directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [17/51] [partial] directory-fortress-core git commit: FC-109 - rename rbac package to impl
Date Tue, 02 Jun 2015 18:36:42 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/ba64d26a/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
new file mode 100755
index 0000000..3a27f61
--- /dev/null
+++ b/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
@@ -0,0 +1,2089 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.impl;
+
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.apache.directory.fortress.core.model.AdminRole;
+import org.apache.directory.fortress.core.model.OrgUnit;
+import org.apache.directory.fortress.core.model.PermObj;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.User;
+import org.apache.directory.fortress.core.model.UserAdminRole;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.apache.directory.fortress.core.AccessMgr;
+import org.apache.directory.fortress.core.AccessMgrFactory;
+import org.apache.directory.fortress.core.DelAccessMgr;
+import org.apache.directory.fortress.core.DelAccessMgrFactory;
+import org.apache.directory.fortress.core.DelAdminMgr;
+import org.apache.directory.fortress.core.DelAdminMgrFactory;
+import org.apache.directory.fortress.core.DelReviewMgr;
+import org.apache.directory.fortress.core.DelReviewMgrFactory;
+import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.ReviewMgr;
+import org.apache.directory.fortress.core.ReviewMgrFactory;
+import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.util.LogUtil;
+
+
+/**
+ * DelegatedMgrImpl Tester.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+  */
+public class DelegatedMgrImplTest extends TestCase
+{
+    private static final String CLS_NM = DelegatedMgrImplTest.class.getName();
+    private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
+
+
+    public DelegatedMgrImplTest( String name )
+    {
+        super( name );
+    }
+
+    private static Session adminSess = null;
+
+
+    public void setUp() throws Exception
+    {
+        super.setUp();
+    }
+
+
+    public void tearDown() throws Exception
+    {
+        super.tearDown();
+    }
+
+
+    public static Test suitex()
+    {
+        TestSuite suite = new TestSuite();
+        suite.addTest( new DelegatedMgrImplTest( "testRevokePermissionRole" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testDeassignAdminUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testDeleteUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testDeletePermission" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testDeleteRole" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testDeleteOrgInheritance" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testDeleteOrgUnit" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testDeleteAdminUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testAddAdminUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testAddOrgUnit" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testUpdateOrgUnit" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testAddOrgInheritance" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testReadOrgUnit" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testSearchOrgUnits" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testAddRole" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testAddUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testAddPermission" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testAssignAdminUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testGrantPermissionRole" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testCheckAccess" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testCanAssignUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testCanDeassignUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testCanGrantPerm" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testCanRevokePerm" ) );
+
+        return suite;
+    }
+
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite();
+        suite.addTest( new DelegatedMgrImplTest( "testAddAdminUser" ) );
+
+        return suite;
+    }
+
+    public void testAddAdminUser()
+    {
+        // These fortress delegated admin policies are needed for junit test but may have been created by an ant script so won't need to be created here:
+        if(loadAdminRequired( "LOAD-ADMIN AROLES_SUPER", AdminRoleTestData.AROLES_SUPER ))
+        {
+            addOrgUnit( "ADD ORG_PRM_APP0", OrgUnitTestData.ORGS_PRM_APP0[0] );
+            addOrgUnit( "ADD ORG_USR_DEV0", OrgUnitTestData.ORGS_USR_DEV0[0] );
+
+            addAdminRoles( "ADD-ARLS SUPER", AdminRoleTestData.AROLES_SUPER, false );
+            AdminMgrImplTest.addPermObjs( "ADD-OBS PSWDMGR_OBJ", PermTestData.PSWDMGR_OBJ, false, false );
+            AdminMgrImplTest.addPermObjs( "ADD-OBS ADMINMGR_OBJ", PermTestData.ADMINMGR_OBJ, false, false );
+            AdminMgrImplTest.addPermObjs( "ADD-OBS DELEGATEDMGR_OBJ", PermTestData.DELEGATEDMGR_OBJ, false, false );
+            AdminMgrImplTest.addPermObjs( "ADD-OBS DELEGATEDREVIEWMGR_OBJ", PermTestData.DELEGATEDREVIEWMGR_OBJ, false,
+                false );
+            AdminMgrImplTest.addPermObjs( "ADD-OBS REVIEWMGR_OBJ", PermTestData.REVIEWMGR_OBJ, false, false );
+            AdminMgrImplTest.addPermOps( "ADD-OPS PSWDMGR_OBJ PSWDMGR_OPS", PermTestData.PSWDMGR_OBJ,
+                PermTestData.PSWDMGR_OPS, false, false );
+            AdminMgrImplTest.addPermOps( "ADD-OPS ADMINMGR_OBJ ADMINMGR_OPS", PermTestData.ADMINMGR_OBJ,
+                PermTestData.ADMINMGR_OPS, false, false );
+            AdminMgrImplTest.addPermOps( "ADD-OPS DELEGATEDMGR_OBJ DELEGATEDMGR_OPS", PermTestData.DELEGATEDMGR_OBJ,
+                PermTestData.DELEGATEDMGR_OPS, false, false );
+            AdminMgrImplTest.addPermOps( "ADD-OPS DELEGATEDREVIEWMGR_OBJ DELEGATEDREVIEWMGR_OPS",
+                PermTestData.DELEGATEDREVIEWMGR_OBJ, PermTestData.DELEGATEDREVIEWMGR_OPS, false, false );
+            AdminMgrImplTest.addPermOps( "ADD-OPS REVIEWMGR_OBJ REVIEWMGR_OPS", PermTestData.REVIEWMGR_OBJ,
+                PermTestData.REVIEWMGR_OPS, false, false );
+            AdminMgrImplTest.addRoleGrants( "GRNT-APRMS SUPER PSWDMGR_OBJ PSWDMGR_OPS", AdminRoleTestData.AROLES_SUPER,
+                PermTestData.PSWDMGR_OBJ, PermTestData.PSWDMGR_OPS, false, false );
+            AdminMgrImplTest.addRoleGrants( "GRNT-APRMS SUPER ADMINMGR_OBJ ADMINMGR_OPS", AdminRoleTestData.AROLES_SUPER,
+                PermTestData.ADMINMGR_OBJ, PermTestData.ADMINMGR_OPS, false, false );
+            AdminMgrImplTest.addRoleGrants( "GRNT-APRMS SUPER DELEGATEDMGR_OBJ DELEGATEDMGR_OPS",
+                AdminRoleTestData.AROLES_SUPER, PermTestData.DELEGATEDMGR_OBJ, PermTestData.DELEGATEDMGR_OPS, false, false );
+            AdminMgrImplTest.addRoleGrants( "GRNT-APRMS SUPER DELEGATEDREVIEWMGR_OBJ DELEGATEDREVIEWMGR_OPS",
+                AdminRoleTestData.AROLES_SUPER, PermTestData.DELEGATEDREVIEWMGR_OBJ, PermTestData.DELEGATEDREVIEWMGR_OPS,
+                false, false );
+            AdminMgrImplTest.addRoleGrants( "GRNT-APRMS SUPER REVIEWMGR_OBJ REVIEWMGR_OPS", AdminRoleTestData.AROLES_SUPER,
+                PermTestData.REVIEWMGR_OBJ, PermTestData.REVIEWMGR_OPS, false, false );
+            AdminMgrImplTest.addPermObjs( "ADD-OBS AUDITMGR_OBJ", PermTestData.AUDITMGR_OBJ, false, true );
+            AdminMgrImplTest.addPermOps( "ADD-OPS AUDITMGR_OBJ AUDITMGR_OPS", PermTestData.AUDITMGR_OBJ,
+                PermTestData.AUDITMGR_OPS, false, true );
+            AdminMgrImplTest.addRoleGrants( "GRNT-APRMS SUPER AUDITMGR_OBJ AUDITMGR_OPS", AdminRoleTestData.AROLES_SUPER,
+                PermTestData.AUDITMGR_OBJ, PermTestData.AUDITMGR_OPS, false, true );
+        }
+
+        PswdPolicyMgrImplTest.add( "ADD " + TestUtils.getDataLabel( PolicyTestData.class, "POLICIES_BASE" ), PolicyTestData.POLICIES_BASE, true );
+        AdminMgrImplTest.addUsers( "ADD-USRS TU0", UserTestData.USERS_TU0, false );
+        assignAdminUsers( "ASGN-USRS TU0 SUPER", UserTestData.USERS_TU0, AdminRoleTestData.AROLES_SUPER, false );
+    }
+
+    private static boolean loadAdminRequired( String msg, String[][] rArray )
+    {
+        // default return is 'true':
+        boolean loadAdmin = true;
+        String methodName = ".loadAdminRequired";
+        LogUtil.logIt( msg );
+        try
+        {
+            DelReviewMgr dReviewMgr = getDelegatedReviewMgr();
+            for ( String[] rle : rArray )
+            {
+                AdminRole entity = dReviewMgr.readRole( new AdminRole( RoleTestData.getName( rle ) ) );
+                if(entity == null)
+                {
+                    break;
+                }
+                //AdminRoleTestData.assertEquals( entity, rle );
+            }
+            // if we get to here it means that admin role has already been loaded
+            loadAdmin = false;
+        }
+        catch ( SecurityException ex )
+        {
+            // This is the expected when teardown is not required:
+            if ( ex.getErrorId() == GlobalErrIds.ROLE_NOT_FOUND )
+            {
+                // did not find so need to load admin roles
+            }
+            else
+            {
+                // Something unexpected occurred here, Report as warning to the logger:
+                String warning = methodName + " caught SecurityException=" + ex.getMessage();
+                LOG.warn( warning );
+                // TODO: Determine if it would be better to throw a SecurityException here.
+            }
+        }
+        LOG.info( methodName + ":" + loadAdmin );
+        return loadAdmin;
+    }
+
+
+    public void testDeleteAdminUser()
+    {
+        deassignAdminUsers( "DEASGN-USRS TU0 SUPER", UserTestData.USERS_TU0, AdminRoleTestData.AROLES_SUPER, false );
+        AdminMgrImplTest.deleteUsers( "DEL-USRS TU0", UserTestData.USERS_TU0, true, false );
+        AdminMgrImplTest.delRoleGrants( "REVK-APRMS SUPER AUDITMGR_OBJ AUDITMGR_OPS", AdminRoleTestData.AROLES_SUPER,
+            PermTestData.AUDITMGR_OBJ, PermTestData.AUDITMGR_OPS, false );
+        AdminMgrImplTest.delRoleGrants( "REVK-APRMS SUPER REVIEWMGR_OBJ REVIEWMGR_OPS", AdminRoleTestData.AROLES_SUPER,
+            PermTestData.REVIEWMGR_OBJ, PermTestData.REVIEWMGR_OPS, false );
+        AdminMgrImplTest.delRoleGrants( "REVK-APRMS SUPER PSWDMGR_OBJ PSWDMGR_OPS", AdminRoleTestData.AROLES_SUPER,
+            PermTestData.PSWDMGR_OBJ, PermTestData.PSWDMGR_OPS, false );
+        AdminMgrImplTest.delRoleGrants( "REVK-APRMS SUPER ADMINMGR_OBJ ADMINMGR_OPS", AdminRoleTestData.AROLES_SUPER,
+            PermTestData.ADMINMGR_OBJ, PermTestData.ADMINMGR_OPS, false );
+        AdminMgrImplTest.delRoleGrants( "REVK-APRMS SUPER DELEGATEDREVIEWMGR_OBJ DELEGATEDREVIEWMGR_OPS",
+            AdminRoleTestData.AROLES_SUPER, PermTestData.DELEGATEDREVIEWMGR_OBJ, PermTestData.DELEGATEDREVIEWMGR_OPS,
+            false );
+        AdminMgrImplTest.delRoleGrants( "REVK-APRMS SUPER DELEGATEDMGR_OBJ DELEGATEDMGR_OPS",
+            AdminRoleTestData.AROLES_SUPER, PermTestData.DELEGATEDMGR_OBJ, PermTestData.DELEGATEDMGR_OPS, false );
+        AdminMgrImplTest.delPermOps( "DEL-OPS AUDITMGR_OBJ AUDITMGR_OPS ", PermTestData.AUDITMGR_OBJ,
+            PermTestData.AUDITMGR_OPS, false, false );
+        AdminMgrImplTest.delPermOps( "DEL-OPS REVIEWMGR_OBJ REVIEWMGR_OPS ", PermTestData.REVIEWMGR_OBJ,
+            PermTestData.REVIEWMGR_OPS, false, false );
+        AdminMgrImplTest.delPermOps( "DEL-OPS PSWDMGR_OBJ PSWDMGR_OPS", PermTestData.PSWDMGR_OBJ,
+            PermTestData.PSWDMGR_OPS, false, false );
+        AdminMgrImplTest.delPermOps( "DEL-OPS ADMINMGR_OBJ ADMINMGR_OPS ", PermTestData.ADMINMGR_OBJ,
+            PermTestData.ADMINMGR_OPS, false, false );
+        AdminMgrImplTest.delPermOps( "DEL-OPS DELEGATEDREVIEWMGR_OBJ DELEGATEDREVIEWMGR_OPS ",
+            PermTestData.DELEGATEDREVIEWMGR_OBJ, PermTestData.DELEGATEDREVIEWMGR_OPS, false, false );
+        AdminMgrImplTest.delPermOps( "DEL-OPS DELEGATEDMGR_OBJ DELEGATEDMGR_OPS ", PermTestData.DELEGATEDMGR_OBJ,
+            PermTestData.DELEGATEDMGR_OPS, false, false );
+        AdminMgrImplTest.delPermObjs( "DEL-OBJS AUDITMGR_OBJ", PermTestData.AUDITMGR_OBJ, false );
+        AdminMgrImplTest.delPermObjs( "DEL-OBJS REVIEWMGR_OBJ", PermTestData.REVIEWMGR_OBJ, false );
+        AdminMgrImplTest.delPermObjs( "DEL-OBJS PSWDMGR_OBJ", PermTestData.PSWDMGR_OBJ, false );
+        AdminMgrImplTest.delPermObjs( "DEL-OBJS ADMINMGR_OBJ", PermTestData.ADMINMGR_OBJ, false );
+        AdminMgrImplTest.delPermObjs( "DEL-OBJS DELEGATEDREVIEWMGR_OBJ", PermTestData.DELEGATEDREVIEWMGR_OBJ, false );
+        AdminMgrImplTest.delPermObjs( "DEL-OBJS DELEGATEDMGR_OBJ", PermTestData.DELEGATEDMGR_OBJ, false );
+        deleteAdminRoles( "DEL-ARLS SUPER", AdminRoleTestData.AROLES_SUPER, false );
+        deleteOrgUnit( "DEL ORG_USR_DEV0", OrgUnitTestData.ORGS_USR_DEV0[0] );
+        deleteOrgUnit( "DEL ORG_PRM_APP0", OrgUnitTestData.ORGS_PRM_APP0[0] );
+    }
+
+
+    public void testAssignAdminUser()
+    {
+        //     public void assignUser(User user, Role role)
+        assignAdminUsers( "ASGN-USRS TU16 TR1", UserTestData.USERS_TU16_ARBAC, AdminRoleTestData.AROLES_TR1, true );
+        assignAdminUserRole( "ASGN-USR TU17A TR2", UserTestData.USERS_TU17A_ARBAC, AdminRoleTestData.AROLES_TR2, true );
+    }
+
+
+    /**
+     * 
+     * @param msg
+     * @param uArray
+     * @param rArray
+     */
+    public static void assignAdminUsers( String msg, String[][] uArray, String[][] rArray, boolean isAdmin )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr;
+            DelReviewMgr dReviewMgr;
+            if ( isAdmin )
+            {
+                dAdminMgr = getManagedDelegatedMgr();
+                dReviewMgr = getManagedDelegatedReviewMgr();
+            }
+            else
+            {
+                dAdminMgr = DelAdminMgrFactory.createInstance( TestUtils.getContext() );
+                dReviewMgr = DelReviewMgrFactory.createInstance( TestUtils.getContext() );
+            }
+
+            int i = 0;
+            for ( String[] usr : uArray )
+            {
+                i++;
+                for ( String[] rle : rArray )
+                {
+                    UserAdminRole uAdminRole = new UserAdminRole( UserTestData.getUserId( usr ), AdminRoleTestData
+                        .getRole( rle ).getName() );
+                    dAdminMgr.assignUser( uAdminRole );
+                    LOG.debug( "assignAdminUsers user [" + uAdminRole.getUserId() + "] role ["
+                        + uAdminRole.getName() + "] successful" );
+                    // Let's double check the number of users not associated with role:
+                    // This one retrieves the collection of all "roleOccupant" attributes associated with the role node:
+                    List<User> users = dReviewMgr.assignedUsers( AdminRoleTestData.getRole( rle ) );
+                    assertNotNull( users );
+                    assertTrue( CLS_NM + "assignAdminUsers list size check", i == users.size() );
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "assignAdminUsers caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDeassignAdminUser()
+    {
+        //     public void deassignUser(User user, Role role)
+        deassignAdminUsers( "DEASGN-USRS TU16 TR1", UserTestData.USERS_TU16_ARBAC, AdminRoleTestData.AROLES_TR1, true );
+        deassignAdminUserRole( "DEASGN-USR TU17A TR2", UserTestData.USERS_TU17A_ARBAC, AdminRoleTestData.AROLES_TR2,
+            true );
+    }
+
+
+    /**
+     * @param msg
+     * @param uArray
+     * @param rArray
+     */
+    void deassignAdminUsers( String msg, String[][] uArray, String[][] rArray, boolean isAdmin )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr;
+            DelReviewMgr dReviewMgr;
+            if ( isAdmin )
+            {
+                dAdminMgr = getManagedDelegatedMgr();
+                dReviewMgr = getManagedDelegatedReviewMgr();
+            }
+            else
+            {
+                dAdminMgr = DelAdminMgrFactory.createInstance( TestUtils.getContext() );
+                dReviewMgr = DelReviewMgrFactory.createInstance( TestUtils.getContext() );
+            }
+            int i = 0;
+            for ( String[] usr : uArray )
+            {
+                i++;
+                for ( String[] rle : rArray )
+                {
+                    UserAdminRole uAdminRole = new UserAdminRole( UserTestData.getUserId( usr ), AdminRoleTestData
+                        .getRole( rle ).getName() );
+                    AdminRoleTestData.getRole( rle );
+                    dAdminMgr.deassignUser( uAdminRole );
+                    LOG.debug( "deassignAdminUsers user [" + uAdminRole.getUserId() + "] role ["
+                        + uAdminRole.getName() + "] successful" );
+                    // Let's double check the number of users associated with role:
+                    List<User> users = dReviewMgr.assignedUsers( AdminRoleTestData.getRole( rle ) );
+                    assertNotNull( users );
+
+                    // If this is the last user deassigned from role, both lists will be returned empty:
+                    if ( i == uArray.length )
+                    {
+                        assertTrue( users.size() == 0 );
+                    }
+                    else
+                    {
+                        assertTrue( CLS_NM + "deassignAdminUsers list size check",
+                            ( rArray.length - i ) == users.size() );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "deassignAdminUsers caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public static void assignAdminUserRole( String msg, String[][] uArray, String[][] rArray, boolean isAdmin )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr;
+            if ( isAdmin )
+            {
+                dAdminMgr = getManagedDelegatedMgr();
+            }
+            else
+            {
+                dAdminMgr = DelAdminMgrFactory.createInstance( TestUtils.getContext() );
+            }
+            int i = 0;
+            for ( String[] usr : uArray )
+            {
+                UserAdminRole uAdminRole = new UserAdminRole( UserTestData.getUserId( usr ), AdminRoleTestData.getRole(
+                    rArray[i] ).getName() );
+                dAdminMgr.assignUser( uAdminRole );
+                i++;
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "assignAdminUsers caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    void deassignAdminUserRole( String msg, String[][] uArray, String[][] rArray, boolean isAdmin )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr;
+            if ( isAdmin )
+            {
+                dAdminMgr = getManagedDelegatedMgr();
+            }
+            else
+            {
+                dAdminMgr = DelAdminMgrFactory.createInstance( TestUtils.getContext() );
+            }
+            int i = 0;
+            for ( String[] usr : uArray )
+            {
+                UserAdminRole uAdminRole = new UserAdminRole( UserTestData.getUserId( usr ), AdminRoleTestData.getRole(
+                    rArray[i] ).getName() );
+                dAdminMgr.deassignUser( uAdminRole );
+                i++;
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "deassignAdminUserRole caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddUser()
+    {
+        //     public User addUser(User user)
+        // the admin user must be added before the "addUsers" can be called:
+        //AdminMgrImplTest.addAdminUser("ADD-USRS TU0", UserTestData.USERS_TU0[0]);
+        AdminMgrImplTest.addUsers( "ADD-USRS TU16_ARBAC", UserTestData.USERS_TU16_ARBAC, true );
+        AdminMgrImplTest.addUsers( "ADD-USRS TU16B_ARBAC", UserTestData.USERS_TU16B_ARBAC, true );
+        AdminMgrImplTest.addUsers( "ADD-USRS TU16A_ARBAC", UserTestData.USERS_TU17A_ARBAC, true );
+        AdminMgrImplTest.addUsers( "ADD-USRS TU16U_ARBAC", UserTestData.USERS_TU17U_ARBAC, true );
+
+    }
+
+
+    public void testDeleteUser()
+    {
+        //     public void disableUser(User user)
+        AdminMgrImplTest.deleteUsers( "DEL-USRS TU16B_ARBAC", UserTestData.USERS_TU16B_ARBAC, true, true );
+        AdminMgrImplTest.deleteUsers( "DEL-USRS TU16_ARBAC", UserTestData.USERS_TU16_ARBAC, true, true );
+        AdminMgrImplTest.deleteUsers( "DEL-USRS TU16A_ARBAC", UserTestData.USERS_TU17A_ARBAC, true, true );
+        AdminMgrImplTest.deleteUsers( "DEL-USRS TU16U_ARBAC", UserTestData.USERS_TU17U_ARBAC, true, true );
+    }
+
+
+    public void testAddPermission()
+    {
+        //     public Permission addPermObj(Permission pOp)
+        AdminMgrImplTest.addPermObjs( "ADD-OBS TOB5", PermTestData.OBJS_TOB5, true, false );
+        AdminMgrImplTest.addPermObjs( "ADD-OBS ARBAC1", PermTestData.ARBAC_OBJS_1, true, false );
+        AdminMgrImplTest
+            .addPermOps( "ADD-OPS ARBAC1", PermTestData.ARBAC_OBJS_1, PermTestData.ARBAC_OPS_1, true, false );
+        AdminMgrImplTest.addPermObjs( "ADD-OBS ARBAC2", PermTestData.ARBAC_OBJ2, true, false );
+        AdminMgrImplTest.addPermOps( "ADD-OPS ARBAC2", PermTestData.ARBAC_OBJ2, PermTestData.ARBAC_OPS_2, true, false );
+    }
+
+
+    public void testDeletePermission()
+    {
+        //     public void deletePermission(Permission pOp)
+        AdminMgrImplTest.delPermObjs( "DEL-OBJS TOB5", PermTestData.OBJS_TOB5, true );
+        AdminMgrImplTest
+            .delPermOps( "DEL-OPS ARBAC1", PermTestData.ARBAC_OBJS_1, PermTestData.ARBAC_OPS_1, true, false );
+        AdminMgrImplTest.delPermObjs( "DEL-OBJS ARBAC1", PermTestData.ARBAC_OBJS_1, true );
+        AdminMgrImplTest.delPermOps( "DEL-OPS ARBAC2", PermTestData.ARBAC_OBJ2, PermTestData.ARBAC_OPS_2, true, false );
+        AdminMgrImplTest.delPermObjs( "DEL-OBS ARBAC2", PermTestData.ARBAC_OBJ2, true );
+    }
+
+
+    public void testGrantPermissionRole()
+    {
+        //     public void grantPermission(Permission pOp, Role role)
+        AdminMgrImplTest.addRoleGrants( "GRNT-APRMS ARTR2 AROBJ1 AROPS1", AdminRoleTestData.AROLES_TR2,
+            PermTestData.ARBAC_OBJS_1, PermTestData.ARBAC_OPS_1, true, false );
+    }
+
+
+    public void testRevokePermissionRole()
+    {
+        //     public void revokePermission(Permission pOp, Role role)
+        AdminMgrImplTest.delRoleGrants( "REVK-APRMS ARTR2 AROBJ1 AROPS1", AdminRoleTestData.AROLES_TR2,
+            PermTestData.ARBAC_OBJS_1, PermTestData.ARBAC_OPS_1, true );
+    }
+
+
+    public void testCheckAccess()
+    {
+        // public boolean checkAccess(String object, String operation, Session session)
+        checkAccess( "CHCK-ACS TU1_UPD TO1 TOP1 ", UserTestData.USERS_TU17A_ARBAC, PermTestData.ARBAC_OBJS_1,
+            PermTestData.ARBAC_OPS_1, PermTestData.ARBAC_OBJ2, PermTestData.ARBAC_OPS_2 );
+    }
+
+
+    public static void checkAccess( String msg, String[][] uArray, String[][] oArray, String[][] opArray,
+        String[][] oArrayBad, String[][] opArrayBad )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAccessMgr dAccessMgr = DelAccessMgrFactory.createInstance( TestUtils.getContext() );
+            AccessMgr accessMgr = ( AccessMgr ) dAccessMgr;
+            for ( String[] usr : uArray )
+            {
+                User user = UserTestData.getUser( usr );
+                Session session = accessMgr.createSession( user, false );
+
+                assertNotNull( session );
+                int i = 0;
+                for ( String[] obj : oArray )
+                {
+                    int j = 0;
+                    for ( String[] op : opArray )
+                    {
+                        // Call checkAccess method
+                        assertTrue(
+                            CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+                                + PermTestData.getName( obj ) + "] operationName [" + PermTestData.getName( op ) + "]",
+                            dAccessMgr.checkAccess( session,
+                                new Permission( PermTestData.getName( obj ), PermTestData.getName( op ) ) ) );
+                        j++;
+                    }
+                    i++;
+                }
+                i = 0;
+                for ( String[] obj : oArrayBad )
+                {
+                    int j = 0;
+                    for ( String[] op : opArrayBad )
+                    {
+                        // Call checkAccess method (this should fail):
+                        try
+                        {
+                            boolean result = dAccessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
+                                PermTestData.getName( opArrayBad[j] ) ) );
+                            assertTrue(
+                                CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+                                    + PermTestData.getName( oArrayBad[i] ) + "] operationName ["
+                                    + PermTestData.getName( opArrayBad[j] ) + "]",
+                                !result );
+                        }
+                        catch (SecurityException se)
+                        {
+                            // The expected condition is security exception perm not exist:
+                            assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+                                + PermTestData.getName( oArrayBad[i] ) + "] operationName ["
+                                + PermTestData.getName( opArrayBad[j] ) + "], negative use case, incorrect exception id=" + se.getErrorId(), se.getErrorId() == GlobalErrIds.PERM_NOT_EXIST );
+                        }
+                        j++;
+                    }
+                    i++;
+                }
+            }
+            LOG.debug( "checkAccess successful" );
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "checkAccess: caught SecurityException rc=" + ex.getErrorId() + ", msg: " + ex.getMessage(),
+                ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddRole()
+    {
+        //     public Role setRole(Role role)
+        AdminMgrImplTest.addRoles( "ADD-RLS ROLES_TR14_ARBAC", RoleTestData.ROLES_TR14_ARBAC );
+        AdminMgrImplTest.addInheritedRoles( "ADD-INHERIT-RLS ROLES_TR14_ARBAC", RoleTestData.ROLES_TR14_ARBAC );
+        AdminMgrImplTest.addRoles( "ADD-RLS ROLES_TR15_ARBAC", RoleTestData.ROLES_TR15_ARBAC );
+        AdminMgrImplTest.addInheritedRoles( "ADD-INHERIT-RLS ROLES_TR15_ARBAC", RoleTestData.ROLES_TR15_ARBAC );
+        addAdminRoles( "ADD-ADMRLS TR1", AdminRoleTestData.AROLES_TR1, true );
+        addAdminRoles( "ADD-ADMRLS TR2", AdminRoleTestData.AROLES_TR2, true );
+        addAdminRoles( "ADD-ADMRLS TR3", AdminRoleTestData.AROLES_TR3, true );
+        addAdminRoles( "ADD-ADMRLS TR6", AdminRoleTestData.AROLES_TR6_HIER, true );
+    }
+
+
+    /**
+     * @param rArray
+     */
+    public static void addAdminRoles( String msg, String[][] rArray, boolean isAdmin )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr;
+            if ( isAdmin )
+            {
+                dAdminMgr = getManagedDelegatedMgr();
+            }
+            else
+            {
+                dAdminMgr = DelAdminMgrFactory.createInstance( TestUtils.getContext() );
+            }
+            for ( String[] rle : rArray )
+            {
+                AdminRole role = AdminRoleTestData.getRole( rle );
+                AdminRole entity = dAdminMgr.addRole( role );
+                LOG.debug( "addAdminRoles role [" + entity.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "addAdminRoles caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(),
+                ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDeleteRole()
+    {
+        //     public void deleteRole(Role role)
+        deleteAdminRoles( "DEL-ADMRLS TR1", AdminRoleTestData.AROLES_TR1, true );
+        deleteAdminRoles( "DEL-ADMRLS TR2", AdminRoleTestData.AROLES_TR2, true );
+        deleteAdminRoles( "DEL-ADMRLS TR3", AdminRoleTestData.AROLES_TR3, true );
+        deleteAdminRoles( "DEL-ADMRLS TR6", AdminRoleTestData.AROLES_TR6_HIER, true );
+        AdminMgrImplTest.deleteInheritedRoles( "DEL-INHERIT-RLS ROLES_TR14_ARBAC", RoleTestData.ROLES_TR14_ARBAC );
+        AdminMgrImplTest.deleteRoles( "DEL-RLS ROLES_TR14_ARBAC", RoleTestData.ROLES_TR14_ARBAC );
+        AdminMgrImplTest.deleteInheritedRoles( "DEL-INHERIT-RLS ROLES_TR15_ARBAC", RoleTestData.ROLES_TR15_ARBAC );
+        AdminMgrImplTest.deleteRoles( "DEL-RLS ROLES_TR15_ARBAC", RoleTestData.ROLES_TR15_ARBAC );
+    }
+
+
+    /**
+     * @param rArray
+     */
+    private void deleteAdminRoles( String msg, String[][] rArray, boolean isAdmin )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr;
+            if ( isAdmin )
+            {
+                dAdminMgr = getManagedDelegatedMgr();
+            }
+            else
+            {
+                dAdminMgr = DelAdminMgrFactory.createInstance( TestUtils.getContext() );
+            }
+            for ( String[] rle : rArray )
+            {
+                AdminRole role = new AdminRole();
+                role.setName( RoleTestData.getName( rle ) );
+                dAdminMgr.deleteRole( role );
+                LOG.debug( "deleteAdminRoles role [" + role.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "deleteAdminRoles caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testUpdateAdminRole()
+    {
+        //     public Role updateRole(Role role)
+        updateAdminRoles( "UPD-ADMRLS TR3_UPD", AdminRoleTestData.AROLES_TR3_UPD, true );
+    }
+
+
+    /**
+     * @param msg
+     * @param rArray
+     */
+    public static void updateAdminRoles( String msg, String[][] rArray, boolean isAdmin )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr;
+            if ( isAdmin )
+            {
+                dAdminMgr = getManagedDelegatedMgr();
+            }
+            else
+            {
+                dAdminMgr = DelAdminMgrFactory.createInstance( TestUtils.getContext() );
+            }
+            for ( String[] rle : rArray )
+            {
+                AdminRole role = AdminRoleTestData.getRole( rle );
+                AdminRole entity = dAdminMgr.updateRole( role );
+                LOG.debug( "updateAdminRoles role [" + entity.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "updateAdminRoles caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+    public enum ASSIGN_OP
+    {
+        ASSIGN, DEASSIGN
+    }
+
+
+    public void testCanAssignUser()
+    {
+        //canAssignUsers("CAN-ASGN-USRS TU1 TR1", UserTestData.USERS_TU16_ARBAC, UserTestData.USERS_TU16B_ARBAC, RoleTestData.ROLES_TR14_ARBAC);
+        canAssignUsers( "CAN-ASGN-USRS URA_T1 TU17A TU17U TR15", ASSIGN_OP.ASSIGN, URATestData.URA_T1,
+            UserTestData.USERS_TU17A_ARBAC, UserTestData.USERS_TU17U_ARBAC, RoleTestData.ROLES_TR15_ARBAC );
+    }
+
+
+    public void testCanDeassignUser()
+    {
+        canAssignUsers( "CAN-DEASGN-USRS URA_T1 TU17A TU17U TR15", ASSIGN_OP.DEASSIGN, URATestData.URA_T1,
+            UserTestData.USERS_TU17A_ARBAC, UserTestData.USERS_TU17U_ARBAC, RoleTestData.ROLES_TR15_ARBAC );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param op
+     * @param uraArray
+     * @param uaArray
+     * @param uArray
+     * @param rArray
+     */
+    public static void canAssignUsers( String msg, ASSIGN_OP op, String[][] uraArray, String[][] uaArray,
+        String[][] uArray,
+        String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        Role role;
+        Map<URA, URA> uraTestResults = URATestData.getURAs( uraArray );
+
+        try
+        {
+            DelAccessMgr delAccessMgr = DelAccessMgrFactory.createInstance( TestUtils.getContext() );
+            AccessMgr accessMgr = ( AccessMgr ) delAccessMgr;
+            int i = 0;
+            for ( String[] aUsr : uaArray )
+            {
+                User aUser = UserTestData.getUser( aUsr );
+                Session session = accessMgr.createSession( aUser, false );
+                assertNotNull( session );
+                for ( String[] usr : uArray )
+                {
+                    User user = UserTestData.getUser( usr );
+                    i++;
+                    for ( String[] rle : rArray )
+                    {
+                        role = RoleTestData.getRole( rle );
+                        String methodName;
+                        boolean result;
+                        if ( op == ASSIGN_OP.ASSIGN )
+                        {
+                            result = delAccessMgr.canAssign( session, user, role );
+                            methodName = ".canAssignUsers";
+                        }
+                        else
+                        {
+                            result = delAccessMgr.canDeassign( session, user, role );
+                            methodName = ".canDeassignUsers";
+                        }
+
+                        List<UserAdminRole> aRoles = session.getAdminRoles();
+                        assertNotNull( aRoles );
+                        assertTrue( CLS_NM + methodName + " Admin User invalid number of roles", aRoles.size() == 1 );
+                        // since this user should only have one admin role, get the first one from list:
+                        UserAdminRole aRole = aRoles.get( 0 );
+                        URA sourceUra = new URA( aRole.getName(), user.getOu(), role.getName(), result );
+                        URA targetUra = uraTestResults.get( sourceUra );
+                        assertTrue( CLS_NM + methodName + " cannot find target URA admin role [" + sourceUra.getArole()
+                            + " uou [" + sourceUra.getUou() + "] role [" + sourceUra.getUrole() + "] Result ["
+                            + sourceUra.isCanAssign() + "] actual result [" + result + "]", targetUra != null );
+                        LOG.debug( methodName + " User [" + user.getUserId()
+                            + "] success URA using admin role [" + targetUra.getArole() + " uou [" + targetUra.getUou()
+                            + "] role [" + targetUra.getUrole() + "] target result [" + targetUra.isCanAssign()
+                            + "] actual result [" + result + "]" );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "canAssignUsers op [" + op + "] caught SecurityException rc=" + ex.getErrorId()
+                + ", msg=" + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testCanGrantPerm()
+    {
+        canGrantPerms( "CAN-GRNT-PRMS PRA_T1 TU17A TOB5 TR15", GRANT_OP.GRANT, PRATestData.PRA_T1,
+            UserTestData.USERS_TU17A_ARBAC, PermTestData.OBJS_TOB5, RoleTestData.ROLES_TR15_ARBAC );
+    }
+
+
+    public void testCanRevokePerm()
+    {
+        canGrantPerms( "CAN-RVKE-PRMS PRA_T1 TU17A TOB5 TR15", GRANT_OP.REVOKE, PRATestData.PRA_T1,
+            UserTestData.USERS_TU17A_ARBAC, PermTestData.OBJS_TOB5, RoleTestData.ROLES_TR15_ARBAC );
+    }
+
+    public enum GRANT_OP
+    {
+        GRANT, REVOKE
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param op
+     * @param uraArray
+     * @param uaArray
+     * @param pArray
+     * @param rArray
+     */
+    public static void canGrantPerms( String msg, GRANT_OP op, String[][] uraArray, String[][] uaArray,
+        String[][] pArray,
+        String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        Role role;
+        Map<PRA, PRA> praTestResults = PRATestData.getPRAs( uraArray );
+
+        try
+        {
+            DelAccessMgr delAccessMgr = DelAccessMgrFactory.createInstance( TestUtils.getContext() );
+            AccessMgr accessMgr = ( AccessMgr ) delAccessMgr;
+            int i = 0;
+            for ( String[] aUsr : uaArray )
+            {
+                User aUser = UserTestData.getUser( aUsr );
+                Session session = accessMgr.createSession( aUser, false );
+                assertNotNull( session );
+                for ( String[] prm : pArray )
+                {
+                    PermObj pObj = PermTestData.getObj( prm );
+                    i++;
+                    for ( String[] rle : rArray )
+                    {
+                        role = RoleTestData.getRole( rle );
+                        String methodName;
+                        boolean result;
+                        if ( op == GRANT_OP.GRANT )
+                        {
+                            result = delAccessMgr.canGrant( session, role, new Permission( pObj.getObjName(), "" ) );
+                            methodName = ".canGrantPerms";
+                        }
+                        else
+                        {
+                            result = delAccessMgr.canRevoke( session, role, new Permission( pObj.getObjName(), "" ) );
+                            methodName = ".canRevokePerms";
+                        }
+
+                        List<UserAdminRole> aRoles = session.getAdminRoles();
+                        assertNotNull( aRoles );
+                        assertTrue( CLS_NM + methodName + " Admin User invalid number of roles", aRoles.size() == 1 );
+                        UserAdminRole aRole = aRoles.get( 0 );
+                        PRA sourceUra = new PRA( aRole.getName(), pObj.getOu(), role.getName(), result );
+                        PRA targetUra = praTestResults.get( sourceUra );
+                        assertTrue( CLS_NM + methodName + " cannot find target PRA admin role [" + sourceUra.getArole()
+                            + " pou [" + sourceUra.getPou() + "] role [" + sourceUra.getUrole() + "] Result ["
+                            + sourceUra.isCanAssign() + "] actual result [" + result + "]", targetUra != null );
+                        LOG.debug( methodName + " failed target PRA admin role [" + targetUra.getArole()
+                            + " pou [" + targetUra.getPou() + "] role [" + targetUra.getUrole() + "] target result ["
+                            + targetUra.isCanAssign() + "] actual result [" + result + "]" );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "canGrantPerms op [" + op + "] caught SecurityException rc=" + ex.getErrorId()
+                + ", msg=" + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddOrgUnit()
+    {
+        //addOrgUnits("ADD ORGS_USR_DEV0", OrgUnitTestData.ORGS_USR_DEV0);
+        addOrgUnits( "ADD ORGS_TO1", OrgUnitTestData.ORGS_TO1 );
+        addOrgUnits( "ADD ORGS_USR_TO2", OrgUnitTestData.ORGS_USR_TO2 );
+        addOrgUnits( "ADD ORGS_ORGS_PRM_TO3", OrgUnitTestData.ORGS_PRM_TO3 );
+        addOrgUnits( "ADD ORGS_PRM_TO4", OrgUnitTestData.ORGS_PRM_TO4 );
+        addOrgUnits( "ADD ORGS_USR_TO5", OrgUnitTestData.ORGS_USR_TO5 );
+        addOrgUnits( "ADD ORGS_PRM_TO5", OrgUnitTestData.ORGS_PRM_TO5 );
+        // The DEV1 OU is not removed during cleanup phase because the test system users belong to it:
+        if ( FortressJUnitTest.isFirstRun() )
+        {
+            addOrgUnits( "ADD ORGS_DEV1", OrgUnitTestData.ORGS_DEV1 );
+        }
+        addOrgUnits( "ADD ORGS_APP1", OrgUnitTestData.ORGS_APP1 );
+    }
+
+
+    public static void addOrgUnit( String msg, String[] org )
+    {
+        LogUtil.logIt( msg );
+        
+        try
+        {
+            DelAdminMgr dAdminMgr = DelAdminMgrFactory.createInstance( TestUtils.getContext() );
+            OrgUnit ou = OrgUnitTestData.getOrgUnit( org );
+            OrgUnit entity = dAdminMgr.add( ou );
+            LOG.debug( "addOrgUnit ou [{}] successful", entity.getName() );
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "addOrgUnit caught SecurityException rc={}, msg={}", ex.getErrorId(), ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param oArray
+     */
+    public static void addOrgUnits( String msg, String[][] oArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit ou = OrgUnitTestData.getOrgUnit( ole );
+                OrgUnit entity = dAdminMgr.add( ou );
+                LOG.debug( "addOrgUnits ou [" + entity.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "addOrgUnits caught SecurityException=" + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDeleteOrgUnit()
+    {
+        //deleteOrgUnits("DEL ORGS_USR_DEV0", OrgUnitTestData.ORGS_USR_DEV0);
+        deleteOrgUnits( "DEL ORGS_TO1", OrgUnitTestData.ORGS_TO1 );
+        deleteOrgUnits( "DEL ORGS_USR_TO2", OrgUnitTestData.ORGS_USR_TO2 );
+        deleteOrgUnits( "DEL ORGS_PRM_TO3", OrgUnitTestData.ORGS_PRM_TO3 );
+        deleteOrgUnits( "DEL ORGS_PRM_TO4", OrgUnitTestData.ORGS_PRM_TO4 );
+        deleteOrgUnits( "DEL ORGS_USR_TO5", OrgUnitTestData.ORGS_USR_TO5 );
+        deleteOrgUnits( "DEL ORGS_PRM_TO5", OrgUnitTestData.ORGS_PRM_TO5 );
+        // Don't delete because the test system users will belong to DEV1 OU and cannot be removed by normal API call:
+        // deleteOrgUnits("DEL ORGS_DEV1", OrgUnitTestData.ORGS_DEV1);
+        deleteOrgUnits( "DEL ORGS_APP1", OrgUnitTestData.ORGS_APP1 );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param org
+     */
+    private void deleteOrgUnit( String msg, String[] org )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            OrgUnit ou = OrgUnitTestData.getOrgUnit( org );
+            dAdminMgr.delete( ou );
+            LOG.debug( "deleteOrgUnit ou [" + ou.getName() + "] successful" );
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "deleteOrgUnit caught SecurityException=" + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param oArray
+     */
+    private void deleteOrgUnits( String msg, String[][] oArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit ou = OrgUnitTestData.getOrgUnit( ole );
+                dAdminMgr.delete( ou );
+                LOG.debug( "deleteOrgUnits ou [" + ou.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "deleteOrgUnits caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(),
+                ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testUpdateOrgUnit()
+    {
+        updateOrgUnits( "UPD ORGS_TO1", OrgUnitTestData.ORGS_TO1 );
+        updateOrgUnits( "UPD ORGS_PRM_TO3", OrgUnitTestData.ORGS_PRM_TO3 );
+
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param oArray
+     */
+    public static void updateOrgUnits( String msg, String[][] oArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit ou = OrgUnitTestData.getOrgUnit( ole );
+                dAdminMgr.update( ou );
+                LOG.debug( "updateOrgUnits ou [" + ou.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "updateOrgUnits caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(),
+                ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testReadOrgUnit()
+    {
+        // public Role readRole(Role role)
+        readOrgUnits( "RD ORGS_TO1", OrgUnitTestData.ORGS_TO1 );
+        readOrgUnits( "RD ORGS_PRM_TO3", OrgUnitTestData.ORGS_PRM_TO3 );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param oArray
+     */
+    public static void readOrgUnits( String msg, String[][] oArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelReviewMgr dReviewMgr = getManagedDelegatedReviewMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit ou = OrgUnitTestData.getOrgUnit( ole );
+                OrgUnit entity = dReviewMgr.read( ou );
+                OrgUnitTestData.assertEquals( entity, ole );
+                LOG.debug( "readOrgUnits [" + entity.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "readOrgUnits caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(),
+                ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testSearchOrgUnits()
+    {
+        searchOrgUnits( "SRCH ORGS_TO1",
+            TestUtils.getSrchValue( OrgUnitTestData.getName( OrgUnitTestData.ORGS_TO1[0] ) ), OrgUnitTestData.ORGS_TO1 );
+        searchOrgUnits( "SRCH ORGS_PRM_TO3",
+            TestUtils.getSrchValue( OrgUnitTestData.getName( OrgUnitTestData.ORGS_PRM_TO3[0] ) ),
+            OrgUnitTestData.ORGS_PRM_TO3 );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param srchValue
+     * @param oArray
+     */
+    public static void searchOrgUnits( String msg, String srchValue, String[][] oArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelReviewMgr dReviewMgr = getManagedDelegatedReviewMgr();
+            // grab the type from the first entry in the test org list:
+            OrgUnit.Type type = OrgUnitTestData.getType( oArray[0] );
+            List<OrgUnit> ous = dReviewMgr.search( type, srchValue );
+            assertNotNull( ous );
+            assertTrue( "searchOrgUnits list size check", oArray.length == ous.size() );
+            for ( String[] ole : oArray )
+            {
+                int indx = ous.indexOf( new OrgUnit( OrgUnitTestData.getName( ole ) ) );
+                if ( indx != -1 )
+                {
+                    OrgUnit entity = ous.get( indx );
+                    assertNotNull( entity );
+                    OrgUnitTestData.assertEquals( entity, ole );
+                    LOG.debug( "searchOrgUnits [" + entity.getName() + "] successful" );
+                }
+                else
+                {
+                    msg = "searchOrgUnits srchValue [" + srchValue + "] failed list search";
+                    LogUtil.logIt( msg );
+                    fail( msg );
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "searchOrgUnits srchValue [" + srchValue + "] caught SecurityException rc=" + ex.getErrorId()
+                    + ", msg=" + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddOrgInheritance()
+    {
+        addInheritedOrgUnits( "ADD-INHERIT ORGS_USR_TO2", OrgUnitTestData.ORGS_USR_TO2 );
+        addInheritedOrgUnits( "ADD-INHERIT ORGS_PRM_TO4", OrgUnitTestData.ORGS_PRM_TO4 );
+        addInheritedOrgUnits( "ADD-INHERIT ORGS_USR_TO5", OrgUnitTestData.ORGS_USR_TO5 );
+        addInheritedOrgUnits( "ADD-INHERIT ORGS_PRM_TO5", OrgUnitTestData.ORGS_PRM_TO5 );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param oArray
+     */
+    public static void addInheritedOrgUnits( String msg, String[][] oArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit child = OrgUnitTestData.getOrgUnit( ole );
+                Set<String> parents = new HashSet<String>();
+                OrgUnitTestData.getRelationship( parents, ole );
+
+                for ( String pOrg : parents )
+                {
+                    OrgUnit parent = new OrgUnit( pOrg );
+                    parent.setType( child.getType() );
+                    dAdminMgr.addInheritance( parent, child );
+                    LOG.debug( "addInheritedOrgUnits child org [" + child.getName() + "] parent org ["
+                        + pOrg + "] successful" );
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "addInheritedOrgUnits caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDeleteOrgInheritance()
+    {
+        deleteInheritedOrgUnits( "DEL-INHERIT ORGS_USR_TO2", OrgUnitTestData.ORGS_USR_TO2 );
+        deleteInheritedOrgUnits( "DEL-INHERIT ORGS_PRM_TO4", OrgUnitTestData.ORGS_PRM_TO4 );
+        deleteInheritedOrgUnits( "DEL-INHERIT ORGS_USR_TO5", OrgUnitTestData.ORGS_USR_TO5 );
+        deleteInheritedOrgUnits( "DEL-INHERIT ORGS_PRM_TO5", OrgUnitTestData.ORGS_PRM_TO5 );
+    }
+
+
+    /**
+     * 
+     * @param msg
+     * @param oArray
+     */
+    private void deleteInheritedOrgUnits( String msg, String[][] oArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit child = OrgUnitTestData.getOrgUnit( ole );
+                Set<String> parents = new HashSet<String>();
+                OrgUnitTestData.getRelationship( parents, ole );
+
+                for ( String pOrg : parents )
+                {
+                    OrgUnit parent = new OrgUnit( pOrg );
+                    parent.setType( child.getType() );
+                    //public void deleteInheritance(OrgUnit parent, OrgUnit child)
+                    dAdminMgr.deleteInheritance( parent, child );
+                    LOG.debug( "deleteInheritedOrgUnits child org [" + child.getName() + "] parent org ["
+                        + pOrg + "] successful" );
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "deleteInheritedOrgUnits caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testReadAdminRole()
+    {
+        // public Role readRole(Role role)
+        readAdminRoles( "RD-ADMRLS TR1", AdminRoleTestData.AROLES_TR1 );
+        readAdminRoles( "RD-ADMRLS TR2", AdminRoleTestData.AROLES_TR2 );
+        readAdminRoles( "RD-ADMRLS TR3_UPD", AdminRoleTestData.AROLES_TR3_UPD );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param rArray
+     */
+    public static void readAdminRoles( String msg, String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelReviewMgr dReviewMgr = getManagedDelegatedReviewMgr();
+            for ( String[] rle : rArray )
+            {
+                AdminRole entity = dReviewMgr.readRole( AdminRoleTestData.getRole( rle ) );
+                AdminRoleTestData.assertEquals( entity, rle );
+                LOG.debug( "readAdminRoles [" + entity.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "readAdminRoles caught SecurityException=" + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testSearchAdminRole()
+    {
+        searchAdminRoles( "SRCH-ADMRLS TR1",
+            TestUtils.getSrchValue( RoleTestData.getName( AdminRoleTestData.AROLES_TR1[0] ) ),
+            AdminRoleTestData.AROLES_TR1 );
+        searchAdminRoles( "SRCH-ADMRLS TR2",
+            TestUtils.getSrchValue( RoleTestData.getName( AdminRoleTestData.AROLES_TR2[0] ) ),
+            AdminRoleTestData.AROLES_TR2 );
+        searchAdminRoles( "SRCH-ADMRLS TR3",
+            TestUtils.getSrchValue( RoleTestData.getName( AdminRoleTestData.AROLES_TR3_UPD[0] ) ),
+            AdminRoleTestData.AROLES_TR3_UPD );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param srchValue
+     * @param rArray
+     */
+    public static void searchAdminRoles( String msg, String srchValue, String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelReviewMgr dReviewMgr = getManagedDelegatedReviewMgr();
+            List<AdminRole> roles = dReviewMgr.findRoles( srchValue );
+            assertNotNull( roles );
+            assertTrue( CLS_NM + "searchAdminRoles list size check", rArray.length == roles.size() );
+            for ( String[] rle : rArray )
+            {
+                int indx = roles.indexOf( AdminRoleTestData.getRole( rle ) );
+                if ( indx != -1 )
+                {
+                    AdminRole entity = (AdminRole)roles.get( indx );
+                    assertNotNull( entity );
+                    AdminRoleTestData.assertEquals( entity, rle );
+                    LOG.debug( "searchAdminRoles [" + entity.getName() + "] successful" );
+                }
+                else
+                {
+                    msg = "searchAdminRoles srchValue [" + srchValue + "] failed list search";
+                    LogUtil.logIt( msg );
+                    fail( msg );
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "searchAdminRoles srchValue [" + srchValue + "] caught SecurityException rc="
+                    + ex.getErrorId() + ", msg=" + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddOrgUnitDescendant()
+    {
+        addOrgUnitDescendant( "ADD ORGS-USR-TO6-DESC", OrgUnitTestData.ORGS_USR_TO6_DSC, OrgUnit.Type.USER );
+        addOrgUnitDescendant( "ADD ORGS-PRM-TO6-DESC", OrgUnitTestData.ORGS_PRM_TO6_DSC, OrgUnit.Type.PERM );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param oArray
+     */
+    public static void addOrgUnitDescendant( String msg, String[][] oArray, OrgUnit.Type type )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            int ctr = 0;
+            for ( String[] ole : oArray )
+            {
+                OrgUnit orgUnit = OrgUnitTestData.getOrgUnit( ole );
+                if ( ctr++ == 0 || OrgUnitTestData.isTree( ole ) )
+                {
+                    dAdminMgr.add( orgUnit );
+                    LOG.debug( "addOrgUnitDescendant add orgUnit [" + orgUnit.getName() + "] successful" );
+                }
+
+                // use list because order is important for test structure:
+                List<String> descs = new ArrayList<String>();
+                OrgUnitTestData.getRelationship( descs, ole );
+
+                if ( OrgUnitTestData.isTree( ole ) )
+                {
+                    OrgUnit parent = orgUnit;
+                    for ( String desc : descs )
+                    {
+                        OrgUnit child = new OrgUnit( desc, type );
+                        dAdminMgr.addDescendant( parent, new OrgUnit( desc, type ) );
+                        LOG.debug( "addOrgUnitDescendant asc orgUnit [" + orgUnit.getName()
+                            + "] desc orgUnit [" + desc + "] successful" );
+                        parent = child;
+                    }
+                }
+                else
+                {
+                    for ( String desc : descs )
+                    {
+                        dAdminMgr.addDescendant( orgUnit, new OrgUnit( desc, type ) );
+                        LOG.debug( "addOrgUnitDescendant asc orgUnit [" + orgUnit.getName()
+                            + "] desc orgUnit [" + desc + "] successful" );
+                    }
+                }
+
+                Set<String> inheritances = OrgUnitTestData.getInheritances( ole );
+                if ( inheritances != null )
+                {
+                    for ( String desc : inheritances )
+                    {
+                        dAdminMgr.addInheritance( orgUnit, new OrgUnit( desc, type ) );
+                        LOG.debug( "addOrgUnitDescendant asc orgUnit [" + orgUnit.getName()
+                            + "] desc orgUnit [" + desc + "] successful" );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "addOrgUnitDescendant caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDelOrgUnitDescendant() throws SecurityException
+    {
+        delOrgUnitDescendant( "DEL-ORGS-USR-TO6-DESC", OrgUnitTestData.ORGS_USR_TO6_DSC, OrgUnit.Type.USER );
+        delOrgUnitDescendant( "DEL-ORGS-PRM-TO6-DESC", OrgUnitTestData.ORGS_PRM_TO6_DSC, OrgUnit.Type.PERM );
+    }
+
+
+    /**
+     *
+     * @param msg
+     */
+    private void delOrgUnitDescendant( String msg, String[][] oArray, OrgUnit.Type type )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit orgUnit = OrgUnitTestData.getOrgUnit( ole );
+                // use list because order is important for test structure:
+                List<String> descs = new ArrayList<String>();
+                OrgUnitTestData.getRelationship( descs, ole );
+
+                if ( OrgUnitTestData.isTree( ole ) )
+                {
+                    OrgUnit parent = orgUnit;
+                    for ( String desc : descs )
+                    {
+                        OrgUnit child = new OrgUnit( desc );
+                        dAdminMgr.deleteInheritance( parent, new OrgUnit( desc, type ) );
+                        LOG.debug( "delOrgUnitDescendant asc orgUnit [" + orgUnit.getName()
+                            + "] desc orgUnit [" + desc + "] successful" );
+                        parent = child;
+                    }
+                }
+                else
+                {
+                    for ( String desc : descs )
+                    {
+                        dAdminMgr.deleteInheritance( orgUnit, new OrgUnit( desc, type ) );
+                        LOG.debug( "delOrgUnitDescendant asc orgUnit [" + orgUnit.getName()
+                            + "] desc orgUnit [" + desc + "] successful" );
+                    }
+                }
+
+                Set<String> inheritances = OrgUnitTestData.getInheritances( ole );
+                if ( inheritances != null )
+                {
+                    for ( String desc : inheritances )
+                    {
+                        dAdminMgr.deleteInheritance( orgUnit, new OrgUnit( desc, type ) );
+                        LOG.debug( "delOrgUnitDescendant asc orgUnit [" + orgUnit.getName()
+                            + "] desc orgUnit [" + desc + "] successful" );
+                    }
+                }
+                dAdminMgr.delete( orgUnit );
+                LOG.debug( "delOrgUnitDescendant remove asc orgUnit [" + orgUnit.getName() + "] successful" );
+            }
+
+            // cleanup the last row of descendants from orgUnit data set.
+            DelReviewMgr dReviewMgr = getManagedDelegatedReviewMgr();
+            String orgUnitSrchVal = TestUtils.getSrchValue( OrgUnitTestData.getName( oArray[0] ) );
+            List<OrgUnit> cleanup = dReviewMgr.search( type, orgUnitSrchVal );
+            for ( OrgUnit oe : cleanup )
+            {
+                dAdminMgr.delete( oe );
+                LOG.debug( "delOrgUnitDescendant cleanup orgUnit [" + oe.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "delOrgUnitDescendant caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddOrgUnitAscendants()
+    {
+        addOrgUnitAscendant( "ADD-ORGS-USR-TR7-ASC", OrgUnitTestData.ORGS_USR_TO7_ASC, OrgUnit.Type.USER );
+        addOrgUnitAscendant( "ADD-ORGS-PRM-TR7-ASC", OrgUnitTestData.ORGS_PRM_TO7_ASC, OrgUnit.Type.PERM );
+
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param oArray
+     * @param type
+     */
+    public static void addOrgUnitAscendant( String msg, String[][] oArray, OrgUnit.Type type )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit orgUnit = OrgUnitTestData.getOrgUnit( ole );
+                if ( OrgUnitTestData.isCreate( ole ) )
+                {
+                    dAdminMgr.add( orgUnit );
+                    LOG.debug( "addOrgUnitAscendant add orgUnit [" + orgUnit.getName() + "] successful" );
+                }
+
+                Set<String> ascs = new HashSet<String>();
+                OrgUnitTestData.getRelationship( ascs, ole );
+
+                for ( String asc : ascs )
+                {
+                    dAdminMgr.addAscendant( orgUnit, new OrgUnit( asc, type ) );
+                    LOG.debug( "addOrgUnitAscendant desc role [" + orgUnit.getName() + "] asc role ["
+                        + asc + "] successful" );
+                }
+
+                Set<String> inheritances = OrgUnitTestData.getInheritances( ole );
+                if ( inheritances != null )
+                {
+                    for ( String asc : inheritances )
+                    {
+                        dAdminMgr.addInheritance( new OrgUnit( asc, type ), orgUnit );
+                        LOG.debug( "addOrgUnitAscendant desc role [" + orgUnit.getName() + "] asc role ["
+                            + asc + "] successful" );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "addOrgUnitAscendant caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDelOrgUnitAscendant()
+    {
+        delOrgUnitAscendant( "DEL-ORGS-USR-TR7-ASC", OrgUnitTestData.ORGS_USR_TO7_ASC, OrgUnit.Type.USER );
+        delOrgUnitAscendant( "DEL-ORGS-PRM-TR7-ASC", OrgUnitTestData.ORGS_PRM_TO7_ASC, OrgUnit.Type.PERM );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param oArray
+     */
+    private void delOrgUnitAscendant( String msg, String[][] oArray, OrgUnit.Type type )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] ole : oArray )
+            {
+                OrgUnit orgUnit = OrgUnitTestData.getOrgUnit( ole );
+                Set<String> ascs = new HashSet<String>();
+                OrgUnitTestData.getRelationship( ascs, ole );
+
+                for ( String asc : ascs )
+                {
+                    dAdminMgr.deleteInheritance( new OrgUnit( asc, type ), orgUnit );
+                    LOG.debug( "delOrgUnitAscendant desc orgUnit [" + orgUnit.getName()
+                        + "] asc orgUnit [" + asc + "] successful" );
+                }
+
+                Set<String> inheritances = OrgUnitTestData.getInheritances( ole );
+                if ( inheritances != null )
+                {
+                    for ( String asc : inheritances )
+                    {
+                        dAdminMgr.deleteInheritance( new OrgUnit( asc, type ), orgUnit );
+                        LOG.debug( "delOrgUnitAscendant desc orgUnit [" + orgUnit.getName()
+                            + "] asc orgUnit [" + asc + "] successful" );
+                    }
+                }
+                dAdminMgr.delete( orgUnit );
+                LOG.debug( "delOrgUnitAscendant remove desc orgUnit [" + orgUnit.getName() + "] successful" );
+            }
+
+            // cleanup the top ascendant from orgUnit data set.
+            DelReviewMgr dReviewMgr = getManagedDelegatedReviewMgr();
+            String orgUnitSrchVal = OrgUnitTestData.getName( oArray[0] );
+            // stip off prefix and search:
+            orgUnitSrchVal = orgUnitSrchVal.substring( 0, 3 );
+            List<OrgUnit> cleanup = dReviewMgr.search( type, orgUnitSrchVal );
+            for ( OrgUnit oe : cleanup )
+            {
+                dAdminMgr.delete( oe );
+                LOG.debug( "delOrgUnitAscendant cleanup orgUnit [" + oe.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "delOrgUnitAscendant caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddAdminRoleDescendant()
+    {
+        addAdminRoleDescendant( "ADD-ARLS-TR5-DESC", AdminRoleTestData.AROLES_TR5_DSC );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param rArray
+     */
+    public static void addAdminRoleDescendant( String msg, String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            int ctr = 0;
+            for ( String[] rle : rArray )
+            {
+                AdminRole adminRole = AdminRoleTestData.getRole( rle );
+                if ( ctr++ == 0 || RoleTestData.isTree( rle ) )
+                {
+                    dAdminMgr.addRole( adminRole );
+                    LOG.debug( "addAdminRoleDescendant add role [" + adminRole.getName() + "] successful" );
+                }
+
+                // use list because order is important for test structure:
+                List<String> descs = RoleTestData.getRelationshipList( rle );
+                if ( descs != null )
+                {
+                    if ( RoleTestData.isTree( rle ) )
+                    {
+                        AdminRole parent = adminRole;
+                        for ( String desc : descs )
+                        {
+                            AdminRole child = new AdminRole( desc );
+                            dAdminMgr.addDescendant( parent, new AdminRole( desc ) );
+                            LOG.debug( "addAdminRoleDescendant asc role [" + adminRole.getName()
+                                + "] desc role [" + desc + "] successful" );
+                            parent = child;
+                        }
+                    }
+                    else
+                    {
+                        for ( String desc : descs )
+                        {
+                            dAdminMgr.addDescendant( adminRole, new AdminRole( desc ) );
+                            LOG.debug( "addAdminRoleDescendant asc role [" + adminRole.getName()
+                                + "] desc role [" + desc + "] successful" );
+                        }
+                    }
+                }
+
+                Set<String> inheritances = RoleTestData.getInheritances( rle );
+                if ( inheritances != null )
+                {
+                    for ( String desc : inheritances )
+                    {
+                        dAdminMgr.addInheritance( adminRole, new AdminRole( desc ) );
+                        LOG.debug( "addAdminRoleDescendant asc role [" + adminRole.getName()
+                            + "] desc role [" + desc + "] successful" );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "addAdminRoleDescendant caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDelAdminRoleDescendant() throws SecurityException
+    {
+        delAdminRoleDescendant( "DEL-ARLS-TR5-DESC", AdminRoleTestData.AROLES_TR5_DSC );
+    }
+
+
+    private void delAdminRoleDescendant( String msg, String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] rle : rArray )
+            {
+                AdminRole adminRole = AdminRoleTestData.getRole( rle );
+                // use list because order is important for test structure:
+                List<String> descs = RoleTestData.getRelationshipList( rle );
+                if ( descs != null )
+                {
+                    if ( RoleTestData.isTree( rle ) )
+                    {
+                        AdminRole parent = adminRole;
+                        for ( String desc : descs )
+                        {
+                            AdminRole child = new AdminRole( desc );
+                            dAdminMgr.deleteInheritance( parent, new AdminRole( desc ) );
+                            LOG.debug( "delAdminRoleDescendant asc adminRole [" + adminRole.getName()
+                                + "] desc adminRole [" + desc + "] successful" );
+                            parent = child;
+                        }
+                    }
+                    else
+                    {
+                        for ( String desc : descs )
+                        {
+                            dAdminMgr.deleteInheritance( adminRole, new AdminRole( desc ) );
+                            LOG.debug( "delAdminRoleDescendant asc adminRole [" + adminRole.getName()
+                                + "] desc adminRole [" + desc + "] successful" );
+                        }
+                    }
+                }
+
+                Set<String> inheritances = RoleTestData.getInheritances( rle );
+                if ( inheritances != null )
+                {
+                    for ( String desc : inheritances )
+                    {
+                        dAdminMgr.deleteInheritance( adminRole, new AdminRole( desc ) );
+                        LOG.debug( "delAdminRoleDescendant asc adminRole [" + adminRole.getName()
+                            + "] desc adminRole [" + desc + "] successful" );
+                    }
+                }
+                dAdminMgr.deleteRole( adminRole );
+                LOG.debug( "delAdminRoleDescendant remove asc adminRole [" + adminRole.getName()
+                    + "] successful" );
+            }
+
+            // cleanup the last row of descendants from orgUnit data set.
+            DelReviewMgr dReviewMgr = getManagedDelegatedReviewMgr();
+            String srchVal = TestUtils.getSrchValue( RoleTestData.getName( rArray[0] ) );
+            List<AdminRole> cleanup = dReviewMgr.findRoles( srchVal );
+            
+            for ( Role re : cleanup )
+            {
+                dAdminMgr.deleteRole( (AdminRole)re );
+                LOG.debug( "delAdminRoleDescendant cleanup adminRole [" + re.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "delOrgUnitDescendant caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddAdminRoleAscendants()
+    {
+        addAdminRoleAscendant( "ADD-ARLS-TR4-ASC", AdminRoleTestData.AROLES_TR4_ASC );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param rArray
+     */
+    public static void addAdminRoleAscendant( String msg, String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] rle : rArray )
+            {
+                AdminRole adminRole = AdminRoleTestData.getRole( rle );
+                if ( RoleTestData.isCreate( rle ) )
+                {
+                    dAdminMgr.addRole( adminRole );
+                    LOG.debug( "addAdminRoleAscendant add adminRole [" + adminRole.getName() + "] successful" );
+                }
+                Set<String> ascs = RoleTestData.getRelationships( rle );
+                if ( ascs != null )
+                {
+                    for ( String asc : ascs )
+                    {
+                        dAdminMgr.addAscendant( adminRole, new AdminRole( asc ) );
+                        LOG.debug( "addAdminRoleAscendant desc role [" + adminRole.getName() + "] asc role ["
+                            + asc + "] successful" );
+                    }
+                }
+                Set<String> inheritances = RoleTestData.getInheritances( rle );
+                if ( inheritances != null )
+                {
+                    for ( String asc : inheritances )
+                    {
+                        dAdminMgr.addInheritance( new AdminRole( asc ), adminRole );
+                        LOG.debug( "addAdminRoleAscendant desc role [" + adminRole.getName() + "] asc role ["
+                            + asc + "] successful" );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "addAdminRoleAscendant caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDelAdminRoleAscendant()
+    {
+        delAdminRoleAscendant( "DEL-ARLS-TR4-ASC", AdminRoleTestData.AROLES_TR4_ASC );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param rArray
+     */
+    private void delAdminRoleAscendant( String msg, String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] rle : rArray )
+            {
+                AdminRole adminRole = AdminRoleTestData.getRole( rle );
+                Set<String> ascs = RoleTestData.getRelationships( rle );
+                if ( ascs != null )
+                {
+                    for ( String asc : ascs )
+                    {
+                        dAdminMgr.deleteInheritance( new AdminRole( asc ), adminRole );
+                        LOG.debug( "delAdminRoleAscendant desc adminRole [" + adminRole.getName()
+                            + "] asc adminRole [" + asc + "] successful" );
+                    }
+                }
+
+                Set<String> inheritances = RoleTestData.getInheritances( rle );
+                if ( inheritances != null )
+                {
+                    for ( String asc : inheritances )
+                    {
+                        dAdminMgr.deleteInheritance( new AdminRole( asc ), adminRole );
+                        LOG.debug( "delAdminRoleAscendant desc adminRole [" + adminRole.getName()
+                            + "] asc orgUnit [" + asc + "] successful" );
+                    }
+                }
+                dAdminMgr.deleteRole( adminRole );
+                LOG.debug( "delAdminRoleAscendant remove desc adminRole [" + adminRole.getName()
+                    + "] successful" );
+            }
+
+            // cleanup the top ascendant from orgUnit data set.
+            DelReviewMgr dReviewMgr = getManagedDelegatedReviewMgr();
+            String adminRoleSrchVal = RoleTestData.getName( rArray[0] );
+            // stip off prefix and search:
+            adminRoleSrchVal = adminRoleSrchVal.substring( 0, 3 );
+            List<AdminRole> cleanup = dReviewMgr.findRoles( adminRoleSrchVal );
+            for ( AdminRole re : cleanup )
+            {
+                dAdminMgr.deleteRole( re );
+                LOG.debug( "delAdminRoleAscendant cleanup adminRole [" + re.getName() + "] successful" );
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error(
+                "delAdminRoleAscendant caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                    + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testAddAdminRoleInheritance()
+    {
+        addInheritedAdminRoles( "ADD-ARLS-TR6-HIER", AdminRoleTestData.AROLES_TR6_HIER );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param rArray
+     */
+    public static void addInheritedAdminRoles( String msg, String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] rle : rArray )
+            {
+                AdminRole role = AdminRoleTestData.getRole( rle );
+                Set<String> parents = RoleTestData.getRelationships( rle );
+                if ( parents != null )
+                {
+                    for ( String pRole : parents )
+                    {
+                        dAdminMgr.addInheritance( new AdminRole( pRole ), role );
+                        LOG.debug( "addInheritedAdminRoles child role [" + role.getName() + "] parent role ["
+                            + pRole + "] successful" );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "addInheritedAdminRoles caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    public void testDeleteAdminRoleInheritance()
+    {
+        deleteInheritedAdminRoles( "DEL-ARLS-TR6-HIER", AdminRoleTestData.AROLES_TR6_HIER );
+    }
+
+
+    /**
+     *
+     * @param msg
+     * @param rArray
+     */
+    private static void deleteInheritedAdminRoles( String msg, String[][] rArray )
+    {
+        LogUtil.logIt( msg );
+        try
+        {
+            DelAdminMgr dAdminMgr = getManagedDelegatedMgr();
+            for ( String[] rle : rArray )
+            {
+                AdminRole role = AdminRoleTestData.getRole( rle );
+                Set<String> parents = RoleTestData.getRelationships( rle );
+                if ( parents != null )
+                {
+                    for ( String pRole : parents )
+                    {
+                        dAdminMgr.deleteInheritance( new AdminRole( pRole ), role );
+                        LOG.debug( "deleteInheritedAdminRoles child role [" + role.getName()
+                            + "] parent role [" + pRole + "] successful" );
+                    }
+                }
+            }
+        }
+        catch ( SecurityException ex )
+        {
+            LOG.error( "deleteInheritedAdminRoles caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                + ex.getMessage(), ex );
+            fail( ex.getMessage() );
+        }
+    }
+
+
+    /**
+     *
+     * @return
+     * @throws SecurityException
+     */
+    private static DelReviewMgr getManagedDelegatedReviewMgr() throws SecurityException
+    {
+        DelReviewMgr dReviewMgr = DelReviewMgrFactory.createInstance( TestUtils.getContext() );
+        if ( FortressJUnitTest.isAdminEnabled() && adminSess == null )
+        {
+            adminSess = DelegatedMgrImplTest.createAdminSession();
+        }
+        dReviewMgr.setAdmin( adminSess );
+        return dReviewMgr;
+    }
+
+
+    private static DelReviewMgr getDelegatedReviewMgr() throws SecurityException
+    {
+        DelReviewMgr dReviewMgr = DelReviewMgrFactory.createInstance( TestUtils.getContext() );
+        return dReviewMgr;
+    }
+
+
+    /**
+     *
+     * @return
+     * @throws SecurityException
+     */
+    private static DelAdminMgr getManagedDelegatedMgr() throws SecurityException
+    {
+        if ( FortressJUnitTest.isAdminEnabled() && adminSess == null )
+        {
+            adminSess = DelegatedMgrImplTest.createAdminSession();
+        }
+        return DelAdminMgrFactory.createInstance( TestUtils.getContext(), adminSess );
+    }
+
+
+    /**
+     *
+     * @return
+     */
+    public static boolean loadAdminPolicy()
+    {
+        boolean result = true;
+        try
+        {
+            ReviewMgr rMgr = ReviewMgrFactory.createInstance( TestUtils.getContext() );
+            User admin = UserTestData.getUser( UserTestData.USERS_TU0[0] );
+            rMgr.readUser( admin );
+            result = false;
+        }
+        catch ( SecurityException se )
+        {
+            String info = " loadAdminPolicy detected admin policy not loaded";
+            LOG.debug( info );
+        }
+        return result;
+    }
+
+
+    /**
+     *
+     */
+    public static Session createAdminSession()
+    {
+        Session adminSess = null;
+        try
+        {
+            AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext() );
+            User admin = UserTestData.getUser( UserTestData.USERS_TU0[0] );
+            adminSess = accessMgr.createSession( admin, false );
+        }
+        catch ( SecurityException ex )
+        {
+            String error = " static initializer caught SecurityException rc=" + ex.getErrorId() + ", msg="
+                + ex.getMessage();
+            LOG.error( error );
+        }
+        return adminSess;
+    }
+}


Mime
View raw message