1 /*******************************************************************************
2 * ============LICENSE_START====================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
21 ******************************************************************************/
23 package org.onap.aaf.authz.service.mapper;
25 import static org.junit.Assert.assertEquals;
26 import static org.junit.Assert.assertFalse;
27 import static org.junit.Assert.assertNotNull;
28 import static org.junit.Assert.assertNull;
29 import static org.junit.Assert.assertTrue;
30 import static org.junit.Assert.fail;
31 import static org.mockito.BDDMockito.given;
32 import static org.mockito.Matchers.any;
33 import static org.mockito.Matchers.anyString;
34 import static org.mockito.Matchers.eq;
35 import static org.mockito.Mockito.mock;
36 import static org.mockito.Mockito.spy;
37 import static org.mockito.Mockito.verify;
38 import static org.mockito.Mockito.verifyZeroInteractions;
39 import static org.onap.aaf.auth.layer.Result.ERR_BadData;
40 import static org.onap.aaf.auth.layer.Result.ERR_General;
42 import aaf.v2_0.NsRequest;
44 import aaf.v2_0.Nss.Ns;
46 import aaf.v2_0.PermKey;
47 import aaf.v2_0.PermRequest;
48 import aaf.v2_0.Perms;
50 import aaf.v2_0.Request;
52 import aaf.v2_0.RoleRequest;
53 import aaf.v2_0.Roles;
54 import aaf.v2_0.UserRole;
55 import aaf.v2_0.UserRoleRequest;
56 import aaf.v2_0.UserRoles;
57 import com.google.common.collect.ImmutableMap;
58 import com.google.common.collect.Iterables;
59 import com.google.common.collect.Lists;
60 import com.google.common.collect.Sets;
61 import java.io.IOException;
62 import java.text.SimpleDateFormat;
63 import java.util.Calendar;
64 import java.util.Collection;
65 import java.util.Date;
66 import java.util.GregorianCalendar;
67 import java.util.List;
70 import java.util.stream.Collectors;
71 import org.junit.Assert;
72 import org.junit.Before;
73 import org.junit.Test;
74 import org.junit.runner.RunWith;
75 import org.mockito.Mock;
76 import org.mockito.runners.MockitoJUnitRunner;
77 import org.onap.aaf.auth.dao.cass.Namespace;
78 import org.onap.aaf.auth.dao.cass.NsDAO;
79 import org.onap.aaf.auth.dao.cass.NsSplit;
80 import org.onap.aaf.auth.dao.cass.NsType;
81 import org.onap.aaf.auth.dao.cass.PermDAO;
82 import org.onap.aaf.auth.dao.cass.PermDAO.Data;
83 import org.onap.aaf.auth.dao.cass.RoleDAO;
84 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
85 import org.onap.aaf.auth.dao.hl.Question;
86 import org.onap.aaf.auth.dao.hl.Question.Access;
87 import org.onap.aaf.auth.env.AuthzTrans;
88 import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
89 import org.onap.aaf.auth.layer.Result;
90 import org.onap.aaf.auth.org.Organization;
91 import org.onap.aaf.auth.org.Organization.Expiration;
92 import org.onap.aaf.auth.rserv.Pair;
93 import org.onap.aaf.auth.service.mapper.Mapper.API;
94 import org.onap.aaf.auth.service.mapper.Mapper_2_0;
95 import org.onap.aaf.cadi.CadiException;
96 import org.onap.aaf.misc.env.APIException;
97 import org.onap.aaf.misc.env.Env;
98 import org.onap.aaf.misc.env.TimeTaken;
99 import org.onap.aaf.org.DefaultOrg;
101 @RunWith(MockitoJUnitRunner.class)
102 public class JU_Mapper_2_0 {
104 private static final String USER = "John";
106 private Mapper_2_0 mapper;
108 private Question question;
110 private AuthzTrans transaction;
112 private TimeTaken tt;
116 public void setUp() throws APIException, IOException, CadiException {
117 given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt);
118 given(transaction.user()).willReturn(USER);
119 this.mapper = new Mapper_2_0(question);
122 @Test(expected = ClassCastException.class)
123 public void ns_willThrowException_whenInvalidRequestType() {
125 Request rq = new Request();
128 mapper.ns(transaction, rq);
131 fail("Expected ClassCastException");
135 public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() {
137 String namespaceName = "org.companyA.app1";
138 String namespaceType = "APP";
139 NsType expectedNsType = NsType.APP;
140 NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType);
143 Result<Namespace> result = mapper.ns(transaction,nsRequest);
146 assertTrue(result.isOK());
147 assertNamespaceValues(result.value, expectedNsType, namespaceName);
148 verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
152 public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() {
154 String namespaceName = "org.companyA.app1.service0";
155 String invalidNsType = "BLUE";
156 NsType expectedNsType = NsType.APP;
157 NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType);
160 Result<Namespace> result = mapper.ns(transaction,nsRequest);
163 assertTrue(result.isOK());
164 assertNamespaceValues(result.value, expectedNsType, namespaceName);
165 verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
169 public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() {
171 String rootNsName = "org";
172 NsType expectedNsType = NsType.ROOT;
173 NsRequest nsRequest = createNsRequestForType(rootNsName, null);
176 Result<Namespace> result = mapper.ns(transaction,nsRequest);
179 assertTrue(result.isOK());
180 assertNamespaceValues(result.value, expectedNsType, rootNsName);
181 verify(transaction).checkpoint(rootNsName,Env.ALWAYS);
185 public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() {
187 String companyNsName = "org.companyA";
188 NsType expectedNsType = NsType.COMPANY;
189 NsRequest nsRequest = createNsRequestForType(companyNsName, null);
192 Result<Namespace> result = mapper.ns(transaction,nsRequest);
195 assertTrue(result.isOK());
196 assertNamespaceValues(result.value, expectedNsType, companyNsName);
197 verify(transaction).checkpoint(companyNsName,Env.ALWAYS);
200 private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) {
201 List<String> people = Lists.newArrayList("tk007@people.osaaf.org");
202 assertEquals(Integer.valueOf(nsType.type), value.type);
203 assertEquals(namespaceName, value.name);
204 assertEquals("some namespace description", value.description);
205 assertEquals(people, value.admin);
206 assertEquals(people, value.owner);
209 private NsRequest createNsRequestForType(String nsName, String nsType) {
210 NsRequest req = mapper.newInstance(API.NS_REQ);
213 req.setDescription("some namespace description");
214 req.getAdmin().add("tk007@people.osaaf.org");
215 req.getResponsible().add("tk007@people.osaaf.org");
220 public void nss_shouldConvertNamespaceToNss_withoutAttributes() {
222 Nss nss = mapper.newInstance(API.NSS);
223 Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
226 Result<Nss> result = mapper.nss(transaction, ns, nss);
229 assertTrue(result.isOK());
230 assertEquals("Only one Ns should be added",1, result.value.getNs().size());
231 Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
232 assertEquals(ns.admin, addedNs.getAdmin());
233 assertEquals(ns.name, addedNs.getName());
234 assertEquals(ns.owner, addedNs.getResponsible());
235 assertEquals(ns.description, addedNs.getDescription());
236 assertTrue(addedNs.getAttrib().isEmpty());
240 public void nss_shouldConvertNamespaceToNss_withAttributes() {
242 Nss nss = mapper.newInstance(API.NSS);
243 Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
244 ns.attrib = Lists.newArrayList();
246 Map<String, String> attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5");
247 attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val)));
250 Result<Nss> result = mapper.nss(transaction, ns, nss);
253 assertTrue(result.isOK());
254 assertEquals("Only one Ns should be added",1, result.value.getNs().size());
255 Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
256 assertEquals(attribNum, addedNs.getAttrib().size());
257 addedNs.getAttrib().forEach( attr -> {
258 assertEquals(attr.getValue(), attribs.get(attr.getKey()));
263 public void nss_shouldAddSeveralNamespacesToNss() {
265 Nss nss = mapper.newInstance(API.NSS);
266 Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value;
267 Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value;
270 Result<Nss> result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss);
273 assertTrue(result.isOK());
274 assertEquals("Two namespaces should be added",2, result.value.getNs().size());
278 public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() {
280 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
281 .willReturn(Result.err(9, "error"));
282 Perms permsContainer = mapper.newInstance(API.PERMS);
283 List<PermDAO.Data> permsData = Lists.newArrayList(new PermDAO.Data());
284 boolean filter = true;
287 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
290 assertTrue(result.isOK());
291 assertEquals("No perms added",0,result.value.getPerm().size());
295 public void perm_shouldAddPerm_withNamespaceSet_whenUserIsAuthorized_AndNamespaceIsRequestedType() {
297 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
298 .willReturn(Result.ok(new NsDAO.Data()));
299 given(transaction.requested(REQD_TYPE.ns)).willReturn(true);
300 Perms permsContainer = mapper.newInstance(API.PERMS);
301 Set<String> roles = Sets.newHashSet("org.onap.portal.owner","org.onap.portal.designer"
302 ,"org.onap.portal.tester");
303 String namespace = "org.onap.portal";
304 String type = "access";
305 String fullType = namespace + "." +type;
306 String action = "read";
307 String description = "Portal Read Access";
308 List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description));
309 boolean filter = true;
312 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
315 assertTrue(result.isOK());
316 assertEquals("Perm is added",1,result.value.getPerm().size());
317 Perm perm = Iterables.getOnlyElement(result.value.getPerm());
318 assertEquals(namespace, perm.getNs());
319 assertEquals(fullType, perm.getType());
320 assertEquals(action, perm.getAction());
321 assertEquals("*", perm.getInstance());
322 assertEquals(description, perm.getDescription());
323 assertEquals(Lists.newArrayList(roles), perm.getRoles());
327 public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() {
329 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
330 .willReturn(Result.ok(new NsDAO.Data()));
331 given(transaction.requested(REQD_TYPE.ns)).willReturn(false);
332 Perms permsContainer = mapper.newInstance(API.PERMS);
333 String namespace = "org.onap.portal";
334 String type = "access";
335 String fullType = namespace + "." + type;
336 String action = "read";
337 List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null));
338 boolean filter = true;
341 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
344 assertTrue(result.isOK());
345 assertEquals("Perm is added",1,result.value.getPerm().size());
346 Perm perm = Iterables.getOnlyElement(result.value.getPerm());
347 assertNull(perm.getNs());
348 assertEquals(fullType, perm.getType());
349 assertEquals(action, perm.getAction());
353 public void perm_shouldAddPermsWithCorrectSortedOrder() {
355 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
356 .willReturn(Result.ok(new NsDAO.Data()));
357 Perms permsContainer = mapper.newInstance(API.PERMS);
358 PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null);
359 PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null);
360 PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null);
361 PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null);
362 PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null);
363 List<PermDAO.Data> permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2);
364 List<PermDAO.Data> correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5);
367 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, true);
370 assertTrue(result.isOK());
371 assertEquals("Alls Perms added",5,result.value.getPerm().size());
372 List<Perm> mappedPerms = result.value.getPerm();
373 for (int i=0; i<5; i++) {
374 comparePerm(correctOrderPerms.get(i), mappedPerms.get(i));
378 private void comparePerm(Data data, Perm perm) {
379 assertEquals(data.ns + "." + data.type, perm.getType());
380 assertEquals(data.instance, perm.getInstance());
381 assertEquals(data.action, perm.getAction());
384 private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set<String> roles, String description) {
385 NsSplit nss = new NsSplit(ns, name);
386 PermDAO.Data perm = new PermDAO.Data(nss, instance, action);
388 perm.description = description;
393 public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception {
395 String roleName = "admin";
396 RoleRequest request = createRoleRequest(roleName, "role description");
397 given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException()));
400 Result<RoleDAO.Data> result = mapper.role(transaction, request);
403 assertFalse(result.isOK());
404 assertNull(result.value);
405 assertEquals(ERR_General, result.status);
409 public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception {
411 String roleName = "admin";
412 String roleNs = "org.onap.roles";
413 String roleFullName = roleNs + "." + roleName;
414 String description =" role description";
415 RoleRequest request = createRoleRequest(roleFullName, description);
416 given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName)));
419 Result<RoleDAO.Data> result = mapper.role(transaction, request);
422 assertTrue(result.isOK());
423 assertEquals(roleName, result.value.name);
424 assertEquals(roleNs, result.value.ns);
425 assertEquals(description, result.value.description);
426 verify(transaction).checkpoint(roleFullName, Env.ALWAYS);
429 private RoleRequest createRoleRequest(String name, String description) {
430 RoleRequest req = mapper.newInstance(API.ROLE_REQ);
432 req.setDescription(description);
437 public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() {
439 Roles initialRoles = new Roles();
440 RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
443 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false);
446 assertTrue(result.isOK());
447 assertEquals(initialRoles.getRole(), result.value.getRole());
451 public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() {
453 Roles initialRoles = new Roles();
454 RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
455 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
456 .willReturn(Result.err(9, "error"));
459 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true);
462 assertTrue(result.isOK());
463 assertEquals(initialRoles.getRole(), result.value.getRole());
467 public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() {
468 test_roles_shouldAddRoles(false);
472 public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() {
473 test_roles_shouldAddRoles(true);
476 private void test_roles_shouldAddRoles(boolean namespaceRequested) {
478 String namespace = "org.onap.app1";
479 String description = "role description";
480 Set<String> roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer");
481 List<RoleDAO.Data> daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description))
482 .collect(Collectors.toList());
483 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
484 .willReturn(Result.ok(new NsDAO.Data()));
485 given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested);
488 Result<Roles> result = mapper.roles(transaction, daoRoles, new Roles(), true);
491 assertTrue(result.isOK());
492 assertEquals(2, result.value.getRole().size());
493 result.value.getRole().stream().forEach( role -> {
494 assertTrue(role.getPerms().isEmpty());
495 if (namespaceRequested) {
496 assertEquals(namespace, role.getNs());
498 assertNull(role.getNs());
500 assertTrue(roleNames.contains(role.getName()));
501 assertEquals(description, role.getDescription());
506 public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() {
508 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
509 .willReturn(Result.ok(new NsDAO.Data()));
510 RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
511 role.perms = Sets.newHashSet("invalidPermFormat");
514 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
517 assertFalse(result.isOK());
518 assertEquals(ERR_BadData, result.status);
522 public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() {
524 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
525 .willReturn(Result.ok(new NsDAO.Data()));
526 given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class)));
527 RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
528 role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve");
531 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
534 assertTrue(result.isOK());
535 Role mappedRole = Iterables.getOnlyElement(result.value.getRole());
536 Pkey pKey = Iterables.getOnlyElement(mappedRole.getPerms());
537 assertEquals("org.onap.app.access", pKey.getType());
538 assertEquals("*", pKey.getInstance());
539 assertEquals("read,approve", pKey.getAction());
542 private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) {
543 NsDAO.Data ns = new NsDAO.Data();
545 RoleDAO.Data role = RoleDAO.Data.create(ns, rolename);
546 role.description = desc;
551 public void userRoles_shouldMapUserRolesFromDAO() {
553 String user = "john@people.osaaf.org";
554 String role = "admin";
555 String namespace = "org.osaaf.aaf";
559 Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based
560 UserRoles targetRoles = new UserRoles();
563 Result<UserRoles> result = mapper.userRoles(transaction, Lists.newArrayList(
564 createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles);
567 assertTrue(result.isOK());
568 UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole());
569 assertEquals(user, targetRole.getUser());
570 assertEquals(role, targetRole.getRole());
571 assertEquals(year, targetRole.getExpires().getYear());
572 assertEquals(month, targetRole.getExpires().getMonth());
573 assertEquals(day, targetRole.getExpires().getDay());
577 public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() {
579 PermRequest wrongRequestType = new PermRequest();
582 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, wrongRequestType);
585 assertFalse(result.isOK());
586 assertEquals(ERR_BadData, result.status);
587 verifyZeroInteractions(transaction);
591 public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() {
593 UserRoleRequest request = new UserRoleRequest();
594 given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException()));
595 Organization org = mock(Organization.class);
596 given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
597 given(transaction.org()).willReturn(org);
600 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, request);
603 assertTrue(result.isOK());
604 assertNull(result.value.ns);
605 assertNull(result.value.rname);
606 assertNull(result.value.role);
607 assertNull(result.value.user);
608 assertNotNull(result.value.expires);
612 public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() {
614 String user = "johny@people.osaaf.org";
615 String role = "org.onap.app1.deployer";
616 String rName = "deployer";
617 String namespace = "org.onap.app1";
619 given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName)));
620 Organization org = mock(Organization.class);
621 given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
622 given(transaction.org()).willReturn(org);
625 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, createUserRoleRequest(role, user));
628 assertTrue(result.isOK());
629 assertEquals(user, result.value.user);
630 assertEquals(role, result.value.role);
631 assertEquals(rName, result.value.rname);
632 assertEquals(namespace, result.value.ns);
633 assertNotNull(result.value.expires);
636 private UserRoleRequest createUserRoleRequest(String role, String user) {
637 UserRoleRequest request = new UserRoleRequest();
638 request.setRole(role);
639 request.setUser(user);
643 private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) {
644 UserRoleDAO.Data userRole = new UserRoleDAO.Data();
645 userRole.user = userName;
646 userRole.expires = expires;
647 userRole.ns = namespace;
648 userRole.role = roleName;