directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [11/19] directory-fortress-core git commit: FC-109 - break core package cycles
Date Mon, 01 Jun 2015 23:02:16 GMT
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/UserRole.java b/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
new file mode 100755
index 0000000..421ba8e
--- /dev/null
+++ b/src/main/java/org/apache/directory/fortress/core/model/UserRole.java
@@ -0,0 +1,640 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.fortress.core.model;
+
+
+import java.io.Serializable;
+import java.util.Set;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlSeeAlso;
+import javax.xml.bind.annotation.XmlType;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.rbac.RoleUtil;
+import org.apache.directory.fortress.core.util.attr.VUtil;
+import org.apache.directory.fortress.core.util.time.CUtil;
+import org.apache.directory.fortress.core.util.time.Constraint;
+
+
+/**
+ * The Fortress UserRole entity is used to store an RBAC User to Role assignment along with its temporal constraint
+ * values.
+ * The contents of the UserRole entity will be stored on the User entity in the 'ftRA' (Role name) and 'ftRC'
+ * (Temporal Constraints) attributes on the 'ftUserAttrs' object class.
+ * The UserRole entity carries elements of {@link org.apache.directory.fortress.core.util.time.Constraint}.  Any attributes of
+ * Constraint not set within this entity
+ * will use same attribute from the {@link org.apache.directory.fortress.core.model.Role} entity.  Thus the UserRole can override
+ * Constraint attributes from it's corresponding Role if required by caller.
+ * <p/>
+ * <h4>UserRole Schema</h4>
+ * ftUserAttrs is used to store RBAC and ARBAC Role role assignments and other security attributes on User entity.
+ * <pre>
+ * ------------------------------------------
+ * Fortress User Attributes Auxiliary Object Class
+ * objectclass ( 1.3.6.1.4.1.38088.3.1
+ *  NAME 'ftUserAttrs'
+ *  DESC 'Fortress User Attribute AUX Object Class'
+ *  AUXILIARY
+ *  MUST (
+ *      ftId
+ *  )
+ *  MAY (
+ *      ftRC $
+ *      ftRA $
+ *      ftARC $
+ *      ftARA $
+ *      ftCstr $
+ *      ftSystem
+ *  )
+ * )
+ * ------------------------------------------
+ * </pre>
+ * <p/>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@XmlRootElement( name = "fortUserRole" )
+@XmlAccessorType( XmlAccessType.FIELD )
+@XmlType( name = "userRole", propOrder = {"name", "userId", "parents", "beginDate", "beginLockDate", "beginTime",
+    "dayMask", "endDate", "endLockDate", "endTime", "timeout"} )
+@XmlSeeAlso( {UserAdminRole.class} )
+public class UserRole extends FortEntity implements Serializable, Constraint
+{
+    private static final long serialVersionUID = 1L;
+    
+    protected String userId;
+    protected String name;
+    private Integer timeout;
+    private String beginTime;
+    private String endTime;
+    private String beginDate;
+    private String endDate;
+    private String beginLockDate;
+    private String endLockDate;
+    private String dayMask;
+    @XmlElement( nillable = true )
+    private Set<String> parents;
+
+
+    /**
+     * Default constructor is used by internal Fortress classes.
+     */
+    public UserRole()
+    {
+    }
+
+
+    /**
+     * Construct a UserRole entity given the required attributes 'userId' and 'role' name.
+     *
+     * @param userId maps to the 'uid' attribute on the 'inetOrgPerson' object class.
+     * @param role   maps to the 'ftRA' attribute on the 'ftUserAttrs' object class.
+     */
+    public UserRole( String userId, String role )
+    {
+        this.userId = userId;
+        name = role;
+
+    }
+
+
+    /**
+     * Construct an RBAC Role with required attribute 'userId' and optional temporal constraint.
+     *
+     * @param userId maps to the 'uid' attribute on the 'inetOrgPerson' object class.
+     * @param con    maps to 'ftRC' attribute in 'ftUserAttrs' object class.
+     */
+    public UserRole( String userId, Constraint con )
+    {
+        this.userId = userId;
+        CUtil.copy( con, this );
+    }
+
+
+    /**
+     * Construct a UserRole entity given the required attribute role' name.
+     *
+     * @param role maps to the 'ftRA' attribute on the 'ftUserAttrs' object class.
+     */
+    public UserRole( String role )
+    {
+        name = role;
+    }
+
+    /**
+     * This method loads UserRole entity temporal constraint instance variables with data that was retrieved from the
+     * 'ftRC' attribute on the 'ftUserAttrs' object class.  This is the raw format that Fortress uses to condense the
+     * temporal data into
+     * a compact String for efficient storage and retrieval and is not intended to be called by external programs.
+     *
+     * @param szRawData contains a raw formatted String that maps to 'ftRC' attribute on 'ftUserAttrs' object class
+     * @param contextId contains the tenant id.
+     * @param parentUtil provides method to getParents.
+     */
+    public void load( String szRawData, String contextId, ParentUtil parentUtil )
+    {
+        if ( ( szRawData != null ) && ( szRawData.length() > 0 ) )
+        {
+            String[] tokens = StringUtils.splitPreserveAllTokens( szRawData, GlobalIds.DELIMITER );
+            for ( int i = 0; i < tokens.length; i++ )
+            {
+                if ( VUtil.isNotNullOrEmpty( tokens[i] ) )
+                {
+                    switch ( i )
+                    {
+                        case 0:
+                            name = tokens[i];
+                            parents = parentUtil.getParentsCB( name.toUpperCase(), contextId );
+                            break;
+
+                        case 1:
+                            timeout = Integer.parseInt( tokens[i] );
+                            break;
+
+                        case 2:
+                            beginTime = tokens[i];
+                            break;
+
+                        case 3:
+                            endTime = tokens[i];
+                            break;
+
+                        case 4:
+                            beginDate = tokens[i];
+                            break;
+
+                        case 5:
+                            endDate = tokens[i];
+                            break;
+
+                        case 6:
+                            beginLockDate = tokens[i];
+                            break;
+
+                        case 7:
+                            endLockDate = tokens[i];
+                            break;
+
+                        case 8:
+                            dayMask = tokens[i];
+                            break;
+                    }
+                }
+            }
+        }
+    }
+
+
+    /**
+     * Required on DAO classes convert Temporal attributes stored on entity to raw data object format needed for ldap
+     * .  For internal use only.
+     *
+     * @return String that maps to 'ftRA' attribute on the 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getRawData()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( name );
+        sb.append( GlobalIds.DELIMITER );
+        sb.append( timeout );
+        sb.append( GlobalIds.DELIMITER );
+
+        if ( beginTime != null )
+        {
+            sb.append( beginTime );
+        }
+
+        sb.append( GlobalIds.DELIMITER );
+
+        if ( endTime != null )
+        {
+            sb.append( endTime );
+        }
+
+        sb.append( GlobalIds.DELIMITER );
+
+        if ( beginDate != null )
+        {
+            sb.append( beginDate );
+        }
+
+        sb.append( GlobalIds.DELIMITER );
+
+        if ( endDate != null )
+        {
+            sb.append( endDate );
+        }
+
+        sb.append( GlobalIds.DELIMITER );
+
+        if ( beginLockDate != null )
+        {
+            sb.append( beginLockDate );
+        }
+
+        sb.append( GlobalIds.DELIMITER );
+
+        if ( endLockDate != null )
+        {
+            sb.append( endLockDate );
+        }
+
+        sb.append( GlobalIds.DELIMITER );
+
+        if ( dayMask != null )
+        {
+            sb.append( dayMask );
+        }
+
+        return sb.toString();
+    }
+
+
+    /**
+     * Return the userId that is associated with UserRole.  UserId is required attribute and must be set on all
+     * UserRole assignment operations.
+     *
+     * @return attribute maps to 'uid' in 'inetOrgPerson' object class.
+     */
+    public String getUserId()
+    {
+        return userId;
+    }
+
+
+    /**
+     * Set the userId that is associated with UserRole.  UserId is required attribute and must be set on all UserRole
+     * assignment operations.
+     *
+     * @param userId maps to 'uid' in 'inetOrgPerson' object class.
+     */
+    public void setUserId( String userId )
+    {
+        this.userId = userId;
+    }
+
+
+    /**
+     * Get the Role name required attribute of the UserRole object
+     *
+     * @param name maps to 'ftRC' and 'ftRA' attributes on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setName( String name )
+    {
+        this.name = name;
+    }
+
+
+    /**
+     * Set the Role name required attribute of the UserRole object
+     *
+     * @return attribute maps to 'ftRC' and 'ftRA' attributes on 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getName()
+    {
+        return name;
+    }
+
+
+    /**
+     * temporal boolean flag is used by internal Fortress components.
+     *
+     * @return boolean indicating if temporal constraints are placed on UserRole.
+     */
+    @Override
+    public boolean isTemporalSet()
+    {
+        return ( beginTime != null || endTime != null || beginDate != null || endDate != null || beginLockDate !=
+            null || endLockDate != null || dayMask != null );
+    }
+
+
+    /**
+     * Set the integer timeout that contains max time (in seconds) that entity may remain inactive.
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param timeout maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setTimeout( Integer timeout )
+    {
+        this.timeout = timeout;
+    }
+
+
+    /**
+     * Set the begin time of day entity is allowed to be activated in system.  The format is military time - HHMM,
+     * i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param beginTime maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setBeginTime( String beginTime )
+    {
+        this.beginTime = beginTime;
+    }
+
+
+    /**
+     * Set the end time of day entity is allowed to be activated in system.  The format is military time - HHMM,
+     * i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param endTime maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setEndTime( String endTime )
+    {
+        this.endTime = endTime;
+    }
+
+
+    /**
+     * Set the beginDate when entity is allowed to be activated in system.  The format is - YYYYMMDD,
+     * i.e. 20100101 (January 1, 2001).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param beginDate maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setBeginDate( String beginDate )
+    {
+        this.beginDate = beginDate;
+    }
+
+
+    /**
+     * Set the end date when entity is not allowed to be activated in system.  The format is - YYYYMMDD,
+     * i.e. 20100101 (January 1. 2010).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param endDate maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setEndDate( String endDate )
+    {
+        this.endDate = endDate;
+    }
+
+
+    /**
+     * Set the daymask that specifies what days of week entity is allowed to be activated in system.  The format is
+     * 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param dayMask maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setDayMask( String dayMask )
+    {
+        this.dayMask = dayMask;
+    }
+
+
+    /**
+     * Set the begin lock date when entity is temporarily not allowed to be activated in system.  The format is -
+     * YYYYMMDD, 20100101 (January 1. 2010).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param beginLockDate maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setBeginLockDate( String beginLockDate )
+    {
+        this.beginLockDate = beginLockDate;
+    }
+
+
+    /**
+     * Set the end lock date when entity is allowed to be activated in system once again.  The format is - YYYYMMDD,
+     * i.e. 20100101 (January 1. 2010).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @param endLockDate maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public void setEndLockDate( String endLockDate )
+    {
+        this.endLockDate = endLockDate;
+    }
+
+
+    /**
+     * Return the integer timeout that contains total time (in seconds) that entity may remain inactive.
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return int that maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public Integer getTimeout()
+    {
+        return timeout;
+    }
+
+
+    /**
+     * Contains the begin time of day entity is allowed to be activated in system.  The format is military time -
+     * HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return String that maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getBeginTime()
+    {
+        return beginTime;
+    }
+
+
+    /**
+     * Contains the end time of day entity is allowed to be activated in system.  The format is military time - HHMM,
+     * i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return String that maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getEndTime()
+    {
+        return endTime;
+    }
+
+
+    /**
+     * Contains the begin date when entity is allowed to be activated in system.  The format is - YYYYMMDD,
+     * i.e. 20100101 (January 1. 2010).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return String that maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getBeginDate()
+    {
+        return beginDate;
+    }
+
+
+    /**
+     * Contains the end date when entity is allowed to be activated in system.  The format is - YYYYMMDD,
+     * i.e. 20101231 (December 31, 2011).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return String that maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getEndDate()
+    {
+        return endDate;
+    }
+
+
+    /**
+     * Contains the begin lock date when entity is temporarily not allowed to activated in system.  The format is -
+     * YYYYMMDD, i.e. 20100101 (January 1. 2010).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return String that maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getBeginLockDate()
+    {
+        return beginLockDate;
+    }
+
+
+    /**
+     * Contains the end lock date when entity is allowed to be activated in system once again.  The format is -
+     * YYYYMMDD, i.e. 20100101 (January 1. 2010).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return String that maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getEndLockDate()
+    {
+        return endLockDate;
+    }
+
+
+    /**
+     * Get the daymask that indicates what days of week entity is allowed to be activated in system.  The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
+     * This attribute is optional but if set will be validated for reasonableness.
+     *
+     * @return String that maps to 'ftRC', attribute on 'ftUserAttrs' object class.
+     */
+    @Override
+    public String getDayMask()
+    {
+        return dayMask;
+    }
+
+
+    /**
+     * Get the names of roles that are parents (direct ascendants) of this role.
+     *
+     * @return Set of parent role names assigned to this role.
+     */
+    public Set<String> getParents()
+    {
+        return parents;
+    }
+
+
+    /**
+     * Set the names of roles names that are parents (direct ascendants) of this role.
+     *
+     * @param parents contains the Set of parent role names assigned to this role.
+     */
+    public void setParents( Set<String> parents )
+    {
+        this.parents = parents;
+    }
+
+
+    /**
+     * Matches the userId and role name from two UserRole entities.
+     *
+     * @param thatObj contains a UserRole entity.
+     * @return boolean indicating both objects contain matching userId and Role names.
+     */
+    public boolean equals( Object thatObj )
+    {
+        if ( this == thatObj )
+        {
+            return true;
+        }
+
+        if ( name == null )
+        {
+            return false;
+        }
+
+        if ( !( thatObj instanceof UserRole ) )
+        {
+            return false;
+        }
+
+        UserRole thatRole = ( UserRole ) thatObj;
+
+        if ( thatRole.getName() == null )
+        {
+            return false;
+        }
+
+        return ( thatRole.getName().equalsIgnoreCase( name ) );
+    }
+
+    @Override
+    public int hashCode()
+    {
+        int result = userId != null ? userId.hashCode() : 0;
+        result = 31 * result + ( name != null ? name.hashCode() : 0 );
+        result = 31 * result + ( timeout != null ? timeout.hashCode() : 0 );
+        result = 31 * result + ( beginTime != null ? beginTime.hashCode() : 0 );
+        result = 31 * result + ( endTime != null ? endTime.hashCode() : 0 );
+        result = 31 * result + ( beginDate != null ? beginDate.hashCode() : 0 );
+        result = 31 * result + ( endDate != null ? endDate.hashCode() : 0 );
+        result = 31 * result + ( beginLockDate != null ? beginLockDate.hashCode() : 0 );
+        result = 31 * result + ( endLockDate != null ? endLockDate.hashCode() : 0 );
+        result = 31 * result + ( dayMask != null ? dayMask.hashCode() : 0 );
+        result = 31 * result + ( parents != null ? parents.hashCode() : 0 );
+        return result;
+    }
+
+    /**
+     * Used to retrieve UserRole Role name attribute.  The Fortress UserRole name maps to 'ftRA' attribute on
+     * 'ftUserAttrs' object class.
+     */
+    @Override
+    public String toString()
+    {
+        return name;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/package.html b/src/main/java/org/apache/directory/fortress/core/package.html
index ec52950..4db4b37 100755
--- a/src/main/java/org/apache/directory/fortress/core/package.html
+++ b/src/main/java/org/apache/directory/fortress/core/package.html
@@ -46,8 +46,8 @@
       A {@link org.apache.directory.fortress.core.util.time.Constraint} mechanism is used by fortress to control the 
       {@link org.apache.directory.fortress.core.util.time.Time}, {@link org.apache.directory.fortress.core.util.time.Date} and 
       {@link org.apache.directory.fortress.core.util.time.Day} of week for when a
-      {@link org.apache.directory.fortress.core.rbac.User} or {@link org.apache.directory.fortress.core.rbac.UserRole} 
-      entity can be activated within a {@link org.apache.directory.fortress.core.rbac.Session}.
+      {@link org.apache.directory.fortress.core.model.User} or {@link org.apache.directory.fortress.core.model.UserRole}
+      entity can be activated within a {@link org.apache.directory.fortress.core.model.Session}.
       There is also a lockout mechanism to temporarily bar entities from activating.
       AuditMgr may be used to interrogate OpenLDAP audit and historical information.
     </p>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
index 8d4c721..6ca83ae 100644
--- a/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
@@ -25,6 +25,10 @@ import java.util.List;
 import org.apache.directory.fortress.core.AccelMgr;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.User;
+import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 
 
@@ -81,21 +85,21 @@ public class AccelMgrImpl extends Manageable implements AccelMgr
 
 
     /**
-     * Perform user authentication {@link org.apache.directory.fortress.core.rbac.User#password} and role activations.<br />
+     * Perform user authentication {@link org.apache.directory.fortress.core.model.User#password} and role activations.<br />
      * This method must be called once per user prior to calling other methods within this class.
-     * The successful result is {@link org.apache.directory.fortress.core.rbac.Session} that contains target user's RBAC {@link org.apache.directory.fortress.core.rbac.User#roles} and Admin role {@link org.apache.directory.fortress.core.rbac.User#adminRoles}.<br />
-     * In addition to checking user password validity it will apply configured password policy checks {@link org.apache.directory.fortress.core.rbac.User#pwPolicy}..<br />
-     * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.rbac.FortEntity}.
+     * The successful result is {@link org.apache.directory.fortress.core.model.Session} that contains target user's RBAC {@link org.apache.directory.fortress.core.model.User#roles} and Admin role {@link org.apache.directory.fortress.core.model.User#adminRoles}.<br />
+     * In addition to checking user password validity it will apply configured password policy checks {@link org.apache.directory.fortress.core.model.User#pwPolicy}..<br />
+     * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.model.FortEntity}.
      * <h4> This API will...</h4>
      * <ul>
      * <li> authenticate user password if trusted == false.
      * <li> perform <a href="http://www.openldap.org/">OpenLDAP</a> <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">password policy evaluation</a>.
-     * <li> fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.rbac.User#isLocked()}, regardless of trusted flag being set as parm on API.
-     * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link org.apache.directory.fortress.core.rbac.User}, {@link org.apache.directory.fortress.core.rbac.UserRole} and {@link UserAdminRole} entities.
-     * <li> process selective role activations into User RBAC Session {@link org.apache.directory.fortress.core.rbac.User#roles}.
-     * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.rbac.Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core.rbac.User#roles}.
-     * <li> process selective administrative role activations {@link org.apache.directory.fortress.core.rbac.User#adminRoles}.
-     * <li> return a {@link org.apache.directory.fortress.core.rbac.Session} that contains a reference to an object stored on the RBAC server..
+     * <li> fail for any user who is locked by OpenLDAP's policies {@link org.apache.directory.fortress.core.model.User#isLocked()}, regardless of trusted flag being set as parm on API.
+     * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link org.apache.directory.fortress.core.model.User}, {@link org.apache.directory.fortress.core.model.UserRole} and {@link org.apache.directory.fortress.core.model.UserAdminRole} entities.
+     * <li> process selective role activations into User RBAC Session {@link org.apache.directory.fortress.core.model.User#roles}.
+     * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link org.apache.directory.fortress.core.model.User#roles}.
+     * <li> process selective administrative role activations {@link org.apache.directory.fortress.core.model.User#adminRoles}.
+     * <li> return a {@link org.apache.directory.fortress.core.model.Session} that contains a reference to an object stored on the RBAC server..
      * <li> throw a checked exception that will be {@link org.apache.directory.fortress.core.SecurityException} or its derivation.
      * <li> throw a {@link SecurityException} for system failures.
      * <li> throw a {@link org.apache.directory.fortress.core.PasswordException} for authentication and password policy violations.
@@ -114,24 +118,24 @@ public class AccelMgrImpl extends Manageable implements AccelMgr
      * The following attributes may be set when calling this method
      * </h4>
      * <ul>
-     * <li> {@link org.apache.directory.fortress.core.rbac.User#userId} - required
-     * <li> {@link org.apache.directory.fortress.core.rbac.User#password}
-     * <li> {@link org.apache.directory.fortress.core.rbac.User#roles} contains a list of RBAC role names authorized for user and targeted for activation within this session.  Default is all authorized RBAC roles will be activated into this Session.
-     * <li> {@link org.apache.directory.fortress.core.rbac.User#adminRoles} contains a list of Admin role names authorized for user and targeted for activation.  Default is all authorized ARBAC roles will be activated into this Session.
-     * <li> {@link org.apache.directory.fortress.core.rbac.User#props} collection of name value pairs collected on behalf of User during signon.  For example hostname:myservername or ip:192.168.1.99
+     * <li> {@link org.apache.directory.fortress.core.model.User#userId} - required
+     * <li> {@link org.apache.directory.fortress.core.model.User#password}
+     * <li> {@link org.apache.directory.fortress.core.model.User#roles} contains a list of RBAC role names authorized for user and targeted for activation within this session.  Default is all authorized RBAC roles will be activated into this Session.
+     * <li> {@link org.apache.directory.fortress.core.model.User#adminRoles} contains a list of Admin role names authorized for user and targeted for activation.  Default is all authorized ARBAC roles will be activated into this Session.
+     * <li> {@link org.apache.directory.fortress.core.model.User#props} collection of name value pairs collected on behalf of User during signon.  For example hostname:myservername or ip:192.168.1.99
      * </ul>
      * <h4>
      * Notes:
      * </h4>
      * <ul>
      * <li> roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
-     * <li> role activations will proceed in same order as supplied to User entity setter, see {@link org.apache.directory.fortress.core.rbac.User#setRole(String)}.
+     * <li> role activations will proceed in same order as supplied to User entity setter, see {@link org.apache.directory.fortress.core.model.User#setRole(String)}.
      * </ul>
      * </p>
      *
-     * @param user Contains {@link org.apache.directory.fortress.core.rbac.User#userId}, {@link org.apache.directory.fortress.core.rbac.User#password} (optional if {@code isTrusted} is 'true'), optional {@link org.apache.directory.fortress.core.rbac.User#roles}, optional {@link org.apache.directory.fortress.core.rbac.User#adminRoles}
+     * @param user Contains {@link org.apache.directory.fortress.core.model.User#userId}, {@link org.apache.directory.fortress.core.model.User#password} (optional if {@code isTrusted} is 'true'), optional {@link org.apache.directory.fortress.core.model.User#roles}, optional {@link org.apache.directory.fortress.core.model.User#adminRoles}
      * @param isTrusted if true password is not required.
-     * @return Session object will contain authentication result code {@link org.apache.directory.fortress.core.rbac.Session#errorId},
+     * @return Session object will contain authentication result code {@link org.apache.directory.fortress.core.model.Session#errorId},
      * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
      */
     @Override
@@ -186,7 +190,7 @@ public class AccelMgrImpl extends Manageable implements AccelMgr
      * one of the session's active roles. This implementation will verify the roles or userId correspond
      * to the subject's active roles are registered in the object's access control list.
      *
-     * @param perm  must contain the object, {@link org.apache.directory.fortress.core.rbac.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.rbac.Permission#opName}, of permission User is trying to access.
+     * @param perm  must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, of permission User is trying to access.
      * @param session This object must be instantiated by calling {@link AccessMgrImpl#createSession} method before passing into the method.  No variables need to be set by client after returned from createSession.
      * @return True if user has access, false otherwise.
      * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java
index f8d5dfb..528838d 100644
--- a/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java
@@ -23,6 +23,10 @@ package org.apache.directory.fortress.core.rbac;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
 import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.User;
+import org.apache.directory.fortress.core.model.UserRole;
 import org.openldap.accelerator.api.addRole.RbacAddRoleRequest;
 import org.openldap.accelerator.api.addRole.RbacAddRoleRequestImpl;
 import org.openldap.accelerator.api.addRole.RbacAddRoleResponse;
@@ -67,10 +71,10 @@ final class AcceleratorDAO extends ApacheDsDataProvider
 
 
     /**
-     * Authenticate user and return sessionId inside {@link Session#sessionId}.
-     * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#createSession(org.apache.directory.fortress.core.rbac.User, boolean)}
-     * Success will result in rbac session state, i.e. {@link org.apache.directory.fortress.core.rbac.Session}, to be stored on server-side.
-     * Result may be stored inside RBAC server-side audit record and retrieved with {@link org.apache.directory.fortress.core.AuditMgr#searchBinds(org.apache.directory.fortress.core.rbac.UserAudit)}
+     * Authenticate user and return sessionId inside {@link org.apache.directory.fortress.core.model.Session#sessionId}.
+     * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#createSession(org.apache.directory.fortress.core.model.User, boolean)}
+     * Success will result in rbac session state, i.e. {@link org.apache.directory.fortress.core.model.Session}, to be stored on server-side.
+     * Result may be stored inside RBAC server-side audit record and retrieved with {@link org.apache.directory.fortress.core.AuditMgr#searchBinds(org.apache.directory.fortress.core.model.UserAudit)}
      *
      * It uses the {@link RbacCreateSessionRequest} and {@link RbacCreateSessionResponse} accelerator APIs.
      *
@@ -153,7 +157,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider
      * It uses the {@link RbacCheckAccessRequest} and {@link RbacCheckAccessResponse} accelerator APIs.
      *
      * @param session This object must be instantiated by calling {@link #createSession} method before passing into the method.  No variables need to be set by client after returned from createSession.
-     * @param perm  must contain the object, {@link org.apache.directory.fortress.core.rbac.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.rbac.Permission#opName}, of permission User is trying to access.
+     * @param perm  must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, of permission User is trying to access.
      * @return True if user has access, false otherwise.
      * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_CHECK_ACCESS_ERR}.
      */
@@ -201,12 +205,12 @@ final class AcceleratorDAO extends ApacheDsDataProvider
 
     /**
      * Deactivate user role from rbac session
-     * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#dropActiveRole(org.apache.directory.fortress.core.rbac.Session, org.apache.directory.fortress.core.rbac.UserRole)}.
+     * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#dropActiveRole(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.UserRole)}.
      * Success will result in rbac session state to be modified inside server-side cache.
      * It uses the {@link RbacDropRoleRequest} and {@link RbacDropRoleResponse} accelerator APIs.
      *
      * @param session contains a valid sessionId captured from accelerator createSession method.
-     * @param userRole both the {@link UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
+     * @param userRole both the {@link org.apache.directory.fortress.core.model.UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
      * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_DROP_ROLE_ERR}.
      */
     void dropActiveRole( Session session, UserRole userRole ) throws SecurityException
@@ -247,12 +251,12 @@ final class AcceleratorDAO extends ApacheDsDataProvider
 
     /**
      * Activate user role into rbac session
-     * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#addActiveRole(org.apache.directory.fortress.core.rbac.Session, org.apache.directory.fortress.core.rbac.UserRole)}.
+     * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#addActiveRole(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.UserRole)}.
      * Success will result in rbac session state to be modified inside server-side cache.
      * It uses the {@link RbacAddRoleRequest} and {@link RbacAddRoleResponse} accelerator APIs.
      *
      * @param session contains a valid sessionId captured from accelerator createSession method.
-     * @param userRole both the {@link UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
+     * @param userRole both the {@link org.apache.directory.fortress.core.model.UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
      * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_ADD_ROLE_ERR}.
      */
     void addActiveRole( Session session, UserRole userRole ) throws SecurityException

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/AccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/AccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/rbac/AccessMgrImpl.java
index a81cf5f..ed49b11 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/AccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/AccessMgrImpl.java
@@ -26,6 +26,10 @@ import java.util.Set;
 import org.apache.directory.fortress.core.AccessMgr;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Session;
+import org.apache.directory.fortress.core.model.User;
+import org.apache.directory.fortress.core.model.UserRole;
 import org.apache.directory.fortress.core.util.attr.VUtil;
 import org.apache.directory.fortress.core.util.time.CUtil;
 
@@ -108,13 +112,13 @@ public class AccessMgrImpl extends Manageable implements AccessMgr
      * This method must be called once per user prior to calling other methods within this class.
      * The successful result is {@link Session} that contains target user's RBAC {@link User#roles} and Admin role {@link User#adminRoles}.<br />
      * In addition to checking user password validity it will apply configured password policy checks {@link User#pwPolicy}..<br />
-     * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.rbac.FortEntity}.
+     * Method may also store parms passed in for audit trail {@link org.apache.directory.fortress.core.model.FortEntity}.
      * <h4> This API will...</h4>
      * <ul>
      * <li> authenticate user password if trusted == false.
      * <li> perform <a href="http://www.openldap.org/">OpenLDAP</a> <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">password policy evaluation</a>.
      * <li> fail for any user who is locked by OpenLDAP's policies {@link User#isLocked()}, regardless of trusted flag being set as parm on API.
-     * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link User}, {@link org.apache.directory.fortress.core.rbac.UserRole} and {@link UserAdminRole} entities.
+     * <li> evaluate temporal {@link org.apache.directory.fortress.core.util.time.Constraint}(s) on {@link User}, {@link org.apache.directory.fortress.core.model.UserRole} and {@link org.apache.directory.fortress.core.model.UserAdminRole} entities.
      * <li> process selective role activations into User RBAC Session {@link User#roles}.
      * <li> check Dynamic Separation of Duties {@link org.apache.directory.fortress.core.rbac.DSDChecker#validate(Session, org.apache.directory.fortress.core.util.time.Constraint, org.apache.directory.fortress.core.util.time.Time)} on {@link User#roles}.
      * <li> process selective administrative role activations {@link User#adminRoles}.
@@ -177,7 +181,7 @@ public class AccessMgrImpl extends Manageable implements AccessMgr
      * one of the session's active roles. This implementation will verify the roles or userId correspond
      * to the subject's active roles are registered in the object's access control list.
      *
-     * @param perm  must contain the object, {@link org.apache.directory.fortress.core.rbac.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.rbac.Permission#opName}, of permission User is trying to access.
+     * @param perm  must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName}, of permission User is trying to access.
      * @param session This object must be instantiated by calling {@link AccessMgrImpl#createSession} method before passing into the method.  No variables need to be set by client after returned from createSession.
      * @return True if user has access, false otherwise.
      * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/Address.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/Address.java b/src/main/java/org/apache/directory/fortress/core/rbac/Address.java
deleted file mode 100644
index dba5c9d..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/Address.java
+++ /dev/null
@@ -1,469 +0,0 @@
-/*
- *   Licensed to the Apache Software Foundation (ASF) under one
- *   or more contributor license agreements.  See the NOTICE file
- *   distributed with this work for additional information
- *   regarding copyright ownership.  The ASF licenses this file
- *   to you under the Apache License, Version 2.0 (the
- *   "License"); you may not use this file except in compliance
- *   with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- *   Unless required by applicable law or agreed to in writing,
- *   software distributed under the License is distributed on an
- *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *   KIND, either express or implied.  See the License for the
- *   specific language governing permissions and limitations
- *   under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac;
-
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlElement;
-import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
-
-
-/**
- * This entity is stored on {@link org.apache.directory.fortress.core.rbac.User} and is used to store postal address information in LDAP.
- * <p/>
- * Contains data retrieved from the following LDAP attributes:
- * <p/>
- * <ul>
- * <li>  ------------------------------------------
- * <li> <code>postalAddress</code>
- * <li> <code>st</code>
- * <li> <code>postalCode</code>
- * <li> <code>postOfficeBox</code>
- * <li> <code>c</code>
- * <li>  ------------------------------------------
- * </ul>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@XmlRootElement(name = "fortAddress")
-@XmlAccessorType(XmlAccessType.FIELD)
-@XmlType(name = "address", propOrder =
-    {
-        "addresses",
-        "city",
-        "state",
-        "country",
-        "postalCode",
-        "postOfficeBox",
-        "building",
-        "departmentNumber",
-        "roomNumber"
-})
-public class Address implements Serializable
-{
-    private static final long serialVersionUID = 1L;
-
-    @XmlElement(nillable = true)
-    private List<String> addresses;
-    private String city;
-    private String state;
-    private String country;
-    private String postalCode;
-    private String postOfficeBox;
-    private String building;
-    private String departmentNumber;
-    private String roomNumber;
-
-
-    /**
-     * This attribute is bound for {@code postalAddress} attribute on {@code organizationalPerson} object class.
-     *
-     * @param address contains a String value containing address line that is bound for multi-occurring {@code postalAddress} attribute.
-     */
-    public void setAddress( String address )
-    {
-        if ( addresses == null )
-        {
-            addresses = new ArrayList<>();
-        }
-
-        addresses.add( address );
-    }
-
-
-    /**
-     * Return an ArrayList of type String that contains zero or more values retrieved from {@code postalAddress} attribute from {@code organizationalPerson} object class.
-     *
-     * @return a non-null ArrayList of type String that contains zero or more address lines associated with the user.
-     */
-    public List<String> getAddresses()
-    {
-        if ( addresses == null )
-        {
-            addresses = new ArrayList<>();
-        }
-
-        return addresses;
-    }
-
-
-    /**
-     * Set an ArrayList of type String that contains one or more values bound for {@code postalAddress} attribute on {@code organizationalPerson} object class.
-     *
-     * @param addresses contains ArrayList of type String with one or more address lines associated with the user.
-     */
-    public void setAddresses( List<String> addresses )
-    {
-        this.addresses = addresses;
-    }
-
-
-    /**
-     * Return a String that contains a value retrieved from {@code l} (location) attribute from {@code organizationalPerson} object class.
-     *
-     * @return a String that contains city associated with the user.
-     */
-    public String getCity()
-    {
-        return city;
-    }
-
-
-    /**
-     * Accept a String that contains a value {@code l} (location) bound for {@code organizationalPerson} object class.
-     *
-     * @param city associated with the user.
-     */
-    public void setCity( String city )
-    {
-        this.city = city;
-    }
-
-
-    /**
-     * Return a String that contains a value retrieved from {@code st} (state) attribute from {@code organizationalPerson} object class.
-     *
-     * @return a String that contains state associated with the user.
-     */
-    public String getState()
-    {
-        return state;
-    }
-
-
-    /**
-     * Accept a String that contains a value {@code st} (state) bound for {@code organizationalPerson} object class.
-     *
-     * @param state associated with the user.
-     */
-    public void setState( String state )
-    {
-        this.state = state;
-    }
-
-
-    /**
-     * TODO: Add support for this attribute:
-     * Return a String that contains a value retrieved from {@code c} (country) attribute from {@code c} object class.
-     *
-     * @return a String that contains country associated with the user.
-     */
-    public String getCountry()
-    {
-        return country;
-    }
-
-
-    /**
-     * TODO: Add support for this attribute:
-     * Accept a String that contains a value {@code c} (country) bound for {@code c} object class.
-     *
-     * @param country associated with the user.
-     */
-    public void setCountry( String country )
-    {
-        this.country = country;
-    }
-
-
-    /**
-     * Return a String that contains a value retrieved from {@code postalCode} attribute from {@code organizationalPerson} object class.
-     *
-     * @return a String that contains postalCode associated with the user.
-     */
-    public String getPostalCode()
-    {
-        return postalCode;
-    }
-
-
-    /**
-     * Accept a String that contains a value {@code postalCode} bound for {@code organizationalPerson} object class.
-     *
-     * @param postalCode associated with the user.
-     */
-    public void setPostalCode( String postalCode )
-    {
-        this.postalCode = postalCode;
-    }
-
-
-    /**
-     * Return a String that contains a value retrieved from {@code postOfficeBox} attribute from {@code organizationalPerson} object class.
-     *
-     * @return a String that contains postOfficeBox associated with the user.
-     */
-    public String getPostOfficeBox()
-    {
-        return postOfficeBox;
-    }
-
-
-    /**
-     * Accept a String that contains a value {@code postOfficeBox} bound for {@code organizationalPerson} object class.
-     *
-     * @param postOfficeBox associated with the user.
-     */
-    public void setPostOfficeBox( String postOfficeBox )
-    {
-        this.postOfficeBox = postOfficeBox;
-    }
-
-
-    /**
-     * Return a String that contains a value retrieved from {@code building} attribute from {@code organizationalPerson} object class.
-     *
-     * @return a String that contains building associated with the user.
-     */
-    public String getBuilding()
-    {
-        return building;
-    }
-
-
-    /**
-     * Accept a String that contains a value {@code building} bound for {@code organizationalPerson} object class.
-     *
-     * @param building associated with the user.
-     */
-    public void setBuilding( String building )
-    {
-        this.building = building;
-    }
-
-
-    /**
-     * Return a String that contains a value retrieved from {@code departmentNumber} attribute from {@code organizationalPerson} object class.
-     *
-     * @return a String that contains departmentNumber associated with the user.
-     */
-    public String getDepartmentNumber()
-    {
-        return departmentNumber;
-    }
-
-
-    /**
-     * Accept a String that contains a value {@code departmentNumber} bound for {@code inetOrgperson} object class.
-     *
-     * @param departmentNumber associated with the user.
-     */
-    public void setDepartmentNumber( String departmentNumber )
-    {
-        this.departmentNumber = departmentNumber;
-    }
-
-
-    /**
-     * Return a String that contains a value retrieved from {@code roomNumber} attribute from {@code organizationalPerson} object class.
-     *
-     * @return a String that contains roomNumber associated with the user.
-     */
-    public String getRoomNumber()
-    {
-        return roomNumber;
-    }
-
-
-    /**
-     * Accept a String that contains a value {@code roomNumber} bound for {@code inetOrgperson} object class.
-     *
-     * @param roomNumber associated with the user.
-     */
-    public void setRoomNumber( String roomNumber )
-    {
-        this.roomNumber = roomNumber;
-    }
-
-
-    /**
-     * Override the standard equals on object to use the attributes of this class.
-     *
-     * @param o
-     * @return boolean value
-     */
-    @Override
-    public boolean equals( Object o )
-    {
-        if ( this == o )
-        {
-            return true;
-        }
-
-        if ( ( o == null ) || ( getClass() != o.getClass() ) )
-        {
-            return false;
-        }
-
-        Address address = ( Address ) o;
-
-        if ( addresses != null ? !addresses.equals( address.addresses ) : address.addresses != null )
-        {
-            return false;
-        }
-
-        if ( building != null ? !building.equals( address.building ) : address.building != null )
-        {
-            return false;
-        }
-
-        if ( city != null ? !city.equals( address.city ) : address.city != null )
-        {
-            return false;
-        }
-
-        if ( country != null ? !country.equals( address.country ) : address.country != null )
-        {
-            return false;
-        }
-
-        if ( departmentNumber != null ? !departmentNumber.equals( address.departmentNumber )
-            : address.departmentNumber != null )
-        {
-            return false;
-        }
-
-        if ( postOfficeBox != null ? !postOfficeBox.equals( address.postOfficeBox ) : address.postOfficeBox != null )
-        {
-            return false;
-        }
-
-        if ( postalCode != null ? !postalCode.equals( address.postalCode ) : address.postalCode != null )
-        {
-            return false;
-        }
-
-        if ( roomNumber != null ? !roomNumber.equals( address.roomNumber ) : address.roomNumber != null )
-        {
-            return false;
-        }
-
-        if ( state != null ? !state.equals( address.state ) : address.state != null )
-        {
-            return false;
-        }
-
-        return true;
-    }
-
-
-    /**
-     * Override the standard hashCode on object to use attributes of class.
-     *
-     * @return int
-     */
-    @Override
-    public int hashCode()
-    {
-        int result = addresses != null ? addresses.hashCode() : 0;
-        result = 31 * result + ( city != null ? city.hashCode() : 0 );
-        result = 31 * result + ( state != null ? state.hashCode() : 0 );
-        result = 31 * result + ( country != null ? country.hashCode() : 0 );
-        result = 31 * result + ( postalCode != null ? postalCode.hashCode() : 0 );
-        result = 31 * result + ( postOfficeBox != null ? postOfficeBox.hashCode() : 0 );
-        result = 31 * result + ( building != null ? building.hashCode() : 0 );
-        result = 31 * result + ( departmentNumber != null ? departmentNumber.hashCode() : 0 );
-        result = 31 * result + ( roomNumber != null ? roomNumber.hashCode() : 0 );
-
-        return result;
-    }
-
-
-    /**
-     * @see Object#toString()
-     */
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( "Address object: \n" );
-
-        if ( roomNumber != null )
-        {
-            sb.append( "    roomNumber :" ).append( roomNumber ).append( '\n' );
-        }
-
-        if ( departmentNumber != null )
-        {
-            sb.append( "    departmentNumber :" ).append( departmentNumber ).append( '\n' );
-        }
-
-        if ( building != null )
-        {
-            sb.append( "    building :" ).append( building ).append( '\n' );
-        }
-
-        if ( addresses != null )
-        {
-            sb.append( "    addresses : " );
-
-            boolean isFirst = true;
-
-            for ( String addr : addresses )
-            {
-                if ( isFirst )
-                {
-                    isFirst = false;
-                }
-                else
-                {
-                    sb.append( ", " );
-                }
-
-                sb.append( addr );
-            }
-
-            sb.append( '\n' );
-        }
-
-        if ( city != null )
-        {
-            sb.append( "    city :" ).append( city ).append( '\n' );
-        }
-
-        if ( postalCode != null )
-        {
-            sb.append( "    postalCode :" ).append( postalCode ).append( '\n' );
-        }
-
-        if ( postOfficeBox != null )
-        {
-            sb.append( "    postOfficeBox :" ).append( postOfficeBox ).append( '\n' );
-        }
-
-        if ( state != null )
-        {
-            sb.append( "    state :" ).append( state ).append( '\n' );
-        }
-
-        if ( country != null )
-        {
-            sb.append( "    country :" ).append( country ).append( '\n' );
-        }
-
-        return sb.toString();
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0c46e4de/src/main/java/org/apache/directory/fortress/core/rbac/AdminMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/AdminMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/rbac/AdminMgrImpl.java
index 8a7583d..1836eb2 100755
--- a/src/main/java/org/apache/directory/fortress/core/rbac/AdminMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/AdminMgrImpl.java
@@ -23,6 +23,15 @@ package org.apache.directory.fortress.core.rbac;
 import java.util.List;
 import java.util.Set;
 
+import org.apache.directory.fortress.core.model.AdminRole;
+import org.apache.directory.fortress.core.model.Hier;
+import org.apache.directory.fortress.core.model.PermObj;
+import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Relationship;
+import org.apache.directory.fortress.core.model.Role;
+import org.apache.directory.fortress.core.model.SDSet;
+import org.apache.directory.fortress.core.model.User;
+import org.apache.directory.fortress.core.model.UserRole;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -90,38 +99,38 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * does not own any session at the time of its creation.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#userId} - maps to INetOrgPerson uid</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#password} - used to authenticate the User</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#ou} - contains the name of an already existing User OU node</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#userId} - maps to INetOrgPerson uid</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#password} - used to authenticate the User</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#ou} - contains the name of an already existing User OU node</li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#cn} - maps to INetOrgPerson common name attribute</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#sn} - maps to INetOrgPerson surname attribute</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#description} - maps to INetOrgPerson description attribute</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#title} - maps to INetOrgPerson title attribute</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#employeeType} - maps to INetOrgPerson employeeType attribute</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber
+     * <li>{@link org.apache.directory.fortress.core.model.User#pwPolicy} - contains the name of an already existing OpenLDAP password policy node</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#cn} - maps to INetOrgPerson common name attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#sn} - maps to INetOrgPerson surname attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#description} - maps to INetOrgPerson description attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#title} - maps to INetOrgPerson title attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#employeeType} - maps to INetOrgPerson employeeType attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#phones} * - multi-occurring attribute maps to organizationalPerson telephoneNumber
      * attribute</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l,
+     * <li>{@link org.apache.directory.fortress.core.model.User#mobiles} * - multi-occurring attribute maps to INetOrgPerson mobile attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#emails} * - multi-occurring attribute maps to INetOrgPerson mail attribute</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#address} * - multi-occurring attribute maps to organizationalPerson postalAddress, st, l,
      * postalCode, postOfficeBox attributes</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginTime} - HHMM - determines begin hour user may activate session</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#endTime} - HHMM - determines end hour user may activate session.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#timeout} - number in seconds of session inactivity time allowed</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'
+     * <li>{@link org.apache.directory.fortress.core.model.User#beginTime} - HHMM - determines begin hour user may activate session</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#endTime} - HHMM - determines end hour user may activate session.</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#beginDate} - YYYYMMDD - determines date when user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#endDate} - YYYYMMDD - indicates latest date user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#timeout} - number in seconds of session inactivity time allowed</li>
+     * <li>{@link org.apache.directory.fortress.core.model.User#props} * - multi-occurring attribute contains property key and values are separated with a ':'
      * .  e.g. mykey1:myvalue1</li>
      * </ul>
      *
-     * @param user User entity must contain {@link org.apache.directory.fortress.core.rbac.User#userId} and {@link org.apache.directory.fortress.core.rbac.User#ou} (required) and optional {@link
-     * org.apache.directory.fortress.core.rbac.User#description},{@link org.apache.directory.fortress.core.rbac.User#roles} and many others.
+     * @param user User entity must contain {@link org.apache.directory.fortress.core.model.User#userId} and {@link org.apache.directory.fortress.core.model.User#ou} (required) and optional {@link
+     * org.apache.directory.fortress.core.model.User#description},{@link org.apache.directory.fortress.core.model.User#roles} and many others.
      * @return Returns entity containing user data that was added.
      * @throws SecurityException Thrown in the event of data validation or system error.
      */
@@ -374,22 +383,22 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * <p/>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#name} - contains the name to use for the Role to be created.</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#name} - contains the name to use for the Role to be created.</li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#description} - maps to description attribute on organizationalRole object class</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated
+     * <li>{@link org.apache.directory.fortress.core.model.Role#description} - maps to description attribute on organizationalRole object class</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#beginTime} - HHMM - determines begin hour role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC session.</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC session</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be activated
      * into user's RBAC session</li>
      * </ul>
      *
-     * @param role must contains {@link org.apache.directory.fortress.core.rbac.Role#name} (required) and optional {@link org.apache.directory.fortress.core.rbac.Role#description}.
+     * @param role must contains {@link org.apache.directory.fortress.core.model.Role#name} (required) and optional {@link org.apache.directory.fortress.core.model.Role#description}.
      * @return Role contains reference to entity operated on.
      * @throws SecurityException Thrown in the event of data validation or system error.
      */
@@ -410,7 +419,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * <p/>
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link Role#name} - contains the name to use for the Role to be deleted.</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Role#name} - contains the name to use for the Role to be deleted.</li>
      * </ul>
      *
      * @param role Contains {@link Role#name} for Role to delete.
@@ -526,7 +535,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * <h4>required parameters</h4>
      * <ul>
      * <li>{@link UserRole#name} - contains the name for already existing Role to be assigned</li>
-     * <li>{@link UserRole#userId} - contains the userId for existing User</li>
+     * <li>{@link org.apache.directory.fortress.core.model.UserRole#userId} - contains the userId for existing User</li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
@@ -536,7 +545,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * session</li>
      * <li>{@link UserRole#endDate} - YYYYMMDD - indicates latest date role may be activated into user's RBAC
      * session</li>
-     * <li>{@link UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
+     * <li>{@link org.apache.directory.fortress.core.model.UserRole#beginLockDate} - YYYYMMDD - determines beginning of enforced inactive status</li>
      * <li>{@link UserRole#endLockDate} - YYYYMMDD - determines end of enforced inactive status</li>
      * <li>{@link UserRole#dayMask} - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day role may be
      * activated into user's RBAC session</li>
@@ -585,11 +594,11 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * (optional) Temporal constraints will be removed from user aux object if set prior to call.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link UserRole#name} - contains the name for already existing Role to be deassigned</li>
+     * <li>{@link org.apache.directory.fortress.core.model.UserRole#name} - contains the name for already existing Role to be deassigned</li>
      * <li>{@link UserRole#userId} - contains the userId for existing User</li>
      * </ul>
      *
-     * @param uRole must contain {@link UserRole#userId} and {@link UserRole#name}.
+     * @param uRole must contain {@link org.apache.directory.fortress.core.model.UserRole#userId} and {@link UserRole#name}.
      * @throws SecurityException - in the event data error in user or role objects or system error.
      */
     @Override
@@ -613,29 +622,29 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
     /**
      * This method will add permission operation to an existing permission object which resides under {@code
      * ou=Permissions,ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
-     * The perm operation entity may have {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac.User}
-     * associations.  The target {@link org.apache.directory.fortress.core.rbac.Permission} must not exist prior to calling.
+     * The perm operation entity may have {@link org.apache.directory.fortress.core.model.Role} or {@link org.apache.directory.fortress.core.model.User}
+     * associations.  The target {@link org.apache.directory.fortress.core.model.Permission} must not exist prior to calling.
      * A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself
-     * as stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link org.apache.directory.fortress.core.rbac.Permission}).
+     * as stored in ldap tree: ({@link org.apache.directory.fortress.core.model.PermObj}*->{@link org.apache.directory.fortress.core.model.Permission}).
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#objName} - contains the name of existing object being targeted for the permission
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being targeted for the permission
      * add</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#opName} - contains the name of new permission operation being added</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#opName} - contains the name of new permission operation being added</li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#roles} * - multi occurring attribute contains RBAC Roles that permission operation is
      * being granted to</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#users} * - multi occurring attribute contains Users that permission operation is being
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#users} * - multi occurring attribute contains Users that permission operation is being
      * granted to</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g.
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#props} * - multi-occurring property key and values are separated with a ':'.  e.g.
      * mykey1:myvalue1</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.Permission#type} - any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#type} - any safe text</li>
      * </ul>
      *
-     * @param perm must contain the object, {@link org.apache.directory.fortress.core.rbac.Permission#objName}, and operation,
-     * {@link org.apache.directory.fortress.core.rbac.Permission#opName}, that identifies target along with optional other attributes..
+     * @param perm must contain the object, {@link org.apache.directory.fortress.core.model.Permission#objName}, and operation,
+     * {@link org.apache.directory.fortress.core.model.Permission#opName}, that identifies target along with optional other attributes..
      * @return copy of Permission entity.
      * @throws SecurityException - thrown in the event of perm object data or system error.
      */
@@ -652,7 +661,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
     /**
      * This method will update permission operation pre-existing in target directory under {@code ou=Permissions,
      * ou=RBAC,dc=yourHostName,dc=com} container in directory information tree.
-     * The perm operation entity may also contain {@link org.apache.directory.fortress.core.rbac.Role} or {@link org.apache.directory.fortress.core.rbac
+     * The perm operation entity may also contain {@link org.apache.directory.fortress.core.model.Role} or {@link org.apache.directory.fortress.core.rbac
      * .User} associations to add or remove using this function.
      * The perm operation must exist before making this call.  Only non-null attributes will be updated.
      * <h4>required parameters</h4>
@@ -694,7 +703,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * The perm operation must exist before making this call.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link Permission#objName} - contains the name of existing object being targeted for the permission
+     * <li>{@link org.apache.directory.fortress.core.model.Permission#objName} - contains the name of existing object being targeted for the permission
      * delete</li>
      * <li>{@link Permission#opName} - contains the name of existing permission operation being removed</li>
      * </ul>
@@ -717,22 +726,22 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
     /**
      * This method will add permission object to perms container in directory. The perm object must not exist before
      * making this call.
-     * A {@link org.apache.directory.fortress.core.rbac.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as
-     * stored in ldap tree: ({@link org.apache.directory.fortress.core.rbac.PermObj}*->{@link Permission}).
+     * A {@link org.apache.directory.fortress.core.model.PermObj} instance exists in a hierarchical, one-many relationship between itself and children as
+     * stored in ldap tree: ({@link org.apache.directory.fortress.core.model.PermObj}*->{@link Permission}).
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#objName} - contains the name of new object being added</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
+     * <li>{@link org.apache.directory.fortress.core.model.PermObj#objName} - contains the name of new object being added</li>
+     * <li>{@link org.apache.directory.fortress.core.model.PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#description} - any safe text</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#type} - contains any safe text</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g.
+     * <li>{@link org.apache.directory.fortress.core.model.PermObj#description} - any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.model.PermObj#type} - contains any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.model.PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g.
      * mykey1:myvalue1</li>
      * </ul>
      *
-     * @param pObj must contain the {@link org.apache.directory.fortress.core.rbac.PermObj#objName} and {@link org.apache.directory.fortress.core.rbac.PermObj#ou}.  The other attributes are
+     * @param pObj must contain the {@link org.apache.directory.fortress.core.model.PermObj#objName} and {@link org.apache.directory.fortress.core.model.PermObj#ou}.  The other attributes are
      *             optional.
      * @return copy of PermObj entity.
      * @throws SecurityException - thrown in the event of perm object data or system error.
@@ -760,7 +769,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * <ul>
      * <li>{@link PermObj#ou} - contains the name of an existing PERMS OrgUnit this object is associated with</li>
      * <li>{@link PermObj#description} - any safe text</li>
-     * <li>{@link PermObj#type} - contains any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.model.PermObj#type} - contains any safe text</li>
      * <li>{@link PermObj#props} * - multi-occurring property key and values are separated with a ':'.  e.g.
      * mykey1:myvalue1</li>
      * </ul>
@@ -816,7 +825,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      *
      * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName},
      *             that identifies target.
-     * @param role must contains {@link Role#name}.
+     * @param role must contains {@link org.apache.directory.fortress.core.model.Role#name}.
      * @throws org.apache.directory.fortress.core.SecurityException
      *          Thrown in the event of data validation or system error.
      */
@@ -857,7 +866,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * <li>{@link Role#name} - contains the role name</li>
      * </ul>
      *
-     * @param perm must contain the object, {@link Permission#objName}, and operation, {@link Permission#opName},
+     * @param perm must contain the object, {@link Permission#objName}, and operation, {@link org.apache.directory.fortress.core.model.Permission#opName},
      *             that identifies target.
      * @param role must contains {@link Role#name}.
      * @throws SecurityException Thrown in the event of data validation or system error.
@@ -945,7 +954,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * and parentRole is a member of the ROLES data set.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>parentRole - {@link Role#name} - contains the name of existing Role to be parent</li>
+     * <li>parentRole - {@link org.apache.directory.fortress.core.model.Role#name} - contains the name of existing Role to be parent</li>
      * <li>childRole - {@link Role#name} - contains the name of new Role to be child</li>
      * </ul>
      * <h4>optional parameters childRole</h4>
@@ -1016,7 +1025,7 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * session for new parent</li>
      * <li>parentRole - {@link Role#endTime} - HHMM - determines end hour role may be activated into user's RBAC
      * session for new parent</li>
-     * <li>parentRole - {@link Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's
+     * <li>parentRole - {@link org.apache.directory.fortress.core.model.Role#beginDate} - YYYYMMDD - determines date when role may be activated into user's
      * RBAC session for new parent</li>
      * <li>parentRole - {@link Role#endDate} - YYYYMMDD - indicates latest date role may be activated into user's
      * RBAC session for new parent</li>
@@ -1163,14 +1172,14 @@ public final class AdminMgrImpl extends Manageable implements AdminMgr
      * 4 - the SSD constraint for the new role set is satisfied.
      * <h4>required parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#name} - contains the name of new SSD role set to be added</li>
+     * <li>{@link org.apache.directory.fortress.core.model.SDSet#name} - contains the name of new SSD role set to be added</li>
      * </ul>
      * <h4>optional parameters</h4>
      * <ul>
-     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be
+     * <li>{@link org.apache.directory.fortress.core.model.SDSet#members} * - multi-occurring attribute contains the RBAC Role names to be added to this set</li>
+     * <li>{@link org.apache.directory.fortress.core.model.SDSet#cardinality} - default is 2 which is one more than maximum number of Roles that may be
      * assigned to User from a particular set</li>
-     * <li>{@link org.apache.directory.fortress.core.rbac.SDSet#description} - contains any safe text</li>
+     * <li>{@link org.apache.directory.fortress.core.model.SDSet#description} - contains any safe text</li>
      * </ul>
      *
      * @param ssdSet contains an instantiated reference to new SSD set containing, name, members,


Mime
View raw message