directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [07/19] directory-fortress-core git commit: FC-109 - break core package cycles
Date Mon, 01 Jun 2015 23:02:12 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/Permission.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Permission.java b/src/main/java/org/apache/directory/fortress/core/rbac/Permission.java
deleted file mode 100755
index 087e44f..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Permission.java
+++ /dev/null
@@ -1,789 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.io.Serializable;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Properties;
-import java.util.Set;
-import java.util.TreeSet;
-import java.util.UUID;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-
-/*
-## OC2: Fortress Permission Structural Object Class
-    objectclass    ( 1.3.6.1.4.1.38088.2.2
-    NAME 'ftObject'
-    DESC 'Fortress Permission Object Class'
-    SUP organizationalunit
-    STRUCTURAL
-    MUST (
-    ftId $
-    ftObjNm
-    )
-    MAY (
-    ftType
-    )
-    )
-*/
-/**
- * All entities ({@link org.apache.directory.fortress.core.rbac.User}, {@link org.apache.directory.fortress.core.rbac.Role}, {@link Permission},
- * {@link org.apache.directory.fortress.core.rbac.PwPolicy} {@link org.apache.directory.fortress.core.rbac.SDSet} etc...) are used to carry data between three Fortress
- * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
- * (3) DAO layer where persistence with the OpenLDAP server occurs.
- * <h4>Fortress Processing Layers</h4>
- * <ol>
- * <li>Manager layer:  {@link AdminMgrImpl}, {@link AccessMgrImpl}, {@link ReviewMgrImpl},...</li>
- * <li>Process layer:  {@link org.apache.directory.fortress.core.rbac.UserP}, {@link org.apache.directory.fortress.core.rbac.RoleP}, {@link org.apache.directory.fortress.core.rbac.PermP},...</li>
- * <li>DAO layer: {@link UserDAO}, {@link RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
- * </ol>
- * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
- * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #setObjName} and {@link #setOpName} attributes set before passing into {@link AccessMgrImpl} APIs.
- * Create methods usually require more attributes (than Read) due to constraints enforced between entities.
- * <p/>
- * <h4>Permission entity attribute usages include</h4>
- * <ul>
- * <li>{@link #setObjName} and {@link #setOpName} attributes set before calling {@link AccessMgrImpl#checkAccess(org.apache.directory.fortress.core.rbac.Session, Permission)}.
- * <li>{@link #getRoles} may be set after calling {@link ReviewMgrImpl#readPermission(Permission)} or {@link AccessMgrImpl#sessionPermissions(org.apache.directory.fortress.core.rbac.Session)}.
- * <li>{@link #getUsers} may be set after calling {@link ReviewMgrImpl#readPermission(Permission)} or {@link AccessMgrImpl#sessionPermissions(org.apache.directory.fortress.core.rbac.Session)}.
- *
- * </ul>
- * <p/>
- * <h4>More Permission entity notes</h4>
- * <ul>
- * <li>The unique key to locate a Permission entity (which is required for all authZ requests) is {@link Permission#objName} and {@link Permission#opName}.<br />
- * <li>The Permission entity is used to target function points within computer programs needing authorization. This permission model allows a one-to-many relationship between the objects {@link org.apache.directory.fortress.core.rbac.PermObj} and operations {@link Permission}.
- * <p/>
- * <img src="../doc-files/RbacCore.png">
- * <li>The object to operation pairings enable application resources to be mapped to Fortress permissions in a way that is natural for object oriented programming.
- * <li>Permissions = Object {@link org.apache.directory.fortress.core.rbac.PermObj} 1<->* Operations {@link Permission}
- * <li>Permissions in Fortress may also be assigned directly to {@link #users}.
- * <li>Objects {@link #objName}, Operations {@link #opName}, Roles {@link #roles}, Users {@link #users} are not case sensitive for reads or searches.
- * </ul>
- * <p/>
- * The application entity that requires authorization will be mapped to the {@link org.apache.directory.fortress.core.rbac.PermObj} entity and the application's methods or operation names
- * will be mapped to {@link Permission} entities.
- * For example, the application entity 'ShoppingCart' has 5 operations - 'create', 'read', 'update', 'delete' and 'checkout'.
- * The following code will create the permissions and perform the necessary grants.
- * <pre>
- * try
- * {
- *  // Instantiate the AdminMgr first
- *  AdminMgr adminMgr = AdminMgrFactory.createInstance();
- *
- *  // Now Instantiate the Object
- *  PermObj shoppingCart = new PermObj("ShoppingCart", "KillerBikes.com");
- *
- *  // Add it to the directory
- *  adminMgr.addPermObj(shoppingCart);
- *
- *  // Now create the permission operations and grant to applicable roles:
- *  Permission create = new Permission(shoppingCart.getObjName(), "create");
- *  adminMgr.addPermission(create);
- *  adminMgr.grantPermission(create, new Role("Customer"));
- *
- *  Permission read = new Permission(shoppingCart.getObjName(), "read");
- *  adminMgr.addPermission(read);
- *  adminMgr.grantPermission(read, new Role("Customer"));
- *
- *  Permission update = new Permission(shoppingCart.getObjName(), "update");
- *  adminMgr.addPermission(update);
- *  adminMgr.grantPermission(update, new Role("Admin"));
- *
- *  Permission delete = new Permission(shoppingCart.getObjName(), "delete");
- *  adminMgr.addPermission(delete);
- *  adminMgr.grantPermission(delete, new Role("Manager"));
- *
- *  Permission checkout = new Permission(shoppingCart.getObjName(), "checkout");
- *  adminMgr.addPermission(checkout);
- *  adminMgr.grantPermission(delete, new Role("Customer"));
- * }
- * catch (SecurityException ex)
- * {
- *  // log or throw
- * }
- * </pre>
- * <p/>
- * <h4>Notes on the shopping cart example</h4>
- * <ul>
- * <li> {@link org.apache.directory.fortress.core.rbac.User} that activate 'Manager' role into their Sessions will be allowed access to 'ShoppingCart.delete' permission.
- * <li> {@link org.apache.directory.fortress.core.rbac.User} that activate 'Admin' role may perform 'ShoppingCart.update'.
- * <li> {@link org.apache.directory.fortress.core.rbac.User} with 'Customer' role may perform the 'ShoppingCart.create'  'ShoppingCart.read and 'ShoppingCart.checkout'.
- * <li> {@link org.apache.directory.fortress.core.rbac.Role}s must exist in ldap before assignment here, see javadoc {@link org.apache.directory.fortress.core.rbac.Role} for details.
- * <p/>
- * </ul>
- * <p/>
- * <h4>Permission Schema</h4>
- * This Permission entity extends a single standard ldap structural object class, {@code organizationalRole} with
- * one extension structural class, {@code ftOperation}, and two auxiliary object classes, {@code ftProperties}, {@code ftMods}.
- * The following 3 LDAP object classes will be mapped into this entity:
- * <p/>
- * 1. {@code ftOperation} STRUCTURAL Object Class is assigned roles and/or users which grants permissions which can be later checked
- * using either 'checkAccess' or 'sessionPermissions APIs both methods that reside in the 'AccessMgrImpl' class.
- * <pre>
- * ------------------------------------------
- * Fortress Operation Structural Object Class
- * objectclass    ( 1.3.6.1.4.1.38088.2.3
- *  NAME 'ftOperation'
- *  DESC 'Fortress Permission Operation Structural Object Class'
- *  SUP organizationalrole
- *  STRUCTURAL
- *  MUST (
- *      ftId $
- *      ftPermName $
- *      ftObjNm $
- *      ftOpNm
- *  )
- *  MAY (
- *      ftObjId $
- *      ftRoles $
- *      ftUsers $
- *      ftType
- *  )
- *  )
- * 2. {@code ftProperties} AUXILIARY Object Class is used to store optional client or otherwise custom name/value pairs on target entity.<br />
- * <code># This aux object class can be used to store custom attributes.</code><br />
- * <code># The properties collections consist of name/value pairs and are not constrainted by Fortress.</code><br />
- * <pre>
- * ------------------------------------------
- * AC2: Fortress Properties Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.2
- *  NAME 'ftProperties'
- *  DESC 'Fortress Properties AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftProps
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 3. {@code ftMods} AUXILIARY Object Class is used to store Fortress audit variables on target entity.
- * <pre>
- * ------------------------------------------
- * Fortress Audit Modification Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.4
- *  NAME 'ftMods'
- *  DESC 'Fortress Modifiers AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftModifier $
- *      ftModCode $
- *      ftModId
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortPermission")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "permission", propOrder =
-    {
-        "objName",
-        "opName",
-        "objId",
-        "description",
-        "abstractName",
-        "internalId",
-        "type",
-        "users",
-        "roles",
-        "props",
-        "dn",
-        "admin"
-})
-public class Permission extends FortEntity implements Serializable
-{
-    /** Default serialVersionUID */
-    private static final long serialVersionUID = 1L;
-
-    private boolean admin;
-    private String internalId;
-    private String opName;
-    private String objName;
-    private String objId;
-    private String abstractName;
-    private String type;
-    private String dn;
-    private String description;
-    @XmlElement(nillable = true)
-    private Props props = new Props();
-    //private Properties props;
-    @XmlElement(nillable = true)
-    private Set<String> roles;
-    @XmlElement(nillable = true)
-    private Set<String> users;
-
-
-    /**
-     * This constructor is commonly used to create Permission that is a target for authorization API.
-     *
-     * @param objName maps to 'ftObjNm' attribute in 'ftOperation' object class.
-     * @param opName     maps to 'ftOpNm' attribute in 'ftOperation' object class.
-     */
-    public Permission( String objName, String opName )
-    {
-        this.objName = objName;
-        this.opName = opName;
-    }
-
-
-    /**
-     * Default constructor is used by internal Fortress classes and not intended for external use.
-     */
-    public Permission()
-    {
-    }
-
-
-    /**
-     * Constructor is used for APIs that do not require opName for example ARBAC canGrant/canRevoke.
-     *
-     * @param objName maps to 'ftObjNm' attribute in 'ftOperation' object class.
-     */
-    public Permission( String objName )
-    {
-        this.objName = objName;
-    }
-
-
-    /**
-     * This constructor adds the objId which is used for creating Permissions that have an identity.
-     *
-     * @param objName maps to 'ftObjNm' attribute in 'ftOperation' object class.
-     * @param opName     maps to 'ftOpNm' attribute in 'ftOperation' object class.
-     * @param objId   maps to 'ftObjId' attribute in 'ftOperation' object class.
-     */
-    public Permission( String objName, String opName, String objId )
-    {
-        this.objName = objName;
-        this.opName = opName;
-        this.objId = objId;
-    }
-
-
-    /**
-     * This constructor adds the admin flag which is used to process as Administrative permission.
-     *
-     * @param objName maps to 'ftObjNm' attribute in 'ftOperation' object class.
-     * @param opName     maps to 'ftOpNm' attribute in 'ftOperation' object class.
-     * @param admin      attribute is used to specify the Permission is to be stored and processed in the Administrative RBAC data sets.
-     */
-    public Permission( String objName, String opName, boolean admin )
-    {
-        this.objName = objName;
-        this.opName = opName;
-        this.admin = admin;
-    }
-
-
-    /**
-     * Determine if this Permission is for RBAC or ARBAC processing.
-     *
-     * @return 'true' indicates administrative permission.
-     */
-    public boolean isAdmin()
-    {
-        return admin;
-    }
-
-
-    /**
-     * Set will determine if this Permission is for RBAC or ARBAC processing.
-     *
-     * @param admin contains is 'true' if ARBAC permission..
-     */
-    public void setAdmin( boolean admin )
-    {
-        this.admin = admin;
-    }
-
-
-    /**
-     * This attribute is required but is set automatically by Fortress DAO class before object is persisted to ldap.
-     * This generated internal id is associated with Permission.  This method is used by DAO class and
-     * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftOperation' object class.
-     */
-    public void setInternalId()
-    {
-        // generate a unique id that will be used as the rDn for this entry:
-        UUID uuid = UUID.randomUUID();
-        this.internalId = uuid.toString();
-    }
-
-
-    /**
-     * Set the internal id that is associated with Permission.  This method is used by DAO class and
-     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
-     * This method can be used by client for search purposes only.
-     *
-     * @param internalId maps to 'ftId' in 'ftObject' object class.
-     */
-    public void setInternalId( String internalId )
-    {
-        this.internalId = internalId;
-    }
-
-
-    /**
-     * Return the internal id that is associated with Permission.  This attribute is generated automatically
-     * by Fortress when new PermObj is added to directory and is not known or changeable by external client.
-     *
-     * @return attribute maps to 'ftId' in 'ftOperation' object class.
-     */
-    public String getInternalId()
-    {
-        return internalId;
-    }
-
-
-    /**
-     * Get the Permission operation name.  This is used to specify method name - i.e. Create, Read, Update, Delete, ...
-     *
-     * @return opName maps to 'ftOpNm' attribute in 'ftOperation' object class.
-     */
-    public String getOpName()
-    {
-        return opName;
-    }
-
-
-    /**
-     * Set the Permission operation name.  This is used to specify method name - i.e. Create, Read, Update, Delete, ...
-     *
-     * @param opName maps to 'ftOpNm' attribute in 'ftOperation' object class.
-     */
-    public void setOpName( String opName )
-    {
-        this.opName = opName;
-    }
-
-
-    /**
-     * Get the authorization target's object name.  This is typically mapped to the class name for component
-     * that is the target for Fortress authorization check. For example 'PatientRelationshipInquire'.
-     *
-     * @return the name of the object which maps to 'ftObjNm' attribute in 'ftOperation' object class.
-     */
-    public String getObjName()
-    {
-        return this.objName;
-    }
-
-
-    /**
-     * This attribute is required and sets the authorization target object name.  This name is typically derived from the class name
-     * for component that is the target for Fortress authorization check. For example 'CustomerCheckOutPage'.
-     *
-     */
-    public void setObjName( String objName )
-    {
-        this.objName = objName;
-    }
-
-
-    /**
-     * Return the Permission's abstract name which is the value of objName concatenated with OpName, i.e. 'Patient.checkin'
-     * This value is automatically generated by the Fortress DAO class.
-     *
-     * @return abstractName maps to 'ftPermName' attribute in 'ftOperation' object class.
-     */
-    public String getAbstractName()
-    {
-        return abstractName;
-    }
-
-
-    /**
-     * Set the Permission's abstract name which is the value of objName concatenated with OpName, i.e. 'Patient.checkin'
-     * This value is automatically generated by the Fortress DAO class and value will be ignored if set by external client.
-     *
-     * @param abstractName maps to 'ftPermName' attribute in 'ftOperation' object class.
-     */
-    public void setAbstractName( String abstractName )
-    {
-        this.abstractName = abstractName;
-    }
-
-
-    /**
-     * Get the optional type name which is an unconstrained attribute on Permission entity.
-     *
-     * @return type maps to 'ftType' attribute in 'ftOperation' object class.
-     */
-    public String getType()
-    {
-        return type;
-    }
-
-
-    /**
-     * Set the optional type name which is an unconstrained attribute on Permission entity.
-     *
-     * @param type maps to 'ftType' attribute in 'ftOperation' object class.
-     */
-    public void setType( String type )
-    {
-        this.type = type;
-    }
-
-
-    /**
-     * Get optional objId attribute which can be used to tag a Permission object with an identity, i.e. objName='Customer', objId='12345'.
-     * This value is not constrained by any other object.
-     *
-     * @return maps to 'ftObjectId' attribute in 'ftOperation' object class.
-     */
-    public String getObjId()
-    {
-        return objId;
-    }
-
-
-    /**
-     * Set optional objId which can be used to tag a Permission object with an identity, i.e. objName='Account', objId='09876543'.
-     * This value is not constrained by any other object.
-     *
-     * @param objId maps to 'ftObjectId' attribute in 'ftOperation' object class.
-     */
-    public void setObjId( String objId )
-    {
-        this.objId = objId;
-    }
-
-
-    /**
-     * Add a Role name to list of Roles that are valid for this Permission.  This is optional attribute.
-     *
-     * @param role maps to 'ftRoles' attribute in 'ftOperation' object class.
-     */
-    public void setRole( String role )
-    {
-        if ( roles == null )
-        {
-            roles = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
-        }
-
-        this.roles.add( role );
-    }
-
-
-    /**
-     * Delete a Role name from list of Roles that are valid for this Permission.
-     *
-     * @param role maps to 'ftRoles' attribute in 'ftOperation' object class.
-     */
-    public void delRole( String role )
-    {
-        if ( this.roles != null )
-        {
-            this.roles.remove( role );
-        }
-    }
-
-
-    /**
-     * Return the collection of optional Roles that have been loaded into this entity.  This is stored as a multi-occurring
-     * attribute of Role names on the 'ftOperation' object class.
-     *
-     * @return Set containing the roles which maps to 'ftRoles' attribute in 'ftOperation' object class.
-     */
-    public Set<String> getRoles()
-    {
-        return this.roles;
-    }
-
-
-    /**
-     * Set the collection of optional Roles that have been loaded into this entity.  This is stored as a multi-occurring
-     * attribute of Role names on the 'ftOperation' object class.
-     *
-     * @param roles maps to 'ftRoles' attribute in 'ftOperation' object class.
-     */
-    public void setRoles( Set<String> roles )
-    {
-        this.roles = roles;
-    }
-
-
-    /**
-     * Add a UserId to list of Users that are valid for this Permission.  This is optional attribute.
-     *
-     * @param user maps to 'ftUsers' attribute in 'ftOperation' object class.
-     */
-    public void setUser( String user )
-    {
-        if ( users == null )
-        {
-            users = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
-        }
-
-        this.users.add( user );
-    }
-
-
-    /**
-     * Return the collection of optional Users that have been loaded into this entity.  This is stored as a multi-occurring
-     * attribute of ftUsers on the 'ftOperation' object class.
-     *
-     * @return Set containing the Users which maps to 'ftUsers' attribute in 'ftOperation' object class.
-     */
-    public Set<String> getUsers()
-    {
-        return this.users;
-    }
-
-
-    /**
-     * Set the collection of optional Users that have been loaded into this entity.  This is stored as a multi-occurring
-     * attribute of userIds on the 'ftOperation' object class.
-     *
-     * @param users maps to 'ftUsers' attribute in 'ftOperation' object class.
-     */
-    public void setUsers( Set<String> users )
-    {
-        this.users = users;
-    }
-
-
-    public String getDn()
-    {
-        return dn;
-    }
-
-
-    public void setDn( String dn )
-    {
-        this.dn = dn;
-    }
-
-
-    /**
-     * Return the description field on this entity.  The description is often used as a human readable label for the permission.
-     * @return String containing the description.
-     */
-    public String getDescription()
-    {
-        return description;
-    }
-
-
-    /**
-     * Set the optional description field on this entity.  The description is used as a human readable label for the permission.
-     *
-     * @param description String contains the description.
-     */
-    public void setDescription( String description )
-    {
-        this.description = description;
-    }
-
-
-    /**
-      * Gets the value of the Props property.  This method is used by Fortress and En Masse and should not be called by external programs.
-      *
-      * @return
-      *     possible object is
-      *     {@link Props }
-      *
-      */
-    public Props getProps()
-    {
-        return props;
-    }
-
-
-    /**
-     * Sets the value of the Props property.  This method is used by Fortress and En Masse and should not be called by external programs.
-     *
-     * @param value
-     *     allowed object is
-     *     {@link Props }
-     *
-     */
-    public void setProps( Props value )
-    {
-        this.props = value;
-    }
-
-
-    /**
-     * Add name/value pair to list of properties associated with Permission.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param key   contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     * @param value
-     */
-    public void addProperty( String key, String value )
-    {
-        Props.Entry entry = new Props.Entry();
-        entry.setKey( key );
-        entry.setValue( value );
-        this.props.getEntry().add( entry );
-    }
-
-
-    /**
-     * Get a name/value pair attribute from list of properties associated with Permission.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param key contains property name and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     * @return value containing name/value pair that maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public String getProperty( String key )
-    {
-        List<Props.Entry> props = this.props.getEntry();
-        Props.Entry keyObj = new Props.Entry();
-        keyObj.setKey( key );
-
-        String value = null;
-        int indx = props.indexOf( keyObj );
-        if ( indx != -1 )
-        {
-            Props.Entry entry = props.get( props.indexOf( keyObj ) );
-            value = entry.getValue();
-        }
-
-        return value;
-    }
-
-
-    /**
-     * Add new collection of name/value pairs to attributes associated with Permission.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @param props contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public void addProperties( Properties props )
-    {
-        if ( props != null )
-        {
-            for ( Enumeration<?> e = props.propertyNames(); e.hasMoreElements(); )
-            {
-                // This LDAP attr is stored as a name-value pair separated by a ':'.
-                String key = ( String ) e.nextElement();
-                String val = props.getProperty( key );
-                addProperty( key, val );
-            }
-        }
-    }
-
-
-    /**
-     * Return the collection of name/value pairs to attributes associated with Permission.  These values are not constrained by Fortress.
-     * Properties are optional.
-     *
-     * @return Properties contains collection of name/value pairs and maps to 'ftProps' attribute in 'ftProperties' aux object class.
-     */
-    public Properties getProperties()
-    {
-        Properties properties = null;
-        List<Props.Entry> props = this.props.getEntry();
-        if ( props.size() > 0 )
-        {
-            properties = new Properties();
-            //int size = props.size();
-            for ( Props.Entry entry : props )
-            {
-                String key = entry.getKey();
-                String val = entry.getValue();
-                properties.setProperty( key, val );
-            }
-        }
-        return properties;
-    }
-
-
-    /**
-     * Matches the objName and opName from two Permission entities.
-     *
-     * @param thatOp contains a Permission entity.
-     * @return boolean indicating both Permissions contain matching objName and opName attributes.
-     */
-    public boolean equals( Object thatOp )
-    {
-        if ( this == thatOp )
-        {
-            return true;
-        }
-
-        if ( this.getObjName() == null )
-        {
-            return false;
-        }
-
-        if ( !( thatOp instanceof Permission ) )
-        {
-            return false;
-        }
-
-        Permission thatPermission = ( Permission ) thatOp;
-
-        if ( thatPermission.getObjName() == null )
-        {
-            return false;
-        }
-
-        return ( ( thatPermission.getObjName().equalsIgnoreCase( this.getObjName() ) ) && ( thatPermission
-            .getOpName().equalsIgnoreCase( this.getOpName() ) ) );
-    }
-
-
-    @Override
-    public int hashCode()
-    {
-        int result = ( admin ? 1 : 0 );
-        result = 31 * result + ( internalId != null ? internalId.hashCode() : 0 );
-        result = 31 * result + ( opName != null ? opName.hashCode() : 0 );
-        result = 31 * result + ( objName != null ? objName.hashCode() : 0 );
-        result = 31 * result + ( objId != null ? objId.hashCode() : 0 );
-        result = 31 * result + ( abstractName != null ? abstractName.hashCode() : 0 );
-        result = 31 * result + ( type != null ? type.hashCode() : 0 );
-        result = 31 * result + ( dn != null ? dn.hashCode() : 0 );
-        result = 31 * result + ( description != null ? description.hashCode() : 0 );
-        result = 31 * result + ( props != null ? props.hashCode() : 0 );
-        result = 31 * result + ( roles != null ? roles.hashCode() : 0 );
-        result = 31 * result + ( users != null ? users.hashCode() : 0 );
-        return result;
-    }
-
-
-    @Override
-    public String toString()
-    {
-        return "Permission{" +
-            "objName='" + objName + '\'' +
-            ", opName='" + opName + '\'' +
-            ", objId='" + objId + '\'' +
-            '}';
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java
index 05e2352..fc01976 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/PolicyDAO.java
@@ -46,7 +46,7 @@ import org.apache.directory.fortress.core.ObjectFactory;
 import org.apache.directory.fortress.core.RemoveException;
 import org.apache.directory.fortress.core.UpdateException;
 import org.apache.directory.fortress.core.ldap.ApacheDsDataProvider;
-import org.apache.directory.fortress.core.rbac.PwPolicy;
+import org.apache.directory.fortress.core.model.PwPolicy;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java b/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
index ffbfe47..2f9b9b9 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/PolicyP.java
@@ -25,6 +25,7 @@ import java.util.Set;
 import java.util.concurrent.locks.ReadWriteLock;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 
+import org.apache.directory.fortress.core.model.PwPolicy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.directory.fortress.core.GlobalErrIds;
@@ -39,8 +40,8 @@ import org.apache.directory.fortress.core.util.cache.CacheMgr;
 /**
  * Process module for the OpenLDAP Password Policy entity.  This class performs data validations and error mapping.
  * It is typically called by internal Fortress manager class {@link PwPolicyMgrImpl} but also
- * needed by {@link org.apache.directory.fortress.core.rbac.UserP#validate(org.apache.directory.fortress.core.rbac.User, boolean)}
- * This class is not intended to be used by external programs.  This class will accept Fortress entity, {@link PwPolicy}, on its
+ * needed by {@link org.apache.directory.fortress.core.rbac.UserP#validate(org.apache.directory.fortress.core.model.User, boolean)}
+ * This class is not intended to be used by external programs.  This class will accept Fortress entity, {@link org.apache.directory.fortress.core.model.PwPolicy}, on its
  * methods, validate contents and forward on to it's corresponding DAO class {@link PolicyDAO}.
  * <p/>
  * Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/Props.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Props.java b/src/main/java/org/apache/directory/fortress/core/rbac/Props.java
deleted file mode 100755
index d0d94cb..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Props.java
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.List;
-
-
-/**
- * This class is used as a container for {@code java.util.Properties} for passing to En Masse server.
- * </p>
- * This class is thread safe.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- *         <p/>
- *         <p>The following schema fragment specifies the expected content contained within this class.
- *         <p/>
- *         <pre>
- *                 &lt;complexType>
- *                   &lt;complexContent>
- *                     &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- *                       &lt;sequence>
- *                         &lt;element name="entry" maxOccurs="unbounded" minOccurs="0">
- *                           &lt;complexType>
- *                             &lt;complexContent>
- *                               &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
- *                                 &lt;sequence>
- *                                   &lt;element name="key" type="{http://www.w3.org/2001/XMLSchema}anyType" minOccurs="0"/>
- *                                   &lt;element name="value" type="{http://www.w3.org/2001/XMLSchema}anyType" minOccurs="0"/>
- *                                 &lt;/sequence>
- *                               &lt;/restriction>
- *                             &lt;/complexContent>
- *                           &lt;/complexType>
- *                         &lt;/element>
- *                       &lt;/sequence>
- *                     &lt;/restriction>
- *                   &lt;/complexContent>
- *                 &lt;/complexType>
- *                 </pre>
- */
-@XmlRootElement(name = "fortProps")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "props", propOrder =
-    {
-        "entry"
-})
-public class Props extends FortEntity implements Serializable
-{
-    /** Default serialVersionUID */
-    private static final long serialVersionUID = 1L;
-    private List<Props.Entry> entry;
-
-
-    /**
-     * Gets the value of the entry property.
-     *
-     * <p>
-     * This accessor method returns a reference to the live list,
-     * not a snapshot. Therefore any modification you make to the
-     * returned list will be present inside the JAXB object.
-     * This is why there is not a <CODE>set</CODE> method for the entry property.
-     *
-     * <p>
-     * For example, to add a new item, do as follows:
-     * <pre>
-     *    getEntry().add(newItem);
-     * </pre>
-     *
-     *
-     * <p>
-     * Objects of the following type(s) are allowed in the list
-     * {@link Props.Entry }
-     *
-     *
-     */
-    public List<Props.Entry> getEntry()
-    {
-        if ( entry == null )
-        {
-            entry = new ArrayList<>();
-        }
-        return this.entry;
-    }
-
-    /**
-     * <p>Java class for anonymous complex type.
-     *
-     * <p>The following schema fragment specifies the expected content contained within this class.
-     *
-     * <pre>
-     * &lt;complexType>
-     *   &lt;complexContent>
-     *     &lt;restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
-     *       &lt;sequence>
-     *         &lt;element name="key" type="{http://www.w3.org/2001/XMLSchema}anyType" minOccurs="0"/>
-     *         &lt;element name="value" type="{http://www.w3.org/2001/XMLSchema}anyType" minOccurs="0"/>
-     *       &lt;/sequence>
-     *     &lt;/restriction>
-     *   &lt;/complexContent>
-     * &lt;/complexType>
-     * </pre>
-     *
-     *
-     */
-    @XmlAccessorType(XmlAccessType.FIELD)
-    @XmlType(name = "", propOrder =
-        {
-            "key",
-            "value"
-    })
-    public static class Entry implements Serializable
-    {
-        /** Default serialVersionUID */
-        private static final long serialVersionUID = 1L;
-
-        protected String key;
-        protected String value;
-
-
-        /**
-         * Gets the value of the key property.
-         *
-         * @return
-         *     possible object is
-         *     {@link Object }
-         *
-         */
-        public String getKey()
-        {
-            return key;
-        }
-
-
-        /**
-         * Sets the value of the key property.
-         *
-         * @param value
-         *     allowed object is
-         *     {@link Object }
-         *
-         */
-        public void setKey( String value )
-        {
-            this.key = value;
-        }
-
-
-        /**
-         * Gets the value of the value property.
-         *
-         * @return
-         *     possible object is
-         *     {@link Object }
-         *
-         */
-        public String getValue()
-        {
-            return value;
-        }
-
-
-        /**
-         * Sets the value of the value property.
-         *
-         * @param value
-         *     allowed object is
-         *     {@link Object }
-         *
-         */
-        public void setValue( String value )
-        {
-            this.value = value;
-        }
-
-
-        /**
-         *
-         * @param obj
-         * @return boolean value
-         */
-        public boolean equals( Object obj )
-        {
-            if ( obj instanceof Props.Entry )
-            {
-                Props.Entry inObj = ( Props.Entry ) obj;
-                return key.equals( inObj.getKey() );
-            }
-            return false;
-        }
-
-        @Override
-        public int hashCode()
-        {
-            int result = key != null ? key.hashCode() : 0;
-            result = 31 * result + ( value != null ? value.hashCode() : 0 );
-            return result;
-        }
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java b/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java
index c00a473..fa37fbb 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/PsoUtil.java
@@ -25,6 +25,9 @@ import java.util.Set;
 import java.util.TreeSet;
 import java.util.concurrent.locks.ReadWriteLock;
 
+import org.apache.directory.fortress.core.model.Hier;
+import org.apache.directory.fortress.core.model.OrgUnit;
+import org.apache.directory.fortress.core.model.Relationship;
 import org.jgrapht.graph.SimpleDirectedGraph;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -37,13 +40,13 @@ import org.apache.directory.fortress.core.util.cache.CacheMgr;
 
 
 /**
- * This utility wraps {@link HierUtil} methods to provide hierarchical functionality using the {@link org.apache.directory.fortress.core.rbac.OrgUnit} data set
- * for Permissions, {@link org.apache.directory.fortress.core.rbac.OrgUnit.Type#PERM}.
+ * This utility wraps {@link HierUtil} methods to provide hierarchical functionality using the {@link org.apache.directory.fortress.core.model.OrgUnit} data set
+ * for Permissions, {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}.
  * The {@code cn=Hierarchies, ou=OS-P} data contains Permission OU pools and within a data cache, {@link #psoCache}, contained within this class.  The parent-child edges are contained in LDAP,
- * in {@code ftParents} attribute.  The ldap data is retrieved {@link OrgUnitP#getAllDescendants(org.apache.directory.fortress.core.rbac.OrgUnit)} and loaded into {@code org.jgrapht.graph.SimpleDirectedGraph}.
+ * in {@code ftParents} attribute.  The ldap data is retrieved {@link OrgUnitP#getAllDescendants(org.apache.directory.fortress.core.model.OrgUnit)} and loaded into {@code org.jgrapht.graph.SimpleDirectedGraph}.
  * The graph...
  * <ol>
- * <li>is stored as singleton in this class with vertices of {@code String}, and edges, as {@link Relationship}s</li>
+ * <li>is stored as singleton in this class with vertices of {@code String}, and edges, as {@link org.apache.directory.fortress.core.model.Relationship}s</li>
  * <li>utilizes open source library, see <a href="http://www.jgrapht.org/">JGraphT</a>.</li>
  * <li>contains a general hierarchical data structure i.e. allows multiple inheritance with parents.</li>
  * <li>is a simple directed graph thus does not allow cycles.</li>
@@ -66,7 +69,7 @@ public final class PsoUtil
     private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
 
     /**
-     * Initialize the Perm OU hierarchies.  This will read the {@link org.apache.directory.fortress.core.rbac.Hier} data set from ldap and load into
+     * Initialize the Perm OU hierarchies.  This will read the {@link org.apache.directory.fortress.core.model.Hier} data set from ldap and load into
      * the JGraphT simple digraph that referenced statically within this class.
      */
     static
@@ -77,11 +80,11 @@ public final class PsoUtil
 
 
     /**
-     * Recursively traverse the {@link org.apache.directory.fortress.core.rbac.OrgUnit} graph and return all of the descendants of a given parent {@link org.apache.directory.fortress.core.rbac.OrgUnit#name}.
+     * Recursively traverse the {@link org.apache.directory.fortress.core.model.OrgUnit} graph and return all of the descendants of a given parent {@link org.apache.directory.fortress.core.model.OrgUnit#name}.
      *
-     * @param name      {@link org.apache.directory.fortress.core.rbac.OrgUnit#name} maps on 'ftOrgUnit' object class.
+     * @param name      {@link org.apache.directory.fortress.core.model.OrgUnit#name} maps on 'ftOrgUnit' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of names of descendants {@link org.apache.directory.fortress.core.rbac.OrgUnit}s of given parent.
+     * @return Set of names of descendants {@link org.apache.directory.fortress.core.model.OrgUnit}s of given parent.
      */
     static Set<String> getDescendants( String name, String contextId )
     {
@@ -90,9 +93,9 @@ public final class PsoUtil
 
 
     /**
-     * Recursively traverse the {@link org.apache.directory.fortress.core.rbac.OrgUnit.Type#USER} graph and return all of the ascendants of a given child ou.
+     * Recursively traverse the {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} graph and return all of the ascendants of a given child ou.
      *
-     * @param name      maps to logical {@link org.apache.directory.fortress.core.rbac.OrgUnit#name} on 'ftOrgUnit' object class.
+     * @param name      maps to logical {@link org.apache.directory.fortress.core.model.OrgUnit#name} on 'ftOrgUnit' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return Set of ou names that are ascendants of given child.
      */
@@ -103,11 +106,11 @@ public final class PsoUtil
 
 
     /**
-     * Traverse one level of the {@link org.apache.directory.fortress.core.rbac.OrgUnit} graph and return all of the children (direct descendants) of a given parent {@link org.apache.directory.fortress.core.rbac.OrgUnit#name}.
+     * Traverse one level of the {@link org.apache.directory.fortress.core.model.OrgUnit} graph and return all of the children (direct descendants) of a given parent {@link org.apache.directory.fortress.core.model.OrgUnit#name}.
      *
-     * @param name      {@link org.apache.directory.fortress.core.rbac.OrgUnit#name} maps on 'ftOrgUnit' object class.
+     * @param name      {@link org.apache.directory.fortress.core.model.OrgUnit#name} maps on 'ftOrgUnit' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of names of children {@link org.apache.directory.fortress.core.rbac.OrgUnit}s of given parent.
+     * @return Set of names of children {@link org.apache.directory.fortress.core.model.OrgUnit}s of given parent.
      */
     public static Set<String> getChildren( String name, String contextId )
     {
@@ -116,9 +119,9 @@ public final class PsoUtil
 
 
     /**
-     * Traverse one level of the {@link org.apache.directory.fortress.core.rbac.OrgUnit.Type#USER} graph and return all of the parents (direct ascendants) of a given child ou.
+     * Traverse one level of the {@link org.apache.directory.fortress.core.model.OrgUnit.Type#USER} graph and return all of the parents (direct ascendants) of a given child ou.
      *
-     * @param name      maps to logical {@link org.apache.directory.fortress.core.rbac.OrgUnit#name} on 'ftOrgUnit' object class.
+     * @param name      maps to logical {@link org.apache.directory.fortress.core.model.OrgUnit#name} on 'ftOrgUnit' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return Set of ou names that are parents of given child.
      */
@@ -129,9 +132,9 @@ public final class PsoUtil
 
 
     /**
-     * Recursively traverse the {@link org.apache.directory.fortress.core.rbac.OrgUnit.Type#PERM} graph and return number of children a given parent ou has.
+     * Recursively traverse the {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM} graph and return number of children a given parent ou has.
      *
-     * @param name      maps to logical {@link org.apache.directory.fortress.core.rbac.OrgUnit#name} on 'ftOrgUnit' object class.
+     * @param name      maps to logical {@link org.apache.directory.fortress.core.model.OrgUnit#name} on 'ftOrgUnit' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return int value contains the number of children of a given parent ou.
      */
@@ -142,9 +145,9 @@ public final class PsoUtil
 
 
     /**
-     * Return Set of {@link org.apache.directory.fortress.core.rbac.OrgUnit#name}s ascendants contained within {@link org.apache.directory.fortress.core.rbac.OrgUnit.Type#PERM}.
+     * Return Set of {@link org.apache.directory.fortress.core.model.OrgUnit#name}s ascendants contained within {@link org.apache.directory.fortress.core.model.OrgUnit.Type#PERM}.
      *
-     * @param ous       contains list of {@link org.apache.directory.fortress.core.rbac.OrgUnit}s.
+     * @param ous       contains list of {@link org.apache.directory.fortress.core.model.OrgUnit}s.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return contains Set of all descendants.
      */
@@ -181,8 +184,8 @@ public final class PsoUtil
      * Method will throw {@link org.apache.directory.fortress.core.ValidationException} if rule check fails meaning caller failed validation
      * attempt to add/remove hierarchical relationship failed.
      *
-     * @param child     contains {@link org.apache.directory.fortress.core.rbac.OrgUnit#name} of child.
-     * @param parent    contains {@link org.apache.directory.fortress.core.rbac.OrgUnit#name} of parent.
+     * @param child     contains {@link org.apache.directory.fortress.core.model.OrgUnit#name} of child.
+     * @param parent    contains {@link org.apache.directory.fortress.core.model.OrgUnit#name} of parent.
      * @param mustExist boolean is used to specify if relationship must be true.
      * @throws org.apache.directory.fortress.core.ValidationException
      *          in the event it fails one of the 3 checks.
@@ -200,7 +203,7 @@ public final class PsoUtil
      *
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @param relationship contains parent-child relationship targeted for addition.
-     * @param op   used to pass the ldap op {@link org.apache.directory.fortress.core.rbac.Hier.Op#ADD}, {@link org.apache.directory.fortress.core.rbac.Hier.Op#MOD}, {@link org.apache.directory.fortress.core.rbac.Hier.Op#REM}
+     * @param op   used to pass the ldap op {@link org.apache.directory.fortress.core.model.Hier.Op#ADD}, {@link org.apache.directory.fortress.core.model.Hier.Op#MOD}, {@link org.apache.directory.fortress.core.model.Hier.Op#REM}
      * @throws org.apache.directory.fortress.core.SecurityException in the event of a system error.
      */
     static void updateHier( String contextId, Relationship relationship, Hier.Op op ) throws SecurityException

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PwMessage.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PwMessage.java b/src/main/java/org/apache/directory/fortress/core/rbac/PwMessage.java
index d16b74d..4054366 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PwMessage.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/PwMessage.java
@@ -24,7 +24,7 @@ import java.util.List;
 
 
 /**
- * Interface is implemented by {@link org.apache.directory.fortress.core.rbac.Session} and prescribes methods used to return Fortress
+ * Interface is implemented by {@link org.apache.directory.fortress.core.model.Session} and prescribes methods used to return Fortress
  * password messages to the caller.
  * <p/>
 
@@ -34,7 +34,7 @@ import java.util.List;
 public interface PwMessage
 {
     /**
-     * Return the {@link org.apache.directory.fortress.core.rbac.User#userId} from entity.
+     * Return the {@link org.apache.directory.fortress.core.model.User#userId} from entity.
      *
      * @param userId maps to {@code uid} attribute on inetOrgPerson object class.
      */
@@ -42,7 +42,7 @@ public interface PwMessage
 
 
     /**
-     * Set the {@link org.apache.directory.fortress.core.rbac.User#userId} in entity.
+     * Set the {@link org.apache.directory.fortress.core.model.User#userId} in entity.
      *
      * @return userId maps to {@code uid} attribute on inetOrgPerson object class.
      */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicy.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicy.java b/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicy.java
deleted file mode 100755
index 22ac3f4..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicy.java
+++ /dev/null
@@ -1,881 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.io.Serializable;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-/**
- * This class contains the Password Policy entity which is used to pass directives into and out of ldap.
- * <br />The unique key to locate a Policy entity (which is subsequently assigned to Users) is {@link #name}.<br />
- * <p/>
- * <h4>Password Policies</h4>
- * <a href="http://www.openldap.org/">OpenLDAP</a> supports the IETF draft <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10/">Password Policies for LDAP directories</a></li>.  Policies may be applied at the user, group or global level.
- * <p/>
- * <img src="../doc-files/PasswordPolicy.png">
- * <p/>
- * Password enforcement options include:
- * <ol>
- * <li>A configurable limit on failed authentication attempts.</li>
- * <li>A counter to track the number of failed authentication attempts.</li>
- * <li>A time frame in which the limit of consecutive failed authentication attempts must happen before action is taken.</li>
- * <li>The action to be taken when the limit is reached. The action will either be nothing, or the account will be locked.</li>
- * <li>An amount of time the account is locked (if it is to be locked) This can be indefinite.</li>
- * <li>Password expiration.</li>
- * <li>Expiration warning</li>
- * <li>Grace authentications</li>
- * <li>Password history</li>
- * <li>Password minimum age</li>
- * <li>Password minimum length</li>
- * <li>Password Change after Reset</li>
- * <li>Safe Modification of Password</li>
- * </ol>
- * <p/>
- * <h4>Schema</h4>
- * The OpenLDAP Password Policy entity is a composite of the following structural and aux object classes:
- * <p/>
- * 1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.
- * <pre>
- * ------------------------------------------
- * objectclass ( 2.5.6.14 NAME 'device'
- *  DESC 'RFC2256: a device'
- *  SUP top STRUCTURAL
- *  MUST cn
- *  MAY (
- *      serialNumber $ seeAlso $ owner $ ou $ o $ l $ description
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 2. pwdPolicy AUXILIARY Object Class is used to store OpenLDAP Password Policies.
- * <pre>
- * ------------------------------------------
- * objectclass ( 1.3.6.1.4.1.42.2.27.8.2.1</code>
- *  NAME 'pwdPolicy'</code>
- *  SUP top</code>
- *  AUXILIARY</code>
- *  MUST (
- *      pwdAttribute
- *  )
- *  MAY (
- *      pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
- *      pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $
- *      pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
- *      pwdMustChange $ pwdAllowUserChange $ pwdSafeModify
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
- * <pre>
- * ------------------------------------------
- * Fortress Audit Modification Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.4
- *  NAME 'ftMods'
- *  DESC 'Fortress Modifiers AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftModifier $
- *      ftModCode $
- *      ftModId
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortPolicy")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "pswdpolicy", propOrder = {
-    "name",
-    "attribute",
-    "minAge",
-    "maxAge",
-    "inHistory",
-    "checkQuality",
-    "minLength",
-    "expireWarning",
-    "graceLoginLimit",
-    "lockout",
-    "lockoutDuration",
-    "maxFailure",
-    "failureCountInterval",
-    "mustChange",
-    "allowUserChange",
-    "safeModify"
-})
-public class PwPolicy extends FortEntity implements Serializable
-{
-    private static final long serialVersionUID = 1L;
-
-    /**
-     * Maps to name attribute of pwdPolicy object class.
-     */
-    private String name;
-
-    /**
-     * 5.2.1  pwdAttribute
-     * <p/>
-     * This holds the name of the attribute to which the password policy is
-     * applied.  For example, the password policy may be applied to the
-     * userPassword attribute.
-     */
-    private String attribute;
-
-    /**
-     * 5.2.2  pwdMinAge
-     * <p/>
-     * This attribute holds the number of seconds that must elapse between
-     * modifications to the password.  If this attribute is not present, 0
-     * seconds is assumed.
-     */
-    @XmlElement(nillable = true)
-    private Integer minAge;
-    //private String minAge;
-
-    /**
-     * 5.2.3  pwdMaxAge
-     * <p/>
-     * This attribute holds the number of seconds after which a modified
-     * password will expire.
-     * <p/>
-     * If this attribute is not present, or if the value is 0 the password
-     * does not expire.  If not 0, the value must be greater than or equal
-     * to the value of the pwdMinAge.
-     */
-    @XmlElement(nillable = true)
-    private Long maxAge;
-
-    /**
-     * 5.2.4  pwdInHistory
-     * <p/>
-     * This attribute specifies the maximum number of used passwords stored
-     * in the pwdHistory attribute.
-     * <p/>
-     * If this attribute is not present, or if the value is 0, used
-     * passwords are not stored in the pwdHistory attribute and thus may be
-     * reused.
-     */
-    @XmlElement(nillable = true)
-    private Short inHistory;
-
-    /**
-     * 5.2.5  pwdCheckQuality
-     * <p/>
-     * This attribute indicates how the password quality will be verified
-     * while being modified or added.  If this attribute is not present, or
-     * if the value is '0', quality checking will not be enforced.  A value
-     * of '1' indicates that the server will check the quality, and if the
-     * server is unable to check it (due to a hashed password or other
-     * reasons) it will be accepted.  A value of '2' indicates that the
-     * server will check the quality, and if the server is unable to verify
-     * it, it will return an error refusing the password.
-     */
-    @XmlElement(nillable = true)
-    private Short checkQuality;
-
-    /**
-     * 5.2.6  pwdMinLength
-     * <p/>
-     * When quality checking is enabled, this attribute holds the minimum
-     * number of characters that must be used in a password.  If this
-     * attribute is not present, no minimum password length will be
-     * enforced.  If the server is unable to check the length (due to a
-     * hashed password or otherwise), the server will, depending on the
-     * value of the pwdCheckQuality attribute, either accept the password
-     * without checking it ('0' or '1') or refuse it ('2').
-     */
-    @XmlElement(nillable = true)
-    private Short minLength;
-
-    /**
-     * 5.2.7  pwdExpireWarning
-     * <p/>
-     * This attribute specifies the maximum number of seconds before a
-     * password is due to expire that expiration warning messages will be
-     * returned to an authenticating user.
-     * <p/>
-     * If this attribute is not present, or if the value is 0 no warnings
-     * will be returned.  If not 0, the value must be smaller than the value
-     * of the pwdMaxAge attribute.
-     */
-    @XmlElement(nillable = true)
-    private Long expireWarning;
-
-    /**
-     * 5.2.8  pwdGraceAuthNLimit
-     * <p/>
-     * This attribute specifies the number of times an expired password can
-     * be used to authenticate.  If this attribute is not present or if the
-     * value is 0, authentication will fail.
-     */
-    @XmlElement(nillable = true)
-    private Short graceLoginLimit;
-
-    /**
-     * 5.2.9  pwdLockout
-     * <p/>
-     * This attribute indicates, when its value is "TRUE", that the password
-     * may not be used to authenticate after a specified number of
-     * consecutive failed bind attempts.  The maximum number of consecutive
-     * failed bind attempts is specified in pwdMaxFailure.
-     * <p/>
-     * If this attribute is not present, or if the value is "FALSE", the
-     * password may be used to authenticate when the number of failed bind
-     * attempts has been reached.
-     */
-    @XmlElement(nillable = true)
-    private Boolean lockout;
-
-    /**
-     * 5.2.10  pwdLockoutDuration
-     * <p/>
-     * This attribute holds the number of seconds that the password cannot
-     * be used to authenticate due to too many failed bind attempts.  If
-     * this attribute is not present, or if the value is 0 the password
-     * cannot be used to authenticate until reset by a password
-     * administrator.
-     */
-    @XmlElement(nillable = true)
-    private Integer lockoutDuration;
-
-    /**
-     * 5.2.11  pwdMaxFailure
-     * <p/>
-     * This attribute specifies the number of consecutive failed bind
-     * attempts after which the password may not be used to authenticate.
-     * If this attribute is not present, or if the value is 0, this policy
-     * is not checked, and the value of pwdLockout will be ignored.
-     */
-    @XmlElement(nillable = true)
-    private Short maxFailure;
-
-    /**
-     * 5.2.12  pwdFailureCountInterval
-     * <p/>
-     * This attribute holds the number of seconds after which the password
-     * failures are purged from the failure counter, even though no
-     * successful authentication occurred.
-     * <p/>
-     * If this attribute is not present, or if its value is 0, the failure
-     * counter is only reset by a successful authentication.
-     */
-    @XmlElement(nillable = true)
-    private Short failureCountInterval;
-
-    /**
-     * 5.2.13  pwdMustChange
-     * <p/>
-     * This attribute specifies with a value of "TRUE" that users must
-     * change their passwords when they first bind to the directory after a
-     * password is set or reset by a password administrator.  If this
-     * attribute is not present, or if the value is "FALSE", users are not
-     * required to change their password upon binding after the password
-     * administrator sets or resets the password.  This attribute is not set
-     * due to any actions specified by this document, it is typically set by
-     * a password administrator after resetting a user's password.
-     */
-    @XmlElement(nillable = true)
-    private Boolean mustChange;
-
-    /**
-     * 5.2.14  pwdAllowUserChange
-     * <p/>
-     * This attribute indicates whether users can change their own
-     * passwords, although the change operation is still subject to access
-     * control.  If this attribute is not present, a value of "TRUE" is
-     * assumed.  This attribute is intended to be used in the absence of an
-     * access control mechanism.
-     */
-    @XmlElement(nillable = true)
-    private Boolean allowUserChange;
-
-    /**
-     * 5.2.15  pwdSafeModify
-     * <p/>
-     * This attribute specifies whether or not the existing password must be
-     * sent along with the new password when being changed.  If this
-     * attribute is not present, a "FALSE" value is assumed.
-     */
-    @XmlElement(nillable = true)
-    private Boolean safeModify;
-
-    /**
-     * Default constructor is used by internal Fortress classes and not intended for external use.
-     */
-    public PwPolicy()
-    {
-    }
-    
-
-    /**
-     * Create instance given a policy name.
-     * @param name
-     */
-    public PwPolicy(String name)
-    {
-        this.name = name;
-    }
-
-
-    /**
-     * Get the policy name associated with this instance.
-     * @return attribute stored as 'cn' in 'pwdPolicy' object class.
-     */
-    public String getName()
-    {
-        return name;
-    }
-    
-
-    /**
-     * Set the required attribute policy name on this entity.
-     * @param name stored as 'cn' in 'pwdPolicy' object class.
-     */
-    public void setName(String name)
-    {
-        this.name = name;
-    }
-    
-
-    /**
-     * This optional attribute holds the number of seconds that must elapse between
-     * modifications to the password. If this attribute is not present, 0
-     * seconds is assumed.
-     *
-     * @return attribute stored as 'pwdMinAge' in 'pwdPolicy' object class.
-     */
-    public Integer getMinAge()
-    {
-        return minAge;
-    }
-    
-
-    /**
-     * This optional attribute holds the number of seconds that must elapse between
-     * modifications to the password. If this attribute is not present, 0
-     * seconds is assumed.
-     *
-     * @param minAge stored as 'pwdMinAge' in 'pwdPolicy' object class.
-     */
-    public void setMinAge(Integer minAge)
-    {
-        this.minAge = minAge;
-    }
-    
-
-    /**
-     * This optional attribute holds the number of seconds after which a modified
-     * password will expire.
-     * If this attribute is not present, or if the value is 0 the password
-     * does not expire. If not 0, the value must be greater than or equal
-     * to the value of the pwdMinAge.
-     *
-     * @return attribute stored as 'pwdMaxAge' in 'pwdPolicy' object class.
-     */
-    public Long getMaxAge()
-    {
-        return maxAge;
-    }
-    
-
-    /**
-     * This optional attribute holds the number of seconds after which a modified
-     * password will expire.
-     * If this attribute is not present, or if the value is 0 the password
-     * does not expire. If not 0, the value must be greater than or equal
-     * to the value of the pwdMinAge.
-     *
-     * @param maxAge attribute stored as 'pwdMaxAge' in 'pwdPolicy' object class.
-     */
-    public void setMaxAge(Long maxAge)
-    {
-        this.maxAge = maxAge;
-    }
-    
-
-    /**
-     * This optional attribute specifies the maximum number of used passwords stored
-     * in the pwdHistory attribute.
-     * If this attribute is not present, or if the value is 0, used
-     * passwords are not stored in the pwdInHistory attribute and thus may be
-     * reused.
-     *
-     * @return attribute stored as 'pwdInHistory' in 'pwdPolicy' object class.
-     */
-    public Short getInHistory()
-    {
-        return inHistory;
-    }
-    
-
-    /**
-     * This optional attribute specifies the maximum number of used passwords stored
-     * in the pwdHistory attribute.
-     * If this attribute is not present, or if the value is 0, used
-     * passwords are not stored in the pwdInHistory attribute and thus may be
-     * reused.
-     *
-     * @param inHistory attribute stored as 'pwdInHistory' in 'pwdPolicy' object class.
-     */
-    public void setInHistory(Short inHistory)
-    {
-        this.inHistory = inHistory;
-    }
-    
-
-    /**
-     * This optional attribute is not currently supported by Fortress.
-     * This attribute indicates how the password quality will be verified
-     * while being modified or added. If this attribute is not present, or
-     * if the value is '0', quality checking will not be enforced. A value
-     * of '1' indicates that the server will check the quality, and if the
-     * server is unable to check it (due to a hashed password or other
-     * reasons) it will be accepted. A value of '2' indicates that the
-     * server will check the quality, and if the server is unable to verify
-     * it, it will return an error refusing the password.
-     *
-     * @return attribute stored as 'pwdCheckQuality' in 'pwdPolicy' object class.
-     */
-    public Short getCheckQuality()
-    {
-        return checkQuality;
-    }
-    
-
-    /**
-     * This optional attribute is not currently supported by Fortress.
-     * This attribute indicates how the password quality will be verified
-     * while being modified or added. If this attribute is not present, or
-     * if the value is '0', quality checking will not be enforced. A value
-     * of '1' indicates that the server will check the quality, and if the
-     * server is unable to check it (due to a hashed password or other
-     * reasons) it will be accepted. A value of '2' indicates that the
-     * server will check the quality, and if the server is unable to verify
-     * it, it will return an error refusing the password.
-     *
-     * @param checkQuality attribute stored as 'pwdCheckQuality' in 'pwdPolicy' object class.
-     */
-    public void setCheckQuality(Short checkQuality)
-    {
-        this.checkQuality = checkQuality;
-    }
-    
-
-    /**
-     * When quality checking is enabled, this optional attribute holds the minimum
-     * number of characters that must be used in a password. If this
-     * attribute is not present, no minimum password length will be
-     * enforced. If the server is unable to check the length (due to a
-     * hashed password or otherwise), the server will, depending on the
-     * value of the pwdCheckQuality attribute, either accept the password
-     * without checking it ('0' or '1') or refuse it ('2').
-     *
-     * @return attribute stored as 'pwdMinLength' in 'pwdPolicy' object class.
-     */
-    public Short getMinLength()
-    {
-        return minLength;
-    }
-    
-
-    /**
-     * When quality checking is enabled, this optional attribute holds the minimum
-     * number of characters that must be used in a password. If this
-     * attribute is not present, no minimum password length will be
-     * enforced. If the server is unable to check the length (due to a
-     * hashed password or otherwise), the server will, depending on the
-     * value of the pwdCheckQuality attribute, either accept the password
-     * without checking it ('0' or '1') or refuse it ('2').
-     *
-     * @param minLength attribute stored as 'pwdMinLength' in 'pwdPolicy' object class.
-     */
-    public void setMinLength(Short minLength)
-    {
-        this.minLength = minLength;
-    }
-    
-
-    /**
-     * This optional attribute specifies the maximum number of seconds before a
-     * password is due to expire that expiration warning messages will be
-     * returned to an authenticating user.
-     * If this attribute is not present, or if the value is 0 no warnings
-     * will be returned. If not 0, the value must be smaller than the value
-     * of the pwdMaxAge attribute.
-     *
-     * @return attribute stored as 'pwdExpireWarning' in 'pwdPolicy' object class.
-     */
-    public Long getExpireWarning()
-    {
-        return expireWarning;
-    }
-    
-
-    /**
-     * This optional attribute specifies the maximum number of seconds before a
-     * password is due to expire that expiration warning messages will be
-     * returned to an authenticating user.
-     * If this attribute is not present, or if the value is 0 no warnings
-     * will be returned. If not 0, the value must be smaller than the value
-     * of the pwdMaxAge attribute.
-     *
-     * @param expireWarning attribute stored as 'pwdExpireWarning' in 'pwdPolicy' object class.
-     */
-    public void setExpireWarning(Long expireWarning)
-    {
-        this.expireWarning = expireWarning;
-    }
-    
-
-    /**
-     * This optional attribute specifies the number of times an expired password can
-     * be used to authenticate. If this attribute is not present or if the
-     * value is 0, authentication will fail.
-     *
-     * @return attribute stored as 'pwdGraceAuthNLimit' in 'pwdPolicy' object class.
-     */
-    public Short getGraceLoginLimit()
-    {
-        return graceLoginLimit;
-    }
-    
-
-    /**
-     * This optional attribute specifies the number of times an expired password can
-     * be used to authenticate. If this attribute is not present or if the
-     * value is 0, authentication will fail.
-     *
-     * @param graceLoginLimit attribute stored as 'pwdGraceAuthNLimit' in 'pwdPolicy' object class.
-     */
-    public void setGraceLoginLimit(Short graceLoginLimit)
-    {
-        this.graceLoginLimit = graceLoginLimit;
-    }
-    
-
-    /**
-     * This optional attribute indicates, when its value is "TRUE", that the password
-     * may not be used to authenticate after a specified number of
-     * consecutive failed bind attempts. The maximum number of consecutive
-     * failed bind attempts is specified in pwdMaxFailure.
-     * If this attribute is not present, or if the value is "FALSE", the
-     * password may be used to authenticate when the number of failed bind
-     * attempts has been reached.
-     *
-     * @return attribute stored as 'pwdLockout' in 'pwdPolicy' object class.
-     */
-    public Boolean getLockout()
-    {
-        return lockout;
-    }
-    
-
-    /**
-     * This optional attribute indicates, when its value is "TRUE", that the password
-     * may not be used to authenticate after a specified number of
-     * consecutive failed bind attempts. The maximum number of consecutive
-     * failed bind attempts is specified in pwdMaxFailure.
-     * If this attribute is not present, or if the value is "FALSE", the
-     * password may be used to authenticate when the number of failed bind
-     * attempts has been reached.
-     *
-     * @param lockout attribute stored as 'pwdLockout' in 'pwdPolicy' object class.
-     */
-    public void setLockout(Boolean lockout)
-    {
-        this.lockout = lockout;
-    }
-    
-
-    /**
-     * This optional attribute holds the number of seconds that the password cannot
-     * be used to authenticate due to too many failed bind attempts. If
-     * this attribute is not present, or if the value is 0 the password
-     * cannot be used to authenticate until reset by a password
-     * administrator.
-     *
-     * @return attribute stored as 'pwdLockoutDuration' in 'pwdPolicy' object class.
-     */
-    public Integer getLockoutDuration()
-    {
-        return lockoutDuration;
-    }
-    
-
-    /**
-     * This optional attribute holds the number of seconds that the password cannot
-     * be used to authenticate due to too many failed bind attempts. If
-     * this attribute is not present, or if the value is 0 the password
-     * cannot be used to authenticate until reset by a password
-     * administrator.
-     *
-     * @param lockoutDuration attribute stored as 'pwdLockoutDuration' in 'pwdPolicy' object class.
-     */
-    public void setLockoutDuration(Integer lockoutDuration)
-    {
-        this.lockoutDuration = lockoutDuration;
-    }
-    
-
-    /**
-     * This optional attribute specifies the number of consecutive failed bind
-     * attempts after which the password may not be used to authenticate.
-     * If this attribute is not present, or if the value is 0, this policy
-     * is not checked, and the value of pwdLockout will be ignored.
-     *
-     * @return attribute stored as 'pwdMaxFailure' in 'pwdPolicy' object class.
-     */
-    public Short getMaxFailure()
-    {
-        return maxFailure;
-    }
-    
-
-    /**
-     * This optional attribute specifies the number of consecutive failed bind
-     * attempts after which the password may not be used to authenticate.
-     * If this attribute is not present, or if the value is 0, this policy
-     * is not checked, and the value of pwdLockout will be ignored.
-     *
-     * @param maxFailure attribute stored as 'pwdMaxFailure' in 'pwdPolicy' object class.
-     */
-    public void setMaxFailure(Short maxFailure)
-    {
-        this.maxFailure = maxFailure;
-    }
-    
-
-    /**
-     * This optional attribute holds the number of seconds after which the password
-     * failures are purged from the failure counter, even though no
-     * successful authentication occurred.
-     * If this attribute is not present, or if its value is 0, the failure
-     * counter is only reset by a successful authentication.
-     *
-     * @return attribute stored as 'pwdFailureCountInterval' in 'pwdPolicy' object class.
-     */
-    public Short getFailureCountInterval()
-    {
-        return failureCountInterval;
-    }
-    
-
-    /**
-     * This optional attribute holds the number of seconds after which the password
-     * failures are purged from the failure counter, even though no
-     * successful authentication occurred.
-     * If this attribute is not present, or if its value is 0, the failure
-     * counter is only reset by a successful authentication.
-     *
-     * @param failureCountInterval attribute stored as 'pwdFailureCountInterval' in 'pwdPolicy' object class.
-     */
-    public void setFailureCountInterval(Short failureCountInterval)
-    {
-        this.failureCountInterval = failureCountInterval;
-    }
-    
-
-    /**
-     * This optional attribute specifies with a value of "TRUE" that users must
-     * change their passwords when they first bind to the directory after a
-     * password is set or reset by a password administrator. If this
-     * attribute is not present, or if the value is "FALSE", users are not
-     * required to change their password upon binding after the password
-     * administrator sets or resets the password. This attribute is not set
-     * due to any actions specified by this document, it is typically set by
-     * a password administrator after resetting a user's password.
-     *
-     * @return attribute stored as 'pwdMustChange' in 'pwdPolicy' object class.
-     */
-    public Boolean getMustChange()
-    {
-        return mustChange;
-    }
-    
-
-    /**
-     * This optional attribute specifies with a value of "TRUE" that users must
-     * change their passwords when they first bind to the directory after a
-     * password is set or reset by a password administrator. If this
-     * attribute is not present, or if the value is "FALSE", users are not
-     * required to change their password upon binding after the password
-     * administrator sets or resets the password. This attribute is not set
-     * due to any actions specified by this document, it is typically set by
-     * a password administrator after resetting a user's password.
-     *
-     * @param mustChange attribute stored as 'pwdMustChange' in 'pwdPolicy' object class.
-     */
-    public void setMustChange(Boolean mustChange)
-    {
-        this.mustChange = mustChange;
-    }
-    
-
-    /**
-     * This optional attribute indicates whether users can change their own
-     * passwords, although the change operation is still subject to access
-     * control. If this attribute is not present, a value of "TRUE" is
-     * assumed. This attribute is intended to be used in the absence of an
-     * access control mechanism.
-     *
-     * @return attribute stored as 'pwdAllowUserChange' in 'pwdPolicy' object class.
-     */
-    public Boolean getAllowUserChange()
-    {
-        return allowUserChange;
-    }
-    
-
-    /**
-     * This optional attribute indicates whether users can change their own
-     * passwords, although the change operation is still subject to access
-     * control. If this attribute is not present, a value of "TRUE" is
-     * assumed. This attribute is intended to be used in the absence of an
-     * access control mechanism.
-     *
-     * @param allowUserChange attribute stored as 'pwdAllowUserChange' in 'pwdPolicy' object class.
-     */
-    public void setAllowUserChange(Boolean allowUserChange)
-    {
-        this.allowUserChange = allowUserChange;
-    }
-    
-
-    /**
-     * This optional attribute specifies whether or not the existing password must be
-     * sent along with the new password when being changed. If this
-     * attribute is not present, a "FALSE" value is assumed.
-     *
-     * @return attribute stored as 'pwdSafeModify' in 'pwdPolicy' object class.
-     */
-    public Boolean getSafeModify()
-    {
-        return safeModify;
-    }
-    
-
-    /**
-     * This optional attribute specifies whether or not the existing password must be
-     * sent along with the new password when being changed. If this
-     * attribute is not present, a "FALSE" value is assumed.
-     *
-     * @param safeModify attribute stored as 'pwdSafeModify' in 'pwdPolicy' object class.
-     */
-    public void setSafeModify(Boolean safeModify)
-    {
-        this.safeModify = safeModify;
-    }
-    
-
-    /**
-     * Matches the name from two PwPolicy entities.
-     *
-     * @param thatObj contains a Role entity.
-     * @return boolean indicating both objects contain matching PwPolicy names.
-     */
-    public boolean equals(Object thatObj)
-    {
-        if ( this == thatObj )
-        {
-            return true;
-        }
-        
-        if ( this.getName() == null )
-        {
-            return false;
-        }
-        
-        if ( !( thatObj instanceof PwPolicy ) )
-        {
-            return false;
-        }
-        
-        PwPolicy thatPolicy = (PwPolicy) thatObj;
-        
-        if ( thatPolicy.getName() == null )
-        {
-            return false;
-        }
-        
-        return thatPolicy.getName().equalsIgnoreCase( this.getName() );
-    }
-
-    @Override
-    public int hashCode()
-    {
-        int result = name != null ? name.hashCode() : 0;
-        result = 31 * result + ( attribute != null ? attribute.hashCode() : 0 );
-        result = 31 * result + ( minAge != null ? minAge.hashCode() : 0 );
-        result = 31 * result + ( maxAge != null ? maxAge.hashCode() : 0 );
-        result = 31 * result + ( inHistory != null ? inHistory.hashCode() : 0 );
-        result = 31 * result + ( checkQuality != null ? checkQuality.hashCode() : 0 );
-        result = 31 * result + ( minLength != null ? minLength.hashCode() : 0 );
-        result = 31 * result + ( expireWarning != null ? expireWarning.hashCode() : 0 );
-        result = 31 * result + ( graceLoginLimit != null ? graceLoginLimit.hashCode() : 0 );
-        result = 31 * result + ( lockout != null ? lockout.hashCode() : 0 );
-        result = 31 * result + ( lockoutDuration != null ? lockoutDuration.hashCode() : 0 );
-        result = 31 * result + ( maxFailure != null ? maxFailure.hashCode() : 0 );
-        result = 31 * result + ( failureCountInterval != null ? failureCountInterval.hashCode() : 0 );
-        result = 31 * result + ( mustChange != null ? mustChange.hashCode() : 0 );
-        result = 31 * result + ( allowUserChange != null ? allowUserChange.hashCode() : 0 );
-        result = 31 * result + ( safeModify != null ? safeModify.hashCode() : 0 );
-        return result;
-    }
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "PwPolicy object: \n" );
-
-        sb.append( "    attribute :" ).append( attribute ).append( '\n' );
-        sb.append( "    maxAge :" ).append( maxAge ).append( '\n' );
-        sb.append( "    minAge :" ).append( minAge ).append( '\n' );
-        sb.append( "    allowUserChange :" ).append( allowUserChange ).append( '\n' );
-        sb.append( "    checkQuality :" ).append( checkQuality ).append( '\n' );
-        sb.append( "    expireWarning :" ).append( expireWarning ).append( '\n' );
-        sb.append( "    failureCountInterval :" ).append( failureCountInterval ).append( '\n' );
-        sb.append( "    graceLoginLimit :" ).append( graceLoginLimit ).append( '\n' );
-        sb.append( "    inHistory :" ).append( inHistory ).append( '\n' );
-        sb.append( "    lockout :" ).append( lockout ).append( '\n' );
-        sb.append( "    lockoutDuration :" ).append( lockoutDuration ).append( '\n' );
-        sb.append( "    maxFailure :" ).append( maxFailure ).append( '\n' );
-        sb.append( "    minLength :" ).append( minLength ).append( '\n' );
-        sb.append( "    mustChange :" ).append( mustChange ).append( '\n' );
-        sb.append( "    name :" ).append( name ).append( '\n' );
-        sb.append( "    safeModify :" ).append( safeModify ).append( '\n' );
-
-        return sb.toString();
-    }
-}
\ No newline at end of file


Mime
View raw message