1 /*******************************************************************************
2 * ============LICENSE_START====================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
21 ******************************************************************************/
22 package org.onap.aaf.authz.service.mapper;
24 import static org.junit.Assert.assertEquals;
25 import static org.junit.Assert.assertFalse;
26 import static org.junit.Assert.assertNotNull;
27 import static org.junit.Assert.assertNull;
28 import static org.junit.Assert.assertTrue;
29 import static org.junit.Assert.fail;
30 import static org.mockito.BDDMockito.given;
31 import static org.mockito.Matchers.any;
32 import static org.mockito.Matchers.anyString;
33 import static org.mockito.Matchers.eq;
34 import static org.mockito.Mockito.mock;
35 import static org.mockito.Mockito.spy;
36 import static org.mockito.Mockito.verify;
37 import static org.mockito.Mockito.verifyZeroInteractions;
38 import static org.onap.aaf.auth.layer.Result.ERR_BadData;
39 import static org.onap.aaf.auth.layer.Result.ERR_General;
41 import aaf.v2_0.NsRequest;
43 import aaf.v2_0.Nss.Ns;
45 import aaf.v2_0.PermKey;
46 import aaf.v2_0.PermRequest;
47 import aaf.v2_0.Perms;
49 import aaf.v2_0.Request;
51 import aaf.v2_0.RoleRequest;
52 import aaf.v2_0.Roles;
53 import aaf.v2_0.UserRole;
54 import aaf.v2_0.UserRoleRequest;
55 import aaf.v2_0.UserRoles;
56 import com.google.common.collect.ImmutableMap;
57 import com.google.common.collect.Iterables;
58 import com.google.common.collect.Lists;
59 import com.google.common.collect.Sets;
60 import java.io.IOException;
61 import java.text.SimpleDateFormat;
62 import java.util.Calendar;
63 import java.util.Collection;
64 import java.util.Date;
65 import java.util.GregorianCalendar;
66 import java.util.List;
69 import java.util.stream.Collectors;
70 import org.junit.Assert;
71 import org.junit.Before;
72 import org.junit.Test;
73 import org.junit.runner.RunWith;
74 import org.mockito.Mock;
75 import org.mockito.runners.MockitoJUnitRunner;
76 import org.onap.aaf.auth.dao.cass.Namespace;
77 import org.onap.aaf.auth.dao.cass.NsDAO;
78 import org.onap.aaf.auth.dao.cass.NsSplit;
79 import org.onap.aaf.auth.dao.cass.NsType;
80 import org.onap.aaf.auth.dao.cass.PermDAO;
81 import org.onap.aaf.auth.dao.cass.PermDAO.Data;
82 import org.onap.aaf.auth.dao.cass.RoleDAO;
83 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
84 import org.onap.aaf.auth.dao.hl.Question;
85 import org.onap.aaf.auth.dao.hl.Question.Access;
86 import org.onap.aaf.auth.env.AuthzTrans;
87 import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
88 import org.onap.aaf.auth.layer.Result;
89 import org.onap.aaf.auth.org.Organization;
90 import org.onap.aaf.auth.org.Organization.Expiration;
91 import org.onap.aaf.auth.rserv.Pair;
92 import org.onap.aaf.auth.service.mapper.Mapper.API;
93 import org.onap.aaf.auth.service.mapper.Mapper_2_0;
94 import org.onap.aaf.cadi.CadiException;
95 import org.onap.aaf.misc.env.APIException;
96 import org.onap.aaf.misc.env.Env;
97 import org.onap.aaf.misc.env.TimeTaken;
98 import org.onap.aaf.org.DefaultOrg;
100 @RunWith(MockitoJUnitRunner.class)
101 public class JU_Mapper_2_0 {
103 private static final String USER = "John";
105 private Mapper_2_0 mapper;
107 private Question question;
109 private AuthzTrans transaction;
111 private TimeTaken tt;
115 public void setUp() throws APIException, IOException, CadiException {
116 given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt);
117 given(transaction.user()).willReturn(USER);
118 this.mapper = new Mapper_2_0(question);
121 @Test(expected = ClassCastException.class)
122 public void ns_willThrowException_whenInvalidRequestType() {
124 Request rq = new Request();
127 mapper.ns(transaction, rq);
130 fail("Expected ClassCastException");
134 public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() {
136 String namespaceName = "org.companyA.app1";
137 String namespaceType = "APP";
138 NsType expectedNsType = NsType.APP;
139 NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType);
142 Result<Namespace> result = mapper.ns(transaction,nsRequest);
145 assertTrue(result.isOK());
146 assertNamespaceValues(result.value, expectedNsType, namespaceName);
147 verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
151 public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() {
153 String namespaceName = "org.companyA.app1.service0";
154 String invalidNsType = "BLUE";
155 NsType expectedNsType = NsType.APP;
156 NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType);
159 Result<Namespace> result = mapper.ns(transaction,nsRequest);
162 assertTrue(result.isOK());
163 assertNamespaceValues(result.value, expectedNsType, namespaceName);
164 verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
168 public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() {
170 String rootNsName = "org";
171 NsType expectedNsType = NsType.ROOT;
172 NsRequest nsRequest = createNsRequestForType(rootNsName, null);
175 Result<Namespace> result = mapper.ns(transaction,nsRequest);
178 assertTrue(result.isOK());
179 assertNamespaceValues(result.value, expectedNsType, rootNsName);
180 verify(transaction).checkpoint(rootNsName,Env.ALWAYS);
184 public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() {
186 String companyNsName = "org.companyA";
187 NsType expectedNsType = NsType.COMPANY;
188 NsRequest nsRequest = createNsRequestForType(companyNsName, null);
191 Result<Namespace> result = mapper.ns(transaction,nsRequest);
194 assertTrue(result.isOK());
195 assertNamespaceValues(result.value, expectedNsType, companyNsName);
196 verify(transaction).checkpoint(companyNsName,Env.ALWAYS);
199 private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) {
200 List<String> people = Lists.newArrayList("tk007@people.osaaf.org");
201 assertEquals(Integer.valueOf(nsType.type), value.type);
202 assertEquals(namespaceName, value.name);
203 assertEquals("some namespace description", value.description);
204 assertEquals(people, value.admin);
205 assertEquals(people, value.owner);
208 private NsRequest createNsRequestForType(String nsName, String nsType) {
209 NsRequest req = mapper.newInstance(API.NS_REQ);
212 req.setDescription("some namespace description");
213 req.getAdmin().add("tk007@people.osaaf.org");
214 req.getResponsible().add("tk007@people.osaaf.org");
219 public void nss_shouldConvertNamespaceToNss_withoutAttributes() {
221 Nss nss = mapper.newInstance(API.NSS);
222 Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
225 Result<Nss> result = mapper.nss(transaction, ns, nss);
228 assertTrue(result.isOK());
229 assertEquals("Only one Ns should be added",1, result.value.getNs().size());
230 Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
231 assertEquals(ns.admin, addedNs.getAdmin());
232 assertEquals(ns.name, addedNs.getName());
233 assertEquals(ns.owner, addedNs.getResponsible());
234 assertEquals(ns.description, addedNs.getDescription());
235 assertTrue(addedNs.getAttrib().isEmpty());
239 public void nss_shouldConvertNamespaceToNss_withAttributes() {
241 Nss nss = mapper.newInstance(API.NSS);
242 Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
243 ns.attrib = Lists.newArrayList();
245 Map<String, String> attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5");
246 attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val)));
249 Result<Nss> result = mapper.nss(transaction, ns, nss);
252 assertTrue(result.isOK());
253 assertEquals("Only one Ns should be added",1, result.value.getNs().size());
254 Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
255 assertEquals(attribNum, addedNs.getAttrib().size());
256 addedNs.getAttrib().forEach( attr -> {
257 assertEquals(attr.getValue(), attribs.get(attr.getKey()));
262 public void nss_shouldAddSeveralNamespacesToNss() {
264 Nss nss = mapper.newInstance(API.NSS);
265 Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value;
266 Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value;
269 Result<Nss> result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss);
272 assertTrue(result.isOK());
273 assertEquals("Two namespaces should be added",2, result.value.getNs().size());
277 public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() {
279 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
280 .willReturn(Result.err(9, "error"));
281 Perms permsContainer = mapper.newInstance(API.PERMS);
282 List<PermDAO.Data> permsData = Lists.newArrayList(new PermDAO.Data());
283 boolean filter = true;
286 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
289 assertTrue(result.isOK());
290 assertEquals("No perms added",0,result.value.getPerm().size());
294 public void perm_shouldAddPerm_withNamespaceSet_whenUserIsAuthorized_AndNamespaceIsRequestedType() {
296 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
297 .willReturn(Result.ok(new NsDAO.Data()));
298 given(transaction.requested(REQD_TYPE.ns)).willReturn(true);
299 Perms permsContainer = mapper.newInstance(API.PERMS);
300 Set<String> roles = Sets.newHashSet("org.onap.portal.owner","org.onap.portal.designer"
301 ,"org.onap.portal.tester");
302 String namespace = "org.onap.portal";
303 String type = "access";
304 String fullType = namespace + "." +type;
305 String action = "read";
306 String description = "Portal Read Access";
307 List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description));
308 boolean filter = true;
311 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
314 assertTrue(result.isOK());
315 assertEquals("Perm is added",1,result.value.getPerm().size());
316 Perm perm = Iterables.getOnlyElement(result.value.getPerm());
317 assertEquals(namespace, perm.getNs());
318 assertEquals(fullType, perm.getType());
319 assertEquals(action, perm.getAction());
320 assertEquals("*", perm.getInstance());
321 assertEquals(description, perm.getDescription());
322 assertEquals(Lists.newArrayList(roles), perm.getRoles());
326 public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() {
328 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
329 .willReturn(Result.ok(new NsDAO.Data()));
330 given(transaction.requested(REQD_TYPE.ns)).willReturn(false);
331 Perms permsContainer = mapper.newInstance(API.PERMS);
332 String namespace = "org.onap.portal";
333 String type = "access";
334 String fullType = namespace + "." + type;
335 String action = "read";
336 List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null));
337 boolean filter = true;
340 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
343 assertTrue(result.isOK());
344 assertEquals("Perm is added",1,result.value.getPerm().size());
345 Perm perm = Iterables.getOnlyElement(result.value.getPerm());
346 assertNull(perm.getNs());
347 assertEquals(fullType, perm.getType());
348 assertEquals(action, perm.getAction());
352 public void perm_shouldAddPermsWithCorrectSortedOrder() {
354 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
355 .willReturn(Result.ok(new NsDAO.Data()));
356 Perms permsContainer = mapper.newInstance(API.PERMS);
357 PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null);
358 PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null);
359 PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null);
360 PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null);
361 PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null);
362 List<PermDAO.Data> permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2);
363 List<PermDAO.Data> correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5);
366 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, true);
369 assertTrue(result.isOK());
370 assertEquals("Alls Perms added",5,result.value.getPerm().size());
371 List<Perm> mappedPerms = result.value.getPerm();
372 for(int i=0; i<5; i++) {
373 comparePerm(correctOrderPerms.get(i), mappedPerms.get(i));
377 private void comparePerm(Data data, Perm perm) {
378 assertEquals(data.ns + "." + data.type, perm.getType());
379 assertEquals(data.instance, perm.getInstance());
380 assertEquals(data.action, perm.getAction());
383 private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set<String> roles, String description) {
384 NsSplit nss = new NsSplit(ns, name);
385 PermDAO.Data perm = new PermDAO.Data(nss, instance, action);
387 perm.description = description;
392 public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception {
394 String roleName = "admin";
395 RoleRequest request = createRoleRequest(roleName, "role description");
396 given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException()));
399 Result<RoleDAO.Data> result = mapper.role(transaction, request);
402 assertFalse(result.isOK());
403 assertNull(result.value);
404 assertEquals(ERR_General, result.status);
408 public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception {
410 String roleName = "admin";
411 String roleNs = "org.onap.roles";
412 String roleFullName = roleNs + "." + roleName;
413 String description =" role description";
414 RoleRequest request = createRoleRequest(roleFullName, description);
415 given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName)));
418 Result<RoleDAO.Data> result = mapper.role(transaction, request);
421 assertTrue(result.isOK());
422 assertEquals(roleName, result.value.name);
423 assertEquals(roleNs, result.value.ns);
424 assertEquals(description, result.value.description);
425 verify(transaction).checkpoint(roleFullName, Env.ALWAYS);
428 private RoleRequest createRoleRequest(String name, String description) {
429 RoleRequest req = mapper.newInstance(API.ROLE_REQ);
431 req.setDescription(description);
436 public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() {
438 Roles initialRoles = new Roles();
439 RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
442 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false);
445 assertTrue(result.isOK());
446 assertEquals(initialRoles.getRole(), result.value.getRole());
450 public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() {
452 Roles initialRoles = new Roles();
453 RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
454 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
455 .willReturn(Result.err(9, "error"));
458 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true);
461 assertTrue(result.isOK());
462 assertEquals(initialRoles.getRole(), result.value.getRole());
466 public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() {
467 test_roles_shouldAddRoles(false);
471 public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() {
472 test_roles_shouldAddRoles(true);
475 private void test_roles_shouldAddRoles(boolean namespaceRequested) {
477 String namespace = "org.onap.app1";
478 String description = "role description";
479 Set<String> roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer");
480 List<RoleDAO.Data> daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description))
481 .collect(Collectors.toList());
482 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
483 .willReturn(Result.ok(new NsDAO.Data()));
484 given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested);
487 Result<Roles> result = mapper.roles(transaction, daoRoles, new Roles(), true);
490 assertTrue(result.isOK());
491 assertEquals(2, result.value.getRole().size());
492 result.value.getRole().stream().forEach( role -> {
493 assertTrue(role.getPerms().isEmpty());
494 if(namespaceRequested) {
495 assertEquals(namespace, role.getNs());
497 assertNull(role.getNs());
499 assertTrue(roleNames.contains(role.getName()));
500 assertEquals(description, role.getDescription());
505 public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() {
507 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
508 .willReturn(Result.ok(new NsDAO.Data()));
509 RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
510 role.perms = Sets.newHashSet("invalidPermFormat");
513 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
516 assertFalse(result.isOK());
517 assertEquals(ERR_BadData, result.status);
521 public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() {
523 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
524 .willReturn(Result.ok(new NsDAO.Data()));
525 given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class)));
526 RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
527 role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve");
530 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
533 assertTrue(result.isOK());
534 Role mappedRole = Iterables.getOnlyElement(result.value.getRole());
535 Pkey pKey = Iterables.getOnlyElement(mappedRole.getPerms());
536 assertEquals("org.onap.app.access", pKey.getType());
537 assertEquals("*", pKey.getInstance());
538 assertEquals("read,approve", pKey.getAction());
541 private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) {
542 NsDAO.Data ns = new NsDAO.Data();
544 RoleDAO.Data role = RoleDAO.Data.create(ns, rolename);
545 role.description = desc;
550 public void userRoles_shouldMapUserRolesFromDAO() {
552 String user = "john@people.osaaf.org";
553 String role = "admin";
554 String namespace = "org.osaaf.aaf";
558 Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based
559 UserRoles targetRoles = new UserRoles();
562 Result<UserRoles> result = mapper.userRoles(transaction, Lists.newArrayList(
563 createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles);
566 assertTrue(result.isOK());
567 UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole());
568 assertEquals(user, targetRole.getUser());
569 assertEquals(role, targetRole.getRole());
570 assertEquals(year, targetRole.getExpires().getYear());
571 assertEquals(month, targetRole.getExpires().getMonth());
572 assertEquals(day, targetRole.getExpires().getDay());
576 public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() {
578 PermRequest wrongRequestType = new PermRequest();
581 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, wrongRequestType);
584 assertFalse(result.isOK());
585 assertEquals(ERR_BadData, result.status);
586 verifyZeroInteractions(transaction);
590 public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() {
592 UserRoleRequest request = new UserRoleRequest();
593 given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException()));
594 Organization org = mock(Organization.class);
595 given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
596 given(transaction.org()).willReturn(org);
599 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, request);
602 assertTrue(result.isOK());
603 assertNull(result.value.ns);
604 assertNull(result.value.rname);
605 assertNull(result.value.role);
606 assertNull(result.value.user);
607 assertNotNull(result.value.expires);
611 public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() {
613 String user = "johny@people.osaaf.org";
614 String role = "org.onap.app1.deployer";
615 String rName = "deployer";
616 String namespace = "org.onap.app1";
618 given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName)));
619 Organization org = mock(Organization.class);
620 given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
621 given(transaction.org()).willReturn(org);
624 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, createUserRoleRequest(role, user));
627 assertTrue(result.isOK());
628 assertEquals(user, result.value.user);
629 assertEquals(role, result.value.role);
630 assertEquals(rName, result.value.rname);
631 assertEquals(namespace, result.value.ns);
632 assertNotNull(result.value.expires);
635 private UserRoleRequest createUserRoleRequest(String role, String user) {
636 UserRoleRequest request = new UserRoleRequest();
637 request.setRole(role);
638 request.setUser(user);
642 private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) {
643 UserRoleDAO.Data userRole = new UserRoleDAO.Data();
644 userRole.user = userName;
645 userRole.expires = expires;
646 userRole.ns = namespace;
647 userRole.role = roleName;