src/main/java/org/apache/directory/fortress/core/impl/SdP.java - directory-fortress-core - Git at Google

 /*
  *   Licensed to the Apache Software Foundation (ASF) under one
  *   or more contributor license agreements.  See the NOTICE file
  *   distributed with this work for additional information
  *   regarding copyright ownership.  The ASF licenses this file
  *   to you under the Apache License, Version 2.0 (the
  *   "License"); you may not use this file except in compliance
  *   with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *   Unless required by applicable law or agreed to in writing,
  *   software distributed under the License is distributed on an
  *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *   KIND, either express or implied.  See the License for the
  *   specific language governing permissions and limitations
  *   under the License.
  *
  */
 package org.apache.directory.fortress.core.impl;


 import java.util.List;
 import java.util.Set;

 import org.apache.commons.lang.StringUtils;
 import org.apache.directory.fortress.core.GlobalIds;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.SDSet;
 import org.apache.directory.fortress.core.util.VUtil;


 /**
  * Process module for Separation of Duty Relation data sets. The Fortress SD data set can be of two types:
  * <ol>
  *   <li>Static Separation of Duties (SSD)</li>
  *   <li>Dynamic Separation of Duties (DSD)</li>
  * </ol>
  * The SDSet entity itself distinguishes which is being targeted by {@link org.apache.directory.fortress.core.model.SDSet.SDType} which is equal to {@link org.apache.directory.fortress.core.model.SDSet.SDType#STATIC} or {@link org.apache.directory.fortress.core.model.SDSet.SDType#DYNAMIC}.
  * This class performs data validations and error mapping in addition to calling DAO methods.  It is typically called
  * by internal Fortress Manager classes ({@link org.apache.directory.fortress.core.AdminMgr}, {@link org.apache.directory.fortress.core.ReviewMgr}) and also by internal SD utils.
  * This class is not intended to be called externally or outside of Fortress Core itself.  This class will accept {@link org.apache.directory.fortress.core.model.SDSet},
  * validate its contents and forward on to it's corresponding DAO {@link org.apache.directory.fortress.core.impl.SdDAO}.
  * <p>
  * Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system
  * error internal to DAO object. This class will forward DAO exceptions ({@link org.apache.directory.fortress.core.FinderException},
  * {@link org.apache.directory.fortress.core.CreateException},{@link org.apache.directory.fortress.core.UpdateException},{@link org.apache.directory.fortress.core.RemoveException}),
  * or {@link org.apache.directory.fortress.core.ValidationException} as {@link SecurityException}s with appropriate
  * error id from {@link org.apache.directory.fortress.core.GlobalErrIds}.
  * <p>
  * This class is thread safe.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 final class SdP
 {
     /**
      * Get the DAO created:
      */
     private SdDAO sdDao = new SdDAO();


     /**
      * Adds a new SDSet to directory. The OrgUnit SDType enum will determine which data set insertion will
      * occur - STATIC or DYNAMIC.  The SDSet entity input will be validated to ensure that:
      * name is present, and reasonability checks on all of the other populated values.
      *
      * @param entity SDSet contains data targeted for insertion.
      * @return SDSet entity copy of input + additional attributes (internalId) that were added by op.
      * @throws SecurityException in the event of data validation or DAO system error.
      */
     SDSet add( SDSet entity ) throws SecurityException
     {
         validate( entity );
         return sdDao.create( entity );
     }


     /**
      * Updates existing SDSet in directory. The SDSet type enum will determine which data set insertion will
      * occur - STATIC or DYNAMIC.  The SDSet entity input will be validated to ensure that:
      * name is present, and reasonability checks on all of the other populated values.
      * Null or empty attributes are ignored.
      *
      * @param entity SDSet contains data targeted for updating.  Null attributes ignored.
      * @return SDSet entity copy of input + additional attributes (internalId) that were updated by op.
      * @throws SecurityException in the event of data validation or DAO system error.
      */
     SDSet update( SDSet entity ) throws SecurityException
     {
         validate( entity );
         return sdDao.update( entity );
     }


     /**
      * This method performs a "hard" delete.  It completely the SDSet node from the ldap directory.
      * The SDSet type enum will determine where deletion will occur - STATIC or DYNAMIC data sets.
      * SDSet entity must exist in directory prior to making this call else exception will be thrown.
      *
      * @param entity Contains the name of the SDSet node targeted for deletion.
      * @return SDSet is a copy of entity.
      * @throws SecurityException in the event of data validation or DAO system error.
      */
     SDSet delete( SDSet entity ) throws SecurityException
     {
         return sdDao.remove( entity );
     }


     /**
      * Return a fully populated SDSet entity for a given STATIC or DYNAMIC SDSet name.  If matching record not found a
      * SecurityException will be thrown.
      *
      * @param entity contains full SDSet name used for STATIC or DYNAMIC data sets in directory.
      * @return SDSet entity containing all attributes associated with ou in directory.
      * @throws SecurityException in the event SDSet not found or DAO search error.
      */
     SDSet read( SDSet entity ) throws SecurityException
     {
         SDSet sde;
         // The assumption is this method is called from ReviewMgr.ssdRoleSetRoles or ReviewMgr.dsdRoleSetRoles.
         // If called from ReviewMgr, the object class type will be passed in:
         SDSet.SDType type = entity.getType();
         sde = sdDao.getSD( entity );
         // Load the previously saved type onto the return entity:
         sde.setType( type );
         return sde;
     }


     /**
      * Will search using a single RBAC Role name either STATIC or DYNAMIC SDSet depending on which type is passed.
      * The role entity contains full RBAC Role name associated with SDSet node in directory.
      *
      * @param sdSet contains sdset name or partial name along with sdset type of STATIC or DYNAMIC.
      * @return List of SDSet entities found.
      * @throws SecurityException in the event of DAO search error.
      */
     List<SDSet> search( SDSet sdSet ) throws SecurityException
     {
         return sdDao.search( sdSet );
     }


     /**
      * Will search using a single RBAC Role name either STATIC or DYNAMIC SDSet depending on which type is passed.
      * The role entity contains full RBAC Role name associated with SDSet node in directory.
      *
      * @param role contains full role name associated with SDSet.
      * @param type either STATIC or DYNAMIC depending on target search data set.
      * @return List of SDSet entities found.
      * @throws SecurityException in the event of DAO search error.
      */
     List<SDSet> search( Role role, SDSet.SDType type ) throws SecurityException
     {
         return sdDao.search( role, type );
     }


     /**
      * Will search using list of input RBAC role names either STATIC or DYNAMIC SDSet depending on which type is passed.
      * The role entity contains full RBAC Role name associated with SDSet node in directory.
      *
      * @param rls  contains set of type String containing full role names associated with SDSet.
      * @param sdSet contains type either STATIC or DYNAMIC depending on target search data set.
      * @return List of SDSet entities found.
      * @throws SecurityException in the event of DAO search error.
      */
     Set<SDSet> search( Set<String> rls, SDSet sdSet ) throws SecurityException
     {
         return sdDao.search( rls, sdSet );
     }


     /**
      * Method will perform simple validations to ensure the integrity of the SDSet entity targeted for insertion
      * or updating in directory.  This method will ensure the name and type enum are specified.  Method will
      * also ensure every Role name set is valid RBAC role entity in directory.  It will also perform
      * reasonability check on description if set.
      *
      * @param entity contains the enum type to validate
      * @throws SecurityException thrown in the event the attribute is null.
      */
     private void validate( SDSet entity )
         throws SecurityException
     {
         // TODO: Add more validations here:
         VUtil.safeText( entity.getName(), GlobalIds.OU_LEN );
         if ( StringUtils.isNotEmpty( entity.getDescription() ) )
         {
             VUtil.description( entity.getDescription() );
         }
         Set<String> roles = entity.getMembers();
         if ( roles != null )
         {
             RoleP rp = new RoleP();
             for ( String key : roles )
             {
                 // when removing last role member a placeholder must be left in data set:
                 if ( !key.equalsIgnoreCase( GlobalIds.NONE ) )
                 {
                     // Ensure the name exists:
                     Role role = new Role( key );
                     role.setContextId( entity.getContextId() );
                     rp.read( role );
                 }
             }
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.directory.fortress.core.impl;


	import java.util.List;
	import java.util.Set;

	import org.apache.commons.lang.StringUtils;
	import org.apache.directory.fortress.core.GlobalIds;
	import org.apache.directory.fortress.core.SecurityException;
	import org.apache.directory.fortress.core.model.Role;
	import org.apache.directory.fortress.core.model.SDSet;
	import org.apache.directory.fortress.core.util.VUtil;


	/**
	* Process module for Separation of Duty Relation data sets. The Fortress SD data set can be of two types:
	* <ol>
	* <li>Static Separation of Duties (SSD)</li>
	* <li>Dynamic Separation of Duties (DSD)</li>
	* </ol>
	* The SDSet entity itself distinguishes which is being targeted by {@link org.apache.directory.fortress.core.model.SDSet.SDType} which is equal to {@link org.apache.directory.fortress.core.model.SDSet.SDType#STATIC} or {@link org.apache.directory.fortress.core.model.SDSet.SDType#DYNAMIC}.
	* This class performs data validations and error mapping in addition to calling DAO methods. It is typically called
	* by internal Fortress Manager classes ({@link org.apache.directory.fortress.core.AdminMgr}, {@link org.apache.directory.fortress.core.ReviewMgr}) and also by internal SD utils.
	* This class is not intended to be called externally or outside of Fortress Core itself. This class will accept {@link org.apache.directory.fortress.core.model.SDSet},
	* validate its contents and forward on to it's corresponding DAO {@link org.apache.directory.fortress.core.impl.SdDAO}.
	* <p>
	* Class will throw {@link SecurityException} to caller in the event of security policy, data constraint violation or system
	* error internal to DAO object. This class will forward DAO exceptions ({@link org.apache.directory.fortress.core.FinderException},
	* {@link org.apache.directory.fortress.core.CreateException},{@link org.apache.directory.fortress.core.UpdateException},{@link org.apache.directory.fortress.core.RemoveException}),
	* or {@link org.apache.directory.fortress.core.ValidationException} as {@link SecurityException}s with appropriate
	* error id from {@link org.apache.directory.fortress.core.GlobalErrIds}.
	* <p>
	* This class is thread safe.
	*
	* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
	*/
	final class SdP
	{
	/**
	* Get the DAO created:
	*/
	private SdDAO sdDao = new SdDAO();


	/**
	* Adds a new SDSet to directory. The OrgUnit SDType enum will determine which data set insertion will
	* occur - STATIC or DYNAMIC. The SDSet entity input will be validated to ensure that:
	* name is present, and reasonability checks on all of the other populated values.
	*
	* @param entity SDSet contains data targeted for insertion.
	* @return SDSet entity copy of input + additional attributes (internalId) that were added by op.
	* @throws SecurityException in the event of data validation or DAO system error.
	*/
	SDSet add( SDSet entity ) throws SecurityException
	{
	validate( entity );
	return sdDao.create( entity );
	}


	/**
	* Updates existing SDSet in directory. The SDSet type enum will determine which data set insertion will
	* occur - STATIC or DYNAMIC. The SDSet entity input will be validated to ensure that:
	* name is present, and reasonability checks on all of the other populated values.
	* Null or empty attributes are ignored.
	*
	* @param entity SDSet contains data targeted for updating. Null attributes ignored.
	* @return SDSet entity copy of input + additional attributes (internalId) that were updated by op.
	* @throws SecurityException in the event of data validation or DAO system error.
	*/
	SDSet update( SDSet entity ) throws SecurityException
	{
	validate( entity );
	return sdDao.update( entity );
	}


	/**
	* This method performs a "hard" delete. It completely the SDSet node from the ldap directory.
	* The SDSet type enum will determine where deletion will occur - STATIC or DYNAMIC data sets.
	* SDSet entity must exist in directory prior to making this call else exception will be thrown.
	*
	* @param entity Contains the name of the SDSet node targeted for deletion.
	* @return SDSet is a copy of entity.
	* @throws SecurityException in the event of data validation or DAO system error.
	*/
	SDSet delete( SDSet entity ) throws SecurityException
	{
	return sdDao.remove( entity );
	}


	/**
	* Return a fully populated SDSet entity for a given STATIC or DYNAMIC SDSet name. If matching record not found a
	* SecurityException will be thrown.
	*
	* @param entity contains full SDSet name used for STATIC or DYNAMIC data sets in directory.
	* @return SDSet entity containing all attributes associated with ou in directory.
	* @throws SecurityException in the event SDSet not found or DAO search error.
	*/
	SDSet read( SDSet entity ) throws SecurityException
	{
	SDSet sde;
	// The assumption is this method is called from ReviewMgr.ssdRoleSetRoles or ReviewMgr.dsdRoleSetRoles.
	// If called from ReviewMgr, the object class type will be passed in:
	SDSet.SDType type = entity.getType();
	sde = sdDao.getSD( entity );
	// Load the previously saved type onto the return entity:
	sde.setType( type );
	return sde;
	}


	/**
	* Will search using a single RBAC Role name either STATIC or DYNAMIC SDSet depending on which type is passed.
	* The role entity contains full RBAC Role name associated with SDSet node in directory.
	*
	* @param sdSet contains sdset name or partial name along with sdset type of STATIC or DYNAMIC.
	* @return List of SDSet entities found.
	* @throws SecurityException in the event of DAO search error.
	*/
	List<SDSet> search( SDSet sdSet ) throws SecurityException
	{
	return sdDao.search( sdSet );
	}


	/**
	* Will search using a single RBAC Role name either STATIC or DYNAMIC SDSet depending on which type is passed.
	* The role entity contains full RBAC Role name associated with SDSet node in directory.
	*
	* @param role contains full role name associated with SDSet.
	* @param type either STATIC or DYNAMIC depending on target search data set.
	* @return List of SDSet entities found.
	* @throws SecurityException in the event of DAO search error.
	*/
	List<SDSet> search( Role role, SDSet.SDType type ) throws SecurityException
	{
	return sdDao.search( role, type );
	}


	/**
	* Will search using list of input RBAC role names either STATIC or DYNAMIC SDSet depending on which type is passed.
	* The role entity contains full RBAC Role name associated with SDSet node in directory.
	*
	* @param rls contains set of type String containing full role names associated with SDSet.
	* @param sdSet contains type either STATIC or DYNAMIC depending on target search data set.
	* @return List of SDSet entities found.
	* @throws SecurityException in the event of DAO search error.
	*/
	Set<SDSet> search( Set<String> rls, SDSet sdSet ) throws SecurityException
	{
	return sdDao.search( rls, sdSet );
	}


	/**
	* Method will perform simple validations to ensure the integrity of the SDSet entity targeted for insertion
	* or updating in directory. This method will ensure the name and type enum are specified. Method will
	* also ensure every Role name set is valid RBAC role entity in directory. It will also perform
	* reasonability check on description if set.
	*
	* @param entity contains the enum type to validate
	* @throws SecurityException thrown in the event the attribute is null.
	*/
	private void validate( SDSet entity )
	throws SecurityException
	{
	// TODO: Add more validations here:
	VUtil.safeText( entity.getName(), GlobalIds.OU_LEN );
	if ( StringUtils.isNotEmpty( entity.getDescription() ) )
	{
	VUtil.description( entity.getDescription() );
	}
	Set<String> roles = entity.getMembers();
	if ( roles != null )
	{
	RoleP rp = new RoleP();
	for ( String key : roles )
	{
	// when removing last role member a placeholder must be left in data set:
	if ( !key.equalsIgnoreCase( GlobalIds.NONE ) )
	{
	// Ensure the name exists:
	Role role = new Role( key );
	role.setContextId( entity.getContextId() );
	rp.read( role );
	}
	}
	}
	}
	}