directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [06/19] directory-fortress-core git commit: FC-109 - break core package cycles
Date Mon, 01 Jun 2015 23:02:11 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java
index 29a7de9..de22afa 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/PwPolicyMgrImpl.java
@@ -22,6 +22,8 @@ package org.apache.directory.fortress.core.rbac;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.PwPolicyMgr;
 import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.model.PwPolicy;
+import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 import java.util.List;
@@ -66,56 +68,56 @@ public class PwPolicyMgrImpl  extends Manageable implements PwPolicyMgr
      * if and only if the policy entry is not already present in the POLICIES data set.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#name} - Maps to name attribute of pwdPolicy object class being added.</li>
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#name} - Maps to name attribute of pwdPolicy object class being added.</li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#minAge} - This attribute holds the number of seconds that must elapse between
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#minAge} - This attribute holds the number of seconds that must elapse between
      * modifications to the password.  If this attribute is not present, 0
      * seconds is assumed.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#maxAge} - This attribute holds the number of seconds after which a modified
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#maxAge} - This attribute holds the number of seconds after which a modified
      * password will expire. If this attribute is not present, or if the value is 0 the password
      * does not expire.  If not 0, the value must be greater than or equal
      * to the value of the pwdMinAge.
      * </li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#inHistory} - This attribute specifies the maximum number of used passwords stored
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#inHistory} - This attribute specifies the maximum number of used passwords stored
      * in the pwdHistory attribute. If this attribute is not present, or if the value is 0, used
      * passwords are not stored in the pwdHistory attribute and thus may be reused.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#minLength} - When quality checking is enabled, this attribute holds the minimum
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#minLength} - When quality checking is enabled, this attribute holds the minimum
      * number of characters that must be used in a password.  If this
      * attribute is not present, no minimum password length will be
      * enforced.  If the server is unable to check the length (due to a
      * hashed password or otherwise), the server will, depending on the
      * value of the pwdCheckQuality attribute, either accept the password
      * without checking it ('0' or '1') or refuse it ('2').</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#expireWarning} - This attribute specifies the maximum number of seconds before a
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#expireWarning} - This attribute specifies the maximum number of seconds before a
      * password is due to expire that expiration warning messages will be
      * returned to an authenticating user.  If this attribute is not present, or if the value is 0 no warnings
      * will be returned.  If not 0, the value must be smaller than the value
      * of the pwdMaxAge attribute.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#graceLoginLimit} - This attribute specifies the number of times an expired password can
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#graceLoginLimit} - This attribute specifies the number of times an expired password can
      * be used to authenticate.  If this attribute is not present or if the
      * value is 0, authentication will fail. </li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#lockout} - This attribute indicates, when its value is "TRUE", that the password
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#lockout} - This attribute indicates, when its value is "TRUE", that the password
      * may not be used to authenticate after a specified number of
      * consecutive failed bind attempts.  The maximum number of consecutive
      * failed bind attempts is specified in pwdMaxFailure.  If this attribute is not present, or if the
      * value is "FALSE", the password may be used to authenticate when the number of failed bind
      * attempts has been reached.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#lockoutDuration} - This attribute holds the number of seconds that the password cannot
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#lockoutDuration} - This attribute holds the number of seconds that the password cannot
      * be used to authenticate due to too many failed bind attempts.  If
      * this attribute is not present, or if the value is 0 the password
      * cannot be used to authenticate until reset by a password
      * administrator.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#maxFailure} - This attribute specifies the number of consecutive failed bind
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#maxFailure} - This attribute specifies the number of consecutive failed bind
      * attempts after which the password may not be used to authenticate.
      * If this attribute is not present, or if the value is 0, this policy
      * is not checked, and the value of pwdLockout will be ignored.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#failureCountInterval} - This attribute holds the number of seconds after which the password
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#failureCountInterval} - This attribute holds the number of seconds after which the password
      * failures are purged from the failure counter, even though no
      * successful authentication occurred.  If this attribute is not present, or if its value is 0, the failure
      * counter is only reset by a successful authentication.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#mustChange} - This attribute specifies with a value of "TRUE" that users must
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#mustChange} - This attribute specifies with a value of "TRUE" that users must
      * change their passwords when they first bind to the directory after a
      * password is set or reset by a password administrator.  If this
      * attribute is not present, or if the value is "FALSE", users are not
@@ -123,14 +125,14 @@ public class PwPolicyMgrImpl  extends Manageable implements PwPolicyMgr
      * administrator sets or resets the password.  This attribute is not set
      * due to any actions specified by this document, it is typically set by
      * a password administrator after resetting a user's password.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#allowUserChange} - This attribute indicates whether users can change their own
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#allowUserChange} - This attribute indicates whether users can change their own
      * passwords, although the change operation is still subject to access
      * control.  If this attribute is not present, a value of "TRUE" is
      * assumed.  This attribute is intended to be used in the absence of an access control mechanism.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#safeModify} - This attribute specifies whether or not the existing password must be
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#safeModify} - This attribute specifies whether or not the existing password must be
      * sent along with the new password when being changed.  If this
      * attribute is not present, a "FALSE" value is assumed.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#checkQuality} - This attribute indicates how the password quality will be verified
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#checkQuality} - This attribute indicates how the password quality will be verified
      * while being modified or added.  If this attribute is not present, or
      * if the value is '0', quality checking will not be enforced.  A value
      * of '1' indicates that the server will check the quality, and if the
@@ -138,12 +140,12 @@ public class PwPolicyMgrImpl  extends Manageable implements PwPolicyMgr
      * reasons) it will be accepted.  A value of '2' indicates that the
      * server will check the quality, and if the server is unable to verify
      * it, it will return an error refusing the password. </li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PwPolicy#attribute} - This holds the name of the attribute to which the password policy is
+     * <li>{@link org.apache.directory.fortress.core.model.PwPolicy#attribute} - This holds the name of the attribute to which the password policy is
      * applied.  For example, the password policy may be applied to the
      * userPassword attribute </li>
      * </ul>
      *
-     * @param policy Object must contain {@link org.apache.directory.fortress.core.rbac.PwPolicy#name} and optionally other attributes.
+     * @param policy Object must contain {@link org.apache.directory.fortress.core.model.PwPolicy#name} and optionally other attributes.
      * @throws SecurityException In the event of data validation or system error.
      */
     @Override
@@ -328,7 +330,7 @@ public class PwPolicyMgrImpl  extends Manageable implements PwPolicyMgr
      * if and only if the user is a member of the USERS data set and the policyName refers to a
      * policy that is a member of the PWPOLICIES data set.
      *
-     * @param userId     Contains {@link org.apache.directory.fortress.core.rbac.User#userId} of a User entity in USERS data set.
+     * @param userId     Contains {@link org.apache.directory.fortress.core.model.User#userId} of a User entity in USERS data set.
      * @param policyName String contains the {@link PwPolicy#name} of a pw policy entity contained within the PWPOLICIES data set.
      * @throws SecurityException thrown in the event either user or policy not valid or system error.
      */
@@ -353,7 +355,7 @@ public class PwPolicyMgrImpl  extends Manageable implements PwPolicyMgr
      * Removal of pw policy assignment will revert the user's policy to use the global default for OpenLDAP
      * instance that contains user.
      *
-     * @param userId Contains {@link User#userId} of a User entity in USERS data set.
+     * @param userId Contains {@link org.apache.directory.fortress.core.model.User#userId} of a User entity in USERS data set.
      * @throws SecurityException Thrown in the event either user not valid or system error.
      */
     @Override

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/Relationship.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Relationship.java b/src/main/java/org/apache/directory/fortress/core/rbac/Relationship.java
deleted file mode 100755
index e5b61eb..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Relationship.java
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import java.io.Serializable;
-
-/**
- * Contains a parent child data entity that is used for hierarchical processing.  This entity is used to construct edges in graphs.
- * <p/>
-
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class Relationship implements Serializable
-{
-    private static final long serialVersionUID = 1L;
-    
-    /** The child */
-    private String child;
-    
-    /** The parent */
-    private String parent;
-
-    /**
-     * No argument constructor is necessary for Ant admin utility
-     *
-     */
-    public Relationship()
-    {
-    }
-    
-    
-    /**
-     * Construct a new relationship given a child and parent name.
-     *
-     * @param child  contains the name of child.
-     * @param parent contains the name of parent.
-     */
-    public Relationship( String child, String parent )
-    {
-        this.child = child;
-        this.parent = parent;
-    }
-    
-
-    /**
-     * Return the child name.
-     *
-     * @return name of child.
-     */
-    public String getChild()
-    {
-        return child;
-    }
-    
-
-    /**
-     * Set the child name.
-     *
-     * @param child contains the name of child.
-     */
-    public void setChild( String child )
-    {
-        this.child = child;
-    }
-    
-
-    /**
-     * Return the parent name.
-     *
-     * @return name of parent.
-     */
-    public String getParent()
-    {
-        return parent;
-    }
-    
-
-    /**
-     * Set the parent name.
-     *
-     * @param parent contains the name of parent.
-     */
-    public void setParent( String parent )
-    {
-        this.parent = parent;
-    }
-    
-
-    /**
-     * Compute the hashcode on the parent and child values.  This is used for list processing.
-     *
-     * @return hashcode that includes parent concatenated with child.
-     */
-    public final int hashCode()
-    {
-        return child.hashCode() + parent.hashCode();
-    }
-    
-
-    /**
-     * Matches the parent and child values from two Relationship entities.
-     *
-     * @param thatObj contains a Relationship entity.
-     * @return boolean indicating both objects contain matching parent and child names.
-     */
-    public boolean equals (Object thatObj )
-    {
-        if ( this == thatObj )
-        {
-            return true;
-        }
-        
-        if ( ( this.getChild() == null ) || ( this.getParent() == null ) )
-        {
-            return false;
-        }
-        
-        if ( !( thatObj instanceof Relationship ) )
-        {
-            return false;
-        }
-        
-        Relationship thatKey = (Relationship) thatObj;
-        
-        if ( ( thatKey.getChild() == null ) || ( thatKey.getParent() == null ) )
-        {
-            return false;
-        }
-        
-        return ( thatKey.getChild().equalsIgnoreCase( this.getChild() ) 
-                 && thatKey.getParent().equalsIgnoreCase( this.getParent() ) );
-    }
-
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "Relationship object: \n" );
-
-        sb.append( "    parent :" ).append( parent ).append( '\n' );
-        sb.append( "    child :" ).append( child ).append( '\n' );
-
-        return sb.toString();
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/ReviewMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/ReviewMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/rbac/ReviewMgrImpl.java
index e055013..b8e4d3c 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/ReviewMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/ReviewMgrImpl.java
@@ -22,6 +22,13 @@ package org.apache.directory.fortress.core.rbac;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.ReviewMgr;
 import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.model.OrgUnit;
+import org.apache.directory.fortress.core.model.PermObj;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.SDSet;
+import org.apache.directory.fortress.core.model.User;
+import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 import java.util.ArrayList;
@@ -76,11 +83,11 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
      * This method returns a matching permission entity to caller.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of existing permission operation</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the name of existing permission operation</li>
      * </ul>
      *
-     * @param permission must contain the object, {@link org.apache.directory.fortress.core.rbac.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.rbac.Permission#opName}, and optionally object id of targeted permission entity.
+     * @param permission must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, and optionally object id of targeted permission entity.
      * @return Permission entity that is loaded with data.
      * @throws SecurityException if permission not found or system error occurs.
      */
@@ -100,10 +107,10 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
      * Method reads permission object from perm container in directory.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.model.PermObj#objName} - contains the name of existing object being targeted</li>
      * </ul>
      *
-     * @param permObj entity contains the {@link org.apache.directory.fortress.core.rbac.PermObj#objName} of target record.
+     * @param permObj entity contains the {@link org.apache.directory.fortress.core.model.PermObj#objName} of target record.
      * @return PermObj loaded with perm object data.
      * @throws SecurityException is thrown if object not found or system error.
      */
@@ -167,10 +174,10 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
      * Method returns a list of type Permission that match the perm object search string.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.OrgUnit#name} - contains one or more characters of org unit associated with existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.model.OrgUnit#name} - contains one or more characters of org unit associated with existing object being targeted</li>
      * </ul>
      *
-     * @param ou contains org unit name {@link org.apache.directory.fortress.core.rbac.OrgUnit#name}.  The search val contains the full name of matching ou in OS-P data set.
+     * @param ou contains org unit name {@link org.apache.directory.fortress.core.model.OrgUnit#name}.  The search val contains the full name of matching ou in OS-P data set.
      * @return List of type PermObj.  Fortress permissions are object->operation mappings.
      * @throws org.apache.directory.fortress.core.SecurityException
      *          thrown in the event of system error.
@@ -190,10 +197,10 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
      * Method reads Role entity from the role container in directory.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to read.</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#name} - contains the name to use for the Role to read.</li>
      * </ul>
      *
-     * @param role contains role name, {@link org.apache.directory.fortress.core.rbac.Role#name}, to be read.
+     * @param role contains role name, {@link org.apache.directory.fortress.core.model.Role#name}, to be read.
      * @return Role entity that corresponds with role name.
      * @throws SecurityException will be thrown if role not found or system error occurs.
      */
@@ -254,10 +261,10 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
      * Method returns matching User entity that is contained within the people container in the directory.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - contains the userId associated with the User object targeted for read.</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#userId} - contains the userId associated with the User object targeted for read.</li>
      * </ul>
      *
-     * @param user entity contains a value {@link org.apache.directory.fortress.core.rbac.User#userId} that matches record in the directory.  userId is globally unique in
+     * @param user entity contains a value {@link org.apache.directory.fortress.core.model.User#userId} that matches record in the directory.  userId is globally unique in
      *             people container.
      * @return entity containing matching user data.
      * @throws org.apache.directory.fortress.core.SecurityException
@@ -278,7 +285,7 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
      * Return a list of type User of all users in the people container that match all or part of the {@link User#userId} field passed in User entity.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#userId} - contains all or some leading chars that match userId(s) stored in the directory.</li>
      * </ul>
      *
      * @param user contains all or some leading chars that match userIds stored in the directory.
@@ -555,7 +562,7 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
      * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
      * </ul>
      *
-     * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
+     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link Permission#opName}, and optionally object id of targeted permission entity.
      * @return List of type string containing the role names that have the matching perm granted.
      * @throws SecurityException in the event permission not found or system error occurs.
      */
@@ -583,7 +590,7 @@ public class ReviewMgrImpl extends Manageable implements ReviewMgr
      * Return all role names that have been authorized for a given permission.  This will process role hierarchies to determine set of all Roles who have access to a given permission.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link Permission#objName} - contains the name of existing object being targeted</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being targeted</li>
      * <li>{@link Permission#opName} - contains the name of existing permission operation</li>
      * </ul>
      *

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/Role.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Role.java b/src/main/java/org/apache/directory/fortress/core/rbac/Role.java
deleted file mode 100755
index 6a7d168..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Role.java
+++ /dev/null
@@ -1,828 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlSeeAlso;
-import javax.xml.bind.annotation.XmlTransient;
-import javax.xml.bind.annotation.XmlType;
-
-import org.apache.directory.fortress.core.util.time.CUtil;
-import org.apache.directory.fortress.core.util.time.Constraint;
-
-
-/**
- * All entities ({@link User}, {@link Role}, {@link Permission},
- * {@link PwPolicy} {@link SDSet} etc...) are used to carry data between three Fortress
- * layers.starting with the (1) Manager layer down thru middle (2) Process layer and it's processing rules into
- * (3) DAO layer where persistence with the OpenLDAP server occurs.
- * <h4>Fortress Processing Layers</h4>
- * <ol>
- * <li>Manager layer:  {@link AdminMgrImpl}, {@link AccessMgrImpl}, {@link ReviewMgrImpl},...</li>
- * <li>Process layer:  {@link UserP}, {@link RoleP}, {@link PermP},...</li>
- * <li>DAO layer: {@link UserDAO}, {@link RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO},...</li>
- * </ol>
- * Fortress clients first instantiate and populate a data entity before invoking any of the Manager APIs.  The caller must
- * provide enough information to uniquely identity the entity target within ldap.<br />
- * For example, this entity requires {@link #setName} attribute set before passing into {@link AdminMgrImpl} APIs.
- * Create methods sometimes require more attributes (than Read) due to constraints enforced between entities although only {@link Role#setName} is required for {@link Role}.
- * <p/>
- * <h4>Role entity attribute usages include</h4>
- * <ul>
- * <li>{@link #setName} attribute must be set before calling {@link AdminMgrImpl#addRole(Role)}, {@link AdminMgrImpl#updateRole(Role)} or  {@link AdminMgrImpl#deleteRole(Role)}
- * <li>{@link org.apache.directory.fortress.core.util.time.Constraint} may be set <b>before</b> calling method {@link AdminMgrImpl#addRole(Role)}.
- * <li>{@link org.apache.directory.fortress.core.util.time.Constraint} will be <b>returned</b> to caller on methods like {@link ReviewMgrImpl#readRole(Role)} or {@link ReviewMgrImpl#findRoles(String)} iff persisted to entity prior to call.
- * </ul>
- * <p/>
- * This entity is used to store the RBAC Role assignments that comprise the many-to-many relationships between {@link User}s and {@link Permission}s.
- * <br />The unique key to locate a Role entity (which is subsequently assigned both to Users and Permissions) is 'Role.name'.<br />
- * <p/>
- * There is a many-to-many relationship between User's, RBAC Roles and Permissions.
- * <h3>{@link User}*<->*{@link Role}*<->*{@link Permission}</h3>
- * <p/>
- * <img src="../doc-files/RbacCore.png">
- * <p/>
- * Example to create new RBAC Role:
- * <pre>
- * try
- * {
- *  // Instantiate the AdminMgr first
- *  AdminMgr adminMgr = AdminMgrFactory.createInstance();
- *
- *  Role myRole = new Role("MyRoleName");
- *  myRole.setDescription("This is a test role");
- *  adminMgr.addRole(myRole);
- * }
- * catch (SecurityException ex)
- * {
- *  // log or throw
- * }</pre>
- * The above code will persist to LDAP a Role object that can be used as a target for User-Role assignments and Role-Permission grants.
- * <p/>
- * <h4>Role Schema</h4>
- * The Fortress Role entity is a composite of the following other Fortress structural and aux object classes:
- * <p/>
- * 1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.
- * <pre>
- * ------------------------------------------
- * objectclass ( 2.5.6.8 NAME 'organizationalRole'
- *  DESC 'RFC2256: an organizational role'
- *  SUP top STRUCTURAL
- *  MUST cn
- *  MAY (
- *      x121Address $ registeredAddress $ destinationIndicator $
- *      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- *      telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- *      seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
- *      postOfficeBox $ postalCode $ postalAddress $
- *      physicalDeliveryOfficeName $ ou $ st $ l $ description
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 2. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes.
- * <pre>
- * ------------------------------------------
- * Fortress Roles Structural Object Class
- * objectclass    ( 1.3.6.1.4.1.38088.2.1
- *  NAME 'ftRls'
- *  DESC 'Fortress Role Structural Object Class'
- *  SUP organizationalrole
- *  STRUCTURAL
- *  MUST (
- *      ftId $
- *      ftRoleName
- *  )
- *  MAY (
- *      description $
- *      ftCstr $
- *      ftParents
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 3. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity.<br />
- * <code># This aux object class can be used to store custom attributes.</code><br />
- * <code># The properties collections consist of name/value pairs and are not constrainted by Fortress.</code><br />
- * <pre>
- * ------------------------------------------
- * AC2: Fortress Properties Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.2
- *  NAME 'ftProperties'
- *  DESC 'Fortress Properties AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftProps
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 4. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
- * <pre>
- * ------------------------------------------
- * Fortress Audit Modification Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.4
- *  NAME 'ftMods'
- *  DESC 'Fortress Modifiers AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftModifier $
- *      ftModCode $
- *      ftModId
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortRole")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "role", propOrder =
-    {
-        "name",
-        "id",
-        "description",
-        "parents",
-        "children",
-        "beginDate",
-        "beginLockDate",
-        "beginTime",
-        "dayMask",
-        "endDate",
-        "endLockDate",
-        "endTime",
-        "timeout",
-        "rawData"
-})
-@XmlSeeAlso(
-    {
-        AdminRole.class
-})
-public class Role extends FortEntity implements Constraint, Graphable, java.io.Serializable
-{
-private static final long serialVersionUID = 1L;
-private String id; // this maps to ftId
-private String name; // this is ftRoleName
-private String description; // this is description
-@XmlTransient
-private String dn; // this attribute is automatically saved to each ldap record.
-@XmlTransient
-private List<String> occupants;
-private Set<String> parents;
-private Set<String> children;
-private String beginTime; // this attribute is ftCstr
-private String endTime; // this attribute is ftCstr
-private String beginDate; // this attribute is ftCstr
-private String endDate; // this attribute is ftCstr
-private String beginLockDate;// this attribute is ftCstr
-private String endLockDate; // this attribute is ftCstr
-private String dayMask; // this attribute is ftCstr
-private int timeout; // this attribute is ftCstr
-
-
-/**
- * Default constructor is used by internal Fortress classes.
- */
-public Role()
-{
-}
-
-
-/**
- * Construct a Role entity with a given name.
- *
- * @param name maps to 'cn' attribute on 'organizationalrole' object class.
- */
-public Role( String name )
-{
-    this.name = name;
-}
-
-
-/**
- * Construct an RBAC Role with a given temporal constraint.
- *
- * @param con maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-public Role( Constraint con )
-{
-    CUtil.copy( con, this );
-}
-
-
-/**
- * Required on DAO classes convert Temporal attributes stored on entity to raw data object format needed for ldap.  For internal use only.
- *
- * @return String that maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-public String getRawData()
-{
-    return rawData;
-}
-
-
-/**
- * Required on DAO classes convert Temporal from raw ldap data to entity attributes.  For internal use only.
- *
- * @param rawData maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-public void setRawData( String rawData )
-{
-    this.rawData = rawData;
-}
-
-private String rawData;
-
-
-/**
- * Gets the name required attribute of the Role object
- *
- * @return attribute maps to 'cn' attribute on 'organizationalrole' object class.
- */
-public String getName()
-{
-    return name;
-}
-
-
-/**
- * Sets the required name attribute on the Role object
- *
- */
-public void setName( String name )
-{
-    this.name = name;
-}
-
-
-/**
- * Set the occupant attribute with the contents of the User dn.
- * @param occupant maps to 'roleOccupant' attribute on 'organizationalrole' object class.
- */
-public void setOccupant( String occupant )
-{
-    if ( this.occupants == null )
-    {
-        this.occupants = new ArrayList<>();
-    }
-    this.occupants.add( occupant );
-}
-
-
-/**
- * Return list of occupants for a particular Role entity.
- * @return List of type String containing User dn that maps to 'roleOccupant' attribute on 'organizationalrole' object class.
- */
-public List<String> getOccupants()
-{
-    return occupants;
-}
-
-
-/**
- * Set a list of occupants for a particular Role entity.
- * @param occupants contains a List of type String which maps to 'roleOccupant' attribute on 'organizationalrole' object class.
- */
-public void setOccupants( List<String> occupants )
-{
-    this.occupants = occupants;
-}
-
-
-/**
- * Returns optional description that is associated with Role.  This attribute is validated but not constrained by Fortress.
- *
- * @return value that is mapped to 'description' in 'organizationalrole' object class.
- */
-public String getDescription()
-{
-    return this.description;
-}
-
-
-/**
- * Sets the optional description that is associated with Role.  This attribute is validated but not constrained by Fortress.
- *
- * @param description that is mapped to same name in 'organizationalrole' object class.
- */
-public void setDescription( String description )
-{
-    this.description = description;
-}
-
-
-/**
- * Return the internal id that is associated with Role.  This attribute is generated automatically
- * by Fortress when new Role is added to directory and is not known or changeable by external client.
- *
- * @return attribute maps to 'ftId' in 'ftRls' object class.
- */
-public String getId()
-{
-    return id;
-}
-
-
-/**
- * Generate an internal Id that is associated with Role.  This method is used by DAO class and
- * is not available to outside classes.   The generated attribute maps to 'ftId' in 'ftRls' object class.
- */
-public void setId()
-{
-    // generate a unique id that will be used as the rDn for this entry:
-    UUID uuid = UUID.randomUUID();
-    this.id = uuid.toString();
-}
-
-
-/**
- * Set the internal Id that is associated with Role.  This method is used by DAO class and
- * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
- * This method can be used by client for search purposes only.
- *
- * @param id maps to 'ftId' in 'ftRls' object class.
- */
-public void setId( String id )
-{
-    this.id = id;
-}
-
-
-/**
- * temporal boolean flag is used by internal Fortress components.
- *
- * @return boolean indicating if temporal constraints are placed on Role.
- */
-@Override
-public boolean isTemporalSet()
-{
-    return ( beginTime != null || endTime != null || beginDate != null || endDate != null || beginLockDate != null
-        || endLockDate != null || dayMask != null );
-}
-
-
-/**
- * Contains the begin time of day Role is allowed to be activated in session.  The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public String getBeginTime()
-{
-    return this.beginTime;
-}
-
-
-/**
- * Set the begin time of day Role is allowed to be activated in session.  The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @param beginTime maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public void setBeginTime( String beginTime )
-{
-    this.beginTime = beginTime;
-}
-
-
-/**
- * Contains the end time of day Role is allowed to be activated in session.  The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public String getEndTime()
-{
-    return this.endTime;
-}
-
-
-/**
- * Set the end time of day Role is allowed to be activated in session.  The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @param endTime maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public void setEndTime( String endTime )
-{
-    this.endTime = endTime;
-}
-
-
-/**
- * Contains the begin date when Role is allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public String getBeginDate()
-{
-    return this.beginDate;
-}
-
-
-/**
- * Set the beginDate when Role is allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @param beginDate maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public void setBeginDate( String beginDate )
-{
-    this.beginDate = beginDate;
-}
-
-
-/**
- * Contains the end date when Role is allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20101231 (December 31, 2010).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public String getEndDate()
-{
-    return this.endDate;
-}
-
-
-/**
- * Set the end date when Role is not allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @param endDate maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public void setEndDate( String endDate )
-{
-    this.endDate = endDate;
-}
-
-
-/**
- * Contains the begin lock date when Role is temporarily not allowed to be activated in session.  The format is - YYMMDD, i.e. 20100101 (January 1. 2010).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public String getBeginLockDate()
-{
-    return this.beginLockDate;
-}
-
-
-/**
- * Set the begin lock date when Role is temporarily not allowed to be activated in session.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @param beginLockDate maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public void setBeginLockDate( String beginLockDate )
-{
-    this.beginLockDate = beginLockDate;
-}
-
-
-/**
- * Contains the end lock date when Role is allowed to be activated in session once again.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public String getEndLockDate()
-{
-    return this.endLockDate;
-}
-
-
-/**
- * Set the end lock date when Role is allowed to be activated in session once again.  The format is - YYYYMMDD, i.e. 20100101 (January 1. 2010).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @param endLockDate maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public void setEndLockDate( String endLockDate )
-{
-    this.endLockDate = endLockDate;
-}
-
-
-/**
- * Get the daymask that indicates what days of week Role is allowed to be activated in session.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @return attribute maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public String getDayMask()
-{
-    return this.dayMask;
-}
-
-
-/**
- * Set the daymask that specifies what days of week Role is allowed to be activated in session.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @param dayMask maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public void setDayMask( String dayMask )
-{
-    this.dayMask = dayMask;
-}
-
-
-/**
- * Return the integer timeout that contains total time (in seconds) that Role may remain inactive in User's session before it is deactivated.
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @return int maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public Integer getTimeout()
-{
-    return this.timeout;
-}
-
-
-/**
- * Set the integer timeout that contains max time (in seconds) that Role may remain inactive in User's session before it is deactivated.
- * This attribute is optional but if set will be validated for reasonableness.
- *
- * @param timeout maps to 'ftCstr' attribute in 'ftRls' object class.
- */
-@Override
-public void setTimeout( Integer timeout )
-{
-    this.timeout = timeout;
-}
-
-
-/**
- * Get the names of roles that are parents (direct ascendants) of this role.
- * @return Set of parent role names assigned to this role.
- */
-@Override
-public Set<String> getParents()
-{
-    if ( this.parents == null )
-    {
-        this.parents = new HashSet<>();
-    }
-    return parents;
-}
-
-
-/**
- * Set the names of roles names that are parents (direct ascendants) of this role.
- * @param parents contains the Set of parent role names assigned to this role.
- */
-@Override
-public void setParents( Set<String> parents )
-{
-    this.parents = parents;
-}
-
-
-/**
- * Set the occupant attribute with the contents of the User dn.
- * @param parent maps to 'ftParents' attribute on 'ftRls' object class.
- */
-@Override
-public void setParent( String parent )
-{
-    if ( this.parents == null )
-    {
-        this.parents = new HashSet<>();
-    }
-    this.parents.add( parent );
-}
-
-
-/**
- * Set the occupant attribute with the contents of the User dn.
- * @param parent maps to 'ftParents' attribute on 'ftRls' object class.
- */
-@Override
-public void delParent( String parent )
-{
-    if ( this.parents != null )
-    {
-        this.parents.remove( parent );
-    }
-}
-
-
-/**
- * Return the Set of child role names (direct descendants) of this role.
- * @return Set of child role names assigned to this role.
- */
-public Set<String> getChildren()
-{
-    return children;
-}
-
-
-/**
- * Set the Set of child role names (direct descendants) of this role
- * @param children contains the Set of child role names assigned to this role.
- */
-public void setChildren( Set<String> children )
-{
-    this.children = children;
-}
-
-
-/**
- * Matches the name from two Role entities.
- *
- * @param thatObj contains a Role entity.
- * @return boolean indicating both objects contain matching Role names.
- */
-public boolean equals( Object thatObj )
-{
-    if ( this == thatObj )
-    {
-        return true;
-    }
-
-    if ( name == null )
-    {
-        return false;
-    }
-
-    if ( !( thatObj instanceof Role ) )
-    {
-        return false;
-    }
-
-    Role thatRole = ( Role ) thatObj;
-
-    if ( thatRole.getName() == null )
-    {
-        return false;
-    }
-
-    return thatRole.getName().equalsIgnoreCase( name );
-}
-
-
-@Override
-public int hashCode()
-{
-    int result = id != null ? id.hashCode() : 0;
-    result = 31 * result + ( name != null ? name.hashCode() : 0 );
-    result = 31 * result + ( description != null ? description.hashCode() : 0 );
-    result = 31 * result + ( dn != null ? dn.hashCode() : 0 );
-    result = 31 * result + ( occupants != null ? occupants.hashCode() : 0 );
-    result = 31 * result + ( parents != null ? parents.hashCode() : 0 );
-    result = 31 * result + ( children != null ? children.hashCode() : 0 );
-    result = 31 * result + ( beginTime != null ? beginTime.hashCode() : 0 );
-    result = 31 * result + ( endTime != null ? endTime.hashCode() : 0 );
-    result = 31 * result + ( beginDate != null ? beginDate.hashCode() : 0 );
-    result = 31 * result + ( endDate != null ? endDate.hashCode() : 0 );
-    result = 31 * result + ( beginLockDate != null ? beginLockDate.hashCode() : 0 );
-    result = 31 * result + ( endLockDate != null ? endLockDate.hashCode() : 0 );
-    result = 31 * result + ( dayMask != null ? dayMask.hashCode() : 0 );
-    result = 31 * result + timeout;
-    result = 31 * result + ( rawData != null ? rawData.hashCode() : 0 );
-    return result;
-}
-
-
-/**
- * @see Object#toString()
- */
-protected String toString( String tabs )
-{
-    StringBuilder sb = new StringBuilder();
-
-    sb.append( tabs ).append( "Role[" );
-
-    // The name
-    sb.append( name ).append( ", " );
-
-    if ( ( description != null ) && ( description.length() > 0 ) )
-    {
-        sb.append( description ).append( ", " );
-    }
-
-    // the date
-    sb.append( "date : <" ).append( beginDate ).append( ", " ).append( endDate ).append( ">, " );
-
-    // The time
-    sb.append( "time : <" ).append( beginTime ).append( ", " ).append( endTime ).append( ">, " );
-
-    // The lock date
-    sb.append( "lock date : <" ).append( beginLockDate ).append( ", " ).append( endLockDate ).append( ">, " );
-
-    // The timeout
-    sb.append( "timeout : " ).append( timeout ).append( ", " );
-
-    // The day mask
-    sb.append( "daymask : " ).append( dayMask );
-
-    // The parents if any
-    if ( ( parents != null ) && ( parents.size() > 0 ) )
-    {
-        sb.append( ", parents : {" );
-
-        boolean isFirst = true;
-
-        for ( String parent : parents )
-        {
-            if ( isFirst )
-            {
-                isFirst = false;
-            }
-            else
-            {
-                sb.append( '|' );
-            }
-
-            sb.append( parent );
-        }
-
-        sb.append( '}' );
-    }
-
-    // The children if any
-    if ( ( children != null ) && ( children.size() > 0 ) )
-    {
-        sb.append( ", children : {" );
-
-        boolean isFirst = true;
-
-        for ( String child : children )
-        {
-            if ( isFirst )
-            {
-                isFirst = false;
-            }
-            else
-            {
-                sb.append( '|' );
-            }
-
-            sb.append( child );
-        }
-
-        sb.append( '}' );
-    }
-
-    sb.append( ']' );
-
-    return sb.toString();
-}
-
-
-/**
- * @see Object#toString()
- */
-public String toString()
-{
-    return toString( "" );
-}
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/RoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/RoleDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/RoleDAO.java
index 1165d45..ad82428 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/RoleDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/RoleDAO.java
@@ -44,9 +44,7 @@ import org.apache.directory.fortress.core.ObjectFactory;
 import org.apache.directory.fortress.core.RemoveException;
 import org.apache.directory.fortress.core.UpdateException;
 import org.apache.directory.fortress.core.ldap.ApacheDsDataProvider;
-import org.apache.directory.fortress.core.rbac.Graphable;
-import org.apache.directory.fortress.core.rbac.Role;
-import org.apache.directory.fortress.core.rbac.RoleUtil;
+import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 import org.apache.directory.fortress.core.util.time.CUtil;
 

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/RoleP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/RoleP.java b/src/main/java/org/apache/directory/fortress/core/rbac/RoleP.java
index 1e49dd6..a13780e 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/RoleP.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/RoleP.java
@@ -27,6 +27,8 @@ import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GlobalIds;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.ValidationException;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 
@@ -34,7 +36,7 @@ import org.apache.directory.fortress.core.util.attr.VUtil;
  * Process module for the Role entity.  This class performs data validations and error mapping.  It is typically called
  * by internal Fortress manager classes ({@link AdminMgrImpl}, {@link AccessMgrImpl},
  * {@link ReviewMgrImpl}, ...) and not intended for external non-Fortress clients.  This class will accept,
- * {@link org.apache.directory.fortress.core.rbac.Role}, validate its contents and forward on to it's corresponding DAO class {@link RoleDAO}.
+ * {@link org.apache.directory.fortress.core.model.Role}, validate its contents and forward on to it's corresponding DAO class {@link RoleDAO}.
  * <p>
  * Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system
  * error internal to DAO object. This class will forward DAO exceptions ({@link org.apache.directory.fortress.core.FinderException},

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/RolePerm.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/RolePerm.java b/src/main/java/org/apache/directory/fortress/core/rbac/RolePerm.java
deleted file mode 100755
index 61df033..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/RolePerm.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import java.io.Serializable;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-/**
- * This entity is used by en masse to communicate {@link org.apache.directory.fortress.core.rbac.Role}, {@link Permission} and {@link org.apache.directory.fortress.core.rbac.Session} information to the server for access control decisions.
- * <p/>
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortRolePerm")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "rolePerm", propOrder = {
-    "role",
-    "perm"
-})
-public class RolePerm extends FortEntity implements Serializable
-{
-    private static final long serialVersionUID = 1L;
-    
-    private Role role;
-    private Permission perm;
-
-    public Role getRole()
-    {
-        return role;
-    }
-
-    
-    public void setRole(Role role)
-    {
-        this.role = role;
-    }
-    
-
-    public Permission getPerm()
-    {
-        return perm;
-    }
-
-    
-    public void setPerm(Permission perm)
-    {
-        this.perm = perm;
-    }
-
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "RolePerm object: \n" );
-
-        sb.append( "    role :" ).append( role ).append( '\n' );
-        sb.append( "    perm :" ).append( perm ).append( '\n' );
-
-        return sb.toString();
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/RoleRelationship.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/RoleRelationship.java b/src/main/java/org/apache/directory/fortress/core/rbac/RoleRelationship.java
deleted file mode 100755
index 29fe79c..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/RoleRelationship.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-import java.io.Serializable;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-/**
- * This entity is used by en masse to communicate parent and child {@link org.apache.directory.fortress.core.rbac.Role} information to the server.
- * <p/>
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortRoleRelationship")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "roleRelationship", propOrder = {
-    "child",
-    "parent"
-})
-public class RoleRelationship extends FortEntity implements Serializable
-{
-    private static final long serialVersionUID = 1L;
-    private Role parent;
-    private Role child;
-
-    public Role getParent()
-    {
-        return parent;
-    }
-
-    
-    public void setParent(Role parent)
-    {
-        this.parent = parent;
-    }
-
-    
-    public Role getChild()
-    {
-        return child;
-    }
-
-    
-    public void setChild(Role child)
-    {
-        this.child = child;
-    }
-
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "RoleRelationship object: \n" );
-
-        sb.append( "    parent :" ).append( parent ).append( '\n' );
-        sb.append( "    child :" ).append( child ).append( '\n' );
-
-        return sb.toString();
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/RoleUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/RoleUtil.java b/src/main/java/org/apache/directory/fortress/core/rbac/RoleUtil.java
index c030a84..03ae1ae 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/RoleUtil.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/RoleUtil.java
@@ -25,6 +25,11 @@ import java.util.Set;
 import java.util.TreeSet;
 import java.util.concurrent.locks.ReadWriteLock;
 
+import org.apache.directory.fortress.core.model.Hier;
+import org.apache.directory.fortress.core.model.ParentUtil;
+import org.apache.directory.fortress.core.model.Relationship;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.UserRole;
 import org.jgrapht.graph.SimpleDirectedGraph;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -37,12 +42,12 @@ import org.apache.directory.fortress.core.util.cache.CacheMgr;
 
 
 /**
- * This utility wraps {@link org.apache.directory.fortress.core.rbac.HierUtil} methods to provide hierarchical functionality for the {@link org.apache.directory.fortress.core.rbac.Role} data set.
+ * This utility wraps {@link org.apache.directory.fortress.core.rbac.HierUtil} methods to provide hierarchical functionality for the {@link org.apache.directory.fortress.core.model.Role} data set.
  * The {@code cn=Hierarchies, ou=Roles} data is stored within a cache, {@link #roleCache}, contained within this class.  The parent-child edges are contained in LDAP,
  * in {@code ftParents} attribute.  The ldap data is retrieved {@link org.apache.directory.fortress.core.rbac.RoleP#getAllDescendants(String)} and loaded into {@code org.jgrapht.graph.SimpleDirectedGraph}.
  * The graph...
  * <ol>
- * <li>is stored as singleton in this class with vertices of {@code String}, and edges, as {@link Relationship}s</li>
+ * <li>is stored as singleton in this class with vertices of {@code String}, and edges, as {@link org.apache.directory.fortress.core.model.Relationship}s</li>
  * <li>utilizes open source library, see <a href="http://www.jgrapht.org/">JGraphT</a>.</li>
  * <li>contains a general hierarchical data structure i.e. allows multiple inheritance with parents.</li>
  * <li>is a simple directed graph thus does not allow cycles.</li>
@@ -57,7 +62,7 @@ import org.apache.directory.fortress.core.util.cache.CacheMgr;
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-public final class RoleUtil
+public final class RoleUtil implements ParentUtil
 {
     private static final Cache roleCache;
     private static final RoleP roleP = new RoleP();
@@ -65,7 +70,7 @@ public final class RoleUtil
     private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
 
     /**
-     * Initialize the Role hierarchies.  This will read the {@link org.apache.directory.fortress.core.rbac.Hier} data set from ldap and load into
+     * Initialize the Role hierarchies.  This will read the {@link org.apache.directory.fortress.core.model.Hier} data set from ldap and load into
      * the JGraphT simple digraph that referenced statically within this class.
      */
     static
@@ -83,12 +88,12 @@ public final class RoleUtil
     }
 
     /**
-     * Used to determine if one {@link org.apache.directory.fortress.core.rbac.Role} is the parent of another.  This method
+     * Used to determine if one {@link org.apache.directory.fortress.core.model.Role} is the parent of another.  This method
      * will call recursive routine {@link #getAscendants(String, String)} to walk the {@code org.jgrapht.graph.SimpleDirectedGraph} data structure
      * returning flag indicating if parent-child relationship is valid.
      *
-     * @param child  maps to logical {@link org.apache.directory.fortress.core.rbac.Role#name} on 'ftRls' object class.
-     * @param parent maps to logical {@link org.apache.directory.fortress.core.rbac.Role#name} on 'ftRels' object class.
+     * @param child  maps to logical {@link org.apache.directory.fortress.core.model.Role#name} on 'ftRls' object class.
+     * @param parent maps to logical {@link org.apache.directory.fortress.core.model.Role#name} on 'ftRels' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return boolean result, 'true' indicates parent/child relationship exists.
      */
@@ -105,11 +110,11 @@ public final class RoleUtil
 
 
     /**
-     * Recursively traverse the {@link org.apache.directory.fortress.core.rbac.Role} graph and return all of the descendants of a given node {@link org.apache.directory.fortress.core.rbac.Role#name}.
+     * Recursively traverse the {@link org.apache.directory.fortress.core.model.Role} graph and return all of the descendants of a given node {@link org.apache.directory.fortress.core.model.Role#name}.
      *
-     * @param roleName {@link org.apache.directory.fortress.core.rbac.Role#name} on 'ftRls' object class.
+     * @param roleName {@link org.apache.directory.fortress.core.model.Role#name} on 'ftRls' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of Role names are descendants {@link org.apache.directory.fortress.core.rbac.Role}s of given parent.
+     * @return Set of Role names are descendants {@link org.apache.directory.fortress.core.model.Role}s of given parent.
      */
     public static Set<String> getDescendants( String roleName, String contextId )
     {
@@ -118,11 +123,11 @@ public final class RoleUtil
 
 
     /**
-     * Traverse the {@link org.apache.directory.fortress.core.rbac.Role} graph and return all children (direct descendants) of a given parent node {@link org.apache.directory.fortress.core.rbac.Role#name}.
+     * Traverse the {@link org.apache.directory.fortress.core.model.Role} graph and return all children (direct descendants) of a given parent node {@link org.apache.directory.fortress.core.model.Role#name}.
      *
-     * @param roleName {@link org.apache.directory.fortress.core.rbac.Role#name} on 'ftRls' object class.
+     * @param roleName {@link org.apache.directory.fortress.core.model.Role#name} on 'ftRls' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
-     * @return Set of Role names are children {@link org.apache.directory.fortress.core.rbac.Role}s of given parent.
+     * @return Set of Role names are children {@link org.apache.directory.fortress.core.model.Role}s of given parent.
      */
     public static Set<String> getChildren( String roleName, String contextId )
     {
@@ -133,7 +138,7 @@ public final class RoleUtil
     /**
      * Recursively traverse the hierarchical role graph and return all of the ascendants of a given role.
      *
-     * @param roleName maps to logical {@link org.apache.directory.fortress.core.rbac.Role#name} on 'ftRls' object class.
+     * @param roleName maps to logical {@link org.apache.directory.fortress.core.model.Role#name} on 'ftRls' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return Set of Role names that are ascendants of given child.
      */
@@ -146,7 +151,7 @@ public final class RoleUtil
     /**
      * Traverse the hierarchical role graph and return all of the parents (direct ascendants) of a given role.
      *
-     * @param roleName maps to logical {@link org.apache.directory.fortress.core.rbac.Role#name} on 'ftRls' object class.
+     * @param roleName maps to logical {@link org.apache.directory.fortress.core.model.Role#name} on 'ftRls' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return Set of Role names that are parents of given child.
      */
@@ -157,9 +162,22 @@ public final class RoleUtil
 
 
     /**
+     * Traverse the hierarchical role graph and return all of the parents (direct ascendants) of a given role.
+     *
+     * @param roleName maps to logical {@link org.apache.directory.fortress.core.model.Role#name} on 'ftRls' object class.
+     * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
+     * @return Set of Role names that are parents of given child.
+     */
+    public Set<String> getParentsCB( String roleName, String contextId )
+    {
+        return HierUtil.getParents( roleName.toUpperCase(), getGraph( contextId ) );
+    }
+
+
+    /**
      * Determine the number of children (direct descendants) a given parent role has.
      *
-     * @param roleName maps to logical {@link org.apache.directory.fortress.core.rbac.Role#name} on 'ftRls' object class.
+     * @param roleName maps to logical {@link org.apache.directory.fortress.core.model.Role#name} on 'ftRls' object class.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return int value contains the number of children of a given parent nRole.
      */
@@ -170,10 +188,10 @@ public final class RoleUtil
 
 
     /**
-     * Return Set of RBAC {@link org.apache.directory.fortress.core.rbac.Role#name}s ascendants.  Used by {@link org.apache.directory.fortress.core.rbac.PermDAO#checkPermission}
-     * for computing authorized {@link UserRole#name}s.
+     * Return Set of RBAC {@link org.apache.directory.fortress.core.model.Role#name}s ascendants.  Used by {@link org.apache.directory.fortress.core.rbac.PermDAO#checkPermission}
+     * for computing authorized {@link org.apache.directory.fortress.core.model.UserRole#name}s.
      *
-     * @param uRoles contains list of Roles activated within a {@link org.apache.directory.fortress.core.rbac.User}'s {@link org.apache.directory.fortress.core.rbac.Session}.
+     * @param uRoles contains list of Roles activated within a {@link org.apache.directory.fortress.core.model.User}'s {@link org.apache.directory.fortress.core.model.Session}.
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @return contains Set of all authorized RBAC Roles for a given User.
      */
@@ -276,8 +294,8 @@ public final class RoleUtil
      * Method will throw {@link org.apache.directory.fortress.core.ValidationException} if rule check fails meaning caller failed validation
      * attempt to add/remove hierarchical relationship failed.
      *
-     * @param childRole  contains {@link org.apache.directory.fortress.core.rbac.Role#name} of child.
-     * @param parentRole contains {@link org.apache.directory.fortress.core.rbac.Role#name} of parent.
+     * @param childRole  contains {@link org.apache.directory.fortress.core.model.Role#name} of child.
+     * @param parentRole contains {@link org.apache.directory.fortress.core.model.Role#name} of parent.
      * @param mustExist  boolean is used to specify if relationship must be true.
      * @throws org.apache.directory.fortress.core.ValidationException
      *          in the event it fails one of the 3 checks.
@@ -296,7 +314,7 @@ public final class RoleUtil
      *
      * @param contextId maps to sub-tree in DIT, for example ou=contextId, dc=jts, dc = com.
      * @param relationship contains parent-child relationship targeted for addition.
-     * @param op   used to pass the ldap op {@link org.apache.directory.fortress.core.rbac.Hier.Op#ADD}, {@link org.apache.directory.fortress.core.rbac.Hier.Op#MOD}, {@link org.apache.directory.fortress.core.rbac.Hier.Op#REM}
+     * @param op   used to pass the ldap op {@link org.apache.directory.fortress.core.model.Hier.Op#ADD}, {@link org.apache.directory.fortress.core.model.Hier.Op#MOD}, {@link org.apache.directory.fortress.core.model.Hier.Op#REM}
      * @throws org.apache.directory.fortress.core.SecurityException in the event of a system error.
      */
     static void updateHier( String contextId, Relationship relationship, Hier.Op op ) throws SecurityException

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/SDSet.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/SDSet.java b/src/main/java/org/apache/directory/fortress/core/rbac/SDSet.java
deleted file mode 100755
index 518f2fd..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/SDSet.java
+++ /dev/null
@@ -1,437 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlEnum;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-import java.io.Serializable;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.TreeSet;
-import java.util.UUID;
-
-
-/**
- * <h4>Static Separation of Duties Schema</h4>
- * The Fortress SDSet entity is a composite of the following other Fortress structural and aux object classes:
- * <p/>
- * 1. organizationalRole Structural Object Class is used to store basic attributes like cn and description.
- * <pre>
- * ------------------------------------------
- * objectclass ( 2.5.6.8 NAME 'organizationalRole'
- *  DESC 'RFC2256: an organizational role'
- *  SUP top STRUCTURAL
- *  MUST cn
- *  MAY (
- *      x121Address $ registeredAddress $ destinationIndicator $
- *      preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
- *      telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
- *      seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
- *      postOfficeBox $ postalCode $ postalAddress $
- *      physicalDeliveryOfficeName $ ou $ st $ l $ description
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * 2. The RBAC Separation of14:14 Duties includes:
- * <p/> Static Separation of Duties
- * <img src="../doc-files/RbacSSD.png">
- * <pre>
- * ------------------------------------------
- * Fortress Dynamic Separation of Duties Structural Object Class
- *  objectclass    ( 1.3.6.1.4.1.38088.2.5
- *  NAME 'ftDSDSet'
- *  DESC 'Fortress Role Dynamic Separation of Duty Set Structural Object Class'
- *  SUP organizationalrole
- *  STRUCTURAL
- *  MUST (
- *      ftId $
- *      ftSetName $
- *      ftSetCardinality
- *  )
- *  MAY (
- *      ftRoles $
- *      description
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- * OR
- * <p/> Dynamic Separation of Duties
- * <img src="../doc-files/RbacDSD.png">
- * <pre>
- * ------------------------------------------
- * Fortress Static Separation of Duties Structural Object Class
- *  objectclass    ( 1.3.6.1.4.1.38088.2.4
- *  NAME 'ftSSDSet'
- *  DESC 'Fortress Role Static Separation of Duty Set Structural Object Class'
- *  SUP organizationalrole
- *  STRUCTURAL
- *  MUST (
- *      ftId $
- *      ftSetName $
- *      ftSetCardinality
- *  )
- *  MAY (
- *      ftRoles $
- *      description
- *  )
- *)
- * ------------------------------------------
- * </pre>
- * <p/>
- * 3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity.
- * <pre>
- * ------------------------------------------
- * Fortress Audit Modification Auxiliary Object Class
- * objectclass ( 1.3.6.1.4.1.38088.3.4
- *  NAME 'ftMods'
- *  DESC 'Fortress Modifiers AUX Object Class'
- *  AUXILIARY
- *  MAY (
- *      ftModifier $
- *      ftModCode $
- *      ftModId
- *  )
- * )
- * ------------------------------------------
- * </pre>
- * <p/>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortSet")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "sdset", propOrder =
-    {
-        "name",
-        "id",
-        "description",
-        "cardinality",
-        "members",
-        "type"
-})
-public class SDSet extends FortEntity implements Serializable, Comparable<SDSet>
-{
-    /** Default serialVersionUID */
-    private static final long serialVersionUID = 1L;
-    private String id;
-    private String name;
-    private String description;
-    private Integer cardinality;
-    @XmlElement(nillable = true)
-    private Set<String> members;
-    private SDType type;
-
-    /**
-     * enum for SSD or DSD data sets.  Both nodes will be stored in the same LDAP container but use different
-     * object classes.
-     * SDType determines if 'ftSSDSet' or 'ftDSDSet' object class is used.
-     */
-    @XmlType(name = "sdtype")
-    @XmlEnum
-    public enum SDType
-    {
-        /**
-         * Static Separation of Duty data set.
-         */
-        STATIC,
-
-        /**
-         * Dynamic Separation of Duty data set.
-         */
-        DYNAMIC
-    }
-
-
-    /**
-     * Get the required type of SD Set - 'STATIC' Or 'DYNAMIC'.
-     *
-     * @return type that maps to either 'ftSSDSet' or 'ftDSDSet' object class is used.
-     */
-    public SDType getType()
-    {
-        return type;
-    }
-
-
-    /**
-     * Set the required type of SD Set - 'STATIC' Or 'DYNAMIC'.
-     *
-     * @param type maps to either 'ftSSDSet' or 'ftDSDSet' object class is used.
-     */
-    public void setType( SDType type )
-    {
-        this.type = type;
-    }
-
-
-    /**
-     * Create a new, empty map that is used to load Role members.  This method is called by any class
-     * that needs to create an SDSet set.
-     *
-     * @return Set that sorts members by alphabetical order.
-     */
-    private static Set<String> createMembers()
-    {
-        return new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
-    }
-
-
-    /**
-     * Return the name of SDSet entity.  This field is required.
-     *
-     * @return attribute maps to 'cn' attribute on the 'organizationalRole' object class.
-     */
-    public String getName()
-    {
-        return this.name;
-    }
-
-
-    /**
-     * Set the name of SDSet entity.  This field is required.
-     *
-     * @param name maps to 'cn' attribute on the 'organizationalRole' object class.
-     */
-    public void setName( String name )
-    {
-        this.name = name;
-    }
-
-
-    /**
-     * Returns optional description that is associated with SDSet.  This attribute is validated but not constrained by Fortress.
-     *
-     * @return value that is mapped to 'description' in 'organizationalrole' object class.
-     */
-    public String getDescription()
-    {
-        return this.description;
-    }
-
-
-    /**
-     * Sets the optional description that is associated with SDSet.  This attribute is validated but not constrained by Fortress.
-     *
-     * @param description that is mapped to same name in 'organizationalrole' object class.
-     */
-    public void setDescription( String description )
-    {
-        this.description = description;
-    }
-
-
-    /**
-     * Return the internal id that is associated with SDSet.  This attribute is generated automatically
-     * by Fortress when new SDSet is added to directory and is not known or changeable by external client.
-     *
-     * @return attribute maps to 'ftId' in either 'ftSSDSet' or 'ftDSDSet' object class.
-     */
-    public String getId()
-    {
-        return id;
-    }
-
-
-    /**
-     * Generate an internal Id that is associated with SDSet.  This method is used by DAO class and
-     * is not available to outside classes.   The generated attribute maps to 'ftId' in either 'ftSSDSet' or 'ftDSDSet' object class.
-     */
-    public void setId()
-    {
-        // generate a unique id that will be used as the rDn for this entry:
-        UUID uuid = UUID.randomUUID();
-        this.id = uuid.toString();
-    }
-
-
-    /**
-     * Set the internal Id that is associated with Role.  This method is used by DAO class and
-     * is generated automatically by Fortress.  Attribute stored in LDAP cannot be changed by external caller.
-     * This method can be used by client for search purposes only.
-     *
-     * @param id maps to 'ftId' in either 'ftSSDSet' or 'ftDSDSet' object class.
-     */
-    public void setId( String id )
-    {
-        this.id = id;
-    }
-
-
-    /**
-     * Return the numeric value that reflects the membership cardinality for SDSet.  A value of '2' indicates
-     * the Role membership is mutually exclusive amongst members.  A value of '3' indicates no more than two Roles
-     * in set can be assigned to a single User (SSD) or activated within a single Session (DSD).  A value of '4' indicates
-     * no more than three Roles may be used at a time, etc...
-     *
-     * @return attribute maps to 'ftSetCardinality' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
-     */
-    public Integer getCardinality()
-    {
-        return cardinality;
-    }
-
-
-    /**
-     * Set the numeric value that reflects the membership cardinality for SDSet.  A value of '2' indicates
-     * the Role membership is mutually exclusive amongst members.  A value of '3' indicates no more than two Roles
-     * in set can be assigned to a single User (SSD) or activated within a single Session (DSD).  A value of '4' indicates
-     * no more than three Roles may be used at a time, etc...
-     *
-     */
-    public void setCardinality( Integer cardinality )
-    {
-        this.cardinality = cardinality;
-    }
-
-
-    /**
-     * Return the alphabetically sorted Set containing Role membership to SDSet.
-     *
-     * @return attribute maps to 'ftRoles' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
-     */
-    //@XmlJavaTypeAdapter(SetAdapter.class)
-    public Set<String> getMembers()
-    {
-        return members;
-    }
-
-
-    /**
-     * Set an alphabetically sorted Set containing Role membership to SDSet.
-     *
-     * @param members attribute maps to 'ftRoles' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
-     */
-    public void setMembers( Set<String> members )
-    {
-        this.members = members;
-    }
-
-
-    /**
-     * Add a member to the set.
-     *
-     * @param member role name.
-     */
-    public void setMember( String member )
-    {
-        if ( this.members == null )
-        {
-            this.members = new HashSet<>();
-        }
-        this.members.add( member );
-    }
-
-
-    /**
-     * Add a member to an alphabetically sorted Set containing Role membership to SDSet.
-     *
-     * @param role attribute maps to 'ftRoles' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
-     */
-    public void addMember( String role )
-    {
-        if ( this.members == null )
-        {
-            this.members = createMembers();
-        }
-        this.members.add( role );
-    }
-
-
-    /**
-     * Remove a member from the alphabetically sorted Set containing Role membership to SDSet.
-     *
-     * @param role attribute maps to 'ftRoles' attribute in either 'ftSSDSet' or 'ftDSDSet' object class.
-     */
-    public void delMember( String role )
-    {
-        if ( this.members == null )
-        {
-            return;
-        }
-        this.members.remove( role );
-    }
-
-
-    public int compareTo( SDSet that )
-    {
-        return name.compareToIgnoreCase( that.getName() );
-    }
-
-
-    /**
-     * Matches the name from two SDSet entities.
-     *
-     * @param thatObj contains an SDSet entity.
-     * @return boolean indicating both objects contain matching SDSet names.
-     */
-    public boolean equals( Object thatObj )
-    {
-        if ( this == thatObj )
-        {
-            return true;
-        }
-        if ( this.getName() == null )
-        {
-            return false;
-        }
-        if ( ( thatObj instanceof Role ) )
-        {
-            return false;
-        }
-        SDSet thatSet = ( SDSet ) thatObj;
-        if ( thatSet.getName() == null )
-        {
-            return false;
-        }
-        return thatSet.getName().equalsIgnoreCase( this.getName() );
-    }
-
-
-    @Override
-    public int hashCode()
-    {
-        int result = id != null ? id.hashCode() : 0;
-        result = 31 * result + ( name != null ? name.hashCode() : 0 );
-        result = 31 * result + ( description != null ? description.hashCode() : 0 );
-        result = 31 * result + ( cardinality != null ? cardinality.hashCode() : 0 );
-        result = 31 * result + ( members != null ? members.hashCode() : 0 );
-        result = 31 * result + ( type != null ? type.hashCode() : 0 );
-        return result;
-    }
-
-
-    @Override
-    public String toString()
-    {
-        return "SDSet{" +
-            "name='" + name + '\'' +
-            '}';
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/SDUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/SDUtil.java b/src/main/java/org/apache/directory/fortress/core/rbac/SDUtil.java
index 322b648..b8b0bd3 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/SDUtil.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/SDUtil.java
@@ -26,6 +26,11 @@ import org.apache.directory.fortress.core.ReviewMgrFactory;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.ReviewMgr;
 import org.apache.directory.fortress.core.cfg.Config;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.SDSet;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.User;
+import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 import org.apache.directory.fortress.core.util.cache.Cache;
 import org.apache.directory.fortress.core.util.cache.CacheMgr;

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/SdDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/SdDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/SdDAO.java
index 8cf2209..c85338d 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/SdDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/SdDAO.java
@@ -37,6 +37,7 @@ import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
 import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
 import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.fortress.core.model.SDSet;
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.fortress.core.CreateException;
 import org.apache.directory.fortress.core.FinderException;
@@ -46,9 +47,7 @@ import org.apache.directory.fortress.core.ObjectFactory;
 import org.apache.directory.fortress.core.RemoveException;
 import org.apache.directory.fortress.core.UpdateException;
 import org.apache.directory.fortress.core.ldap.ApacheDsDataProvider;
-import org.apache.directory.fortress.core.rbac.Role;
-import org.apache.directory.fortress.core.rbac.RoleUtil;
-import org.apache.directory.fortress.core.rbac.SDSet;
+import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 


Mime
View raw message