src/main/java/us/jts/fortress/GlobalIds.java - directory-fortress-core - Git at Google

 /*
  * Copyright (c) 2009-2013, JoshuaTree. All Rights Reserved.
  */

 package us.jts.fortress;


 import us.jts.fortress.cfg.Config;


 /**
  * This class contains constants that must be defined globally but are not to be used by external programs.
  * The constants are used internally by Fortress when looking up cfg values, performing maintenance on
  * standard and custom ldap objects and attributes, instantiating manager instances, validating objects and attributes, and more.
  * Some of the values for public constants defined here must be known to end users of system to declare system cfg parameters, see {@link us.jts.fortress.cfg.Config}.
  * For example the {@link #SUFFIX} constant uses key name {@code suffix} which must have a corresponding value, i.e. {@code dc=example,dc=com},
  * which tells location of Directory Information Tree to the Fortress runtime processor.
  * </p>
  * This class is thread safe.
  *
  * @author Shawn McKinney
  */
 public class GlobalIds
 {
     public static final String HOME = "HOME";
     public static final String TENANT = "tenant";
     private static final String ENABLE_AUDIT = "enable.audit";
     public static final boolean IS_AUDIT = ( ( Config.getProperty( ENABLE_AUDIT ) != null ) && ( Config
         .getProperty( ENABLE_AUDIT ).equalsIgnoreCase( "true" ) ) );
     private static final String ENABLE_REST = "enable.mgr.impl.rest";
     public static final boolean IS_REST = ( ( Config.getProperty( ENABLE_REST ) != null ) && ( Config
         .getProperty( ENABLE_REST ).equalsIgnoreCase( "true" ) ) );

     /**
      * The following constants are used within the factory classes:
      */

     /**
      * When this optional tag, {@code accessmgr.implementation}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.AccessMgr} instance used.
      */
     public final static String ACCESS_IMPLEMENTATION = "accessmgr.implementation";

     /**
      * When this optional tag, {@code adminImplementation}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.AdminMgr} instance used.
      */
     public final static String ADMIN_IMPLEMENTATION = "adminmgr.implementation";

     /**
      * When this optional tag, {@code daoConnector}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.DAO} instance used.
      */
     public final static String DAO_CONNECTOR = "dao.connector";

     /**
      * When this optional tag, {@code reviewImplementation}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.ReviewMgr} instance used.
      */
     public final static String REVIEW_IMPLEMENTATION = "reviewmgr.implementation";

     /**
      * When this optional tag, {@code policyImplementation}, is placed in Fortress properties, its class name will be the default {@link PwPolicyMgr} instance used.
      */
     public final static String PSWD_POLICY_IMPLEMENTATION = "policymgr.implementation";

     /**
      * When this optional tag, {@code auditmgr.implementation}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.AuditMgr} instance used.
      */
     public final static String AUDIT_IMPLEMENTATION = "auditmgr.implementation";

     /**
      * When this optional tag, {@code delegatedAdminImplementation}, is placed in Fortress properties, its class name will be the default {@link DelAdminMgr} instance used.
      */
     public final static String DELEGATED_ADMIN_IMPLEMENTATION = "delegated.adminmgr.implementation";

     /**
      * When this optional tag, {@code delegatedReviewImplementation}, is placed in Fortress properties, its class name will be the default {@link DelReviewMgr} instance used.
      */
     public final static String DELEGATED_REVIEW_IMPLEMENTATION = "delegated.reviewmgr.implementation";

     /**
      * When this optional tag, {@code delegatedAccessImplementation}, is placed in Fortress properties, its class name will be the default {@link DelAccessMgr} instance used.
      */
     public final static String DELEGATED_ACCESS_IMPLEMENTATION = "delegated.accessmgr.implementation";

     /**
      * When this optional tag, {@code configImplementation}, is placed in Fortress properties, its class name will be the default {link ConfigMgr} instance used.
      */
     public final static String CONFIG_IMPLEMENTATION = "configmgr.implementation";

     //	AUTHENTICATION_TYPE
     /**
      * This property is used to specify if authentication is being performed within a security realm.
      */
     public final static String AUTHENTICATION_TYPE = "authn.type";

     /**
      * Specifies realm authentication mode.
      */
     public final static String REALM_TYPE = "REALM";

     /**
      * Used to declare validation modules that are used to process constraint checks during session activation.
      */
     public final static String VALIDATOR_PROPS = "temporal.validator.";

     /**
      * The DSD validator performs Dynamic Separation of Duty checks during role activation.
      */
     public final static String DSD_VALIDATOR_PROP = "temporal.validator.dsd";

     /**
      * This constant is used during authentication to determine if runtime is security realm.  If IS_REALM == true,
      * the authentication module will not throw SecurityException on password resets.  This is to enable the authentication
      * event to succeed allowing the application to prompt user to change their password.
      */
     public final static boolean IS_REALM = GlobalIds.REALM_TYPE.equalsIgnoreCase( us.jts.fortress.cfg.Config
         .getProperty( GlobalIds.AUTHENTICATION_TYPE ) );

     /**
      * Constant is used to tell ldap server to return no attributes on search.
      */
     public final static String[] NO_ATRS =
         {
             "1.1"
     };

     /**
      * Parameter specifies the distinguished name (dn) of the LDAP suffix.  The is the root or top-most node for a Directory Information Tree (DIT).  The typical
      * Fortress suffix format is {@code dc=example,dc=com}.
      */
     public final static String SUFFIX = "suffix";

     /**
      * Specifies the dn of the container where the Fortress User data set is located within DIT.  This is typically in the format of
      * {@code ou=People, dc=example, dc=com}
      */
     public final static String USER_ROOT = "user.root";

     /**
      * Specifies the dn of the container where the Fortress Permissions are located.  This is typically in the format of
      * {@code ou=Permissions,ou=RBAC,dc=example,dc=com}
      */
     public final static String PERM_ROOT = "perm.root";

     /**
      * Specifies the dn of the container where the Fortress RBAC Roles are located.  This is typically in the format of
      * {@code ou=Roles,ou=RBAC,dc=example,dc=com}
      */
     public final static String ROLE_ROOT = "role.root";

     /**
      * Specifies the dn of the container where the Fortress Password Polices are located.  This is typically in the format of
      * {@code ou=Policies,dc=example,dc=com}
      */
     public final static String PPOLICY_ROOT = "pwpolicy.root";

     /**
      * Specifies the dn of the container where the Fortress SSD and DSD constraints are located.  This is typically in the format of
      * {@code ou=Constraints,ou=RBAC,dc=example,dc=com}
      */
     public final static String SD_ROOT = "sdconstraint.root";

     /**
      * Specifies the dn of the container where the Fortress User OU pools are located.  This is typically in the format of
      * {@code ou=OS-U,ou=ARBAC,dc=example,dc=com}
      */
     public final static String OSU_ROOT = "userou.root";

     /**
      * Specifies the dn of the container where the Fortress Permission OU pools are located.  This is typically in the format of
      * {@code ou=OS-P,ou=ARBAC,dc=example,dc=com}
      */
     public final static String PSU_ROOT = "permou.root";

     /**
      * Specifies the dn of the container where the Fortress Administrative Roles are located.  This is typically in the format of
      * {@code ou=AdminRoles,ou=ARBAC,dc=example,dc=com}
      */
     public final static String ADMIN_ROLE_ROOT = "adminrole.root";

     /**
      * Specifies the dn of the container where the Fortress Administrative Permissions are located.  This is typically in the format of
      * {@code ou=AdminPerms,ou=ARBAC,dc=example,dc=com}
      */
     public final static String ADMIN_PERM_ROOT = "adminperm.root";

     /*
       *  *************************************************************************
       *  **  BEGIN LDAP STANDARD ATTRIBUTE NAMES
       *  ************************************************************************
       */

     /*
      * Constant contains the top object class name that is at the root of all ldap object class structures.
      */
     public final static String TOP = "top";

     /**
      * Constant contains the organization object class name.
      */
     public final static String ORGANIZATION_CLASS = "organization";

     /**
      * Constant contains the suffix's dcObject object class name.
      */
     public final static String SUFFIX_CLASS = "dcObject";

     /**
      * Constant contains the userId attribute name for inetOrgPerson object class.
      */
     public final static String UID = "uid";

     /**
      * Constant contains the common name attribute name used within inetOrgPerson and other ldap object classes.
      */
     public final static String CN = "cn";

     /**
      * Constant contains the ldap distinguished name attribute.
      */
     public final static String DN = "dn";

     /**
      * Used within search operation using the OpenLDAP proxy control.
      */
     public final static String UTF8 = "UTF-8";

     /**
      * Constant contains the description attribute name used within inetOrgPerson and other ldap object classes.
      */
     public final static String DESC = "description";

     /**
      * Constant contains the ou attribute name used within inetOrgPerson and other ldap object classes.
      */
     public final static String OU = "ou";

     /**
      * Password policy object class structure uses cn attribute name.
      */
     public final static String POLICY_NODE_TYPE = CN;

     /**
      * Constant contains the ldap object class attribute name.
      */
     public final static String OBJECT_CLASS = "objectclass";

     /*
     *  *************************************************************************
     *  **  OPENLDAP PW POLICY ATTRIBUTES AND CONSTANTS
     *  ************************************************************************
     */

     public static final String SERVER_TYPE = "ldap.server.type";
     public static final boolean IS_OPENLDAP = ( ( Config.getProperty( SERVER_TYPE ) != null ) && ( Config
         .getProperty( SERVER_TYPE ).equalsIgnoreCase( "openldap" ) ) );

     /**
      * OpenLDAP uses this object class to store policy definitions that are processed by the pw policy overlay.
      */
     //private final static String OPENLDAP_PW_POLICY_IMPL = "password.policy";

     /**
      * When openldap password policy is in effect the openldap pw policy response control is interrogated subsequent to bind operations.
      */
     //private final static String OPENLDAP_SERVER = "openldap";

     /**
      * When set to true the pw policy control is interrogated.
      */
     //public final static boolean OPENLDAP_IS_PW_POLICY_ENABLED = (us.jts.fortress.cfg.Config.getProperty(GlobalIds.OPENLDAP_PW_POLICY_IMPL) != null && (Config.getProperty(GlobalIds.OPENLDAP_PW_POLICY_IMPL)).equalsIgnoreCase(GlobalIds.OPENLDAP_SERVER));

     /**
      * This is control id openldap uses to communicate password messages to the ldap client subsequent to bind operations:
      */
     public final static String OPENLDAP_PW_RESPONSE_CONTROL = "1.3.6.1.4.1.42.2.27.8.5.1";

     /*
       *  *************************************************************************
       *  **  OpenAccessMgr AUDIT
       *  ************************************************************************
       */
     /**
      * This object class contains Fortress audit contextual information.
      */
     public final static String FT_MODIFIER_AUX_OBJECT_CLASS_NAME = "ftMods";

     /**
      * The ftModifier contains the internalUserId of administrator who performed action.
      */
     public final static String FT_MODIFIER = "ftModifier";

     /**
      * The {@code ftModCode} attribute contains the permission object name and operation of admin function performed.
      */
     public final static String FT_MODIFIER_CODE = "ftModCode";

     /**
      * The {@code ftModId} contains a globally unique id that is bound to the audit event entity.
      */
     public final static String FT_MODIFIER_ID = "ftModId";

     /**
      * The {@code ftId} contains a globally unique id that is bound to the application entity.
      */
     public final static String FT_IID = "ftId";

     /**
      * This string literal contains a common start for most ldap search filters that fortress uses.
      */
     public final static String FILTER_PREFIX = "(&(objectclass=";

     /*
       *  *************************************************************************
       *  **  OpenAccessMgr PROPERTIES are used by USER, PERM, CONFIG DAO'S.
       *  ************************************************************************
       */
     /**
      * The {@code ftProperties} object class contains name-value pairs that are neither validated nor constrained.
      * Properties are application defined parameters and clients may store any reasonable values.
      */
     public final static String PROPS_AUX_OBJECT_CLASS_NAME = "ftProperties";

     /**
      * The {@code ftProps} attribute contains a single name-value pairs that is {@code :} separated.
      */
     public final static String PROPS = "ftProps";

     /*
       *  *************************************************************************
       *  **  OpenAccessMgr ROLE STATICS are used by RBAC and ARBAC DAO
       *  ************************************************************************
       */

     /**
      * The object class is used to store Fortress Role entity data.
      */
     public final static String ROLE_OBJECT_CLASS_NM = "ftRls";

     /**
      * Defines the object class structure used within Fortress Role processing.
      */
     public final static String ROLE_OBJ_CLASS[] =
         {
             GlobalIds.TOP,
             ROLE_OBJECT_CLASS_NM,
             GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME,
             GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME
     };

     /*
       *  *************************************************************************
       *  **  OpenAccessMgr CONSTRAINTS are used by USER, ROLE, ADMINROLE DAO'S.
       *  ************************************************************************
       */

     /**
      * Constraint AUX Object Class Schema definitions:
      */

     /**
      * This single occurring attribute is used to store constraint policies on Fortress User objects.
      */
     public final static String CONSTRAINT = "ftCstr";

     // USER Role Definitions:

     /**
      * Multi-occurring attribute contains RBAC Role assignments for Users.
      */
     public final static String USER_ROLE_ASSIGN = "ftRA";

     /**
      * Multi-occurring attribute contains constraint policies for RBAC Role assignments for Users.
      */
     public final static String USER_ROLE_DATA = "ftRC";

     /**
      * Multi-occurring attribute contains Administrative Role assignments for Users.
      */
     public final static String USER_ADMINROLE_ASSIGN = "ftARA";

     /**
      * Multi-occurring attribute contains constraint policies for Administrative Role assignments for Users.
      */
     public final static String USER_ADMINROLE_DATA = "ftARC";

     /**
      * Attribute name for storing Fortress permission object names.
      */
     public final static String POBJ_NAME = "ftObjNm";

     /**
      * Attribute name for storing parent node names for hierarchical processing.
      */
     public final static String PARENT_NODES = "ftParents";

     /*
     *  *************************************************************************
     *  **  RBAC Entity maximum length constants
     *  ************************************************************************
     */

     /**
      * Fortress userId cannot exceed length of 40.
      */
     public final static int USERID_LEN = 40;

     /**
      * Fortress role names cannot exceed length of 40.
      */
     public final static int ROLE_LEN = 40;

     /**
      * Fortress description text cannot exceed length of 80.
      */
     public final static int DESC_LEN = 180;

     /**
      * Fortress permission names cannot exceed length of 100.
      */
     public final static int PERM_LEN = 100;

     /**
      * Fortress User passwords must have length of 50 or less..
      */
     public final static int PASSWORD_LEN = 50;

     /**
      * Fortress password policy names cannot exceed length of 40.
      */
     public final static int PWPOLICY_NAME_LEN = 40;

     /**
      * Fortress ou's cannot exceed length of 40.
      */
     public final static int OU_LEN = 40;

     /**
      * Fortress User surname cannot exceed length of 80.
      */
     public final static int SN_LEN = 80;

     /**
      * Fortress common name attributes cannot exceed length of 80.
      */
     public final static int CN_LEN = 80;

     /**
      * Fortress properties cannot exceed length of 100.
      */
     public final static int PROP_LEN = 100;

     // Regular Expression Patterns stored in Fortress config file:
     public final static String REG_EX_SAFE_TEXT = "regXSafetext";

     /*
       *  *************************************************************************
       *  **  LDAP FILTER CONSTANTS
       *  ************************************************************************
       */
     /**
      * Used to define characters that must be encoded before being processed by ldap operations.
      */
     public final static String LDAP_FILTER = "ldap.filter.";

     /**
      * Used to define encoded replacements for characters to be filtered.
      */
     public final static String LDAP_SUB = "ldap.sub.";

     /**
      * Defines how many entries are to be stored in the encoding set.
      */
     public final static String LDAP_FILTER_SIZE_PROP = "ldap.filter.size";

     /**
      * Used during ldap filter processing.
      */
     public final static boolean LDAP_FILTER_SIZE_FOUND = ( us.jts.fortress.cfg.Config
         .getProperty( LDAP_FILTER_SIZE_PROP ) != null );
     public static final String APACHE_LDAP_API = "apache";

     /**
      * maximum number of entries allowed for ldap filter replacements.
      */
     private static int ldapFilterSize = 25;

     /**
      * enable the ldap filter size variable to be used later during filter processing.
      */
     static
     {
         try
         {
             String lenProp = us.jts.fortress.cfg.Config.getProperty( LDAP_FILTER_SIZE_PROP );
             if ( LDAP_FILTER_SIZE_FOUND )
             {
                 Integer len = new Integer( lenProp );
                 ldapFilterSize = len;
             }
         }
         catch ( java.lang.NumberFormatException nfe )
         {
             //ignore
         }
     }

     /**
      * Maximum number of entries allowed for ldap filter replacements.
      */
     public static final int LDAP_FILTER_SIZE = ldapFilterSize;

     /**
      * This property contains the location for the remote Fortress properties stored in ldap.  This is typically in the format of
      * {@code cn=DEFAULT,ou=Config,dc=example,dc=com}
      */
     public static final String CONFIG_REALM = "config.realm";

     /**
      * Fortress stores name-value pairs within multi-occurring attributes in ldap.  Usually a separator of ':' is used
      * format: {@code name:value},
      */
     public final static char PROP_SEP = ':';

     /**
      * Fortress stores complex attribute types within a single attribute in ldap.  Usually a delimiter of '$' is used for string tokenization.
      * format: {@code part1$part2$part3....}  Stored in fortress.properties as 'attr.delimiter=$'
      */
     public static final String DELIMITER = Config.getProperty( "attr.delimiter", "$" );

     /**
      * Maximum number of records for ldap client to wait on while processing results sets from ldap server.
      */
     public static final int BATCH_SIZE = 100;

     /**
      * Attribute is used in Fortress time/date constraints as default which will always pass.  i.e. values stored as beginDate=none or beginTime=none will turn the date and time constraints off
      * for a particular entity..
      */
     public static final String NONE = "none";

     /**
      * Attribute is used in Fortress day mask constraints as default which will always pass.  i.e. values stored as dayMask=all will always pass the day of week constraint.
      */
     public static final String ALL = "all";
     public static final String NULL = "null";
     public static final String POP_NAME = "ftOpNm";
 }
	/*
	* Copyright (c) 2009-2013, JoshuaTree. All Rights Reserved.
	*/

	package us.jts.fortress;


	import us.jts.fortress.cfg.Config;


	/**
	* This class contains constants that must be defined globally but are not to be used by external programs.
	* The constants are used internally by Fortress when looking up cfg values, performing maintenance on
	* standard and custom ldap objects and attributes, instantiating manager instances, validating objects and attributes, and more.
	* Some of the values for public constants defined here must be known to end users of system to declare system cfg parameters, see {@link us.jts.fortress.cfg.Config}.
	* For example the {@link #SUFFIX} constant uses key name {@code suffix} which must have a corresponding value, i.e. {@code dc=example,dc=com},
	* which tells location of Directory Information Tree to the Fortress runtime processor.
	* </p>
	* This class is thread safe.
	*
	* @author Shawn McKinney
	*/
	public class GlobalIds
	{
	public static final String HOME = "HOME";
	public static final String TENANT = "tenant";
	private static final String ENABLE_AUDIT = "enable.audit";
	public static final boolean IS_AUDIT = ( ( Config.getProperty( ENABLE_AUDIT ) != null ) && ( Config
	.getProperty( ENABLE_AUDIT ).equalsIgnoreCase( "true" ) ) );
	private static final String ENABLE_REST = "enable.mgr.impl.rest";
	public static final boolean IS_REST = ( ( Config.getProperty( ENABLE_REST ) != null ) && ( Config
	.getProperty( ENABLE_REST ).equalsIgnoreCase( "true" ) ) );

	/**
	* The following constants are used within the factory classes:
	*/

	/**
	* When this optional tag, {@code accessmgr.implementation}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.AccessMgr} instance used.
	*/
	public final static String ACCESS_IMPLEMENTATION = "accessmgr.implementation";

	/**
	* When this optional tag, {@code adminImplementation}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.AdminMgr} instance used.
	*/
	public final static String ADMIN_IMPLEMENTATION = "adminmgr.implementation";

	/**
	* When this optional tag, {@code daoConnector}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.DAO} instance used.
	*/
	public final static String DAO_CONNECTOR = "dao.connector";

	/**
	* When this optional tag, {@code reviewImplementation}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.ReviewMgr} instance used.
	*/
	public final static String REVIEW_IMPLEMENTATION = "reviewmgr.implementation";

	/**
	* When this optional tag, {@code policyImplementation}, is placed in Fortress properties, its class name will be the default {@link PwPolicyMgr} instance used.
	*/
	public final static String PSWD_POLICY_IMPLEMENTATION = "policymgr.implementation";

	/**
	* When this optional tag, {@code auditmgr.implementation}, is placed in Fortress properties, its class name will be the default {@link us.jts.fortress.AuditMgr} instance used.
	*/
	public final static String AUDIT_IMPLEMENTATION = "auditmgr.implementation";

	/**
	* When this optional tag, {@code delegatedAdminImplementation}, is placed in Fortress properties, its class name will be the default {@link DelAdminMgr} instance used.
	*/
	public final static String DELEGATED_ADMIN_IMPLEMENTATION = "delegated.adminmgr.implementation";

	/**
	* When this optional tag, {@code delegatedReviewImplementation}, is placed in Fortress properties, its class name will be the default {@link DelReviewMgr} instance used.
	*/
	public final static String DELEGATED_REVIEW_IMPLEMENTATION = "delegated.reviewmgr.implementation";

	/**
	* When this optional tag, {@code delegatedAccessImplementation}, is placed in Fortress properties, its class name will be the default {@link DelAccessMgr} instance used.
	*/
	public final static String DELEGATED_ACCESS_IMPLEMENTATION = "delegated.accessmgr.implementation";

	/**
	* When this optional tag, {@code configImplementation}, is placed in Fortress properties, its class name will be the default {link ConfigMgr} instance used.
	*/
	public final static String CONFIG_IMPLEMENTATION = "configmgr.implementation";

	// AUTHENTICATION_TYPE
	/**
	* This property is used to specify if authentication is being performed within a security realm.
	*/
	public final static String AUTHENTICATION_TYPE = "authn.type";

	/**
	* Specifies realm authentication mode.
	*/
	public final static String REALM_TYPE = "REALM";

	/**
	* Used to declare validation modules that are used to process constraint checks during session activation.
	*/
	public final static String VALIDATOR_PROPS = "temporal.validator.";

	/**
	* The DSD validator performs Dynamic Separation of Duty checks during role activation.
	*/
	public final static String DSD_VALIDATOR_PROP = "temporal.validator.dsd";

	/**
	* This constant is used during authentication to determine if runtime is security realm. If IS_REALM == true,
	* the authentication module will not throw SecurityException on password resets. This is to enable the authentication
	* event to succeed allowing the application to prompt user to change their password.
	*/
	public final static boolean IS_REALM = GlobalIds.REALM_TYPE.equalsIgnoreCase( us.jts.fortress.cfg.Config
	.getProperty( GlobalIds.AUTHENTICATION_TYPE ) );

	/**
	* Constant is used to tell ldap server to return no attributes on search.
	*/
	public final static String[] NO_ATRS =
	{
	"1.1"
	};

	/**
	* Parameter specifies the distinguished name (dn) of the LDAP suffix. The is the root or top-most node for a Directory Information Tree (DIT). The typical
	* Fortress suffix format is {@code dc=example,dc=com}.
	*/
	public final static String SUFFIX = "suffix";

	/**
	* Specifies the dn of the container where the Fortress User data set is located within DIT. This is typically in the format of
	* {@code ou=People, dc=example, dc=com}
	*/
	public final static String USER_ROOT = "user.root";

	/**
	* Specifies the dn of the container where the Fortress Permissions are located. This is typically in the format of
	* {@code ou=Permissions,ou=RBAC,dc=example,dc=com}
	*/
	public final static String PERM_ROOT = "perm.root";

	/**
	* Specifies the dn of the container where the Fortress RBAC Roles are located. This is typically in the format of
	* {@code ou=Roles,ou=RBAC,dc=example,dc=com}
	*/
	public final static String ROLE_ROOT = "role.root";

	/**
	* Specifies the dn of the container where the Fortress Password Polices are located. This is typically in the format of
	* {@code ou=Policies,dc=example,dc=com}
	*/
	public final static String PPOLICY_ROOT = "pwpolicy.root";

	/**
	* Specifies the dn of the container where the Fortress SSD and DSD constraints are located. This is typically in the format of
	* {@code ou=Constraints,ou=RBAC,dc=example,dc=com}
	*/
	public final static String SD_ROOT = "sdconstraint.root";

	/**
	* Specifies the dn of the container where the Fortress User OU pools are located. This is typically in the format of
	* {@code ou=OS-U,ou=ARBAC,dc=example,dc=com}
	*/
	public final static String OSU_ROOT = "userou.root";

	/**
	* Specifies the dn of the container where the Fortress Permission OU pools are located. This is typically in the format of
	* {@code ou=OS-P,ou=ARBAC,dc=example,dc=com}
	*/
	public final static String PSU_ROOT = "permou.root";

	/**
	* Specifies the dn of the container where the Fortress Administrative Roles are located. This is typically in the format of
	* {@code ou=AdminRoles,ou=ARBAC,dc=example,dc=com}
	*/
	public final static String ADMIN_ROLE_ROOT = "adminrole.root";

	/**
	* Specifies the dn of the container where the Fortress Administrative Permissions are located. This is typically in the format of
	* {@code ou=AdminPerms,ou=ARBAC,dc=example,dc=com}
	*/
	public final static String ADMIN_PERM_ROOT = "adminperm.root";

	/*
	* *************************************************************************
	* ** BEGIN LDAP STANDARD ATTRIBUTE NAMES
	* ************************************************************************
	*/

	/*
	* Constant contains the top object class name that is at the root of all ldap object class structures.
	*/
	public final static String TOP = "top";

	/**
	* Constant contains the organization object class name.
	*/
	public final static String ORGANIZATION_CLASS = "organization";

	/**
	* Constant contains the suffix's dcObject object class name.
	*/
	public final static String SUFFIX_CLASS = "dcObject";

	/**
	* Constant contains the userId attribute name for inetOrgPerson object class.
	*/
	public final static String UID = "uid";

	/**
	* Constant contains the common name attribute name used within inetOrgPerson and other ldap object classes.
	*/
	public final static String CN = "cn";

	/**
	* Constant contains the ldap distinguished name attribute.
	*/
	public final static String DN = "dn";

	/**
	* Used within search operation using the OpenLDAP proxy control.
	*/
	public final static String UTF8 = "UTF-8";

	/**
	* Constant contains the description attribute name used within inetOrgPerson and other ldap object classes.
	*/
	public final static String DESC = "description";

	/**
	* Constant contains the ou attribute name used within inetOrgPerson and other ldap object classes.
	*/
	public final static String OU = "ou";

	/**
	* Password policy object class structure uses cn attribute name.
	*/
	public final static String POLICY_NODE_TYPE = CN;

	/**
	* Constant contains the ldap object class attribute name.
	*/
	public final static String OBJECT_CLASS = "objectclass";

	/*
	* *************************************************************************
	* ** OPENLDAP PW POLICY ATTRIBUTES AND CONSTANTS
	* ************************************************************************
	*/

	public static final String SERVER_TYPE = "ldap.server.type";
	public static final boolean IS_OPENLDAP = ( ( Config.getProperty( SERVER_TYPE ) != null ) && ( Config
	.getProperty( SERVER_TYPE ).equalsIgnoreCase( "openldap" ) ) );

	/**
	* OpenLDAP uses this object class to store policy definitions that are processed by the pw policy overlay.
	*/
	//private final static String OPENLDAP_PW_POLICY_IMPL = "password.policy";

	/**
	* When openldap password policy is in effect the openldap pw policy response control is interrogated subsequent to bind operations.
	*/
	//private final static String OPENLDAP_SERVER = "openldap";

	/**
	* When set to true the pw policy control is interrogated.
	*/
	//public final static boolean OPENLDAP_IS_PW_POLICY_ENABLED = (us.jts.fortress.cfg.Config.getProperty(GlobalIds.OPENLDAP_PW_POLICY_IMPL) != null && (Config.getProperty(GlobalIds.OPENLDAP_PW_POLICY_IMPL)).equalsIgnoreCase(GlobalIds.OPENLDAP_SERVER));

	/**
	* This is control id openldap uses to communicate password messages to the ldap client subsequent to bind operations:
	*/
	public final static String OPENLDAP_PW_RESPONSE_CONTROL = "1.3.6.1.4.1.42.2.27.8.5.1";

	/*
	* *************************************************************************
	* ** OpenAccessMgr AUDIT
	* ************************************************************************
	*/
	/**
	* This object class contains Fortress audit contextual information.
	*/
	public final static String FT_MODIFIER_AUX_OBJECT_CLASS_NAME = "ftMods";

	/**
	* The ftModifier contains the internalUserId of administrator who performed action.
	*/
	public final static String FT_MODIFIER = "ftModifier";

	/**
	* The {@code ftModCode} attribute contains the permission object name and operation of admin function performed.
	*/
	public final static String FT_MODIFIER_CODE = "ftModCode";

	/**
	* The {@code ftModId} contains a globally unique id that is bound to the audit event entity.
	*/
	public final static String FT_MODIFIER_ID = "ftModId";

	/**
	* The {@code ftId} contains a globally unique id that is bound to the application entity.
	*/
	public final static String FT_IID = "ftId";

	/**
	* This string literal contains a common start for most ldap search filters that fortress uses.
	*/
	public final static String FILTER_PREFIX = "(&(objectclass=";

	/*
	* *************************************************************************
	* ** OpenAccessMgr PROPERTIES are used by USER, PERM, CONFIG DAO'S.
	* ************************************************************************
	*/
	/**
	* The {@code ftProperties} object class contains name-value pairs that are neither validated nor constrained.
	* Properties are application defined parameters and clients may store any reasonable values.
	*/
	public final static String PROPS_AUX_OBJECT_CLASS_NAME = "ftProperties";

	/**
	* The {@code ftProps} attribute contains a single name-value pairs that is {@code :} separated.
	*/
	public final static String PROPS = "ftProps";

	/*
	* *************************************************************************
	* ** OpenAccessMgr ROLE STATICS are used by RBAC and ARBAC DAO
	* ************************************************************************
	*/

	/**
	* The object class is used to store Fortress Role entity data.
	*/
	public final static String ROLE_OBJECT_CLASS_NM = "ftRls";

	/**
	* Defines the object class structure used within Fortress Role processing.
	*/
	public final static String ROLE_OBJ_CLASS[] =
	{
	GlobalIds.TOP,
	ROLE_OBJECT_CLASS_NM,
	GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME,
	GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME
	};

	/*
	* *************************************************************************
	* ** OpenAccessMgr CONSTRAINTS are used by USER, ROLE, ADMINROLE DAO'S.
	* ************************************************************************
	*/

	/**
	* Constraint AUX Object Class Schema definitions:
	*/

	/**
	* This single occurring attribute is used to store constraint policies on Fortress User objects.
	*/
	public final static String CONSTRAINT = "ftCstr";

	// USER Role Definitions:

	/**
	* Multi-occurring attribute contains RBAC Role assignments for Users.
	*/
	public final static String USER_ROLE_ASSIGN = "ftRA";

	/**
	* Multi-occurring attribute contains constraint policies for RBAC Role assignments for Users.
	*/
	public final static String USER_ROLE_DATA = "ftRC";

	/**
	* Multi-occurring attribute contains Administrative Role assignments for Users.
	*/
	public final static String USER_ADMINROLE_ASSIGN = "ftARA";

	/**
	* Multi-occurring attribute contains constraint policies for Administrative Role assignments for Users.
	*/
	public final static String USER_ADMINROLE_DATA = "ftARC";

	/**
	* Attribute name for storing Fortress permission object names.
	*/
	public final static String POBJ_NAME = "ftObjNm";

	/**
	* Attribute name for storing parent node names for hierarchical processing.
	*/
	public final static String PARENT_NODES = "ftParents";

	/*
	* *************************************************************************
	* ** RBAC Entity maximum length constants
	* ************************************************************************
	*/

	/**
	* Fortress userId cannot exceed length of 40.
	*/
	public final static int USERID_LEN = 40;

	/**
	* Fortress role names cannot exceed length of 40.
	*/
	public final static int ROLE_LEN = 40;

	/**
	* Fortress description text cannot exceed length of 80.
	*/
	public final static int DESC_LEN = 180;

	/**
	* Fortress permission names cannot exceed length of 100.
	*/
	public final static int PERM_LEN = 100;

	/**
	* Fortress User passwords must have length of 50 or less..
	*/
	public final static int PASSWORD_LEN = 50;

	/**
	* Fortress password policy names cannot exceed length of 40.
	*/
	public final static int PWPOLICY_NAME_LEN = 40;

	/**
	* Fortress ou's cannot exceed length of 40.
	*/
	public final static int OU_LEN = 40;

	/**
	* Fortress User surname cannot exceed length of 80.
	*/
	public final static int SN_LEN = 80;

	/**
	* Fortress common name attributes cannot exceed length of 80.
	*/
	public final static int CN_LEN = 80;

	/**
	* Fortress properties cannot exceed length of 100.
	*/
	public final static int PROP_LEN = 100;

	// Regular Expression Patterns stored in Fortress config file:
	public final static String REG_EX_SAFE_TEXT = "regXSafetext";

	/*
	* *************************************************************************
	* ** LDAP FILTER CONSTANTS
	* ************************************************************************
	*/
	/**
	* Used to define characters that must be encoded before being processed by ldap operations.
	*/
	public final static String LDAP_FILTER = "ldap.filter.";

	/**
	* Used to define encoded replacements for characters to be filtered.
	*/
	public final static String LDAP_SUB = "ldap.sub.";

	/**
	* Defines how many entries are to be stored in the encoding set.
	*/
	public final static String LDAP_FILTER_SIZE_PROP = "ldap.filter.size";

	/**
	* Used during ldap filter processing.
	*/
	public final static boolean LDAP_FILTER_SIZE_FOUND = ( us.jts.fortress.cfg.Config
	.getProperty( LDAP_FILTER_SIZE_PROP ) != null );
	public static final String APACHE_LDAP_API = "apache";

	/**
	* maximum number of entries allowed for ldap filter replacements.
	*/
	private static int ldapFilterSize = 25;

	/**
	* enable the ldap filter size variable to be used later during filter processing.
	*/
	static
	{
	try
	{
	String lenProp = us.jts.fortress.cfg.Config.getProperty( LDAP_FILTER_SIZE_PROP );
	if ( LDAP_FILTER_SIZE_FOUND )
	{
	Integer len = new Integer( lenProp );
	ldapFilterSize = len;
	}
	}
	catch ( java.lang.NumberFormatException nfe )
	{
	//ignore
	}
	}

	/**
	* Maximum number of entries allowed for ldap filter replacements.
	*/
	public static final int LDAP_FILTER_SIZE = ldapFilterSize;

	/**
	* This property contains the location for the remote Fortress properties stored in ldap. This is typically in the format of
	* {@code cn=DEFAULT,ou=Config,dc=example,dc=com}
	*/
	public static final String CONFIG_REALM = "config.realm";

	/**
	* Fortress stores name-value pairs within multi-occurring attributes in ldap. Usually a separator of ':' is used
	* format: {@code name:value},
	*/
	public final static char PROP_SEP = ':';

	/**
	* Fortress stores complex attribute types within a single attribute in ldap. Usually a delimiter of '$' is used for string tokenization.
	* format: {@code part1$part2$part3....} Stored in fortress.properties as 'attr.delimiter=$'
	*/
	public static final String DELIMITER = Config.getProperty( "attr.delimiter", "$" );

	/**
	* Maximum number of records for ldap client to wait on while processing results sets from ldap server.
	*/
	public static final int BATCH_SIZE = 100;

	/**
	* Attribute is used in Fortress time/date constraints as default which will always pass. i.e. values stored as beginDate=none or beginTime=none will turn the date and time constraints off
	* for a particular entity..
	*/
	public static final String NONE = "none";

	/**
	* Attribute is used in Fortress day mask constraints as default which will always pass. i.e. values stored as dayMask=all will always pass the day of week constraint.
	*/
	public static final String ALL = "all";
	public static final String NULL = "null";
	public static final String POP_NAME = "ftOpNm";
	}