute from list of properties associated with User.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param key contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     * @return value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public String getProperty( String key )
-    {
-        List<Props.Entry> props = this.props.getEntry();
-        Props.Entry keyObj = new Props.Entry();
-        keyObj.setKey( key );
-
-        String value = null;
-        int indx = props.indexOf( keyObj );
-
-        if ( indx != -1 )
-        {
-            Props.Entry entry = props.get( props.indexOf( keyObj ) );
-            value = entry.getValue();
-        }
-
-        return value;
-    }
-
-
-    /**
-     * Add new collection of name/value pairs to attributes associated with User.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param props contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public void addProperties( Properties props )
-    {
-        if ( props != null )
-        {
-            for ( Enumeration<?> e = props.propertyNames(); e.hasMoreElements(); )
-            {
-                // This LDAP attr is stored as a name-value pair separated by a ':'.
-                String key = ( String ) e.nextElement();
-                String val = props.getProperty( key );
-                addProperty( key, val );
-            }
-        }
-    }
-
-
-    /**
-     * Return the collection of name/value pairs to attributes associated with User.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @return Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public Properties getProperties()
-    {
-        Properties properties = null;
-        List<Props.Entry> props = this.props.getEntry();
-
-        if ( props.size() > 0 )
-        {
-            properties = new Properties();
-
-            for ( Props.Entry entry : props )
-            {
-                String key = entry.getKey();
-                String val = entry.getValue();
-                properties.setProperty( key, val );
-            }
-        }
-
-        return properties;
-    }
-
-
-    /**
-     * Get address data from entity that was persisted in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:
-     *
-     * <ul>
-     * <li>  ------------------------------------------
-     * <li> <code>postalAddress</code>
-     * <li> <code>st</code>
-     * <li> <code>postalCode</code>
-     * <li> <code>postOfficeBox</code>
-     * <li>  ------------------------------------------
-     * </ul>
-     *
-     * @return {@link Address}
-     */
-    public Address getAddress()
-    {
-        if ( address == null )
-        {
-            address = new Address();
-        }
-
-        return address;
-    }
-
-
-    /**
-     * Set address data onto entity that stored in directory as attributes defined by RFC 2798's LDAP inetOrgPerson Object Class:
-     *
-     * <ul>
-     * <li>  ------------------------------------------
-     * <li> <code>postalAddress</code>
-     * <li> <code>st</code>
-     * <li> <code>postalCode</code>
-     * <li> <code>postOfficeBox</code>
-     * <li>  ------------------------------------------
-     * </ul>
-     *
-     * @param address
-     */
-    public void setAddress( Address address )
-    {
-        this.address = address;
-    }
-
-
-    /**
-     * Retrieve multi-occurring {@code telephoneNumber} associated with {@code organizationalPerson} object class.
-     *
-     * @return List of type String that contains zero or more phone numbers associated with the user.
-     */
-    public List<String> getPhones()
-    {
-        if ( phones == null )
-        {
-            phones = new ArrayList<>();
-        }
-
-        return phones;
-    }
-
-
-    /**
-     * Set multi-occurring {@code telephoneNumber} number to associated with {@code organizationalPerson} object class.
-     *
-     * @param phones contains an ArrayList of type String with zero or more phone numbers associated with the user.
-     */
-    public void setPhones( List<String> phones )
-    {
-        this.phones = phones;
-    }
-
-
-    /**
-     * Set phone number to stored in rfc822Mailbox format and associated with {@code inetOrgPerson} object class.
-     *
-     * @param phone contains String bound to {@code telephoneNumber} attribute on {@code organizationalPerson} object class.
-     */
-    public void setPhone( String phone )
-    {
-        if ( phones == null )
-        {
-            phones = new ArrayList<>();
-        }
-
-        phones.add( phone );
-    }
-
-
-    /**
-     * Retrieve multi-occurring {@code mobile} associated with {@code inetOrgPerson} object class.
-     *
-     * @return List of type String that contains zero or more mobile phone numbers associated with the user.
-     */
-    public List<String> getMobiles()
-    {
-        if ( mobiles == null )
-        {
-            mobiles = new ArrayList<>();
-        }
-
-        return mobiles;
-    }
-
-
-    /**
-     * Set multi-occurring {@code mobile} associated with {@code inetOrgPerson} object class.
-     *
-     * @param mobiles contains an ArrayList of type String with zero or more mobile phone numbers associated with the user.
-     */
-    public void setMobiles( List<String> mobiles )
-    {
-        this.mobiles = mobiles;
-    }
-
-
-    /**
-     * Set a single {@code mobile} associated with {@code inetOrgPerson} object class.
-     *
-     * @param mobile contains a String containing mobile phone numbers associated with the user.
-     */
-    public void setMobile( String mobile )
-    {
-        if ( mobiles == null )
-        {
-            mobiles = new ArrayList<>();
-        }
-
-        mobiles.add( mobile );
-    }
-
-
-    /**
-     * Retrieve multi-occurring email address stored in rfc822Mailbox format associated with {@code inetOrgPerson} object class.
-     *
-     * @return List of type String that contains zero or more email addresses associated with the user.
-     */
-    public List<String> getEmails()
-    {
-        if ( emails == null )
-        {
-            emails = new ArrayList<>();
-        }
-
-        return emails;
-    }
-
-
-    /**
-     * Set multi-occurring email address to stored in rfc822Mailbox format and associated with {@code inetOrgPerson} object class.
-     *
-     * @param emails contains an ArrayList of type String with zero or more email addresses associated with the user.
-     */
-    public void setEmails( List<String> emails )
-    {
-        this.emails = emails;
-    }
-
-
-    /**
-     * Set a single email address in rfc822Mailbox format to be assoicated with {@code inetOrgPerson} object class.
-     *
-     * @param email contains a String to be stored as email address on user.
-     */
-    public void setEmail( String email )
-    {
-        if ( emails == null )
-        {
-            emails = new ArrayList<>();
-        }
-
-        emails.add( email );
-    }
-
-
-    public Boolean isSystem()
-    {
-        return system;
-    }
-
-
-    public void setSystem( Boolean system )
-    {
-        this.system = system;
-    }
-
-
-    /**
-     * Get one image of a person using the JPEG File Interchange Format [JFIF].
-     * ( 0.9.2342.19200300.100.1.60
-     * NAME 'jpegPhoto'
-     * DESC 'a JPEG image'
-     * SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
-     *
-     * return byte array containing the jpeg image.
-     */
-    public byte[] getJpegPhoto()
-    {
-        return jpegPhoto;
-    }
-
-
-    /**
-     * Set one image of a person using the JPEG File Interchange Format [JFIF].
-     * ( 0.9.2342.19200300.100.1.60
-     * NAME 'jpegPhoto'
-     * DESC 'a JPEG image'
-     * SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
-     *
-     * @param jpegPhoto contains the jpeg image stored as byte array.
-     */
-    public void setJpegPhoto( byte[] jpegPhoto )
-    {
-        if ( jpegPhoto != null )
-        {
-            this.jpegPhoto = jpegPhoto.clone();
-        }
-    }
-
-
-    /**
-     * Override hashcode so User compare operations work in case insensitive manner in collection classes.
-     *
-     * @return int
-     */
-    public int hashCode()
-    {
-        return userId.toUpperCase().hashCode();
-    }
-
-
-    /**
-     * Matches the userId from two User entities.
-     *
-     * @param thatObj contains a User entity.
-     * @return boolean indicating both objects contain matching userIds.
-     */
-    public boolean equals( Object thatObj )
-    {
-        if ( this == thatObj )
-        {
-            return true;
-        }
-
-        if ( userId == null )
-        {
-            return false;
-        }
-
-        if ( !( thatObj instanceof User ) )
-        {
-            return false;
-        }
-
-        User thatUser = ( User ) thatObj;
-
-        if ( thatUser.getUserId() == null )
-        {
-            return false;
-        }
-
-        return thatUser.getUserId().equalsIgnoreCase( userId );
-    }
-}


Mime
View raw message