directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [27/51] [partial] directory-fortress-core git commit: FC-109 - rename rbac package to impl
Date Tue, 02 Jun 2015 18:36:52 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java b/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java
deleted file mode 100755
index a6621ba..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/HierUtil.java
+++ /dev/null
@@ -1,763 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
-import java.util.concurrent.locks.ReadWriteLock;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-
-import org.apache.directory.fortress.core.model.Graphable;
-import org.apache.directory.fortress.core.model.Hier;
-import org.apache.directory.fortress.core.model.Relationship;
-import org.apache.directory.fortress.core.util.ObjUtil;
-import org.jgrapht.graph.SimpleDirectedGraph;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.ValidationException;
-import org.apache.directory.fortress.core.model.VUtil;
-
-
-/**
- * This utility performs base hierarchical processing using this software <a href="http://www.jgrapht.org/">JGraphT</a></li>.
- * </p>
- * It is used to provide hierarchical processing APIs for the following data sets:
- * <ol>
- * <li>RBAC Role relations are stored in {@code cn=Hierarchies,ou=Roles,ou=RBAC} ldap node and cached as singleton in {@link RoleUtil}</li>
- * <li>ARBAC Admin Role relations are stored in {@code cn=Hierarchies,ou=AdminRoles,ou=ARBAC} ldap node and cached as singleton in {@link AdminRoleUtil}</li>
- * <li>User Organizational Unit relations are stored in {@code cn=Hierarchies,ou=OS-U,ou=ARBAC} node and cached as {@link org.apache.directory.fortress.core.rbac.UsoUtil}</li>
- * <li>Permission Organizational Unit relations are stored in {@code cn=Hierarchies,ou=OS-P,ou=ARBAC} node and cached as {@link org.apache.directory.fortress.core.rbac.PsoUtil}</li>
- * </ol>
- * This class...
- * <ol>
- * <li>manipulates data that is stored as singleton inside other classes with vertices of {@code String}, and edges, as {@link org.apache.directory.fortress.core.model.Relationship}s</li>
- * <li>utilizes open source library, see <a href="http://www.jgrapht.org/">JGraphT</a>.</li>
- * <li>processes general hierarchical data structure i.e. allows multiple inheritance with parents.</li>
- * <li>constructs and parses simple directed graphs.</li>
- * </ol>
- * Static methods on this class are intended for use by other Fortress classes, and cannot be directly invoked by outside programs.
- * <p/>
- * This class is thread safe.
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-final class HierUtil
-{
-    /**
-     * Constants used within this class:
-     */
-    private static final String CLS_NM = HierUtil.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-    private static final String VERTEX = "Vertex";
-
-    /** A lock used internally to protect the access to the locks map */
-    private static final ReadWriteLock getLockLock = new ReentrantReadWriteLock();
-
-
-    /**
-     * The 'Type' attribute corresponds to what type of hierarchy is being referred to.
-     */
-    static enum Type
-    {
-        ROLE,
-        ARLE,
-        USO,
-        PSO
-    }
-
-    private static final Map<String, ReadWriteLock> synchMap = new HashMap<String, ReadWriteLock>();
-
-
-    /**
-     * Private constructor
-     *
-     */
-    private HierUtil()
-    {
-    }
-
-    /**
-     *
-     * @param contextId
-     * @param type
-     * @return
-     */
-    static ReadWriteLock getLock( String contextId, Type type )
-    {
-        String syncKey = getSynchKey( contextId, type );
-     
-        try
-        {
-            getLockLock.readLock().lock();
-            ReadWriteLock synchObj = synchMap.get( syncKey );
-            
-            if ( synchObj == null )
-            {
-                // Not found, we will create a new one and store it into the map
-                try
-                {
-                    getLockLock.readLock().unlock();
-                    getLockLock.writeLock().lock();
-
-                    // Retry immediately to get the lock from the map, it might have been updated by
-                    // another thread while this thread was blocked on the write lock 
-                    synchObj = synchMap.get( syncKey );
-                    
-                    if ( synchObj == null )
-                    {
-                        synchObj = new ReentrantReadWriteLock();
-                        synchMap.put( syncKey, synchObj );
-                    }
-
-                    getLockLock.readLock().lock();
-                }
-                finally
-                {
-                    getLockLock.writeLock().unlock();
-                }
-            }
-            
-            return synchObj;
-        }
-        finally
-        {
-            getLockLock.readLock().unlock();
-        }
-    }
-
-
-    /**
-     *
-     * @param contextId
-     * @param type
-     * @return
-     */
-    private static String getSynchKey( String contextId, Type type )
-    {
-        return type.toString() + ":" + contextId;
-    }
-
-
-    /**
-     * This api is used to determine parentage for Hierarchical processing.
-     * It evaluates three relationship expressions:
-     * <ol>
-     * <li>If child equals parent</li>
-     * <li>If mustExist true and parent-child relationship exists</li>
-     * <li>If mustExist false and parent-child relationship does not exist</li>
-     * </ol>
-     * Method will throw {@link org.apache.directory.fortress.core.ValidationException} if rule check fails meaning caller failed validation
-     * attempt to add/remove hierarchical relationship failed.
-     *
-     * @param graph     contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @param child     contains name of child.
-     * @param parent    contains name of parent.
-     * @param mustExist boolean is used to specify if relationship must be true.
-     * @throws org.apache.directory.fortress.core.ValidationException
-     *          in the event it fails one of the 3 checks.
-     */
-    static void validateRelationship( SimpleDirectedGraph<String, Relationship> graph, String child, String parent,
-        boolean mustExist )
-        throws ValidationException
-    {
-        // Ensure the two nodes aren't the same:
-        if ( child.equalsIgnoreCase( parent ) )
-        {
-            String error = "validateRelationship child [" + child + "] same as parent [" + parent + "]";
-            throw new ValidationException( GlobalErrIds.HIER_REL_INVLD, error );
-        }
-        Relationship rel = new Relationship( child.toUpperCase(), parent.toUpperCase() );
-        // Ensure there is a valid child to parent relationship.
-        if ( mustExist && !isRelationship( graph, rel ) )
-        {
-            String error = "validateRelationship child [" + child + "] does not have parent [" + parent + "]";
-            throw new ValidationException( GlobalErrIds.HIER_REL_NOT_EXIST, error );
-        }
-        // Ensure the child doesn't already have the parent as an ascendant.
-        else if ( !mustExist && isAscendant( child, parent, graph ) )
-        {
-            String error = "validateRelationship child [" + child + "] already has parent [" + parent + "]";
-            throw new ValidationException( GlobalErrIds.HIER_REL_EXIST, error );
-        }
-        // Prevent cycles by making sure the child isn't an ascendant of parent.
-        else if ( !mustExist && isDescedant( parent, child, graph ) )
-        {
-            String error = "validateRelationship child [" + child + "] is parent of [" + parent + "]";
-            throw new ValidationException( GlobalErrIds.HIER_REL_CYCLIC, error );
-        }
-    }
-
-
-    /**
-     * This method Convert from logical, {@code org.jgrapht.graph.SimpleDirectedGraph} to ldap entity, {@link org.apache.directory.fortress.core.model.Hier}.
-     * The conversion iterates over all edges in the graph and loads the corresponding {@link Relationship} data
-     * into the ldap entity.  The ldap entity stores this data physically in the {@code ftRels} attribute of {@code ftHier} object class.
-     *
-     * @param graph contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return reference to hierarchical ldap entity {@link org.apache.directory.fortress.core.model.Hier}.
-     */
-    static Hier toHier( SimpleDirectedGraph<String, Relationship> graph )
-    {
-        Hier he = new Hier();
-        Set<Relationship> eSet = graph.edgeSet();
-        for ( Relationship edge : eSet )
-        {
-            he.setRelationship( edge );
-        }
-        return he;
-    }
-
-
-    /**
-     * This method converts from physical ldap entity format, {@link Hier} to logical {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     *
-     * @param hier contains parent-child relationship in preparation to storing in ldap {@code ftRels} attribute of {@code ftHier} object class.
-     * @return {@code org.jgrapht.graph.SimpleDirectedGraph} containing the vertices of {@code String}, and edges, as {@link Relationship}s that correspond to relational data.
-     */
-    private static SimpleDirectedGraph<String, Relationship> toGraph( Hier hier )
-    {
-        LOG.debug( "toGraph" );
-        SimpleDirectedGraph<String, Relationship> graph =
-            new SimpleDirectedGraph<>( Relationship.class );
-        List<Relationship> edges = hier.getRelationships();
-        if ( edges != null && edges.size() > 0 )
-        {
-            for ( Relationship edge : edges )
-            {
-                String child = edge.getChild();
-                String parent = edge.getParent();
-
-                try
-                {
-                    graph.addVertex( child );
-                    graph.addVertex( parent );
-                    graph.addEdge( child, parent, edge );
-                }
-                catch (java.lang.IllegalArgumentException e)
-                {
-                    String error = "toGraph child: " + child + " parent: " + parent + " caught IllegalArgumentException=" + e;
-                    LOG.error( error );
-                }
-
-                LOG.debug( "toGraph child={}, parent={}", child, parent );
-            }
-        }
-        return graph;
-    }
-
-
-    /**
-     * This method is synchronized and adds an edge and its associated vertices to simple directed graph stored in static memory of this process.
-     *
-     * @param graph synchronized parameter contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @param relation contains parent-child relationship targeted for addition.
-     * @return {@code org.jgrapht.graph.SimpleDirectedGraph} containing the vertices of {@code String}, and edges, as {@link Relationship}s that correspond to relational data.
-     */
-    private static void addEdge( SimpleDirectedGraph<String, Relationship> graph, Relationship relation )
-    {
-        LOG.debug( "addEdge" );
-        synchronized ( graph )
-        {
-            graph.addVertex( relation.getChild().toUpperCase() );
-            graph.addVertex( relation.getParent().toUpperCase() );
-            graph.addEdge( relation.getChild().toUpperCase(), relation.getParent().toUpperCase(), relation );
-        }
-    }
-
-
-    /**
-     * This method is synchronized and removes an edge from a simple directed graph stored in static memory of this process.
-     *
-     * @param graph synchronized parameter contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @param relation contains parent-child relationship targeted for removal.
-     * @return {@code org.jgrapht.graph.SimpleDirectedGraph} containing the vertices of {@code String}, and edges, as {@link Relationship}s that correspond to relational data.
-     */
-    private static void removeEdge( SimpleDirectedGraph<String, Relationship> graph, Relationship relation )
-    {
-        LOG.debug( "removeEdge" );
-        synchronized ( graph )
-        {
-            graph.removeEdge( relation );
-        }
-    }
-
-
-    /**
-     * Return number of children (direct descendants) a given parent node has.
-     *
-     * @param name  contains the vertex of graph to gather descendants from.
-     * @param graph contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return int value contains the number of children of a given parent vertex.
-     */
-    static int numChildren( String name, SimpleDirectedGraph<String, Relationship> graph )
-    {
-        Map<String, String> vx = new HashMap<>();
-        vx.put( VERTEX, name.toUpperCase() );
-        return numChildren( vx, graph );
-    }
-
-
-    /**
-     * Determine if parent-child relationship exists in supplied digraph.
-     *
-     * @param graph contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @param rel   contains parent and child names.
-     * @return boolean value.  true indicates parent-child relationship exists in digraph.
-     */
-    private static boolean isRelationship( SimpleDirectedGraph<String, Relationship> graph, Relationship rel )
-    {
-        return graph.containsEdge( rel );
-    }
-
-
-    /**
-     * Determine how many children a given parent node has.
-     *
-     * @param vertex of parent.
-     * @param graph  contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return
-     */
-    private static int numChildren( Map<String, String> vertex, SimpleDirectedGraph<String, Relationship> graph )
-    {
-        int numChildren = 0;
-        try
-        {
-            String v = vertex.get( VERTEX );
-            if ( v == null )
-            {
-                //log.debug("getDescendants vertex is null");
-                return 0;
-            }
-            LOG.debug( "hasChildren [{}]", v );
-            numChildren = graph.inDegreeOf( v );
-        }
-        catch ( java.lang.IllegalArgumentException e )
-        {
-            // vertex is leaf.
-        }
-        return numChildren;
-    }
-
-
-    /**
-     * Recursively traverse the hierarchical graph and return all of the ascendants of a given node.
-     *
-     * @param childName maps to vertex to determine parentage.
-     * @param graph     contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return Set of names that are parents of given child.
-     */
-    static Set<String> getAscendants( String childName, SimpleDirectedGraph<String, Relationship> graph )
-    {
-        Map<String, String> vx = new HashMap<>();
-        // TreeSet will return in sorted order:
-        // create Set with case insensitive comparator:
-        Set<String> parents = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
-        vx.put( VERTEX, childName.toUpperCase() );
-        getAscendants( vx, graph, parents );
-        return parents;
-    }
-
-
-    /**
-     * Utility function recursively traverses a given digraph to build a set of all ascendant names.
-     *
-     * @param vertex     contains the position of the cursor for traversal of graph.
-     * @param graph      contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @param ascendants contains the result set of ascendant names.
-     * @return value contains the vertex of current position.
-     */
-    private static String getAscendants( Map<String, String> vertex, SimpleDirectedGraph<String, Relationship> graph,
-        Set<String> ascendants )
-    {
-        String v = vertex.get( VERTEX );
-        if ( v == null )
-        {
-            return null;
-        }
-        else if ( graph == null )
-        {
-            return null;
-        }
-        LOG.debug( "getAscendants [{}]", v);
-        Set<Relationship> edges;
-        try
-        {
-            edges = graph.outgoingEdgesOf( v );
-
-        }
-        catch ( java.lang.IllegalArgumentException iae )
-        {
-            // vertex is leaf.
-            return null;
-        }
-        for ( Relationship edge : edges )
-        {
-            vertex.put( VERTEX, edge.getParent() );
-            ascendants.add( edge.getParent() );
-            v = getAscendants( vertex, graph, ascendants );
-        }
-        return v;
-    }
-
-
-    /**
-     * Recursively traverse the hierarchical graph and return all of the descendants for a given node.
-     *
-     * @param parentName maps to vertex to determine parentage.
-     * @param graph      contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return Set of names that are children of given parent.
-     */
-    static Set<String> getDescendants( String parentName, SimpleDirectedGraph<String, Relationship> graph )
-    {
-        Map<String, String> vx = new HashMap<>();
-        // TreeSet will return in sorted order:
-        // create Set with case insensitive comparator:
-        Set<String> children = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
-        vx.put( VERTEX, parentName.toUpperCase() );
-        getDescendants( vx, graph, children );
-        return children;
-    }
-
-
-    /**
-     * Recursively traverse the hierarchical graph and determine child node contains a given parent as one of its ascendants.
-     *
-     * @param childName maps to vertex to determine parentage.
-     * @param parentName maps to vertex to determine parentage.
-     * @param graph      contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return Set of names that are children of given parent.
-     */
-    private static boolean isAscendant( String childName, String parentName,
-        SimpleDirectedGraph<String, Relationship> graph )
-    {
-        boolean isAscendant = false;
-        Set<String> ascendants = getAscendants( childName, graph );
-        if ( ascendants.contains( parentName ) )
-        {
-            isAscendant = true;
-        }
-        return isAscendant;
-    }
-
-
-    /**
-     * Recursively traverse the hierarchical graph and determine if parent node contains a given child as one of its descendants.
-     *
-     * @param childName maps to vertex to determine parentage.
-     * @param parentName maps to vertex to determine parentage.
-     * @param graph      contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return Set of names that are children of given parent.
-     */
-    private static boolean isDescedant( String childName, String parentName,
-        SimpleDirectedGraph<String, Relationship> graph )
-    {
-        boolean isDescendant = false;
-        Set<String> descendants = getDescendants( parentName, graph );
-        if ( descendants.contains( childName ) )
-        {
-            isDescendant = true;
-        }
-        return isDescendant;
-    }
-
-
-    /**
-     * Utility function recursively traverses a given digraph to build a set of all descendants names.
-     *
-     * @param vertex      contains the position of the cursor for traversal of graph.
-     * @param graph       contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @param descendants contains the result set of names of all descendants of node.
-     * @return value contains the vertex of current position.
-     */
-    private static String getDescendants( Map<String, String> vertex, SimpleDirectedGraph<String, Relationship> graph,
-        Set<String> descendants )
-    {
-        String v = vertex.get( VERTEX );
-        if ( v == null )
-        {
-            // vertex is null
-            return null;
-        }
-        else if ( graph == null )
-        {
-            // graph is null
-            return null;
-        }
-        LOG.debug( "getDescendants [{}]", v);
-        Set<Relationship> edges;
-        try
-        {
-            edges = graph.incomingEdgesOf( v );
-        }
-        catch ( java.lang.IllegalArgumentException iae )
-        {
-            // vertex is leaf.
-            return null;
-        }
-        for ( Relationship edge : edges )
-        {
-            vertex.put( VERTEX, edge.getChild() );
-            descendants.add( edge.getChild() );
-            v = getDescendants( vertex, graph, descendants );
-        }
-        return v;
-    }
-
-
-    /**
-     * Utility function returns a set of all children (direct descendant) names.
-     *
-     * @param vertex contains the position of the cursor for traversal of graph.
-     * @param graph  contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return value contains the vertex of current position.
-     */
-    static Set<String> getChildren( String vertex, SimpleDirectedGraph<String, Relationship> graph )
-    {
-        Set<String> descendants = new HashSet<>();
-        if ( graph == null )
-        {
-            // graph is null
-            return null;
-        }
-
-        LOG.debug( "getChildren [{}]", vertex );
-        Set<Relationship> edges;
-        try
-        {
-            edges = graph.incomingEdgesOf( vertex );
-        }
-        catch ( java.lang.IllegalArgumentException iae )
-        {
-            // vertex is leaf.
-            return null;
-        }
-        for ( Relationship edge : edges )
-        {
-            descendants.add( edge.getChild() );
-        }
-        return descendants;
-    }
-
-
-    /**
-     * Recursively traverse the hierarchical graph and return all of the ascendants of a given node.
-     *
-     * @param childName   maps to vertex to determine parentage.
-     * @param parentName  points to top most ascendant where traversal must stop.
-     * @param isInclusive if set to true will include the parentName in the result set.  False will not return specified parentName.
-     * @param graph       contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return Set of names that are parents of given child.
-     */
-    static Set<String> getAscendants( String childName, String parentName, boolean isInclusive,
-        SimpleDirectedGraph<String, Relationship> graph )
-    {
-        Map<String, String> vx = new HashMap<>();
-        // TreeSet will return in sorted order:
-        // create Set with case insensitive comparator:
-        Set<String> parents = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
-
-        vx.put( VERTEX, childName.toUpperCase() );
-        getAscendants( vx, graph, parents, parentName, isInclusive );
-        return parents;
-    }
-
-
-    /**
-     * Private utility to recursively traverse the hierarchical graph and return all of the ascendants of a given child node.
-     *
-     * @param vertex      contains node name and acts as cursor for current location.
-     * @param graph       contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @param parents     contains the result set of parent nodes.
-     * @param stopName    contains the name of node where traversal ends.
-     * @param isInclusive if set to true will include the parentName in the result set. False will not return specified parentName.
-     * @return Set of names that are parents of given child.
-     */
-    private static String getAscendants( Map<String, String> vertex, SimpleDirectedGraph<String, Relationship> graph,
-        Set<String> parents, String stopName, boolean isInclusive )
-    {
-        String v = vertex.get( VERTEX );
-        if ( v == null )
-        {
-            // vertex is null
-            return null;
-        }
-        else if ( graph == null )
-        {
-            // graph is null
-            return null;
-        }
-        LOG.debug( "getAscendants [{}]", v);
-        Set<Relationship> edges;
-        try
-        {
-            edges = graph.outgoingEdgesOf( v );
-        }
-        catch ( java.lang.IllegalArgumentException iae )
-        {
-            // vertex is leaf.
-            return null;
-        }
-        for ( Relationship edge : edges )
-        {
-            if ( edge.getParent().equalsIgnoreCase( stopName ) )
-            {
-                if ( isInclusive )
-                {
-                    parents.add( edge.getParent() );
-                }
-                break;
-            }
-            else
-            {
-                vertex.put( VERTEX, edge.getParent() );
-                parents.add( edge.getParent() );
-                v = getAscendants( vertex, graph, parents, stopName, isInclusive );
-            }
-        }
-        return v;
-    }
-
-
-    /**
-     * Private utility to return the parents (direct ascendants) of a given child node.
-     *
-     * @param vertex contains node name and acts as cursor for current location.
-     * @param graph  contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @return Set of names that are parents of given child.
-     */
-    static Set<String> getParents( String vertex, SimpleDirectedGraph<String, Relationship> graph )
-    {
-        Set<String> parents = new HashSet<>();
-        if ( graph == null )
-        {
-            // graph is null
-            return null;
-        }
-        LOG.debug( "getParents [{}]", vertex);
-        Set<Relationship> edges;
-        try
-        {
-            edges = graph.outgoingEdgesOf( vertex );
-        }
-        catch ( java.lang.IllegalArgumentException iae )
-        {
-            // vertex is leaf.
-            return null;
-        }
-        for ( Relationship edge : edges )
-        {
-            parents.add( edge.getParent() );
-        }
-        return parents;
-    }
-
-
-    /**
-     * This method will retrieve the list of all parent-child relationships for a given node.  If the node was not found in
-     * ldap this method will create a new node and store default data.
-     * The following ldap nodes are currently storing hierarchical data:
-     * <ol>
-     * <li>RBAC Role relations are stored in {@code cn=Hierarchies,ou=Roles,ou=RBAC} ldap node and cached as singleton in {@link RoleUtil}</li>
-     * <li>ARBAC Admin Role relations are stored in {@code cn=Hierarchies,ou=AdminRoles,ou=ARBAC} ldap node and cached as singleton in {@link AdminRoleUtil}</li>
-     * <li>User Organizational Unit relations are stored in {@code cn=Hierarchies,ou=OS-U,ou=ARBAC} node and cached as {@link org.apache.directory.fortress.core.rbac.UsoUtil}</li>
-     * <li>Permission Organizational Unit relations are stored in {@code cn=Hierarchies,ou=OS-P,ou=ARBAC} node and cached as {@link org.apache.directory.fortress.core.rbac.PsoUtil}</li>
-     * </ol>
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return reference the the Hier result set retrieved from ldap.
-     */
-    static Hier loadHier( String contextId, List<Graphable> descendants )
-    {
-        Hier hier = new Hier();
-        if ( ObjUtil.isNotNullOrEmpty( descendants ) )
-        {
-            hier.setContextId( contextId );
-            for ( Graphable descendant : descendants )
-            {
-                Set<String> parents = descendant.getParents();
-                if ( ObjUtil.isNotNullOrEmpty( parents ) )
-                {
-                    for ( String parent : parents )
-                    {
-                        Relationship relationship = new Relationship();
-                        relationship.setChild( descendant.getName().toUpperCase() );
-                        relationship.setParent( parent.toUpperCase() );
-                        hier.setRelationship( relationship );
-                    }
-                }
-            }
-        }
-        return hier;
-    }
-
-
-    /**
-     * This api allows synchronized access to allow updates to hierarchical relationships.
-     * Method will update the hierarchical data set and reload the JGraphT simple digraph with latest.
-     *
-     * @param graph contains a reference to simple digraph {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     * @param relationship contains parent-child relationship targeted for addition.
-     * @param op   used to pass the ldap op {@link Hier.Op#ADD}, {@link Hier.Op#MOD}, {@link org.apache.directory.fortress.core.model.Hier.Op#REM}
-     * @throws org.apache.directory.fortress.core.SecurityException in the event of a system error.
-     */
-    static void updateHier( SimpleDirectedGraph<String, Relationship> graph, Relationship relationship, Hier.Op op )
-        throws SecurityException
-    {
-        if ( op == Hier.Op.ADD )
-            HierUtil.addEdge( graph, relationship );
-        else if ( op == Hier.Op.REM )
-            HierUtil.removeEdge( graph, relationship );
-        else
-            throw new SecurityException( GlobalErrIds.HIER_CANNOT_PERFORM, CLS_NM
-                + "updateHier Cannot perform hierarchical operation" );
-    }
-
-
-    /**
-     * Method instantiates a new digraph, {@code org.jgrapht.graph.SimpleDirectedGraph}, using data passed in via
-     * {@link Hier} entity.
-     *
-     * @param hier contains the source data for digraph.
-     * @return reference to {@code org.jgrapht.graph.SimpleDirectedGraph}.
-     */
-    static SimpleDirectedGraph<String, Relationship> buildGraph( Hier hier )
-    {
-        SimpleDirectedGraph<String, Relationship> graph;
-        LOG.debug( "buildGraph is initializing" );
-        if ( hier == null )
-        {
-            String error = "buildGraph detected null hier=";
-            LOG.error( error );
-            return null;
-        }
-        graph = toGraph( hier );
-        LOG.debug( "buildGraph success to toGraph" );
-        LOG.debug( "buildGraph is success" );
-        return graph;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java b/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java
deleted file mode 100755
index 626f4d5..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Manageable.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.ValidationException;
-import org.apache.directory.fortress.core.model.FortEntity;
-import org.apache.directory.fortress.core.model.Permission;
-import org.apache.directory.fortress.core.model.Session;
-import org.apache.directory.fortress.core.model.VUtil;
-
-/**
- * Abstract class allows outside clients to manage security and multi-tenant concerns within the Fortress runtime.
- * The {@link #setAdmin(org.apache.directory.fortress.core.model.Session)} method allows A/RBAC sessions to be loaded and allows authorization
- * to be performed on behalf of the user who is contained within the Session object itself.
- * The ARBAC permissions will be checked each time outside client makes calls into Fortress API.
- * This interface also allows Fortress clients to operate in a multi-tenant fashion using {@link #setContextId(String)}.
- * <p/>
- * Implementers of this abstract class will NOT be thread safe because of instance variables that may be set.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public abstract class Manageable implements org.apache.directory.fortress.core.Manageable
-{
-    // These instance variables are the reason why children of this abstract class will not be thread safe:
-    protected Session adminSess;
-    protected String contextId;
-
-    /**
-     * Use this method to load an administrative user's ARBAC Session object into Manager object will enable authorization to
-     * be performed on behalf of admin user.  Setting Session into this object will enforce ARBAC controls and render this class'
-     * implementer thread unsafe.
-     *
-     * @param session contains a valid Fortress A/RBAC Session object.
-     */
-    public final void setAdmin(Session session)
-    {
-        this.adminSess = session;
-    }
-
-    /**
-     * Use this method to set the tenant id onto function call into Fortress which allows segregation of data by customer.
-     * The contextId is used for multi-tenancy to isolate data sets within a particular sub-tree within DIT.
-     * Setting contextId into this object will render this class' implementer thread unsafe.
-     *
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     */
-    public final void setContextId(String contextId)
-    {
-        this.contextId = contextId;
-    }
-
-    
-    /**
-     * Set A/RBAC session on entity and perform authorization on behalf of the caller if the {@link #adminSess} is set.
-     *
-     * @param className contains the class name.
-     * @param opName contains operation name.
-     * @param entity contains {@link org.apache.directory.fortress.core.model.FortEntity} instance.
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *          in the event of data validation or system error.
-     */
-    protected final void setEntitySession(String className, String opName, FortEntity entity) throws SecurityException
-    {
-        entity.setContextId(this.contextId);
-        if (this.adminSess != null)
-        {
-            Permission perm = new Permission(className, opName);
-            perm.setContextId(this.contextId);
-            AdminUtil.setEntitySession( this.adminSess, perm, entity, this.contextId );
-        }
-    }
-    
-    
-    /**
-     * Every Fortress Manager API (e.g. addUser, updateUser, addRole, ...) will perform authorization on behalf of the caller IFF the {@link AuditMgrImpl#adminSess} has been set before invocation.
-     *
-     * @param className contains the class name.
-     * @param opName contains operation name.
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *          in the event of data validation or system error.
-     */
-    protected final void checkAccess(String className, String opName) throws SecurityException
-    {
-        if (this.adminSess != null)
-        {
-            Permission perm = new Permission(className, opName);
-            perm.setContextId(this.contextId);
-            AdminUtil.checkAccess(this.adminSess, perm, this.contextId);
-        }
-    }
-
-    /**
-     * Method is called by Manager APIs to load contextual information on {@link FortEntity}.
-     * </p>
-     * The information is used to
-     * <ol>
-     * <li>Load the administrative User's {@link Session} object into entity.  This is used for checking to ensure administrator has privilege to perform administrative operation.</li>
-     * <li>Load the target operation's permission into the audit context.  This is used for Fortress audit log stored in OpenLDAP</li>
-     * </ol>
-     *
-     * @param className contains the class name.
-     * @param opName contains operation name.
-     * @param entity  used to pass contextual information through Fortress layers for administrative security checks and audit.
-     * @throws org.apache.directory.fortress.core.SecurityException
-     *          in the event of data validation or system error.
-     */
-    protected final void setAdminData(String className, String opName, FortEntity entity)
-    {
-        if (this.adminSess != null)
-        {
-            Permission perm = new Permission(className, opName);
-            entity.setAdminSession(this.adminSess);
-            entity.setModCode(AdminUtil.getObjName(perm.getObjName()) + "." + perm.getOpName());
-        }
-        entity.setContextId(this.contextId);
-    }
-
-    
-    /**
-     * Method will throw exception if entity reference is null, otherwise will set the contextId of the tenant onto the supplied entity reference.
-     * @param className contains the class name of caller.
-     * @param opName contains operation name of caller.
-     * @param entity  used here to pass the tenant id into the Fortress DAO layer..
-     * @param errorCode contains the error id to use if null.
-     * @throws ValidationException in the event object is null.
-     */
-    protected final void assertContext( String className, String opName, FortEntity entity, int errorCode ) throws ValidationException
-    {
-        VUtil.assertNotNull( entity, errorCode, getFullMethodName( className, opName ) );
-        entity.setContextId( contextId );
-    }
-
-    
-    /**
-     * Method will throw exception if entity reference is null, otherwise will set the contextId of the tenant onto the supplied entity reference.
-     * 
-     * @param methodName contains the full method name of caller.
-     * @param entity  used here to pass the tenant id into the Fortress DAO layer..
-     * @param errorCode contains the error id to use if null.
-     * @throws ValidationException in the event object is null.
-     */
-    protected final void assertContext( String methodName, FortEntity entity, int errorCode ) throws ValidationException
-    {
-        VUtil.assertNotNull( entity, errorCode, methodName );
-        entity.setContextId( contextId );
-    }
-
-    /**
-     * This method is used to generate log statements and returns the concatenation of class name to the operation name.
-     * @param className of the caller
-     * @param opName of the caller
-     * @return className + '.' + opName
-     */
-    protected final String getFullMethodName(String className, String opName)
-    {
-        return className + "." + opName;
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java
deleted file mode 100755
index bf7f403..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitDAO.java
+++ /dev/null
@@ -1,722 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.apache.directory.api.ldap.model.constants.SchemaConstants;
-import org.apache.directory.api.ldap.model.cursor.CursorException;
-import org.apache.directory.api.ldap.model.cursor.SearchCursor;
-import org.apache.directory.api.ldap.model.entry.DefaultEntry;
-import org.apache.directory.api.ldap.model.entry.DefaultModification;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.Modification;
-import org.apache.directory.api.ldap.model.entry.ModificationOperation;
-import org.apache.directory.api.ldap.model.exception.LdapException;
-import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
-import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
-import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
-import org.apache.directory.api.ldap.model.message.SearchScope;
-import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.fortress.core.model.Graphable;
-import org.apache.directory.fortress.core.model.OrgUnit;
-import org.apache.directory.ldap.client.api.LdapConnection;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.CreateException;
-import org.apache.directory.fortress.core.FinderException;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.model.ObjectFactory;
-import org.apache.directory.fortress.core.RemoveException;
-import org.apache.directory.fortress.core.UpdateException;
-import org.apache.directory.fortress.core.ldap.ApacheDsDataProvider;
-
-
-/**
- * This class provides dataaccess to the OrgUnit datasets in LDAP.
- * <p/>
- * The OrgUnitDAO maintains the following structural and aux object classes:
- * <h4>1. organizationalUnit Structural Object Class is used to store basic attributes like ou and description</h4>
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code>objectclass ( 2.5.6.5 NAME 'organizationalUnit'</code>
- * <li> <code>DESC 'RFC2256: an organizational unit'</code>
- * <li> <code>SUP top STRUCTURAL</code>
- * <li> <code>MUST ou</code>
- * <li> <code>MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $</code>
- * <li> <code>x121Address $ registeredAddress $ destinationIndicator $</code>
- * <li> <code>preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $</code>
- * <li> <code>telephoneNumber $ internationaliSDNNumber $</code>
- * <li> <code>facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $</code>
- * <li> <code>postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )</code>
- * <li>  ------------------------------------------
- * </ul>
- * <h4>2. ftOrgUnit Structural objectclass is used to store the OrgUnit internal id</h4>
- * <ul>                                                              org.apache.directory.fortress.arbac.
- * <li>  ------------------------------------------
- * <li> <code> objectclass    ( 1.3.6.1.4.1.38088.2.6</code>
- * <li> <code>NAME 'ftOrgUnit'</code>
- * <li> <code>DESC 'Fortress OrgUnit Class'</code>
- * <li> <code>SUP organizationalunit</code>
- * <li> <code>STRUCTURAL</code>
- * <li> <code>MUST ( ftId ) )</code>
- * <li>  ------------------------------------------
- * </ul>
- * <h4>3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity</h4>
- * <ul>
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.4</code>
- * <li> <code>NAME 'ftMods'</code>
- * <li> <code>DESC 'Fortress Modifiers AUX Object Class'</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MAY (</code>
- * <li> <code>ftModifier $</code>
- * <li> <code>ftModCode $</code>
- * <li> <code>ftModId ) )</code>
- * <li>  ------------------------------------------
- * </ul>
- * <p/>
- * This class is thread safe.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- * @created September 18, 2010
- */
-final class OrgUnitDAO extends ApacheDsDataProvider
-{
-    private static final String CLS_NM = OrgUnitDAO.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-    private static final String ORGUNIT_OBJECT_CLASS_NM = "ftOrgUnit";
-
-    private static final String ORGUNIT_OBJ_CLASS[] =
-        {
-            SchemaConstants.TOP_OC, ORGUNIT_OBJECT_CLASS_NM, GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME
-    };
-    private static final String[] ORGUNIT_ATRS =
-        {
-            GlobalIds.FT_IID, SchemaConstants.OU_AT, SchemaConstants.DESCRIPTION_AT, GlobalIds.PARENT_NODES
-    };
-
-    private static final String[] ORGUNIT_ATR =
-        {
-            SchemaConstants.OU_AT
-    };
-
-
-    /**
-     * @param entity
-     * @return
-     * @throws org.apache.directory.fortress.core.CreateException
-     *
-     */
-    OrgUnit create( OrgUnit entity ) throws CreateException
-    {
-        LdapConnection ld = null;
-        Dn dn = getDn( entity );
-
-        try
-        {
-            Entry entry = new DefaultEntry( dn );
-            entry.add( SchemaConstants.OBJECT_CLASS_AT, ORGUNIT_OBJ_CLASS );
-            entity.setId();
-            entry.add( GlobalIds.FT_IID, entity.getId() );
-
-            String description = entity.getDescription();
-
-            if ( !Strings.isEmpty( description ) )
-            {
-                entry.add( SchemaConstants.DESCRIPTION_AT, description );
-            }
-
-            // organizational name requires OU attribute:
-            entry.add( SchemaConstants.OU_AT, entity.getName() );
-
-            // These multi-valued attributes are optional.  The utility function will return quietly if no items are loaded into collection:
-            loadAttrs( entity.getParents(), entry, GlobalIds.PARENT_NODES );
-
-            ld = getAdminConnection();
-            add( ld, entry, entity );
-        }
-        catch ( LdapException e )
-        {
-            String error = "create orgUnit name [" + entity.getName() + "] type [" + entity.getType()
-                + "] root [" + dn + "] caught LdapException=" + e;
-            int errCode;
-
-            if ( entity.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_ADD_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_ADD_FAILED_USER;
-
-            }
-
-            throw new CreateException( errCode, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return entity;
-    }
-
-
-    /**
-     * @param entity
-     * @return
-     * @throws org.apache.directory.fortress.core.UpdateException
-     *
-     */
-    OrgUnit update( OrgUnit entity ) throws UpdateException
-    {
-        LdapConnection ld = null;
-        Dn dn = getDn( entity );
-
-        try
-        {
-            List<Modification> mods = new ArrayList<Modification>();
-
-            if ( entity.getDescription() != null && entity.getDescription().length() > 0 )
-            {
-                mods.add( new DefaultModification(
-                    ModificationOperation.REPLACE_ATTRIBUTE, SchemaConstants.DESCRIPTION_AT, entity.getDescription() ) );
-            }
-
-            loadAttrs( entity.getParents(), mods, GlobalIds.PARENT_NODES );
-
-            if ( mods.size() > 0 )
-            {
-                ld = getAdminConnection();
-                modify( ld, dn, mods, entity );
-            }
-        }
-        catch ( LdapException e )
-        {
-            String error = "update orgUnit name [" + entity.getName() + "] type [" + entity.getType()
-                + "] root [" + dn + "] caught LdapException=" + e;
-            int errCode;
-
-            if ( entity.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_UPDATE_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_UPDATE_FAILED_USER;
-            }
-
-            throw new UpdateException( errCode, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return entity;
-    }
-
-
-    /**
-     * @param entity
-     * @throws org.apache.directory.fortress.core.UpdateException
-     *
-     */
-    void deleteParent( OrgUnit entity ) throws UpdateException
-    {
-        LdapConnection ld = null;
-        Dn dn = getDn( entity );
-
-        try
-        {
-            List<Modification> mods = new ArrayList<Modification>();
-            mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, GlobalIds.PARENT_NODES ) );
-            ld = getAdminConnection();
-            modify( ld, dn, mods, entity );
-        }
-        catch ( LdapException e )
-        {
-            String error = "deleteParent orgUnit name [" + entity.getName() + "] type [" + entity.getType()
-                + "] root [" + dn + "] caught LdapException=" + e;
-            int errCode;
-
-            if ( entity.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_REMOVE_PARENT_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_REMOVE_PARENT_FAILED_USER;
-            }
-
-            throw new UpdateException( errCode, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-    }
-
-
-    /**
-     * @param entity
-     * @return
-     * @throws org.apache.directory.fortress.core.RemoveException
-     *
-     */
-    OrgUnit remove( OrgUnit entity ) throws RemoveException
-    {
-        LdapConnection ld = null;
-        Dn dn = getDn( entity );
-
-        try
-        {
-            ld = getAdminConnection();
-            delete( ld, dn, entity );
-        }
-        catch ( LdapException e )
-        {
-            String error = "remove orgUnit name [" + entity.getName() + "] type [" + entity.getType()
-                + "] root [" + dn + "] caught LdapException=" + e;
-            int errCode;
-
-            if ( entity.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_DELETE_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_DELETE_FAILED_USER;
-            }
-
-            throw new RemoveException( errCode, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return entity;
-    }
-
-
-    /**
-     * @param entity
-     * @return
-     * @throws FinderException
-     *
-     */
-    OrgUnit findByKey( OrgUnit entity ) throws FinderException
-    {
-        OrgUnit oe = null;
-        LdapConnection ld = null;
-        Dn dn = getDn( entity );
-
-        try
-        {
-            ld = getAdminConnection();
-            Entry findEntry = read( ld, dn, ORGUNIT_ATRS );
-
-            if ( findEntry == null )
-            {
-                String warning = "findByKey orgUnit name [" + entity.getName() + "] type ["
-                    + entity.getType() + "] COULD NOT FIND ENTRY for dn [" + dn + "]";
-                int errCode;
-
-                if ( entity.getType() == OrgUnit.Type.PERM )
-                {
-                    errCode = GlobalErrIds.ORG_NOT_FOUND_PERM;
-                }
-                else
-                {
-                    errCode = GlobalErrIds.ORG_NOT_FOUND_USER;
-                }
-
-                throw new FinderException( errCode, warning );
-            }
-
-            oe = getEntityFromLdapEntry( findEntry, 0, entity.getContextId() );
-        }
-        catch ( LdapNoSuchObjectException e )
-        {
-            String warning = "findByKey orgUnit name [" + entity.getName() + "] type ["
-                + entity.getType() + "] COULD NOT FIND ENTRY for dn [" + dn + "]";
-            int errCode;
-
-            if ( entity.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_NOT_FOUND_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_NOT_FOUND_USER;
-            }
-            throw new FinderException( errCode, warning );
-        }
-        catch ( LdapException e )
-        {
-            String error = "findByKey orgUnitName [" + entity.getName() + "] type [" + entity.getType()
-                + "] dn [" + dn + "] caught LdapException=" + e;
-            int errCode;
-
-            if ( entity.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_READ_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_READ_FAILED_USER;
-            }
-
-            throw new FinderException( errCode, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return oe;
-    }
-
-
-    /**
-     * @param orgUnit
-     * @return
-     * @throws org.apache.directory.fortress.core.FinderException
-     *
-     */
-    List<OrgUnit> findOrgs( OrgUnit orgUnit ) throws FinderException
-    {
-        List<OrgUnit> orgUnitList = new ArrayList<>();
-        LdapConnection ld = null;
-        String orgUnitRoot = getOrgRoot( orgUnit );
-
-        try
-        {
-            String searchVal = encodeSafeText( orgUnit.getName(), GlobalIds.ROLE_LEN );
-            String filter = GlobalIds.FILTER_PREFIX + ORGUNIT_OBJECT_CLASS_NM + ")("
-                + SchemaConstants.OU_AT + "=" + searchVal + "*))";
-            ld = getAdminConnection();
-            SearchCursor searchResults = search( ld, orgUnitRoot,
-                SearchScope.ONELEVEL, filter, ORGUNIT_ATRS, false, GlobalIds.BATCH_SIZE );
-            long sequence = 0;
-
-            while ( searchResults.next() )
-            {
-                orgUnitList
-                    .add( getEntityFromLdapEntry( searchResults.getEntry(), sequence++, orgUnit.getContextId() ) );
-            }
-        }
-        catch ( LdapException e )
-        {
-            String error = "findOrgs search val [" + orgUnit.getName() + "] type [" + orgUnit.getType()
-                + "] root [" + orgUnitRoot + "] caught LdapException=" + e;
-            int errCode;
-
-            if ( orgUnit.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_SEARCH_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_SEARCH_FAILED_USER;
-            }
-
-            throw new FinderException( errCode, error, e );
-        }
-        catch ( CursorException e )
-        {
-            String error = "findOrgs search val [" + orgUnit.getName() + "] type [" + orgUnit.getType()
-                + "] root [" + orgUnitRoot + "] caught CursorException=" + e;
-            int errCode;
-
-            if ( orgUnit.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_SEARCH_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_SEARCH_FAILED_USER;
-            }
-
-            throw new FinderException( errCode, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return orgUnitList;
-    }
-
-
-    /**
-     *
-     * @param orgUnit
-     * @return
-     * @throws FinderException
-     */
-    Set<String> getOrgs( OrgUnit orgUnit ) throws FinderException
-    {
-        Set<String> ouSet = new TreeSet<String>( String.CASE_INSENSITIVE_ORDER );
-        LdapConnection ld = null;
-        String orgUnitRoot = getOrgRoot( orgUnit );
-
-        try
-        {
-            String filter = "(objectclass=" + ORGUNIT_OBJECT_CLASS_NM + ")";
-            ld = getAdminConnection();
-            SearchCursor searchResults = search( ld, orgUnitRoot,
-                SearchScope.ONELEVEL, filter, ORGUNIT_ATR, false, GlobalIds.BATCH_SIZE );
-
-            while ( searchResults.next() )
-            {
-                ouSet.add( getAttribute( searchResults.getEntry(), SchemaConstants.OU_AT ) );
-            }
-
-            searchResults.close();
-        }
-        catch ( LdapException e )
-        {
-            String error = "getOrgs type [" + orgUnit.getType() + "] root [" + orgUnitRoot
-                + "] caught LdapException=" + e;
-            int errCode;
-
-            if ( orgUnit.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_GET_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_GET_FAILED_USER;
-            }
-
-            throw new FinderException( errCode, error, e );
-        }
-        catch ( CursorException e )
-        {
-            String error = "getOrgs type [" + orgUnit.getType() + "] root [" + orgUnitRoot
-                + "] caught CursorException=" + e;
-            int errCode;
-
-            if ( orgUnit.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_GET_FAILED_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_GET_FAILED_USER;
-            }
-
-            throw new FinderException( errCode, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return ouSet;
-    }
-
-
-    /**
-      *
-      * @param orgUnit
-      * @return
-      * @throws FinderException
-      */
-    List<Graphable> getAllDescendants( OrgUnit orgUnit ) throws FinderException
-    {
-        String orgUnitRoot = getOrgRoot( orgUnit );
-        String[] DESC_ATRS =
-            { SchemaConstants.OU_AT, GlobalIds.PARENT_NODES };
-        List<Graphable> descendants = new ArrayList<>();
-        LdapConnection ld = null;
-        String filter = null;
-
-        try
-        {
-            filter = GlobalIds.FILTER_PREFIX + ORGUNIT_OBJECT_CLASS_NM + ")("
-                + GlobalIds.PARENT_NODES + "=*))";
-            ld = getAdminConnection();
-            SearchCursor searchResults = search( ld, orgUnitRoot,
-                SearchScope.ONELEVEL, filter, DESC_ATRS, false, GlobalIds.BATCH_SIZE );
-            long sequence = 0;
-
-            while ( searchResults.next() )
-            {
-                descendants.add( unloadDescendants( searchResults.getEntry(), sequence++, orgUnit.getContextId() ) );
-            }
-        }
-        catch ( LdapException e )
-        {
-            String error = "getAllDescendants filter [" + filter + "] caught LdapException="
-                + e.getMessage();
-            throw new FinderException( GlobalErrIds.ARLE_SEARCH_FAILED, error, e );
-        }
-        catch ( CursorException e )
-        {
-            String error = "getAllDescendants filter [" + filter + "] caught CursorException="
-                + e.getMessage();
-            throw new FinderException( GlobalErrIds.ARLE_SEARCH_FAILED, error, e );
-        }
-        finally
-        {
-            closeAdminConnection( ld );
-        }
-
-        return descendants;
-    }
-
-
-    /**
-     * Creates a new Dn for the given orgUnit
-     *  
-     * @param orgUnit The orgUnit
-     * @return A Dn
-     * @throws LdapInvalidDnException If the DN is invalid 
-     */
-    private Dn getDn( OrgUnit orgUnit )
-    {
-        Dn dn = null;
-
-        try
-        {
-            switch ( orgUnit.type )
-            {
-                case USER:
-                    dn = new Dn( SchemaConstants.OU_AT + "=" + orgUnit.getName(), getRootDn( orgUnit.getContextId(),
-                        GlobalIds.OSU_ROOT ) );
-                    break;
-
-                case PERM:
-                    dn = new Dn( SchemaConstants.OU_AT + "=" + orgUnit.getName(), getRootDn( orgUnit.getContextId(),
-                        GlobalIds.PSU_ROOT ) );
-                    break;
-
-                default:
-                    String warning = "getDn invalid type";
-                    LOG.warn( warning );
-                    break;
-            }
-
-            return dn;
-        }
-        catch ( LdapInvalidDnException lide )
-        {
-            LOG.error( lide.getMessage() );
-            throw new RuntimeException( lide.getMessage() );
-        }
-    }
-
-
-    /**
-     *
-     * @param orgUnit
-     * @return
-     */
-    private String getOrgRoot( OrgUnit orgUnit )
-    {
-        String dn = null;
-
-        switch ( orgUnit.type )
-        {
-            case USER:
-                dn = getRootDn( orgUnit.getContextId(), GlobalIds.OSU_ROOT );
-                break;
-
-            case PERM:
-                dn = getRootDn( orgUnit.getContextId(), GlobalIds.PSU_ROOT );
-                break;
-
-            default:
-                String warning = "getOrgRootDn invalid type";
-                LOG.warn( warning );
-                break;
-        }
-
-        return dn;
-    }
-
-
-    /**
-    *
-    * @param le
-    * @param sequence
-    * @param contextId
-    * @return
-     * @throws LdapInvalidAttributeValueException 
-    * @throws LdapException
-    */
-    private Graphable unloadDescendants( Entry le, long sequence, String contextId )
-        throws LdapInvalidAttributeValueException
-    {
-        OrgUnit entity = new ObjectFactory().createOrgUnit();
-        entity.setSequenceId( sequence );
-        entity.setName( getAttribute( le, SchemaConstants.OU_AT ) );
-        entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );
-
-        return entity;
-    }
-
-
-    /**
-     *
-     * @param le
-     * @param sequence
-     * @param contextId
-     * @return
-     * @throws LdapInvalidAttributeValueException 
-     * @throws LdapException
-     */
-    private OrgUnit getEntityFromLdapEntry( Entry le, long sequence, String contextId )
-        throws LdapInvalidAttributeValueException
-    {
-        OrgUnit entity = new ObjectFactory().createOrgUnit();
-        entity.setSequenceId( sequence );
-        entity.setId( getAttribute( le, GlobalIds.FT_IID ) );
-        entity.setName( getAttribute( le, SchemaConstants.OU_AT ) );
-        entity.setDescription( getAttribute( le, SchemaConstants.DESCRIPTION_AT ) );
-        String dn = le.getDn().getName();
-
-        if ( dn.contains( getRootDn( contextId, GlobalIds.PSU_ROOT ) ) )
-        {
-            entity.setType( OrgUnit.Type.PERM );
-            //entity.setParents(PsoUtil.getParents(entity.getName().toUpperCase(), contextId));
-            entity.setChildren( PsoUtil.getChildren( entity.getName().toUpperCase(), contextId ) );
-        }
-        else if ( dn.contains( getRootDn( contextId, GlobalIds.OSU_ROOT ) ) )
-        {
-            entity.setType( OrgUnit.Type.USER );
-            //entity.setParents(UsoUtil.getParents(entity.getName().toUpperCase(), contextId));
-            entity.setChildren( UsoUtil.getChildren( entity.getName().toUpperCase(), contextId ) );
-        }
-
-        entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );
-
-        return entity;
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java b/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java
deleted file mode 100755
index 50f38d7..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/OrgUnitP.java
+++ /dev/null
@@ -1,470 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.util.List;
-import java.util.Set;
-import java.util.concurrent.locks.ReadWriteLock;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.directory.fortress.core.model.Graphable;
-import org.apache.directory.fortress.core.model.OrgUnit;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.model.VUtil;
-import org.apache.directory.fortress.core.util.cache.Cache;
-import org.apache.directory.fortress.core.util.cache.CacheMgr;
-
-
-/**
- * Process module for the OrgUnit entity. The Fortress OrgUnit data set can be associated with two entities:
- * {@link org.apache.directory.fortress.core.model.User} class or {@link org.apache.directory.fortress.core.model.PermObj} class.  The OrgUnit entity itself is stored in two separate locations in the ldap tree one
- * for each entity listed above.  The type of OU entity is set via the enum attribute {@link org.apache.directory.fortress.core.model.OrgUnit.Type} which is equal to 'PERM' or 'USER'.
- * This class performs data validations.  The methods of this class are called by internal Fortress manager impl classes
- * {@link DelAdminMgrImpl} and {@link DelReviewMgrImpl} but is also called by {@link org.apache.directory.fortress.core.rbac.PermP#validate} method and {@link org.apache.directory.fortress.core.rbac.UserP#validate} functions
- * which ensure the entities are related to valid OU entries. This class is not intended to be called external
- * to Fortress Core itself.  This class will accept Fortress entity {@link org.apache.directory.fortress.core.model.OrgUnit}, validate its contents and forward on to it's
- * corresponding DAO class {@link OrgUnitDAO} for data access.
- * <p>
- * Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system
- * error internal to DAO object. This class will forward DAO exceptions ({@link org.apache.directory.fortress.core.FinderException},
- * {@link org.apache.directory.fortress.core.CreateException},{@link org.apache.directory.fortress.core.UpdateException},{@link org.apache.directory.fortress.core.RemoveException}),
- *  or {@link org.apache.directory.fortress.core.ValidationException} as {@link SecurityException}s with appropriate
- * error id from {@link GlobalErrIds}.
- * <p>
- * This class uses synchronized data sets ({@link #ouCache} but is thread safe.
- * <p/>
-
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public final class OrgUnitP
-{
-    // init the logger:
-    private static final String CLS_NM = OrgUnitP.class.getName();
-    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-
-    // these fields are used to synchronize access to the above static pools:
-    private static final ReadWriteLock userPoolLock = new ReentrantReadWriteLock();
-    private static final ReadWriteLock permPoolLock = new ReentrantReadWriteLock();
-    private static Cache ouCache;
-
-    // DAO class for OU data sets must be initializer before the other statics:
-    private static final OrgUnitDAO oDao = new OrgUnitDAO();
-    private static final String USER_OUS = "user.ous";
-    private static final String PERM_OUS = "perm.ous";
-    private static final String FORTRESS_OUS = "fortress.ous";
-
-    static
-    {
-        CacheMgr cacheMgr = CacheMgr.getInstance();
-        OrgUnitP.ouCache = cacheMgr.getCache( FORTRESS_OUS );
-    }
-
-
-    /**
-     * Package private constructor.
-     */
-    OrgUnitP()
-    {
-    }
-
-
-    /**
-     * This function uses a case insensitive search.
-     * @param entity
-     * @return true if valid, false otherwise.
-     */
-    /* No Qualifier */boolean isValid( OrgUnit entity )
-    {
-        boolean result = false;
-
-        if ( entity.type == OrgUnit.Type.USER )
-        {
-            try
-            {
-                userPoolLock.readLock().lock();
-                Set<String> userPool = getUserSet( entity );
-
-                if ( userPool != null )
-                {
-                    result = userPool.contains( entity.getName() );
-                }
-            }
-            finally
-            {
-                userPoolLock.readLock().unlock();
-            }
-        }
-        else
-        {
-            try
-            {
-                permPoolLock.readLock().lock();
-                Set<String> permPool = getPermSet( entity );
-
-                if ( permPool != null )
-                {
-                    result = permPool.contains( entity.getName() );
-                }
-            }
-            finally
-            {
-                permPoolLock.readLock().unlock();
-            }
-        }
-
-        return result;
-    }
-
-
-    /**
-     * Loads the User set for an orgUnit
-     * @param orgUnit The orgUnit
-     * @return The set of associated User
-     */
-    private static Set<String> loadUserSet( OrgUnit orgUnit )
-    {
-        Set<String> ouUserSet = null;
-
-        try
-        {
-            ouUserSet = oDao.getOrgs( orgUnit );
-        }
-        catch ( SecurityException se )
-        {
-            String warning = "loadOrgSet static initializer caught SecurityException=" + se;
-            LOG.info( warning, se );
-        }
-
-        ouCache.put( getKey( USER_OUS, orgUnit.getContextId() ), ouUserSet );
-
-        return ouUserSet;
-    }
-
-
-    /**
-     * Loads the Perm set for an orgUnit
-     * @param orgUnit The orgUnit
-     * @return The set of associated Perms
-     */
-    private static Set<String> loadPermSet( OrgUnit orgUnit )
-    {
-        Set<String> ouPermSet = null;
-
-        try
-        {
-            ouPermSet = oDao.getOrgs( orgUnit );
-        }
-        catch ( SecurityException se )
-        {
-            String warning = "loadOrgSet static initializer caught SecurityException=" + se;
-            LOG.info( warning, se );
-        }
-
-        ouCache.put( getKey( PERM_OUS, orgUnit.getContextId() ), ouPermSet );
-
-        return ouPermSet;
-    }
-
-
-    /**
-     *
-     * @param orgUnit will be a Perm OU.
-     * @return Set containing the OU mapping to a Perm type and tenant.
-     */
-    private static Set<String> getPermSet( OrgUnit orgUnit )
-    {
-        @SuppressWarnings("unchecked")
-        Set<String> permSet = ( Set<String> ) ouCache.get( getKey( PERM_OUS, orgUnit.getContextId() ) );
-
-        if ( permSet == null )
-        {
-            permSet = loadPermSet( orgUnit );
-        }
-
-        return permSet;
-    }
-
-
-    /**
-     *
-     * @param orgUnit will be a User OU
-     * @return Set containing the OU mapping to the user type and tenant.
-     */
-    private static Set<String> getUserSet( OrgUnit orgUnit )
-    {
-        @SuppressWarnings("unchecked")
-        Set<String> userSet = ( Set<String> ) ouCache.get( getKey( USER_OUS, orgUnit.getContextId() ) );
-
-        if ( userSet == null )
-        {
-            userSet = loadUserSet( orgUnit );
-        }
-
-        return userSet;
-    }
-
-
-    /**
-     * Return a fully populated OrgUnit entity for a given Perm or User orgUnitId.  If matching record not found a
-     * SecurityException will be thrown.
-     *
-     * @param entity contains full orgUnit name used for User or Perm OU data sets in directory.
-     * @return OrgUnit entity containing all attributes associated with ou in directory.
-     * @throws SecurityException in the event OrgUnit not found or DAO search error.
-     */
-    OrgUnit read( OrgUnit entity ) throws SecurityException
-    {
-        validate( entity, false );
-
-        return oDao.findByKey( entity );
-    }
-
-
-    /**
-     * Will search either User or Perm OrgUnit data sets depending on which type is passed.
-     * The search string that contains full or partial OrgUnit name associated with OU node in directory.
-     *
-     * @param orgUnit contains full or partial OU name.
-     * @return List of type OrgUnit containing fully populated matching OU entities.  If no records found this will be empty.
-     * @throws SecurityException in the event of DAO search error.
-     */
-    List<OrgUnit> search( OrgUnit orgUnit ) throws SecurityException
-    {
-        // Call the finder.
-        return oDao.findOrgs( orgUnit );
-    }
-
-
-    /**
-     * Adds a new OrgUnit to directory. The OrgUnit type enum will determine which data set insertion will
-     * occur - User or Perm.  The OrgUnit entity input will be validated to ensure that:
-     * orgUnit name is present and type is specified, and reasonability checks on all of the other populated values.
-     *
-     * @param entity OrgUnit contains data targeted for insertion.
-     * @return OrgUnit entity copy of input + additional attributes (internalId) that were added by op.
-     * @throws SecurityException in the event of data validation or DAO system error.
-     */
-    OrgUnit add( OrgUnit entity ) throws SecurityException
-    {
-        validate( entity, false );
-        OrgUnit oe = oDao.create( entity );
-
-        if ( entity.getType() == OrgUnit.Type.USER )
-        {
-            try
-            {
-                userPoolLock.writeLock().lock();
-
-                Set<String> userPool = getUserSet( entity );
-
-                if ( userPool != null )
-                {
-                    userPool.add( entity.getName() );
-                }
-            }
-            finally
-            {
-                userPoolLock.writeLock().unlock();
-            }
-        }
-        else
-        {
-            try
-            {
-                permPoolLock.writeLock().lock();
-
-                Set<String> permPool = getPermSet( entity );
-
-                if ( permPool != null )
-                {
-                    permPool.add( entity.getName() );
-                }
-            }
-            finally
-            {
-                permPoolLock.writeLock().unlock();
-            }
-        }
-
-        return oe;
-    }
-
-
-    /**
-     * Updates existing OrgUnit in directory. The OrgUnit type enum will determine which data set insertion will
-     * occur - User or Perm.  The OrgUnit entity input will be validated to ensure that:
-     * orgUnit name is present, and reasonability checks on all of the other populated values.
-     * Null or empty attributes are ignored.
-     *
-     * @param entity OrgUnit contains data targeted for updating.  Null attributes ignored.
-     * @return OrgUnit entity copy of input + additional attributes (internalId) that were updated by op.
-     * @throws SecurityException in the event of data validation or DAO system error.
-     */
-    OrgUnit update( OrgUnit entity ) throws SecurityException
-    {
-        validate( entity, false );
-
-        return oDao.update( entity );
-    }
-
-
-    /**
-     * Remove the parent attribute from the OrgUnit entry in directory. The OrgUnit type enum will determine which data set insertion will
-     * occur - User or Perm.  The OrgUnit entity input will be validated to ensure that:
-     * orgUnit name is present.
-     *
-     * @param entity OrgUnit contains data targeted for updating.  Null attributes ignored.
-     * @throws SecurityException in the event of data validation or DAO system error.
-     */
-    void deleteParent( OrgUnit entity ) throws SecurityException
-    {
-        validate( entity, false );
-        oDao.deleteParent( entity );
-    }
-
-
-    /**
-     * This method performs a "hard" delete.  It completely the OrgUnit node from the ldap directory.
-     * The OrgUnit type enum will determine where deletion will occur - User or Perm OU data sets.
-     * OrgUnit entity must exist in directory prior to making this call else exception will be thrown.
-     *
-     * @param entity Contains the name of the OrgUnit node targeted for deletion.
-     * @return OrgUnit entity copy of input.
-     * @throws SecurityException in the event of data validation or DAO system error.
-     */
-    OrgUnit delete( OrgUnit entity ) throws SecurityException
-    {
-        oDao.remove( entity );
-
-        if ( entity.getType() == OrgUnit.Type.USER )
-        {
-            try
-            {
-                userPoolLock.writeLock().lock();
-                Set<String> userPool = getUserSet( entity );
-
-                if ( userPool != null )
-                {
-                    userPool.remove( entity.getName() );
-                }
-            }
-            finally
-            {
-                userPoolLock.writeLock().unlock();
-            }
-        }
-        else
-        {
-            try
-            {
-                permPoolLock.writeLock().lock();
-                Set<String> permPool = getPermSet( entity );
-
-                if ( permPool != null )
-                {
-                    permPool.remove( entity.getName() );
-                }
-            }
-            finally
-            {
-                permPoolLock.writeLock().unlock();
-            }
-        }
-
-        return entity;
-    }
-
-
-    /**
-     * Return all OrgUnits that have a parent assignment.  This used for hierarchical processing.
-     *
-     * @param orgUnit will either be a User or Perm OU.
-     * @return List of type OrgUnit containing {@link OrgUnit#name} and {@link OrgUnit#parents} populated.
-     * @throws SecurityException in the event of DAO search error.
-     */
-    List<Graphable> getAllDescendants( OrgUnit orgUnit ) throws SecurityException
-    {
-        return oDao.getAllDescendants( orgUnit );
-    }
-
-
-    /**
-     * Method will perform simple validations to ensure the integrity of the OrgUnit entity targeted for insertion
-     * or updating in directory.  This method will ensure the name and type enum are specified.  It will also perform
-     * reasonability check on description if set.
-     *
-     * @param entity   contains the enum type to validate
-     * @param isUpdate not used at this time.
-     * @throws SecurityException thrown in the event the attribute is null.
-     */
-    private void validate( OrgUnit entity, boolean isUpdate )
-        throws SecurityException
-    {
-        VUtil.safeText( entity.getName(), GlobalIds.OU_LEN );
-
-        if ( StringUtils.isNotEmpty( entity.getDescription() ) )
-        {
-            VUtil.description( entity.getDescription() );
-        }
-
-        if ( entity.getType() == null )
-        {
-            String error = "validate null or empty org unit type";
-            int errCode;
-
-            if ( entity.getType() == OrgUnit.Type.PERM )
-            {
-                errCode = GlobalErrIds.ORG_TYPE_NULL_PERM;
-            }
-            else
-            {
-                errCode = GlobalErrIds.ORG_TYPE_NULL_USER;
-            }
-
-            throw new SecurityException( errCode, error );
-        }
-    }
-
-
-    /**
-     * Build a key that is composed of the OU type ({@link #USER_OUS} or {@link #PERM_OUS}) and the contextId which is the id of tenant.
-     *
-     * @param type either {@link #USER_OUS} or {@link #PERM_OUS}.
-     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return key mapping to this tenant's cache entry.
-     */
-    private static String getKey( String type, String contextId )
-    {
-        String key = type;
-
-        if ( StringUtils.isNotEmpty( contextId ) && !contextId.equalsIgnoreCase( GlobalIds.NULL ) )
-        {
-            key += ":" + contextId;
-        }
-
-        return key;
-    }
-}
\ No newline at end of file


Mime
View raw message