'[CommitOpenAM] [10814] branches/AME-4616: AME-4616 Merge changes from trunk'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-openam-commit
Subject:    [CommitOpenAM] [10814] branches/AME-4616: AME-4616 Merge changes from trunk
From:       noreply () forgerock ! org
Date:       2014-09-30 13:49:13
Message-ID: 20140930134913.5EDC240934 () sources ! internal ! forgerock ! com
[Download RAW message or body]

[Attachment #2 (text/html)]

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[10814] branches/AME-4616: AME-4616 Merge changes from trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: \
verdana,arial,helvetica,sans-serif; font-size: 10pt;  } #msg dl a { font-weight: \
bold} #msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: \
bold; } #msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: \
6px; } #logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em \
0; } #logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg \
h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; } \
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; \
} #logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: \
-1.5em; padding-left: 1.5em; } #logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em \
1em 0 1em; background: white;} #logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid \
#fa0; border-bottom: 1px solid #fa0; background: #fff; } #logmsg table th { \
text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted \
#fa0; } #logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: \
0.2em 0.5em; } #logmsg table thead th { text-align: center; border-bottom: 1px solid \
#fa0; } #logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: \
6px; } #patch { width: 100%; }
#patch h4 {font-family: \
verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
 #patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, \
#patch .copfile {border:1px solid #ccc;margin:10px 0;} #patch ins \
{background:#dfd;text-decoration:none;display:block;padding:0 10px;} #patch del \
{background:#fdd;text-decoration:none;display:block;padding:0 10px;} #patch .lines, \
                .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a \
href="http://sources.forgerock.org/changelog/openam/?cs=10814">10814</a></dd> \
<dt>Author</dt> <dd>craig.mcdonnell</dd> <dt>Date</dt> <dd>2014-09-30 14:49:13 +0100 \
(Tue, 30 Sep 2014)</dd> </dl>

<h3>Log Message</h3>
<pre>AME-4616 Merge changes from trunk</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesAME4616openamopenamclientsdkpomxml">branches/AME-4616/openam/openam-clientsdk/pom.xml</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopen \
ssoOpenSSOApplicationPrivilegeManagerjava">branches/AME-4616/openam/openam-core/src/ma \
in/java/com/sun/identity/entitlement/opensso/OpenSSOApplicationPrivilegeManager.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopen \
ssoOpenSSOGroupSubjectjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOGroupSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopen \
ssoOpenSSOUserSubjectjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOUserSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopen \
ssoPrivilegeUtilsjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/PrivilegeUtils.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentityidmAMIdentityja \
va">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/idm/AMIdentity.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicyCondition \
TypeManagerjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/ConditionTypeManager.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAM \
IdentityMembershipConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AMIdentityMembershipCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAM \
IdentitySubjectjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AMIdentitySubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAu \
thLevelConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthLevelCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAu \
thSchemeConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthSchemeCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAu \
thenticateToRealmConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticateToRealmCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAu \
thenticateToServiceConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticateToServiceCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAu \
thenticatedUsersjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticatedUsers.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsIP \
Conditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/IPCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsLD \
APFilterConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/LDAPFilterCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsLE \
AuthLevelConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/LEAuthLevelCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsRe \
sourceEnvIPConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/ResourceEnvIPCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsSe \
ssionConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SessionCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsSe \
ssionPropertyConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SessionPropertyCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsSi \
mpleTimeConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SimpleTimeCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavaorgforgerockopenamnetworkipv4 \
IPv4Conditionjava">branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/network/ipv4/IPv4Condition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavaorgforgerockopenamnetworkipv6 \
IPv6Conditionjava">branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/network/ipv6/IPv6Condition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavaorgforgerockopenamupgradestep \
spolicyconditionsPolicyConditionUpgradeMapjava">branches/AME-4616/openam/openam-core/s \
rc/main/java/org/forgerock/openam/upgrade/steps/policy/conditions/PolicyConditionUpgradeMap.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainresourcesEntitlementExceptionprop \
erties">branches/AME-4616/openam/openam-core/src/main/resources/EntitlementException.properties</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrctestjavacomsunidentityentitlementxacm \
l3XACMLPrivilegeUtilsTestjava">branches/AME-4616/openam/openam-core/src/test/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtilsTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentAnyUserSubjectjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/AnyUserSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentEntitlementExceptionjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/EntitlementException.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentEntitlementSubjectImpljava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/EntitlementSubjectImpl.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentGroupSubjectjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/GroupSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentUserSubjectjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/UserSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavaorgforgerockopenament \
itlementEntitlementRegistryjava">branches/AME-4616/openam/openam-entitlements/src/main/java/org/forgerock/openam/entitlement/EntitlementRegistry.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementAndConditionEvalTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndConditionEvalTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementAndConditionTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndConditionTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementAndSubjectTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndSubjectTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementCanBeDeletedAppTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/CanBeDeletedAppTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementDecisionMergeTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DecisionMergeTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementHttpStarEvaluationTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/HttpStarEvaluationTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementMultiWildcardEvalTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/MultiWildcardEvalTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementNotConditionTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/NotConditionTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementNotSubjectTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/NotSubjectTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementOrConditionEvalTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrConditionEvalTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementOrConditionTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrConditionTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementOrSubjectTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrSubjectTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementOrgAliasReferralTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrgAliasReferralTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementPrivilegeManagerTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/PrivilegeManagerTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementSingleWildCardEvaluatorTestjava">branches/AME-4616/openam/openam-federation/Op \
enFM/src/test/java/com/sun/identity/entitlement/SingleWildCardEvaluatorTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementWebServiceApplicationTestjava">branches/AME-4616/openam/openam-federation/Open \
FM/src/test/java/com/sun/identity/entitlement/WebServiceApplicationTest.java</a></li> \
<li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityenti \
tlementXACMLExportTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/XACMLExportTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementxacml3PrivilegeUtilsTestjava">branches/AME-4616/openam/openam-federation/OpenF \
M/src/test/java/com/sun/identity/entitlement/xacml3/PrivilegeUtilsTest.java</a></li> \
<li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentitypoli \
cyPrivilegeUtilsTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/policy/PrivilegeUtilsTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityres \
tListenerRestTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/ListenerRestTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityres \
tMultipleResourceRestTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/MultipleResourceRestTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityres \
tPrivilegeRestTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/PrivilegeRestTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityres \
tRestPermissionTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/RestPermissionTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityres \
tRestTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/RestTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamrestsrcmainjavaorgforgerockopenamforgerockre \
stentitlementsmodeljsonJsonEntitlementSubjectMixinjava">branches/AME-4616/openam/opena \
m-rest/src/main/java/org/forgerock/openam/forgerockrest/entitlements/model/json/JsonEntitlementSubjectMixin.java</a></li>
 <li><a href="#branchesAME4616openamopenamrestsrctestjavaorgforgerockopenamforgerockre \
stentitlementsJsonPolicyParserTestjava">branches/AME-4616/openam/openam-rest/src/test/ \
java/org/forgerock/openam/forgerockrest/entitlements/JsonPolicyParserTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamtoolsopenaminstalltoolspomxml">branches/AME-4616/openam/openam-tools/openam-installtools/pom.xml</a></li>
 <li><a href="#branchesAME4616openamopenamtoolsopenaminstalltoolssrctestjavacomsuniden \
tityinstalltoolsutilOSCheckerTestjava">branches/AME-4616/openam/openam-tools/openam-in \
stalltools/src/test/java/com/sun/identity/install/tools/util/OSCheckerTest.java</a></li>
 <li><a href="#branchesAME4616openssoproductswebagentsMakefilelinuxmk">branches/AME-4616/opensso/products/webagents/Makefile.linux.mk</a></li>
 <li><a href="#branchesAME4616openssoproductswebagentsbuildxml">branches/AME-4616/opensso/products/webagents/build.xml</a></li>
 <li><a href="#branchesAME4616openssoproductswebagentsbuild_agentxml">branches/AME-4616/opensso/products/webagents/build_agent.xml</a></li>
 </ul>

<h3>Added Paths</h3>
<ul>
<li>branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/entitlement/conditions/</li>
 <li>branches/AME-4616/openam/openam-core/src/test/java/org/forgerock/openam/entitlement/conditions/</li>
 <li>branches/AME-4616/opensso/products/webagents/install/varnish/</li>
</ul>

<h3>Removed Paths</h3>
<ul>
<li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopens \
soJavaOneDemoAccountConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/JavaOneDemoAccountCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopen \
ssoJavaOneDemoConditionjava">branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/JavaOneDemoCondition.java</a></li>
 <li>branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/entitlement/conditions/</li>
 <li>branches/AME-4616/openam/openam-core/src/test/java/org/forgerock/openam/entitlement/conditions/</li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentAuthenticatedESubjectjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/AuthenticatedESubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentBankingSubjectjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/BankingSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentDNSNameConditionjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/DNSNameCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentIPConditionjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/IPCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentIdRepoRoleSubjectjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/IdRepoRoleSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentRoleSubjectjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/RoleSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentTimeConditionjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/TimeCondition.java</a></li>
 <li><a href="#branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitle \
mentVirtualSubjectjava">branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/VirtualSubject.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementDNSNameEvalTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DNSNameEvalTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementDateRangeConditionEvaluationjava">branches/AME-4616/openam/openam-federation/O \
penFM/src/test/java/com/sun/identity/entitlement/DateRangeConditionEvaluation.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementDayConditionEvaluationjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DayConditionEvaluation.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementIPConditionEvalTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/IPConditionEvalTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementIPConditionTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/IPConditionTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementRoleSubjectTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/RoleSubjectTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementTimeConditionEvaluationjava">branches/AME-4616/openam/openam-federation/OpenFM \
/src/test/java/com/sun/identity/entitlement/TimeConditionEvaluation.java</a></li> \
<li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityenti \
tlementTimeConditionTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeConditionTest.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityent \
itlementTimeZoneConditionEvaluationjava">branches/AME-4616/openam/openam-federation/Op \
enFM/src/test/java/com/sun/identity/entitlement/TimeZoneConditionEvaluation.java</a></li>
 <li><a href="#branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentitypol \
icyIPCEvaluatorTestjava">branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/policy/IPCEvaluatorTest.java</a></li>
 </ul>

<h3>Property Changed</h3>
<ul>
<li><a href="#branchesAME4616">branches/AME-4616/</a></li>
<li><a href="#branchesAME4616communityextensionscrowdprovider">branches/AME-4616/community/extensions/crowdprovider/</a></li>
 <li><a href="#branchesAME4616openam">branches/AME-4616/openam/</a></li>
<li><a href="#branchesAME4616openamopenamdocumentationopenamdocsource">branches/AME-4616/openam/openam-documentation/openam-doc-source/</a></li>
 <li><a href="#branchesAME4616openamopenamoauth2">branches/AME-4616/openam/openam-oauth2/</a></li>
 <li><a href="#branchesAME4616openamopenamrestsrcmainjavaorgforgerockopenamforgerockre \
stIdentityResourceV1java">branches/AME-4616/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java</a></li>
 <li><a href="#branchesAME4616openamagents">branches/AME-4616/openam-agents/</a></li>
<li><a href="#branchesAME4616opensso">branches/AME-4616/opensso/</a></li>
<li><a href="#branchesAME4616openssoproducts">branches/AME-4616/opensso/products/</a></li>
 </ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesAME4616"></a>
<div class="propset"><h4>Property changes: branches/AME-4616</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2526-SFO-between-sites:7510-8258
</span><span class="cx">/branches/AME-3423:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington:9534-9723
</span><span class="cx">/branches/AME-3719:9517-9879
</span><span class="cx">/branches/AME-4378:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459:10437-10535
</span><span class="cx">/branches/IIS7PostData:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted:6910-6946
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes:8747-8835
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath:10263-10264
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation:7834-7844
 </span><span class="cx">/branches/ame4103:9979,9981,9998,10000,10002,10007-10008,10016,10018,10038
 </span><span class="cx">/branches/ame4272:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool:7098-7175
</span><span class="cx">/branches/andy-openam-2654:6872-6911
</span><span class="cx">/branches/andy-openam-2880:6451-6503
</span><span class="cx">/branches/andy-openam-2907:6531-6534
</span><span class="cx">/branches/andy-openam-3006:6709-6749
</span><span class="cx">/branches/andy-openam-3063:6927-6948
</span><span class="cx">/branches/andy-openam-3193:7124-7128
</span><span class="cx">/branches/andy-openam-3248:7171-7715
</span><span class="cx">/branches/andy-openam2743:6372-6439
</span><span class="cx">/branches/andy-openam2744:6347-6367
</span><span class="cx">/branches/andyAme2972:8270-8318
</span><span class="cx">/branches/andyAme3196:8853-9084
</span><span class="cx">/branches/andyOpenam1708:5576-5592
</span><span class="cx">/branches/andyOpenam2140:7819-7862
</span><span class="cx">/branches/andyOpenam2373:5600-5706
</span><span class="cx">/branches/andyOpenam2525:5601-5733
</span><span class="cx">/branches/andyOpenam3509:7881-7963
</span><span class="cx">/branches/andyOpenam3638:8094-8172
</span><span class="cx">/branches/andyPolicyCrest:8295-8813
</span><span class="cx">/branches/apforrest-ame1316:4881-5305
</span><span class="cx">/branches/maven_merge:2556-3124
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug:6767-6804
</span><span class="cx">/branches/openam2742-andy:6266-6323
</span><span class="cx">/branches/pcunnington-AME-3115-refactor:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114:8314-8341
</span><span class="cx">/branches/policyimprovements:5513-5515
</span><span class="cx">/branches/rwapshott-AME-1739:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2160-session-size:6086-6319
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars:6170-6194
</span><span class="cx">/trunk:10652-10780
</span><span class="cx">   + /branches/10.1.0-Xpress:3888-3892
</span><span class="cx">/branches/AME-2526-SFO-between-sites:7510-8258
</span><span class="cx">/branches/AME-3423:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington:9534-9723
</span><span class="cx">/branches/AME-3719:9517-9879
</span><span class="cx">/branches/AME-4378:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459:10437-10535
</span><span class="cx">/branches/AME-4547:10585-10783
</span><span class="cx">/branches/AME-4595:10581-10789
</span><span class="cx">/branches/IIS7PostData:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted:6910-6946
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes:8747-8835
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath:10263-10264
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation:7834-7844
 </span><span class="cx">/branches/ame4103:9979,9981,9998,10000,10002,10007-10008,10016,10018,10038
 </span><span class="cx">/branches/ame4272:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool:7098-7175
</span><span class="cx">/branches/andy-openam-2654:6872-6911
</span><span class="cx">/branches/andy-openam-2880:6451-6503
</span><span class="cx">/branches/andy-openam-2907:6531-6534
</span><span class="cx">/branches/andy-openam-3006:6709-6749
</span><span class="cx">/branches/andy-openam-3063:6927-6948
</span><span class="cx">/branches/andy-openam-3193:7124-7128
</span><span class="cx">/branches/andy-openam-3248:7171-7715
</span><span class="cx">/branches/andy-openam2743:6372-6439
</span><span class="cx">/branches/andy-openam2744:6347-6367
</span><span class="cx">/branches/andyAme2972:8270-8318
</span><span class="cx">/branches/andyAme3196:8853-9084
</span><span class="cx">/branches/andyOpenam1708:5576-5592
</span><span class="cx">/branches/andyOpenam2140:7819-7862
</span><span class="cx">/branches/andyOpenam2373:5600-5706
</span><span class="cx">/branches/andyOpenam2525:5601-5733
</span><span class="cx">/branches/andyOpenam3509:7881-7963
</span><span class="cx">/branches/andyOpenam3638:8094-8172
</span><span class="cx">/branches/andyPolicyCrest:8295-8813
</span><span class="cx">/branches/apforrest-ame1316:4881-5305
</span><span class="cx">/branches/maven_merge:2556-3124
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage:6658-6745
</span><span class="cx">/branches/openam-3053-cts-tab-exception:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug:6767-6804
</span><span class="cx">/branches/openam2742-andy:6266-6323
</span><span class="cx">/branches/pcunnington-AME-3115-refactor:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114:8314-8341
</span><span class="cx">/branches/policyimprovements:5513-5515
</span><span class="cx">/branches/rwapshott-AME-1739:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2160-session-size:6086-6319
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars:6170-6194
</span><span class="cx">/trunk:10652-10812
</span><a id="branchesAME4616communityextensionscrowdprovider"></a>
<div class="propset"><h4>Property changes: \
branches/AME-4616/community/extensions/crowdprovider</h4> <pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-3423/community/extensions/crowdprovider:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/community/extensions/crowdprovider:9534-9723
 </span><span class="cx">/branches/AME-3719/community/extensions/crowdprovider:9517-9879
 </span><span class="cx">/branches/AME-4378/community/extensions/crowdprovider:10443-10621
 </span><span class="cx">/branches/AME-4460_AME-4459/community/extensions/crowdprovider:10437-10535
 </span><span class="cx">/branches/IIS7PostData/opensso/extensions/seraphprovider:224-261
 </span><span class="cx">/branches/OPENAM-2961-forgot-password-404/community/extensions/crowdprovider:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/community/extensions/crowdprovider:6910-6946
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/community/extensions/crowdprovider:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/community/extensions/crowdprovider:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/community/extensions/crowdprovider:8747-8835
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/community/extensions/crowdprovider:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/community/extensions/crowdprovider:7834-7844
 </span><span class="cx">/branches/allanCSDK/extensions/seraphprovider:64-163
</span><span class="cx">/branches/ame4272/community/extensions/crowdprovider:10073-10101
 </span><span class="cx">/branches/andy-ame-2227-v2/community/extensions/crowdprovider:7508-7697
 </span><span class="cx">/branches/maven_merge/community/extensions/crowdprovider:2556-2561
 </span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/community/extensions/crowdprovider:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/community/extensions/crowdprovider:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/community/extensions/crowdprovider:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/community/extensions/crowdprovider:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/community/extensions/crowdprovider:6767-6804
 </span><span class="cx">/branches/pcunnington-AME-3115-refactor/community/extensions/crowdprovider:8348-8473
 </span><span class="cx">/branches/pcunnington-oauth2/community/extensions/crowdprovider:8710-8793
 </span><span class="cx">/branches/phcunnington-AME-3114/community/extensions/crowdprovider:8314-8341
 </span><span class="cx">/branches/rwapshott-AME-1739/community/extensions/crowdprovider:5331-5353
 </span><span class="cx">/branches/rwapshott-AME-215/community/extensions/crowdprovider:4091-4155
 </span><span class="cx">/branches/rwapshott-AME-257/community/extensions/crowdprovider:4047-4126
 </span><span class="cx">/branches/rwapshott-AME-804/community/extensions/crowdprovider:4267-5404
 </span><span class="cx">/branches/rwapshott-ame-2160-session-size/community/extensions/crowdprovider:6086-6319
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/community/extensions/crowdprovider:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/community/extensions/crowdprovider:5442-5484
 </span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/community/extensions/crowdprovider:6170-6194
 </span><span class="cx">/trunk/community/extensions/crowdprovider:2556-2930,10686-10687,10694-10696,10701,10713,10716,10719,10721,10723,10725,10728,10735
 </span><span class="cx">   + \
/branches/AME-2526-SFO-between-sites/community/extensions/crowdprovider:7510-8258 \
</span><span class="cx">/branches/AME-3423/community/extensions/crowdprovider:10105-10414
 </span><span class="cx">/branches/AME-3612-pcunnington/community/extensions/crowdprovider:9534-9723
 </span><span class="cx">/branches/AME-3719/community/extensions/crowdprovider:9517-9879
 </span><span class="cx">/branches/AME-4378/community/extensions/crowdprovider:10443-10621
 </span><span class="cx">/branches/AME-4460_AME-4459/community/extensions/crowdprovider:10437-10535
 </span><span class="cx">/branches/AME-4547/community/extensions/crowdprovider:10585-10783
 </span><span class="cx">/branches/AME-4595/community/extensions/crowdprovider:10581-10789
 </span><span class="cx">/branches/IIS7PostData/opensso/extensions/seraphprovider:224-261
 </span><span class="cx">/branches/OPENAM-2961-forgot-password-404/community/extensions/crowdprovider:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/community/extensions/crowdprovider:6910-6946
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/community/extensions/crowdprovider:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/community/extensions/crowdprovider:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/community/extensions/crowdprovider:8747-8835
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/community/extensions/crowdprovider:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/community/extensions/crowdprovider:7834-7844
 </span><span class="cx">/branches/allanCSDK/extensions/seraphprovider:64-163
</span><span class="cx">/branches/ame4272/community/extensions/crowdprovider:10073-10101
 </span><span class="cx">/branches/andy-ame-2227-v2/community/extensions/crowdprovider:7508-7697
 </span><span class="cx">/branches/maven_merge/community/extensions/crowdprovider:2556-2561
 </span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/community/extensions/crowdprovider:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/community/extensions/crowdprovider:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/community/extensions/crowdprovider:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/community/extensions/crowdprovider:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/community/extensions/crowdprovider:6767-6804
 </span><span class="cx">/branches/pcunnington-AME-3115-refactor/community/extensions/crowdprovider:8348-8473
 </span><span class="cx">/branches/pcunnington-oauth2/community/extensions/crowdprovider:8710-8793
 </span><span class="cx">/branches/phcunnington-AME-3114/community/extensions/crowdprovider:8314-8341
 </span><span class="cx">/branches/rwapshott-AME-1739/community/extensions/crowdprovider:5331-5353
 </span><span class="cx">/branches/rwapshott-AME-215/community/extensions/crowdprovider:4091-4155
 </span><span class="cx">/branches/rwapshott-AME-257/community/extensions/crowdprovider:4047-4126
 </span><span class="cx">/branches/rwapshott-AME-804/community/extensions/crowdprovider:4267-5404
 </span><span class="cx">/branches/rwapshott-ame-2160-session-size/community/extensions/crowdprovider:6086-6319
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/community/extensions/crowdprovider:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/community/extensions/crowdprovider:5442-5484
 </span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/community/extensions/crowdprovider:6170-6194
 </span><span class="cx">/trunk/community/extensions/crowdprovider:2556-2930,10652-10812
 </span><a id="branchesAME4616openam"></a>
<div class="propset"><h4>Property changes: branches/AME-4616/openam</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam:8455-8476
 </span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam:8481-8664
 </span><span class="cx">/branches/AME-3087_query_and_patch/openam:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam:8749-8823
</span><span class="cx">/branches/AME-3423/openam:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam:9534-9723
</span><span class="cx">/branches/AME-3719/openam:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam:9663-9819
</span><span class="cx">/branches/AME-4378/openam:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam:10437-10535
</span><span class="cx">/branches/CTS-Async/openam:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam:8747-8835
 </span><span class="cx">/branches/OPENAM-4028-connection-pool/openam:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam:10263-10264
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam:7834-7844
 </span><span class="cx">/branches/ame4272/openam:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam:6347-6367
</span><span class="cx">/branches/andyAme2972/openam:8270-8318
</span><span class="cx">/branches/andyAme3102/openam:8312-8413
</span><span class="cx">/branches/andyAme3196/openam:8853-9084
</span><span class="cx">/branches/andyOpenam1708/openam:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam:8094-8172
</span><span class="cx">/branches/andyPolicyCrest/openam:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam:4567-4852
</span><span class="cx">/branches/dirk_oauth_perf:5904
</span><span class="cx">/branches/dirk_sts:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/oidc_authn:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/openam:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam:8314-8341
</span><span class="cx">/branches/policyimprovements/openam:5513-5515
</span><span class="cx">/branches/rest_sts_publish:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam:5609-5614
 </span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/openam:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam:6170-6194
 </span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam:6247-6257
</span><span class="cx">/branches/sts_oidc_saml:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
 </span><span class="cx">/branches/sts_oidc_saml_redux:8417-8422,8424,8440,8445-8446,8460,8490,8498
 </span><span class="cx">/branches/sts_restart_persistence:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt:10424-10472,10474-10550
</span><span class="cx">/branches/sts_service_listeners:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_token_gen_service:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
 </span><span class="cx">/branches/sts_token_gen_service2:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509:10206-10398
</span><span class="cx">/trunk/openam:10652-10780
</span><span class="cx">   + /branches/AME-2526-SFO-between-sites/openam:7510-8258
</span><span class="cx">/branches/AME-2629/openam:7585-7632
</span><span class="cx">/branches/AME-2766-policy-entitlements-REST-APIs/openam:8455-8476
 </span><span class="cx">/branches/AME-3087-entitlements-CREST-management/openam:8481-8664
 </span><span class="cx">/branches/AME-3087_query_and_patch/openam:8667-8681
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam:8749-8823
</span><span class="cx">/branches/AME-3423/openam:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam:9534-9723
</span><span class="cx">/branches/AME-3719/openam:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam:9663-9819
</span><span class="cx">/branches/AME-4378/openam:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam:10437-10535
</span><span class="cx">/branches/AME-4547/openam:10585-10783
</span><span class="cx">/branches/AME-4595/openam:10581-10789
</span><span class="cx">/branches/CTS-Async/openam:8847-9739
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam:6910-6946
</span><span class="cx">/branches/OPENAM-3130-session-quota/openam:6958-6972
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam:8747-8835
 </span><span class="cx">/branches/OPENAM-4028-connection-pool/openam:9750-10171
</span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam:10263-10264
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam:7834-7844
 </span><span class="cx">/branches/ame4272/openam:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam:5311-5328
</span><span class="cx">/branches/andy-cts-connection-pool/openam:7098-7175
</span><span class="cx">/branches/andy-openam-2654/openam:6872-6911
</span><span class="cx">/branches/andy-openam-2880/openam:6451-6503
</span><span class="cx">/branches/andy-openam-2907/openam:6531-6534
</span><span class="cx">/branches/andy-openam-3006/openam:6709-6749
</span><span class="cx">/branches/andy-openam-3063/openam:6927-6948
</span><span class="cx">/branches/andy-openam-3193/openam:7124-7128
</span><span class="cx">/branches/andy-openam-3248/openam:7171-7715
</span><span class="cx">/branches/andy-openam2743/openam:6372-6439
</span><span class="cx">/branches/andy-openam2744/openam:6347-6367
</span><span class="cx">/branches/andyAme2972/openam:8270-8318
</span><span class="cx">/branches/andyAme3102/openam:8312-8413
</span><span class="cx">/branches/andyAme3196/openam:8853-9084
</span><span class="cx">/branches/andyOpenam1708/openam:5576-5592
</span><span class="cx">/branches/andyOpenam2140/openam:7819-7862
</span><span class="cx">/branches/andyOpenam2373/openam:5600-5706
</span><span class="cx">/branches/andyOpenam2525/openam:5601-5733
</span><span class="cx">/branches/andyOpenam3509/openam:7881-7963
</span><span class="cx">/branches/andyOpenam3638/openam:8094-8172
</span><span class="cx">/branches/andyPolicyCrest/openam:8295-8813
</span><span class="cx">/branches/apforrest-ame1316/openam:4881-5305
</span><span class="cx">/branches/apforrest_ame805_indextree/openam:4567-4852
</span><span class="cx">/branches/dirk_oauth_perf:5904
</span><span class="cx">/branches/dirk_sts:5297,5314,5317-5318,5320-5321
</span><span class="cx">/branches/oidc_authn:8507,8540,8557-8559,8565-8566
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/openam:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/openam:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/openam:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/openam:6767-6804
</span><span class="cx">/branches/openam2742-andy/openam:6266-6323
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam:4039-4140
</span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam:4141-4379
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/openam:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam:8314-8341
</span><span class="cx">/branches/policyimprovements/openam:5513-5515
</span><span class="cx">/branches/rest_sts_publish:8167,8180,8214,8227,8245,8260
</span><span class="cx">/branches/rest_sts_view_bean:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam:5609-5614
 </span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam:6086-6319
</span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam:6058-6069
</span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam:5548-6055
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/openam:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam:6170-6194
 </span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam:6247-6257
</span><span class="cx">/branches/sts_oidc_saml:8310,8352,8355,8368,8378-8379,8387-8388,8403,8410,8416
 </span><span class="cx">/branches/sts_oidc_saml_redux:8417-8422,8424,8440,8445-8446,8460,8490,8498
 </span><span class="cx">/branches/sts_restart_persistence:9003-9005,9009-9414
</span><span class="cx">/branches/sts_saml2_encrypt:10424-10472,10474-10550
</span><span class="cx">/branches/sts_service_listeners:9968-10031,10047-10048,10053
</span><span class="cx">/branches/sts_token_gen_service:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
 </span><span class="cx">/branches/sts_token_gen_service2:8844-8887,8894-9000
</span><span class="cx">/branches/sts_x509:10206-10398
</span><span class="cx">/trunk/openam:10652-10812
</span><a id="branchesAME4616openamopenamclientsdkpomxml"></a>
<div class="modfile"><h4>Modified: branches/AME-4616/openam/openam-clientsdk/pom.xml \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- branches/AME-4616/openam/openam-clientsdk/pom.xml	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-clientsdk/pom.xml	2014-09-30 13:49:13 UTC (rev \
10814) </span><span class="lines">@@ -251,10 +251,12 @@
</span><span class="cx">                                 \
&lt;include&gt;org/forgerock/openam/entitlement/indextree/TreeSaveIndex*&lt;/include&gt;
 </span><span class="cx">                                 \
&lt;include&gt;org/forgerock/openam/entitlement/indextree/TreeSearchIndex*&lt;/include&gt;
 </span><span class="cx">                                 \
&lt;include&gt;org/forgerock/openam/entitlement/utils/EntitlementUtils*&lt;/include&gt;
 </span><ins>+                                \
&lt;include&gt;org/forgerock/openam/entitlement/conditions/**&lt;/include&gt; \
</ins><span class="cx">                                 \
&lt;include&gt;org/forgerock/openam/services/cdm/**&lt;/include&gt; </span><span \
class="cx">                                 \
&lt;include&gt;org/forgerock/openam/security/whitelist/**&lt;/include&gt; \
</span><span class="cx">                                 \
&lt;include&gt;org/forgerock/openam/upgrade/UpgradeException*&lt;/include&gt; \
</span><span class="cx">                                 \
&lt;include&gt;org/forgerock/openam/validation/ResponseValidationFilter*&lt;/include&gt;
 </span><ins>+                                \
&lt;include&gt;META-INF/services/org.forgerock.openam.entitlement.ConditionTypeRegistry&lt;/include&gt;
 </ins><span class="cx">                             &lt;/includes&gt;
</span><span class="cx">                             &lt;excludes&gt;
</span><span class="cx">                                 \
&lt;exclude&gt;com/iplanet/am/sdk/ldap/**&lt;/exclude&gt; </span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopenssoJavaOneDemoAccountConditionjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/JavaOneDemoAccountCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/JavaOneDemoAccountCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/JavaOneDemoAccountCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,126 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: JavaOneDemoAccountCondition.java,v 1.1 2009/08/19 05:40:35 veiming Exp $
- */
-
-package com.sun.identity.entitlement.opensso;
-
-import com.iplanet.sso.SSOException;
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.entitlement.ConditionDecision;
-import com.sun.identity.entitlement.EntitlementConditionAdaptor;
-import com.sun.identity.entitlement.EntitlementException;
-import com.sun.identity.idm.AMIdentity;
-import com.sun.identity.idm.IdRepoException;
-import com.sun.identity.idm.IdType;
-import com.sun.identity.security.AdminTokenAction;
-import com.sun.identity.shared.ldap.LDAPDN;
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-
-/**
- *
- * @author dennis
- */
-public class JavaOneDemoAccountCondition extends EntitlementConditionAdaptor {
-
-    public void setState(String state) {
-        //DO NOTHING
-    }
-
-    public String getState() {
-        return &quot;&quot;;
-    }
-
-    public ConditionDecision evaluate(
-        String realm,
-        Subject subject,
-        String resourceName,
-        Map&lt;String, Set&lt;String&gt;&gt; environment
-    ) throws EntitlementException {
-        try {
-            String accountNumber = getAccountNumber(resourceName);
-            if (accountNumber == null) {
-                return new ConditionDecision(false, Collections.EMPTY_MAP);
-            }
-            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-            String uuid = getUUID(subject);
-            AMIdentity amid = new AMIdentity(adminToken, uuid, IdType.USER,
-                &quot;/&quot;, null);
-            Set&lt;String&gt; setHoH = amid.getAttribute(
-                &quot;head_of_household&quot;);
-            if ((setHoH == null) || !setHoH.contains(&quot;1&quot;)) {
-                return new ConditionDecision(false, Collections.EMPTY_MAP);
-            }
-            Set&lt;String&gt; account = \
                amid.getAttribute(&quot;account_number&quot;);
-            if ((account == null) || !account.contains(accountNumber)) {
-                return new ConditionDecision(false, Collections.EMPTY_MAP);
-            }
-            return new ConditionDecision(true, Collections.EMPTY_MAP);
-        } catch (IdRepoException ex) {
-            return new ConditionDecision(false, Collections.EMPTY_MAP);
-        } catch (SSOException ex) {
-            return new ConditionDecision(false, Collections.EMPTY_MAP);
-        }
-    }
-
-    private String getAccountNumber(String resourceName) {
-        /*
-         * Resource name can be of form
-         * http://localhost:8080/C1DemoServer/resources/accounts/123456789012345
-         * http://localhost:8080/C1DemoServer/resources/accounts/123456789012345/
-         * http://localhost:8080/C1DemoServer/resources/accounts/123456789012345/phoneCollection/
                
-         * etc
-         */
-        String prefix = &quot;/resources/accounts/&quot;;
-        String accountNumber;
-        int start = resourceName.indexOf(prefix) + prefix.length();
-        if ( start &gt;= resourceName.length() ) {
-            return null;
-        }
-        int end = resourceName.indexOf(&quot;/&quot;, start);
-        if ( end == -1 ) {
-            // No trailing slash
-            accountNumber = resourceName.substring(start);
-        } else {
-            accountNumber = resourceName.substring(start, end);
-        }
-        return accountNumber;
-    }
-
-    public static String getUUID(Subject subject) {
-        Set&lt;Principal&gt; userPrincipals = subject.getPrincipals();
-        String uid = ((userPrincipals != null) &amp;&amp; !userPrincipals.isEmpty()) \
                ?
-            userPrincipals.iterator().next().getName() : null;
-        String[] x = LDAPDN.explodeDN(uid, true);
-        return x[0];
-    }
-
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopenssoJavaOneDemoConditionjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/JavaOneDemoCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/JavaOneDemoCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/JavaOneDemoCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,140 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: JavaOneDemoCondition.java,v 1.1 2009/08/19 05:40:35 veiming Exp $
- */
-
-package com.sun.identity.entitlement.opensso;
-
-import com.iplanet.sso.SSOException;
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.entitlement.ConditionDecision;
-import com.sun.identity.entitlement.EntitlementConditionAdaptor;
-import com.sun.identity.entitlement.EntitlementException;
-import com.sun.identity.idm.AMIdentity;
-import com.sun.identity.idm.IdRepoException;
-import com.sun.identity.idm.IdType;
-import com.sun.identity.security.AdminTokenAction;
-import com.sun.identity.shared.ldap.LDAPDN;
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-
-/**
- *
- * @author dennis
- */
-public class JavaOneDemoCondition extends EntitlementConditionAdaptor {
-
-    public void setState(String state) {
-        //DO NOTHING
-    }
-
-    public String getState() {
-        return &quot;&quot;;
-    }
-
-    public ConditionDecision evaluate(
-        String realm,
-        Subject subject,
-        String resourceName,
-        Map&lt;String, Set&lt;String&gt;&gt; environment
-    ) throws EntitlementException {
-        try {
-            String accountNumber = getAccountNumber(resourceName);
-            if (accountNumber == null) {
-                return new ConditionDecision(false, Collections.EMPTY_MAP);
-            }
-            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-            String uuid = getUUID(subject);
-            AMIdentity amid = new AMIdentity(adminToken, uuid, IdType.USER,
-                &quot;/&quot;, null);
-            Set&lt;String&gt; setHoH = amid.getAttribute(
-                &quot;head_of_household&quot;);
-            if ((setHoH == null) || !setHoH.contains(&quot;1&quot;)) {
-                return new ConditionDecision(false, Collections.EMPTY_MAP);
-            }
-            Set&lt;String&gt; account = \
                amid.getAttribute(&quot;account_number&quot;);
-            if ((account == null) || !account.contains(accountNumber)) {
-                return new ConditionDecision(false, Collections.EMPTY_MAP);
-            }
-            return new ConditionDecision(true, Collections.EMPTY_MAP);
-        } catch (IdRepoException ex) {
-            return new ConditionDecision(false, Collections.EMPTY_MAP);
-        } catch (SSOException ex) {
-            return new ConditionDecision(false, Collections.EMPTY_MAP);
-        }
-    }
-
-    private String getAccountNumber(String resourceName)
-        throws EntitlementException {
-        try {
-            /*
-             * Resource name can be of form
-             * http://localhost:8080/C1DemoServer/resources/phones/1234567890
-             * http://localhost:8080/C1DemoServer/resources/phones/1234567890/
-             * http://localhost:8080/C1DemoServer/resources/phones/1234567890/accountNumber/
                
-             * etc
-             */
-            String prefix = &quot;/resources/phones/&quot;;
-            String telNumber;
-            int start = resourceName.indexOf(prefix) + prefix.length();
-            if ( start &gt;= resourceName.length() ) {
-                return null;
-            }
-            int end = resourceName.indexOf(&quot;/&quot;, start);
-            if ( end == -1 ) {
-                // No trailing slash
-                telNumber = resourceName.substring(start);
-            } else {
-                telNumber = resourceName.substring(start, end);
-            }
-
-            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-            AMIdentity amid = new AMIdentity(adminToken, telNumber,
-                IdType.USER, &quot;/&quot;, null);
-            Set&lt;String&gt; accountNumbers = \
                amid.getAttribute(&quot;account_number&quot;);
-            return ((accountNumbers != null) &amp;&amp; !accountNumbers.isEmpty()) ?
-                accountNumbers.iterator().next() : null;
-        } catch (IdRepoException ex) {
-            return null;
-        } catch (SSOException ex) {
-            return null;
-        }
-    }
-
-    public static String getUUID(Subject subject) {
-        Set&lt;Principal&gt; userPrincipals = subject.getPrincipals();
-        String uid = ((userPrincipals != null) &amp;&amp; !userPrincipals.isEmpty()) \
                ?
-            userPrincipals.iterator().next().getName() : null;
-        String[] x = LDAPDN.explodeDN(uid, true);
-        return x[0];
-    }
-
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopenssoOpenSSOApplicationPrivilegeManagerjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOApplicationPrivilegeManager.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOApplicationPrivilegeManager.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOApplicationPrivilegeManager.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,6 +27,10 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement.opensso;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="lines">@@ -54,13 +58,14 @@
</span><span class="cx"> import \
com.sun.identity.entitlement.SubjectAttributesManager; </span><span class="cx"> \
import com.sun.identity.entitlement.SubjectDecision; </span><span class="cx"> import \
com.sun.identity.entitlement.SubjectImplementation; </span><del>-import \
com.sun.identity.entitlement.TimeCondition; </del><span class="cx"> import \
com.sun.identity.entitlement.interfaces.ResourceName; </span><span class="cx"> import \
com.sun.identity.entitlement.util.SearchFilter; </span><span class="cx"> import \
com.sun.identity.security.AdminTokenAction; </span><span class="cx"> import \
com.sun.identity.shared.ldap.util.DN; </span><span class="cx"> import \
com.sun.identity.sm.DNMapper; </span><span class="cx"> import \
com.sun.identity.sm.SMSEntry; </span><ins>+import \
org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition; +
</ins><span class="cx"> import java.io.UnsupportedEncodingException;
</span><span class="cx"> import java.net.URLDecoder;
</span><span class="cx"> import java.net.URLEncoder;
</span><span class="lines">@@ -333,8 +338,8 @@
</span><span class="cx"> 
</span><span class="cx">         ap.setSubject(subjects);
</span><span class="cx">         EntitlementCondition cond = p.getCondition();
</span><del>-        if (cond instanceof TimeCondition) {
-            ap.setCondition((TimeCondition)cond);
</del><ins>+        if (cond instanceof SimpleTimeCondition) {
+            ap.setCondition(cond);
</ins><span class="cx">         }
</span><span class="cx">         return ap;
</span><span class="cx">     }
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopenssoOpenSSOGroupSubjectjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOGroupSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOGroupSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOGroupSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,6 +24,11 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: OpenSSOGroupSubject.java,v 1.2 2009/08/21 21:52:01 \
hengming Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement.opensso;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="lines">@@ -50,7 +55,10 @@
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="cx">  * This class represents group identity for membership check
</span><ins>+ *
+ * @deprecated As of ForgeRock OpenAM 12.
</ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public class OpenSSOGroupSubject extends GroupSubject {
</span><span class="cx">     /**
</span><span class="cx">      * Constructor.
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopenssoOpenSSOUserSubjectjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOUserSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOUserSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/OpenSSOUserSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,6 +24,11 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: OpenSSOUserSubject.java,v 1.2 2009/08/21 21:52:01 \
hengming Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement.opensso;
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="lines">@@ -45,8 +50,10 @@
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="cx">  * OpenSSOUserSubject to represent user identity for \
membership check </span><del>- * @author dorai
</del><ins>+ *
+ * @deprecated As of ForgeRock OpenAM 12.
</ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public class OpenSSOUserSubject extends UserSubject {
</span><span class="cx">     /**
</span><span class="cx">      * Constructs an OpenSSOUserSubject
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentityentitlementopenssoPrivilegeUtilsjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/PrivilegeUtils.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/PrivilegeUtils.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/entitlement/opensso/PrivilegeUtils.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -30,32 +30,25 @@
</span><span class="cx">  */
</span><span class="cx"> package com.sun.identity.entitlement.opensso;
</span><span class="cx"> 
</span><del>-import com.iplanet.sso.SSOToken;
</del><span class="cx"> import com.iplanet.sso.SSOException;
</span><del>-import com.sun.identity.entitlement.Entitlement;
-import com.sun.identity.entitlement.EntitlementCondition;
-import com.sun.identity.entitlement.EntitlementSubject;
-import com.sun.identity.entitlement.OrSubject;
-import com.sun.identity.entitlement.OrCondition;
</del><ins>+import com.iplanet.sso.SSOToken;
</ins><span class="cx"> import com.sun.identity.entitlement.AndCondition;
</span><span class="cx"> import com.sun.identity.entitlement.Application;
</span><span class="cx"> import com.sun.identity.entitlement.ApplicationManager;
</span><del>-import com.sun.identity.entitlement.AuthenticatedESubject;
-import com.sun.identity.entitlement.Privilege;
</del><ins>+import com.sun.identity.entitlement.Entitlement;
+import com.sun.identity.entitlement.EntitlementCondition;
</ins><span class="cx"> import com.sun.identity.entitlement.EntitlementException;
</span><ins>+import com.sun.identity.entitlement.EntitlementSubject;
</ins><span class="cx"> import com.sun.identity.entitlement.IPrivilege;
</span><ins>+import com.sun.identity.entitlement.OrCondition;
+import com.sun.identity.entitlement.OrSubject;
+import com.sun.identity.entitlement.Privilege;
</ins><span class="cx"> import com.sun.identity.entitlement.PrivilegeManager;
</span><span class="cx"> import com.sun.identity.entitlement.ReferralPrivilege;
</span><span class="cx"> import com.sun.identity.entitlement.ResourceAttribute;
</span><del>-import com.sun.identity.entitlement.RoleSubject;
</del><span class="cx"> import com.sun.identity.entitlement.StaticAttributes;
</span><span class="cx"> import com.sun.identity.entitlement.UserAttributes;
</span><del>-import com.sun.identity.entitlement.UserSubject;
</del><span class="cx"> import \
com.sun.identity.entitlement.xacml3.XACMLPrivilegeUtils; </span><del>-import \
                com.sun.identity.idm.AMIdentity;
-import com.sun.identity.idm.IdRepoException;
-import com.sun.identity.idm.IdType;
-import com.sun.identity.idm.IdUtils;
</del><span class="cx"> import com.sun.identity.policy.ActionSchema;
</span><span class="cx"> import com.sun.identity.policy.InvalidNameException;
</span><span class="cx"> import com.sun.identity.policy.NameNotFoundException;
</span><span class="lines">@@ -71,8 +64,6 @@
</span><span class="cx"> import com.sun.identity.policy.interfaces.Referral;
</span><span class="cx"> import com.sun.identity.policy.interfaces.ResponseProvider;
</span><span class="cx"> import com.sun.identity.policy.interfaces.Subject;
</span><del>-import com.sun.identity.policy.plugins.AMIdentitySubject;
-import com.sun.identity.policy.plugins.AuthenticatedUsers;
</del><span class="cx"> import \
com.sun.identity.policy.plugins.IDRepoResponseProvider; </span><span class="cx"> \
import com.sun.identity.policy.plugins.PrivilegeCondition; </span><span class="cx"> \
import com.sun.identity.policy.plugins.PrivilegeSubject; </span><span \
class="lines">@@ -80,11 +71,12 @@ </span><span class="cx"> import \
com.sun.identity.shared.ldap.util.DN; </span><span class="cx"> import \
com.sun.identity.sm.AttributeSchema; </span><span class="cx"> import \
com.sun.identity.sm.DNMapper; </span><ins>+
</ins><span class="cx"> import java.security.AccessController;
</span><span class="cx"> import java.util.Collections;
</span><span class="cx"> import java.util.HashMap;
</span><del>-import java.util.Map;
</del><span class="cx"> import java.util.HashSet;
</span><ins>+import java.util.Map;
</ins><span class="cx"> import java.util.Random;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> 
</span><span class="lines">@@ -255,53 +247,6 @@
</span><span class="cx">             new OrSubject(entitlementSubjects);
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    private static Set&lt;EntitlementSubject&gt; toEntitlementSubject(
-        AMIdentitySubject sbj,
-        boolean exclusive) {
-        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-
-        try {
-            Set&lt;EntitlementSubject&gt; result = new \
                HashSet&lt;EntitlementSubject&gt;();
-            Set&lt;String&gt; values = sbj.getValues();
-
-            for (String uuid : values) {
-                AMIdentity amid = IdUtils.getIdentity(adminToken, uuid);
-                IdType type = amid.getType();
-                if (type.equals(IdType.GROUP)) {
-                    OpenSSOGroupSubject grp = new OpenSSOGroupSubject(uuid);
-                    grp.setExclusive(exclusive);
-                    result.add(grp);
-                } else if (type.equals(IdType.ROLE)) {
-                    RoleSubject role = new RoleSubject(uuid);
-                    role.setExclusive(exclusive);
-                    result.add(role);
-                } else if (type.equals(IdType.USER)) {
-                    UserSubject user = new UserSubject(uuid);
-                    user.setExclusive(exclusive);
-                    result.add(user);
-                } else {
-                    return Collections.EMPTY_SET;
-                }
-            }
-            return result;
-        } catch (IdRepoException ex) {
-            return Collections.EMPTY_SET;
-        }
-    }
-
-    private static Set&lt;EntitlementSubject&gt; toEntitlementSubject(
-        AuthenticatedUsers sbj,
-        boolean exclusive) {
-        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-
-        Set&lt;EntitlementSubject&gt; result = new \
                HashSet&lt;EntitlementSubject&gt;();
-        result.add(new AuthenticatedESubject());
-        return result;
-    }
-
-
</del><span class="cx">     private static EntitlementCondition \
toEntitlementCondition(Policy policy) </span><span class="cx">         throws \
PolicyException { </span><span class="cx">         Set conditionNames = \
policy.getConditionNames(); </span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentityidmAMIdentityjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/idm/AMIdentity.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/idm/AMIdentity.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/idm/AMIdentity.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -100,7 +100,7 @@
</span><span class="cx">  * @supported.api
</span><span class="cx">  */
</span><span class="cx"> 
</span><del>-public final class AMIdentity {
</del><ins>+public class AMIdentity {
</ins><span class="cx"> 
</span><span class="cx">     private String univIdWithoutDN;
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicyConditionTypeManagerjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/ConditionTypeManager.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/ConditionTypeManager.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/ConditionTypeManager.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -26,8 +26,10 @@
</span><span class="cx">  *
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
</ins><span class="cx"> 
</span><del>-
</del><span class="cx"> package com.sun.identity.policy;
</span><span class="cx"> 
</span><span class="cx"> import java.util.*;
</span><span class="lines">@@ -144,15 +146,11 @@
</span><span class="cx"> 
</span><span class="cx">     /**
</span><span class="cx">      * Returns the type of the \
&lt;code&gt;Condition&lt;/code&gt; implementation. </span><del>-     * For example \
                &lt;code&gt;TimeCondition&lt;/code&gt;, \
                &lt;code&gt;DayTimeCondition&lt;/code&gt;,
-     * &lt;code&gt;IPCondition&lt;/code&gt;.
</del><span class="cx">      *
</span><span class="cx">      * @param condition condition object for which this \
method will </span><span class="cx">      *         return its associated type
</span><span class="cx">      *
</span><del>-     * @return type of the condition, e.g. \
                &lt;code&gt;AuthLevelConditon&lt;/code&gt;,
-     *         &lt;code&gt;IPCondition&lt;/code&gt;.  Returns \
                &lt;code&gt;null&lt;/code&gt; if not
-     *         present.
</del><ins>+     * @return type of the condition. Returns \
&lt;code&gt;null&lt;/code&gt; if not present. </ins><span class="cx">      */
</span><span class="cx">     public String getConditionTypeName(Condition condition) \
{ </span><span class="cx">         return (conditionTypeName(condition));
</span><span class="lines">@@ -242,15 +240,11 @@
</span><span class="cx"> 
</span><span class="cx">     /**
</span><span class="cx">      * Returns the type of the \
&lt;code&gt;Condition&lt;/code&gt; implementation. </span><del>-     * For example \
                &lt;code&gt;TimeCondition&lt;/code&gt;, \
                &lt;code&gt;DayTimeCondition&lt;/code&gt;,
-     * &lt;code&gt;IPCondition&lt;/code&gt;.
</del><span class="cx">      *
</span><span class="cx">      * @param condition condition object for which this \
method will </span><span class="cx">      *         return its associated type
</span><span class="cx">      *
</span><del>-     * @return type of the condition, e.g. \
                &lt;code&gt;AuthLevelConditon&lt;/code&gt;,
-     *         &lt;code&gt;IPCondition&lt;/code&gt;.  Returns \
                &lt;code&gt;null&lt;/code&gt; if not
-     *         present.
</del><ins>+     * @return type of the condition.  Returns \
&lt;code&gt;null&lt;/code&gt; if not present. </ins><span class="cx">      */
</span><span class="cx">     static String conditionTypeName(Condition condition) {
</span><span class="cx">         if (condition == null) {
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAMIdentityMembershipConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AMIdentityMembershipCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AMIdentityMembershipCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AMIdentityMembershipCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,10 +25,10 @@
</span><span class="cx">  * $Id: AMIdentityMembershipCondition.java,v 1.2 2008/06/25 \
05:43:50 qcheng Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><del>-
</del><span class="cx"> /*
</span><del>- * Portions Copyrighted [2011] [ForgeRock AS]
</del><ins>+ * Portions Copyrighted 2011-2014 ForgeRock AS
</ins><span class="cx">  */
</span><ins>+
</ins><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="cx"> import java.util.*;
</span><span class="lines">@@ -59,7 +59,10 @@
</span><span class="cx">  * in the environment is a member of at least one \
&lt;code&gt;AMIdentity&lt;/code&gt;  </span><span class="cx">  * object specified in \
the Condition. </span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.AMIdentityMembershipCondition}
 + * instead.
</ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public class AMIdentityMembershipCondition implements \
Condition { </span><span class="cx"> 
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAMIdentitySubjectjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AMIdentitySubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AMIdentitySubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AMIdentitySubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -69,8 +69,10 @@
</span><span class="cx">  * AMIdentitySubject is a &lt;code&gt;Subject&lt;/code&gt; \
implementation that checks for  </span><span class="cx">  * membership in a set of \
&lt;code&gt;AMIdentity&lt;/code&gt; objects using the underlying </span><span \
class="cx">  * Identity repository service. </span><ins>+ *
+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.subject.AMIdentitySubject} instead. \
</ins><span class="cx">  */ </span><del>-
</del><ins>+@Deprecated
</ins><span class="cx"> public class AMIdentitySubject implements Subject {
</span><span class="cx"> 
</span><span class="cx">     private Set subjectValues = new HashSet();
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAuthLevelConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthLevelCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthLevelCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthLevelCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,9 +25,11 @@
</span><span class="cx">  * $Id: AuthLevelCondition.java,v 1.9 2009/05/26 08:06:23 \
kiran_gonipati Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><ins>+/*
+ * Portions Copyright 2014 ForgeRock AS
+ */
</ins><span class="cx"> 
</span><span class="cx"> 
</span><del>-
</del><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.authentication.util.AMAuthUtils;
</span><span class="lines">@@ -61,7 +63,9 @@
</span><span class="cx">  * &lt;code&gt;env&lt;/code&gt; map, \
&lt;code&gt;AuthLevel&lt;/code&gt; is looked up from single sign on </span><span \
class="cx">  * token. </span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.AuthLevelCondition} instead. \
</ins><span class="cx">  */ </span><ins>+@Deprecated
</ins><span class="cx"> public class AuthLevelCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     private static final Debug DEBUG 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAuthSchemeConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthSchemeCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthSchemeCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthSchemeCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,10 +25,12 @@
</span><span class="cx">  * $Id: AuthSchemeCondition.java,v 1.6 2009/05/05 18:29:01 \
mrudul_uchil Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><ins>+/*
+ * Portions Copyright 2014 ForgeRock AS
+ */
</ins><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-
</del><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.authentication.util.AMAuthUtils;
</span><span class="lines">@@ -56,7 +58,9 @@
</span><span class="cx">  * of &lt;code&gt;Condition&lt;/code&gt; that lets you \
define authentication module </span><span class="cx">  * instances for which a \
&lt;code&gt;Policy&lt;/code&gt; applies. </span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.AuthSchemeCondition} instead. \
</ins><span class="cx">  */ </span><ins>+@Deprecated
</ins><span class="cx"> public class AuthSchemeCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     private static final Debug DEBUG 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAuthenticateToRealmConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticateToRealmCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticateToRealmCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticateToRealmCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,9 +25,8 @@
</span><span class="cx">  * $Id: AuthenticateToRealmCondition.java,v 1.6 2009/06/19 \
22:53:42 mrudul_uchil Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><del>-
</del><span class="cx"> /*
</span><del>- * Portions Copyrighted 2013 ForgeRock AS
</del><ins>+ * Portions Copyrighted 2013-2014 ForgeRock AS
</ins><span class="cx">  */
</span><span class="cx"> 
</span><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="lines">@@ -58,7 +57,9 @@
</span><span class="cx">  * implementation  of &lt;code&gt;Condition&lt;/code&gt; \
that lets you specify  </span><span class="cx">  * the realm to which user should \
authenticate for the policy to apply </span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.AuthenticateToRealmCondition} \
instead. </ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public class AuthenticateToRealmCondition implements \
Condition { </span><span class="cx"> 
</span><span class="cx">     private static final Debug DEBUG 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAuthenticateToServiceConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticateToServiceCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticateToServiceCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticateToServiceCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,10 +25,12 @@
</span><span class="cx">  * $Id: AuthenticateToServiceCondition.java,v 1.7 2009/05/05 \
18:29:01 mrudul_uchil Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><ins>+/*
+ * Portions Copyright 2014 ForgeRock AS
+ */
</ins><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-
</del><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.authentication.util.AMAuthUtils;
</span><span class="lines">@@ -56,7 +58,10 @@
</span><span class="cx">  * implementation  of &lt;code&gt;Condition&lt;/code&gt; \
that lets you specify  </span><span class="cx">  * the service to which user should \
authenticate for the policy to apply </span><span class="cx">  *
</span><ins>+ * @deprecated See {@link \
org.forgerock.openam.entitlement.conditions.environment.AuthenticateToServiceCondition}
 + * instead.
</ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public class AuthenticateToServiceCondition implements \
Condition { </span><span class="cx"> 
</span><span class="cx">     private static final Debug DEBUG 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsAuthenticatedUsersjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticatedUsers.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticatedUsers.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/AuthenticatedUsers.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -45,7 +45,10 @@
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="cx">  * This subject applies to all users with valid \
&lt;code&gt;SSOToken&lt;/code&gt;. </span><ins>+ *
+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers} instead. \
</ins><span class="cx">  */ </span><ins>+@Deprecated
</ins><span class="cx"> public class AuthenticatedUsers implements Subject {
</span><span class="cx"> 
</span><span class="cx">     private static ValidValues validValues = 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsIPConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/IPCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/IPCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/IPCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,11 +25,11 @@
</span><span class="cx">  * $Id: IPCondition.java,v 1.5 2009/05/05 18:29:01 \
mrudul_uchil Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><del>-
</del><span class="cx"> /*
</span><span class="cx">  * Portions Copyrighted 2011-2014 ForgeRock AS
</span><span class="cx">  * Portions Copyrighted 2014 Nomura Research Institute, Ltd
</span><span class="cx">  */
</span><ins>+
</ins><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.policy.interfaces.Condition;
</span><span class="lines">@@ -57,7 +57,9 @@
</span><span class="cx">  * of &lt;code&gt;Condition&lt;/code&gt;. This lets you \
define the IP addresses, </span><span class="cx">  * IP address ranges and DNS name \
patterns for which the policy applies </span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.IPCondition} instead. \
</ins><span class="cx">  */ </span><ins>+@Deprecated
</ins><span class="cx"> public class IPCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     private static final Debug DEBUG
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsLDAPFilterConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/LDAPFilterCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/LDAPFilterCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/LDAPFilterCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,13 +25,13 @@
</span><span class="cx">  * $Id: LDAPFilterCondition.java,v 1.8 2009/11/20 23:52:55 \
ww203982 Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><del>-
</del><span class="cx"> /*
</span><del>- * Portions Copyrighted 2010-2011 ForgeRock AS
</del><ins>+ * Portions Copyrighted 2010-2014 ForgeRock AS
</ins><span class="cx">  */
</span><span class="cx"> 
</span><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> import java.util.ArrayList;
</span><ins>+import java.util.Collection;
</ins><span class="cx"> import java.util.Collections;
</span><span class="cx"> import java.util.Iterator;
</span><span class="cx"> import java.util.Locale;
</span><span class="lines">@@ -75,8 +75,10 @@
</span><span class="cx">  * user identified by sso token, in the directory specified 
</span><span class="cx">  * in policy configuration service, satisfiies the ldap \
filter </span><span class="cx">  * specified in the condition
</span><ins>+ *
+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.LDAPFilterCondition} instead. \
</ins><span class="cx">  */ </span><del>-
</del><ins>+@Deprecated
</ins><span class="cx"> public class LDAPFilterCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     static final String LDAP_SCOPE_BASE = \
&quot;SCOPE_BASE&quot;; </span><span class="lines">@@ -658,9 +660,9 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         //validate LDAP_FILTER
</span><del>-        Set ldapFilterSet = (Set) properties.get(LDAP_FILTER);
-        if ( ldapFilterSet != null ) {
-            validateLdapFilterSet(ldapFilterSet);
</del><ins>+        Collection ldapFilterCollection = (Collection) \
properties.get(LDAP_FILTER); +        if ( ldapFilterCollection != null ) {
+            validateLdapFilterCollection(ldapFilterCollection);
</ins><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         return true;
</span><span class="lines">@@ -673,7 +675,7 @@
</span><span class="cx">      * @see #LDAP_FILTER
</span><span class="cx">      */
</span><span class="cx"> 
</span><del>-    private boolean validateLdapFilterSet(Set ldapFilterSet) 
</del><ins>+    private boolean validateLdapFilterCollection(Collection \
ldapFilterSet) </ins><span class="cx">             throws PolicyException {
</span><span class="cx">         if ( ldapFilterSet.isEmpty() ) {
</span><span class="cx">             String args[] = { LDAP_FILTER };
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsLEAuthLevelConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/LEAuthLevelCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/LEAuthLevelCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/LEAuthLevelCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,6 +25,9 @@
</span><span class="cx">  * $Id: LEAuthLevelCondition.java,v 1.5 2008/06/25 05:43:51 \
qcheng Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><ins>+/*
+ * Portions Copyright 2014 ForgeRock AS
+ */
</ins><span class="cx"> 
</span><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="lines">@@ -59,7 +62,9 @@
</span><span class="cx">  * &lt;code&gt;env&lt;/code&gt; map, \
&lt;code&gt;AuthLevel&lt;/code&gt; is looked up from single sign on </span><span \
class="cx">  * token. </span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.LEAuthLevelCondition} \
instead. </ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public class LEAuthLevelCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     private static final Debug DEBUG 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsResourceEnvIPConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/ResourceEnvIPCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/ResourceEnvIPCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/ResourceEnvIPCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,11 +25,11 @@
</span><span class="cx">  * $Id: ResourceEnvIPCondition.java,v 1.4 2009/07/21 \
18:33:17 mrudul_uchil Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><del>-
</del><span class="cx"> /*
</span><del>- * Portions Copyrighted 2011-2013 ForgeRock Inc
</del><ins>+ * Portions Copyrighted 2011-2014 ForgeRock AS
</ins><span class="cx">  * Portions Copyrighted 2012 Open Source Solution Technology \
Corporation </span><span class="cx">  */
</span><ins>+
</ins><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="cx"> import java.util.Set;
</span><span class="lines">@@ -74,8 +74,10 @@
</span><span class="cx">  * condition decision and advices based on the client's \
environment or  </span><span class="cx">  * resource such as IP address, DNS host \
name, location, etc. </span><span class="cx">  * For the first drop, we are only \
supporting IP address. </span><ins>+ *
+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.ResourceEnvIPCondition \
instead}. </ins><span class="cx">  */
</span><del>-
</del><ins>+@Deprecated
</ins><span class="cx"> public class ResourceEnvIPCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     private static final Debug DEBUG 
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsSessionConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SessionCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SessionCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SessionCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,10 +25,12 @@
</span><span class="cx">  * $Id: SessionCondition.java,v 1.4 2008/06/25 05:43:52 \
qcheng Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><ins>+/*
+ * Portions Copyright 2014 ForgeRock AS
+ */
</ins><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-
</del><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="lines">@@ -64,7 +66,9 @@
</span><span class="cx">  * to terminate the user session if the session time exceeds \
the </span><span class="cx">  * maximum allowed.
</span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.SessionCondition} instead. \
</ins><span class="cx">  */ </span><ins>+@Deprecated
</ins><span class="cx"> public class SessionCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     /**
</span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsSessionPropertyConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SessionPropertyCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SessionPropertyCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SessionPropertyCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,6 +25,9 @@
</span><span class="cx">  * $Id: SessionPropertyCondition.java,v 1.4 2008/06/25 \
05:43:52 qcheng Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><ins>+/*
+ * Portions Copyright 2014 ForgeRock AS
+ */
</ins><span class="cx"> 
</span><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> import java.util.ArrayList;
</span><span class="lines">@@ -54,8 +57,10 @@
</span><span class="cx">  * implementation of &lt;code&gt;Condition&lt;/code&gt; \
interface. </span><span class="cx">  * This condition checks whether session \
properties contain at least  </span><span class="cx">  * one value of the each \
property listed in the &lt;code&gt;Condition&lt;/code&gt; </span><ins>+ *
+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.SessionPropertyCondition} \
instead. </ins><span class="cx">  */
</span><del>-
</del><ins>+@Deprecated
</ins><span class="cx"> public class SessionPropertyCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     private static final boolean IGNORE_VALUE_CASE_DEFAULT = \
true; </span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavacomsunidentitypolicypluginsSimpleTimeConditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SimpleTimeCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SimpleTimeCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/com/sun/identity/policy/plugins/SimpleTimeCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,10 +25,10 @@
</span><span class="cx">  * $Id: SimpleTimeCondition.java,v 1.5 2010/01/05 22:00:26 \
dillidorai Exp $ </span><span class="cx">  *
</span><span class="cx">  */
</span><del>-
</del><span class="cx"> /*
</span><del>- * Portions Copyrighted [2011] [ForgeRock AS]
</del><ins>+ * Portions Copyrighted 2011-2014 ForgeRock AS
</ins><span class="cx">  */
</span><ins>+
</ins><span class="cx"> package com.sun.identity.policy.plugins;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.policy.interfaces.Condition;
</span><span class="lines">@@ -49,7 +49,9 @@
</span><span class="cx">  * of &lt;code&gt;Condition&lt;/code&gt;. This lets you \
define the time range </span><span class="cx">  * of week days and/or date range \
during which a policy applies.  </span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition} instead. \
</ins><span class="cx">  */ </span><ins>+@Deprecated
</ins><span class="cx"> public class SimpleTimeCondition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     /** Key that is used to define current time that is \
passed in the </span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavaorgforgerockopenamnetworkipv4IPv4Conditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/network/ipv4/IPv4Condition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/network/ipv4/IPv4Condition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/network/ipv4/IPv4Condition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,10 +25,10 @@
</span><span class="cx">  * $Id: .java,v 1.5 2009/05/05 18:29:01 mrudul_uchil Exp $
</span><span class="cx">  *
</span><span class="cx">  */
</span><del>-
</del><span class="cx"> /*
</span><del>- * Portions Copyrighted [2011-2013] [ForgeRock Inc]
</del><ins>+ * Portions Copyrighted 2011-2014 ForgeRock AS
</ins><span class="cx">  */
</span><ins>+
</ins><span class="cx"> package org.forgerock.openam.network.ipv4;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.policy.interfaces.Condition;
</span><span class="lines">@@ -59,7 +59,9 @@
</span><span class="cx">  * of &lt;code&gt;Condition&lt;/code&gt;. This lets you \
define the IP addresses, </span><span class="cx">  * IP address ranges and DNS name \
patterns for which the policy applies </span><span class="cx">  *
</span><ins>+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.IPv4Condition} instead. \
</ins><span class="cx">  */ </span><ins>+@Deprecated
</ins><span class="cx"> public class IPv4Condition implements Condition {
</span><span class="cx"> 
</span><span class="cx">     /** Key that is used in \
&lt;code&gt;IPv4Condition&lt;/code&gt; to define the  IP address \
</span></span></pre></div> <a \
id="branchesAME4616openamopenamcoresrcmainjavaorgforgerockopenamnetworkipv6IPv6Conditionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/network/ipv6/IPv6Condition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/network/ipv6/IPv6Condition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/network/ipv6/IPv6Condition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> /*
</span><span class="cx">  * DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
</span><span class="cx">  *
</span><del>- * Copyright (c) 2013 ForgeRock Inc. All rights reserved.
</del><ins>+ * Copyright 2013-2014 ForgeRock AS
</ins><span class="cx">  *
</span><span class="cx">  * The contents of this file are subject to the terms
</span><span class="cx">  * of the Common Development and Distribution License
</span><span class="lines">@@ -21,6 +21,7 @@
</span><span class="cx">  * your own identifying information:
</span><span class="cx">  * &quot;Portions Copyrighted [year] [name of copyright \
owner]&quot; </span><span class="cx">  */
</span><ins>+
</ins><span class="cx"> package org.forgerock.openam.network.ipv6;
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="lines">@@ -38,7 +39,10 @@
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="cx">  * @author alin.brici@forgerock.com
</span><ins>+ *
+ * @deprecated Use {@link \
org.forgerock.openam.entitlement.conditions.environment.IPv6Condition} instead. \
</ins><span class="cx">  */ </span><ins>+@Deprecated
</ins><span class="cx"> public class IPv6Condition implements Condition {
</span><span class="cx">     /** Key that is used in \
&lt;code&gt;IPv6Condition&lt;/code&gt; to define the  IP address </span><span \
class="cx">      * values for which a policy applies. The value corresponding to the \
key </span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainjavaorgforgerockopenamupgradestepspolicyconditionsPolicyConditionUpgradeMapjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/upgrade/steps/policy/conditions/PolicyConditionUpgradeMap.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/upgrade/steps/policy/conditions/PolicyConditionUpgradeMap.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/java/org/forgerock/openam/upgrade/steps/policy/conditions/PolicyConditionUpgradeMap.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -16,14 +16,38 @@
</span><span class="cx"> 
</span><span class="cx"> package \
org.forgerock.openam.upgrade.steps.policy.conditions; </span><span class="cx"> 
</span><ins>+import com.sun.identity.authentication.util.AMAuthUtils;
</ins><span class="cx"> import com.sun.identity.entitlement.EntitlementCondition;
</span><ins>+import com.sun.identity.entitlement.EntitlementException;
</ins><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><span class="cx"> import com.sun.identity.entitlement.opensso.PolicyCondition;
</span><span class="cx"> import com.sun.identity.entitlement.opensso.PolicySubject;
</span><ins>+import com.sun.identity.policy.interfaces.Condition;
+import org.forgerock.json.fluent.JsonValue;
+import org.forgerock.openam.entitlement.conditions.environment.AMIdentityMembershipCondition;
 +import org.forgerock.openam.entitlement.conditions.environment.AuthLevelCondition;
+import org.forgerock.openam.entitlement.conditions.environment.AuthSchemeCondition;
+import org.forgerock.openam.entitlement.conditions.environment.AuthenticateToRealmCondition;
 +import org.forgerock.openam.entitlement.conditions.environment.AuthenticateToServiceCondition;
 +import org.forgerock.openam.entitlement.conditions.environment.ConditionConstants;
+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
+import org.forgerock.openam.entitlement.conditions.environment.LDAPFilterCondition;
+import org.forgerock.openam.entitlement.conditions.environment.LEAuthLevelCondition;
+import org.forgerock.openam.entitlement.conditions.environment.ResourceEnvIPCondition;
 +import org.forgerock.openam.entitlement.conditions.environment.SessionCondition;
+import org.forgerock.openam.entitlement.conditions.environment.SessionPropertyCondition;
 +import org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition;
+import org.forgerock.openam.network.ipv4.IPv4Condition;
+import org.forgerock.openam.entitlement.conditions.subject.AMIdentitySubject;
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> 
</span><ins>+import java.util.ArrayList;
</ins><span class="cx"> import java.util.HashMap;
</span><span class="cx"> import java.util.Map;
</span><ins>+import java.util.Set;
</ins><span class="cx"> 
</span><ins>+import static \
org.forgerock.openam.entitlement.conditions.environment.ConditionConstants.VALUE_CASE_INSENSITIVE;
 +
</ins><span class="cx"> /**
</span><span class="cx">  * A map containing all the migration logic from an old \
policy condition to a new entitlement condition. </span><span class="cx">  *
</span><span class="lines">@@ -55,8 +79,320 @@
</span><span class="cx">                      }
</span><span class="cx">                  });
</span><span class="cx">         */
</span><ins>+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.AuthLevelCondition.class.getName(),
 +                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        AuthLevelCondition \
eCondition = new AuthLevelCondition(); +                        Map&lt;String, \
Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        String propAuthLevel = \
getValue(properties.get(ConditionConstants.AUTH_LEVEL)); +                        int \
authLevel = Integer.parseInt(AMAuthUtils.getDataFromRealmQualifiedData(propAuthLevel));
 +
+                        eCondition.setAuthLevel(authLevel);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.AuthLevelCondition.class.getName(), +                 \
AuthLevelCondition.class.getName()); +                        return eCondition;
+                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.LEAuthLevelCondition.class.getName(),
 +                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        LEAuthLevelCondition \
eCondition = new LEAuthLevelCondition(); +                        Map&lt;String, \
Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        String propAuthLevel = \
getValue(properties.get(ConditionConstants.AUTH_LEVEL)); +                        int \
authLevel = Integer.parseInt(AMAuthUtils.getDataFromRealmQualifiedData(propAuthLevel));
 +
+                        eCondition.setAuthLevel(authLevel);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.LEAuthLevelCondition.class.getName(), +               \
LEAuthLevelCondition.class.getName()); +                        return eCondition;
+                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.AuthenticateToServiceCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        \
AuthenticateToServiceCondition eCondition = new AuthenticateToServiceCondition(); +   \
Map&lt;String, Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        String authenticationService =
+                                \
getValue(properties.get(ConditionConstants.AUTHENTICATE_TO_SERVICE)); +
+                        eCondition.setAuthenticateToService(authenticationService);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.AuthenticateToServiceCondition.class.getName(), +     \
AuthenticateToServiceCondition.class.getName()); +                        return \
eCondition; +                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.AuthenticateToRealmCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        \
AuthenticateToRealmCondition eCondition = new AuthenticateToRealmCondition(); +       \
Map&lt;String, Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        String authenticationRealm =
+                                \
getValue(properties.get(ConditionConstants.AUTHENTICATE_TO_REALM)); +
+                        eCondition.setAuthenticateToRealm(authenticationRealm);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.AuthenticateToRealmCondition.class.getName(), +       \
AuthenticateToRealmCondition.class.getName()); +                        return \
eCondition; +                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.AMIdentityMembershipCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        \
AMIdentityMembershipCondition eCondition = new AMIdentityMembershipCondition(); +     \
Map&lt;String, Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        Set&lt;String&gt; amIdentityNames = \
properties.get(ConditionConstants.AM_IDENTITY_NAME); +
+                        eCondition.setAmIdentityNames(amIdentityNames);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.AMIdentityMembershipCondition.class.getName(), +      \
AMIdentityMembershipCondition.class.getName()); +                        return \
eCondition; +                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.SessionCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        SessionCondition \
eCondition = new SessionCondition(); +                        Map&lt;String, \
Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        Long maxSessionTime =
+                                \
Long.parseLong(getValue(properties.get(ConditionConstants.MAX_SESSION_TIME))); +      \
boolean terminateSession = +                                \
getValue(properties.get(ConditionConstants.TERMINATE_SESSION)).contains(&quot;true&quot;);
 +
+                        eCondition.setMaxSessionTime(maxSessionTime);
+                        eCondition.setTerminateSession(terminateSession);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.SessionCondition.class.getName(), +                   \
SessionCondition.class.getName()); +                        return eCondition;
+                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.SimpleTimeCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        SimpleTimeCondition \
eCondition = new SimpleTimeCondition(); +                        Map&lt;String, \
Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        String startTime = \
getValue(properties.get(Condition.START_TIME)); +                        String \
endTime = getValue(properties.get(Condition.END_TIME)); +                        \
String startDay = getValue(properties.get(Condition.START_DAY)); +                    \
String endDay = getValue(properties.get(Condition.END_DAY)); +                        \
String startDate = getValue(properties.get(Condition.START_DATE)); +                  \
String endDate = getValue(properties.get(Condition.END_DATE)); +                      \
String enforcementTimeZone = \
getValue(properties.get(Condition.ENFORCEMENT_TIME_ZONE)); +
+                        eCondition.setStartTime(startTime);
+                        eCondition.setEndTime(endTime);
+                        eCondition.setStartDay(startDay);
+                        eCondition.setEndDay(endDay);
+                        eCondition.setStartDate(startDate);
+                        eCondition.setEndDate(endDate);
+                        eCondition.setEnforcementTimeZone(enforcementTimeZone);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.SimpleTimeCondition.class.getName(), +                \
SimpleTimeCondition.class.getName()); +                        return eCondition;
+                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.SessionPropertyCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        SessionPropertyCondition \
eCondition = new SessionPropertyCondition(); +                        Map&lt;String, \
Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        Map&lt;String, Set&lt;String&gt;&gt; props = new \
HashMap&lt;String, Set&lt;String&gt;&gt;(properties); +                        String \
ignoreValueCaseString = getValue(props.remove(VALUE_CASE_INSENSITIVE)); +             \
boolean ignoreValueCase = true; +                        if (ignoreValueCaseString != \
null &amp;&amp; !ignoreValueCaseString.isEmpty()) { +                            \
ignoreValueCase = Boolean.parseBoolean(ignoreValueCaseString); +                      \
} +
+                        eCondition.setProperties(props);
+                        eCondition.setIgnoreValueCase(ignoreValueCase);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.SessionPropertyCondition.class.getName(), +           \
SessionPropertyCondition.class.getName()); +                        return \
eCondition; +                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.AuthSchemeCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        AuthSchemeCondition \
eCondition = new AuthSchemeCondition(); +                        Map&lt;String, \
Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        Set&lt;String&gt; authScheme = \
properties.get(Condition.AUTH_SCHEME); +                        String \
applicationName = getValue(properties.get(Condition.APPLICATION_NAME)); +             \
String idleTimeoutString = \
getValue(properties.get(Condition.APPLICATION_IDLE_TIMEOUT)); +                       \
int idleTimeout = 0; +                        if (idleTimeoutString != null) {
+                            idleTimeout = Integer.parseInt(idleTimeoutString);
+                        }
+
+                        eCondition.setAuthScheme(authScheme);
+                        eCondition.setApplicationName(applicationName);
+                        eCondition.setApplicationIdleTimeout(idleTimeout);
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.AuthSchemeCondition.class.getName(), +                \
AuthSchemeCondition.class.getName()); +                        return eCondition;
+                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.IPCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        IPCondition eCondition = \
new IPCondition(); +                        Map&lt;String, Set&lt;String&gt;&gt; \
properties = condition.getProperties(); +
+                        Set&lt;String&gt; ipRange = \
properties.get(IPv4Condition.IP_RANGE); +                        Set&lt;String&gt; \
dnsName = properties.get(Condition.DNS_NAME); +                        String startIp \
= getValue(properties.get(Condition.START_IP)); +                        String endIp \
= getValue(properties.get(Condition.END_IP)); +
+                        try {
+                            if (ipRange != null) {
+                                eCondition.setIpRange(new \
ArrayList&lt;String&gt;(ipRange)); +                            }
+                            if (dnsName != null){
+                                eCondition.setDnsName(new \
ArrayList&lt;String&gt;(dnsName)); +                            }
+                            eCondition.setStartIp(startIp);
+                            eCondition.setEndIp(endIp);
+                        } catch (EntitlementException e) {
+                            throw new RuntimeException(e);
+                        }
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.IPCondition.class.getName(), +                        \
IPCondition.class.getName()); +                        return eCondition;
+                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.LDAPFilterCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        LDAPFilterCondition \
eCondition = new LDAPFilterCondition(); +                        Map&lt;String, \
Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        eCondition.setState(new JsonValue(properties).toString());
+
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.LDAPFilterCondition.class.getName(), +                \
LDAPFilterCondition.class.getName()); +                        return eCondition;
+                    }
+                });
+
+        environmentConditionsUpgradeMap.put(com.sun.identity.policy.plugins.ResourceEnvIPCondition.class
 +                        .getName(),
+                new EntitlementConditionMigrator() {
+                    @Override
+                    public EntitlementCondition migrate(PolicyCondition condition, \
MigrationReport migrationReport) { +                        ResourceEnvIPCondition \
eCondition = new ResourceEnvIPCondition(); +                        Map&lt;String, \
Set&lt;String&gt;&gt; properties = condition.getProperties(); +
+                        Set&lt;String&gt; resourceEnvIPConditionValue =
+                                \
properties.get(ResourceEnvIPCondition.ENV_CONDITION_VALUE); +
+                        \
eCondition.setResourceEnvIPConditionValue(resourceEnvIPConditionValue); +
+                        migrationReport.migratedEnvironmentCondition(
+                                \
com.sun.identity.policy.plugins.ResourceEnvIPCondition.class.getName(), +             \
ResourceEnvIPCondition.class.getName()); +                        return eCondition;
+                    }
+                });
+
+        subjectConditionsUpgradeMap.put(com.sun.identity.policy.plugins.AMIdentitySubject.class.getName(),
 +                new SubjectConditionMigrator() {
+                    @Override
+                    public EntitlementSubject migrate(PolicySubject subject, \
MigrationReport migrationReport) { +
+                        AMIdentitySubject eSubject = new AMIdentitySubject();
+
+                        Set&lt;String&gt; subjects = subject.getValues();
+
+                        eSubject.setSubjectValues(subjects);
+
+                        migrationReport.migratedSubjectCondition(
+                                \
com.sun.identity.policy.plugins.AMIdentitySubject.class.getName(), +                  \
AMIdentitySubject.class.getName()); +                        return eSubject;
+                    }
+                });
+
+        subjectConditionsUpgradeMap.put(com.sun.identity.policy.plugins.AuthenticatedUsers.class.getName(),
 +                new SubjectConditionMigrator() {
+                    @Override
+                    public EntitlementSubject migrate(PolicySubject subject, \
MigrationReport migrationReport) { +
+                        AuthenticatedUsers eSubject = new AuthenticatedUsers();
+
+                        migrationReport.migratedSubjectCondition(
+                                \
com.sun.identity.policy.plugins.AuthenticatedUsers.class.getName(), +                 \
AuthenticatedUsers.class.getName()); +                        return eSubject;
+                    }
+        });
</ins><span class="cx">     }
</span><span class="cx"> 
</span><ins>+    private &lt;T&gt; T getValue(Set&lt;T&gt; values) {
+        if (values != null &amp;&amp; values.iterator().hasNext()) {
+            return values.iterator().next();
+        }
+        return null;
+    }
+
</ins><span class="cx">     /**
</span><span class="cx">      * Returns {@code true} if there exists an entry for \
migrating the specified old policy subject condition class. </span><span class="cx">  \
* </span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrcmainresourcesEntitlementExceptionproperties"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/main/resources/EntitlementException.properties \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/main/resources/EntitlementException.properties	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/main/resources/EntitlementException.properties	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -158,9 +158,26 @@
</span><span class="cx"> 434=Cannot authenticate request.
</span><span class="cx"> 435=Notification URL is malformed.
</span><span class="cx"> 436=Notification URL is missing.
</span><ins>+437=Requested client IP address must be specified.
+438=The resource or environment is not supported currently {0}.
</ins><span class="cx"> 
</span><span class="cx"> 450=Unable to search applications.
</span><span class="cx"> 451=Unable to search applications because administrator \
Single Sign On token is absent. </span><span class="cx"> 
</span><ins>+700=Invalid OAuth2 Scope ''{0}'': See RFC 6749 section 3.3 for allowed \
values. +710=AuthLevel value {0} not an integer
+711={0} property value should be defined.
+712=requestAuthLevel in request env not an Integer or Set.
+713=Authentication module instance can not be retrieved: {0}.
+720=Invalid administrator user ID or password from DSConfigMgr.
+721=AMIdentitySubject - can not check membership for user {0} and subject {1}
+730=Unable to parse SSO token authInstant to Date.
+740=At least one of the properties Start Date, Start Time, Start Day should be \
defined with non null value. +741=Should define value for {1}, since value is defined \
for {0} +750=Start IP can not be larger than end IP.
+
+800={0} property value should be an Integer.
+801={0} property value should be a Set of string values.
+
</ins><span class="cx"> resource.validation.does.not.match.valid.resources={0} did \
not match any valid resources. </span><span class="cx"> \
resource.validation.invalid.resource={0} was invalid. </span></span></pre></div>
<a id="branchesAME4616openamopenamcoresrctestjavacomsunidentityentitlementxacml3XACMLPrivilegeUtilsTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-core/src/test/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtilsTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-core/src/test/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtilsTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-core/src/test/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtilsTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -23,13 +23,13 @@
</span><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementCondition;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementException;
</span><del>-import com.sun.identity.entitlement.IPCondition;
</del><span class="cx"> import com.sun.identity.entitlement.Privilege;
</span><span class="cx"> import com.sun.identity.entitlement.ReferralPrivilege;
</span><span class="cx"> import com.sun.identity.entitlement.ResourceAttribute;
</span><span class="cx"> import com.sun.identity.entitlement.xacml3.core.Match;
</span><span class="cx"> import com.sun.identity.entitlement.xacml3.core.Policy;
</span><span class="cx"> import com.sun.identity.entitlement.xacml3.core.PolicySet;
</span><ins>+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
 </ins><span class="cx"> import org.json.JSONException;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamdocumentationopenamdocsource"></a>
<div class="propset"><h4>Property changes: \
branches/AME-4616/openam/openam-documentation/openam-doc-source</h4> <pre \
class="diff"><span> </span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam/openam-documentation/openam-doc-source:7585-7632
 </span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-documentation/openam-doc-source:8749-8823
 </span><span class="cx">/branches/AME-3423/openam/openam-documentation/openam-doc-source:10105-10414
 </span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-documentation/openam-doc-source:9534-9723
 </span><span class="cx">/branches/AME-3719/openam/openam-documentation/openam-doc-source:9517-9879
 </span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-documentation/openam-doc-source:9663-9819
 </span><span class="cx">/branches/AME-4378/openam/openam-documentation/openam-doc-source:10443-10621
 </span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-documentation/openam-doc-source:10437-10535
 </span><span class="cx">/branches/CTS-Async/openam/openam-documentation/openam-doc-source:8847-9739
 </span><span class="cx">/branches/IIS7PostData/openam/openam-documentation/openam-doc-source:224-261
 </span><span class="cx">/branches/IIS7PostData/openam/openam-documentation/openam-site:224-261
 </span><span class="cx">/branches/OAuth2_Maven/openam/openam-documentation/openam-doc-source:2756-3584
 </span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-documentation/openam-doc-source:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-documentation/openam-doc-source:6910-6946
 </span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-documentation/openam-doc-source:6958-6972
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-documentation/openam-doc-source:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-documentation/openam-doc-source:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-documentation/openam-doc-source:8747-8835
 </span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-documentation/openam-doc-source:9750-10171
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-documentation/openam-doc-source:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-documentation/openam-doc-source:7834-7844
 </span><span class="cx">/branches/ame4272/openam/openam-documentation/openam-doc-source:10073-10101
 </span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-documentation/openam-doc-source:7508-7697
 </span><span class="cx">/branches/andyAme3102/openam/openam-documentation/openam-doc-source:8312-8413
 </span><span class="cx">/branches/andyOpenam1708/openam/openam-documentation/openam-doc-source:5576-5592
 </span><span class="cx">/branches/maven_merge/openam/openam-documentation/openam-doc-source:2556-3124
 </span><span class="cx">/branches/maven_merge/openam/openam-documentation/openam-site:2556-2631
 </span><span class="cx">/branches/oidc_authn/openam-documentation/openam-doc-source:8507,8540,8557-8559,8565-8566
 </span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-documentation/openam-doc-source:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-documentation/openam-doc-source:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-documentation/openam-doc-source:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-documentation/openam-doc-source:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-documentation/openam-doc-source:6767-6804
 </span><span class="cx">/branches/openam_10.1.0_SAML2_FIXES/openam-documentation/openam-doc-source:3725-3740
 </span><span class="cx">/branches/openam_10.1.0_jeff/openam-documentation/openam-doc-source:3128-3527
 </span><span class="cx">/branches/openam_10.1.0_jeff/openam-documentation/openam-site:3128-3287
 </span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-documentation/openam-doc-source:4039-4140
 </span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-documentation/openam-doc-source:4141-4379
 </span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-documentation/openam-doc-source:8348-8473
 </span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-documentation/openam-doc-source:8476-8577
 </span><span class="cx">/branches/pcunnington-oauth2/openam/openam-documentation/openam-doc-source:8710-8793
 </span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-documentation/openam-doc-source:8314-8341
 </span><span class="cx">/branches/rest_sts_view_bean/openam-documentation/openam-doc-source:9690-9965
 </span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-documentation/openam-doc-source:5331-5353
 </span><span class="cx">/branches/rwapshott-AME-215/openam/openam-documentation/openam-doc-source:4091-4155
 </span><span class="cx">/branches/rwapshott-AME-257/openam/openam-documentation/openam-doc-source:4047-4126
 </span><span class="cx">/branches/rwapshott-AME-804/openam/openam-documentation/openam-doc-source:4267-5404
 </span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-documentation/openam-doc-source:5609-5614
 </span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-documentation/openam-doc-source:6086-6319
 </span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-documentation/openam-doc-source:6058-6069
 </span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-documentation/openam-doc-source:5548-6055
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-documentation/openam-doc-source:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-documentation/openam-doc-source:5442-5484
 </span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-documentation/openam-doc-source:6170-6194
 </span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-documentation/openam-doc-source:6247-6257
 </span><span class="cx">/branches/sts_oidc_saml_redux/openam-documentation/openam-doc-source:8417-8422,8424,8440,8445-8446,8460,8490,8498
 </span><span class="cx">/branches/sts_restart_persistence/openam-documentation/openam-doc-source:9003-9005,9009-9414
 </span><span class="cx">/branches/sts_saml2_encrypt/openam-documentation/openam-doc-source:10424-10472,10474-10550
 </span><span class="cx">/branches/sts_service_listeners/openam-documentation/openam-doc-source:9968-10031,10047-10048,10053
 </span><span class="cx">/branches/sts_token_gen_service/openam-documentation/openam-d \
oc-source:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
 </span><span class="cx">/branches/sts_token_gen_service2/openam-documentation/openam-doc-source:8844-8887,8894-9000
 </span><span class="cx">/branches/sts_x509/openam-documentation/openam-doc-source:10206-10398
 </span><span class="cx">/trunk/openam/openam-documentation/openam-doc-source:3127-3332,10652-10778
 </span><span class="cx">/trunk/openam/openam-documentation/openam-site:2556-2930
</span><span class="cx">/trunk/opensso/openam-site:2912-3070
</span><span class="cx">   + \
/branches/AME-2526-SFO-between-sites/openam/openam-documentation/openam-doc-source:7510-8258
 </span><span class="cx">/branches/AME-2629/openam/openam-documentation/openam-doc-source:7585-7632
 </span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-documentation/openam-doc-source:8749-8823
 </span><span class="cx">/branches/AME-3423/openam/openam-documentation/openam-doc-source:10105-10414
 </span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-documentation/openam-doc-source:9534-9723
 </span><span class="cx">/branches/AME-3719/openam/openam-documentation/openam-doc-source:9517-9879
 </span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-documentation/openam-doc-source:9663-9819
 </span><span class="cx">/branches/AME-4378/openam/openam-documentation/openam-doc-source:10443-10621
 </span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-documentation/openam-doc-source:10437-10535
 </span><span class="cx">/branches/AME-4547/openam/openam-documentation/openam-doc-source:10585-10783
 </span><span class="cx">/branches/AME-4595/openam/openam-documentation/openam-doc-source:10581-10789
 </span><span class="cx">/branches/CTS-Async/openam/openam-documentation/openam-doc-source:8847-9739
 </span><span class="cx">/branches/IIS7PostData/openam/openam-documentation/openam-doc-source:224-261
 </span><span class="cx">/branches/IIS7PostData/openam/openam-documentation/openam-site:224-261
 </span><span class="cx">/branches/OAuth2_Maven/openam/openam-documentation/openam-doc-source:2756-3584
 </span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-documentation/openam-doc-source:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-documentation/openam-doc-source:6910-6946
 </span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-documentation/openam-doc-source:6958-6972
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-documentation/openam-doc-source:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-documentation/openam-doc-source:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-documentation/openam-doc-source:8747-8835
 </span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-documentation/openam-doc-source:9750-10171
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-documentation/openam-doc-source:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-documentation/openam-doc-source:7834-7844
 </span><span class="cx">/branches/ame4272/openam/openam-documentation/openam-doc-source:10073-10101
 </span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-documentation/openam-doc-source:7508-7697
 </span><span class="cx">/branches/andyAme3102/openam/openam-documentation/openam-doc-source:8312-8413
 </span><span class="cx">/branches/andyOpenam1708/openam/openam-documentation/openam-doc-source:5576-5592
 </span><span class="cx">/branches/maven_merge/openam/openam-documentation/openam-doc-source:2556-3124
 </span><span class="cx">/branches/maven_merge/openam/openam-documentation/openam-site:2556-2631
 </span><span class="cx">/branches/oidc_authn/openam-documentation/openam-doc-source:8507,8540,8557-8559,8565-8566
 </span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-documentation/openam-doc-source:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-documentation/openam-doc-source:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-documentation/openam-doc-source:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-documentation/openam-doc-source:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-documentation/openam-doc-source:6767-6804
 </span><span class="cx">/branches/openam_10.1.0_SAML2_FIXES/openam-documentation/openam-doc-source:3725-3740
 </span><span class="cx">/branches/openam_10.1.0_jeff/openam-documentation/openam-doc-source:3128-3527
 </span><span class="cx">/branches/openam_10.1.0_jeff/openam-documentation/openam-site:3128-3287
 </span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-documentation/openam-doc-source:4039-4140
 </span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-documentation/openam-doc-source:4141-4379
 </span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-documentation/openam-doc-source:8348-8473
 </span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-documentation/openam-doc-source:8476-8577
 </span><span class="cx">/branches/pcunnington-oauth2/openam/openam-documentation/openam-doc-source:8710-8793
 </span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-documentation/openam-doc-source:8314-8341
 </span><span class="cx">/branches/rest_sts_view_bean/openam-documentation/openam-doc-source:9690-9965
 </span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-documentation/openam-doc-source:5331-5353
 </span><span class="cx">/branches/rwapshott-AME-215/openam/openam-documentation/openam-doc-source:4091-4155
 </span><span class="cx">/branches/rwapshott-AME-257/openam/openam-documentation/openam-doc-source:4047-4126
 </span><span class="cx">/branches/rwapshott-AME-804/openam/openam-documentation/openam-doc-source:4267-5404
 </span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-documentation/openam-doc-source:5609-5614
 </span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-documentation/openam-doc-source:6086-6319
 </span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-documentation/openam-doc-source:6058-6069
 </span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-documentation/openam-doc-source:5548-6055
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-documentation/openam-doc-source:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-documentation/openam-doc-source:5442-5484
 </span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-documentation/openam-doc-source:6170-6194
 </span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-documentation/openam-doc-source:6247-6257
 </span><span class="cx">/branches/sts_oidc_saml_redux/openam-documentation/openam-doc-source:8417-8422,8424,8440,8445-8446,8460,8490,8498
 </span><span class="cx">/branches/sts_restart_persistence/openam-documentation/openam-doc-source:9003-9005,9009-9414
 </span><span class="cx">/branches/sts_saml2_encrypt/openam-documentation/openam-doc-source:10424-10472,10474-10550
 </span><span class="cx">/branches/sts_service_listeners/openam-documentation/openam-doc-source:9968-10031,10047-10048,10053
 </span><span class="cx">/branches/sts_token_gen_service/openam-documentation/openam-d \
oc-source:8706,8717-8720,8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
 </span><span class="cx">/branches/sts_token_gen_service2/openam-documentation/openam-doc-source:8844-8887,8894-9000
 </span><span class="cx">/branches/sts_x509/openam-documentation/openam-doc-source:10206-10398
 </span><span class="cx">/trunk/openam/openam-documentation/openam-doc-source:3127-3332,10652-10812
 </span><span class="cx">/trunk/openam/openam-documentation/openam-site:2556-2930
</span><span class="cx">/trunk/opensso/openam-site:2912-3070
</span><a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementAnyUserSubjectjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/AnyUserSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/AnyUserSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/AnyUserSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -25,6 +25,10 @@
</span><span class="cx">  * $Id: AnyUserSubject.java,v 1.1 2009/08/19 05:40:32 \
veiming Exp $ </span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="lines">@@ -35,10 +39,7 @@
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><span class="cx"> 
</span><del>-public class AnyUserSubject extends VirtualSubject {
-    public VirtualId getVirtualId() {
-        return VirtualId.ANY_USER;
-    }
</del><ins>+public class AnyUserSubject implements SubjectImplementation {
</ins><span class="cx"> 
</span><span class="cx">     public SubjectDecision evaluate(
</span><span class="cx">         String realm,
</span></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementAuthenticatedESubjectjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/AuthenticatedESubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/AuthenticatedESubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/AuthenticatedESubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,111 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: AuthenticatedESubject.java,v 1.1 2009/08/19 05:40:32 veiming Exp $
- */
-package com.sun.identity.entitlement;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-
-public class AuthenticatedESubject extends VirtualSubject {
-    public static final String ID = &quot;_authenticated&quot;;
-
-    public VirtualId getVirtualId() {
-        return VirtualId.AUTHENTICATED;
-    }
-
-    /**
-     * Sets state of the object
-     * @param state State of the object encoded as string
-     */
-    public void setState(String state) {
-        //DO NOTHING
-    }
-
-    /**
-     * Returns state of the object
-     * @return state of the object encoded as string
-     */
-    public String getState() {
-        return &quot;&quot;;
-    }
-
-    /**
-     * Returns &lt;code&gt;SubjectDecision&lt;/code&gt; of
-     * &lt;code&gt;ESubject&lt;/code&gt; evaluation
-     * @param subject ESubject who is under evaluation.
-     * @param resourceName Resource name.
-     * @param environment Environment parameters.
-     * @return &lt;code&gt;SubjectDecision&lt;/code&gt; of
-     * &lt;code&gt;ESubject&lt;/code&gt; evaluation
-     * @throws com.sun.identity.entitlement,  EntitlementException in case
-     * of any error
-     */
-    public SubjectDecision evaluate(
-        Subject subject,
-        String resourceName,
-        Map&lt;String, Set&lt;String&gt;&gt; environment)
-        throws EntitlementException {
-        return null;
-    }
-
-    public void setName(String name) {
-    }
-
-    public String getName() {
-        return null;
-    }
-
-    public Map&lt;String, Set&lt;String&gt;&gt; getSearchIndexAttributes() {
-        Map&lt;String, Set&lt;String&gt;&gt; map = new HashMap&lt;String, \
                Set&lt;String&gt;&gt;();
-        Set&lt;String&gt; set = new HashSet&lt;String&gt;();
-        set.add(SubjectAttributesCollector.ATTR_NAME_ALL_ENTITIES);
-        map.put(SubjectAttributesCollector.NAMESPACE_IDENTITY, set);
-        return map;
-    }
-
-    public Set&lt;String&gt; getRequiredAttributeNames() {
-        return Collections.EMPTY_SET;
-    }
-
-    public SubjectDecision evaluate(
-        String realm,
-        SubjectAttributesManager mgr,
-        Subject subject,
-        String resourceName,
-        Map&lt;String, Set&lt;String&gt;&gt; environment
-    ) throws EntitlementException {
-        return new SubjectDecision(true, Collections.EMPTY_MAP); //TOFIX
-    }
-
-    public boolean isIdentity() {
-        return true;
-    }
-
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementBankingSubjectjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/BankingSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/BankingSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/BankingSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,37 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: BankingSubject.java,v 1.1 2009/08/19 05:40:32 veiming Exp $
- */
-package com.sun.identity.entitlement;
-
-public class BankingSubject extends UserSubject {
-    public static enum Banker {
-        ACCOUNT_OWNER,
-        JOINT_ACCOUNT_OWNER,
-        BANK_MANAGER,
-        CLERK,
-        ACCOUNT_MANAGER;
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementDNSNameConditionjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/DNSNameCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/DNSNameCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/DNSNameCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,300 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: DNSNameCondition.java,v 1.2 2009/09/05 00:24:04 veiming Exp $
- */
-package com.sun.identity.entitlement;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-import org.json.JSONObject;
-import org.json.JSONException;
-
-/**
- * EntitlementCondition to represent IP, DNS name based  constraint
-  */
-public class DNSNameCondition extends EntitlementConditionAdaptor {
-    /** Key that is used in an &lt;code&gt;DNSNameCondition&lt;/code&gt; to define \
                the DNS
-     * name values for which a policy applies. The value corresponding to the
-     * key has to be a &lt;code&gt;Set&lt;/code&gt; with at most one element is a
-     * &lt;code&gt;String&lt;/code&gt; that conforms to the patterns described here.
-     *
-     * The patterns is :
-     * &lt;pre&gt;
-     * ccc.ccc.ccc.ccc
-     * *.ccc.ccc.ccc&lt;/pre&gt;
-     * where c is any valid character for DNS domain/host name.
-     * There could be any number of &lt;code&gt;.ccc&lt;/code&gt; components.
-     * Some sample values are:
-     * &lt;pre&gt;
-     * www.sun.com
-     * finace.yahoo.com
-     * *.yahoo.com
-     * &lt;/pre&gt;
-     */
-    public static final String DNS_NAME = &quot;DnsName&quot;;
-
-    /** Key that is used to define request DNS name that is passed in
-     * the &lt;code&gt;env&lt;/code&gt; parameter while invoking
-     * &lt;code&gt;getConditionDecision&lt;/code&gt; method of an 
-     * &lt;code&gt;DNSNameCondition&lt;/code&gt;.
-     * Value for the key should be a set of strings representing the
-     * DNS names of the client, in the form &lt;code&gt;ccc.ccc.ccc&lt;/code&gt;.
-     * If the &lt;code&gt;env&lt;/code&gt; parameter is null or does not
-     * define value for &lt;code&gt;REQUEST_DNS_NAME&lt;/code&gt;,  the
-     * value for &lt;code&gt;REQUEST_DNS_NAME&lt;/code&gt; is obtained
-     * from the single sign on token of the user
-     *
-     * @see com.sun.identity.policy.interfaces.Condition#getConditionDecision(com.iplanet.sso.SSOToken, \
                java.util.Map)
-     */
-    public static final String REQUEST_DNS_NAME = &quot;requestDnsName&quot;;
-
-    private String domainNameMask;
-    private String pConditionName;
-
-    /**
-     * Constructs an DNSNameCondition
-     */
-    public DNSNameCondition() {
-    }
-
-    /**
-     * Constructs DNSNameCondition object
-     * 
-     * @param domainNameMask domain name mask, for example *.example.com,
-     * only wild card allowed is *
-     */
-    public DNSNameCondition(String domainNameMask) {
-        this.domainNameMask = domainNameMask;
-    }
-
-    /**
-     * Returns state of the object
-     * @return state of the object encoded as string
-     */
-    public String getState() {
-        return toString();
-    }
-
-    /**
-     * Sets state of the object
-     * @param state State of the object encoded as string
-     */
-    public void setState(String state) {
-        try {
-            JSONObject jo = new JSONObject(state);
-            setState(jo);
-            domainNameMask = jo.optString(&quot;domainNameMask&quot;);
-            pConditionName = jo.optString(&quot;pConditionName&quot;);
-        } catch (JSONException joe) {
-            PrivilegeManager.debug.error(&quot;DNSNameCondition.setState&quot;, \
                joe);
-        }
-    }
-
-    /**
-     * Returns &lt;code&gt;ConditionDecision&lt;/code&gt; of
-     * &lt;code&gt;EntitlementCondition&lt;/code&gt; evaluation
-     *
-     * @param realm Realm name.
-     * @param subject EntitlementCondition who is under evaluation.
-     * @param resourceName Resource name.
-     * @param environment Environment parameters.
-     * @return &lt;code&gt;ConditionDecision&lt;/code&gt; of
-     * &lt;code&gt;EntitlementCondition&lt;/code&gt; evaluation
-     * @throws com.sun.identity.entitlement,  EntitlementException in case
-     * of any error
-     */
-    public ConditionDecision evaluate(
-        String realm,
-        Subject subject,
-        String resourceName,
-        Map&lt;String, Set&lt;String&gt;&gt; environment
-    ) throws EntitlementException {
-        if (environment != null) {
-            Set&lt;String&gt; reqDnsNames = environment.get(REQUEST_DNS_NAME);
-
-            if ((reqDnsNames == null) || reqDnsNames.isEmpty()) {
-                return getFalseDecision();
-            }
-
-            for (String dns : reqDnsNames) {
-                if (!isAllowedByDns(dns)) {
-                    return getFalseDecision();
-                }
-            }
-
-            return new ConditionDecision(true, Collections.EMPTY_MAP);
-        }
-
-        return getFalseDecision();
-    }
-
-    private ConditionDecision getFalseDecision() {
-        Set&lt;String&gt; set = new HashSet&lt;String&gt;();
-        set.add(REQUEST_DNS_NAME + &quot;=&quot; + domainNameMask);
-        Map&lt;String, Set&lt;String&gt;&gt; advice = new HashMap&lt;String, \
                Set&lt;String&gt;&gt;();
-        advice.put(getClass().getName(), set);
-        return new ConditionDecision(false, advice);
-    }
-
-    private boolean isAllowedByDns(String dnsName)
-        throws EntitlementException {
-        if (domainNameMask.equals(&quot;*&quot;)) {
-            return true;
-        }
-
-        dnsName = dnsName.toLowerCase();
-        String mask = domainNameMask.toLowerCase();
-        int starIndex = mask.indexOf(&quot;*&quot;);
-
-        if (starIndex != -1) {
-            // the dnsPattern is a string like *.ccc.ccc
-            String dnsWildSuffix = mask.substring(starIndex+1);
-            return dnsName.endsWith(dnsWildSuffix);
-        }
-        
-        return mask.equalsIgnoreCase(dnsName);
-    }
-
-
-    /**
-     * Returns the Domain Name Mask
-     *
-     * @return the Domain Name Mask
-     */
-    public String getDomainNameMask() {
-        return domainNameMask;
-    }
-
-    /**
-     * Sets the Domain Name Mask.
-     *
-     * @param domainNameMask the value for Domain Name Mask.
-     */
-    public void setDomainNameMask(String domainNameMask) {
-        this.domainNameMask = domainNameMask;
-    }
-
-    /**
-     * Returns OpenSSO policy subject name of the object
-     * @return subject name as used in OpenSSO policy,
-     * this is releavant only when UserECondition was created from
-     * OpenSSO policy Condition
-     */
-    public String getPConditionName() {
-        return pConditionName;
-    }
-
-    /**
-     * Sets OpenSSO policy subject name of the object
-     * @param pConditionName subject name as used in OpenSSO policy,
-     * this is releavant only when UserECondition was created from
-     * OpenSSO policy Condition
-     */
-    public void setPConditionName(String pConditionName) {
-        this.pConditionName = pConditionName;
-    }
-
-    /**
-     * Returns JSONObject mapping of the object
-     * @return JSONObject mapping  of the object
-     */
-    public JSONObject toJSONObject() throws JSONException {
-        JSONObject jo = new JSONObject();
-        toJSONObject(jo);
-        jo.put(&quot;domainNameMask&quot;, domainNameMask);
-        jo.put(&quot;pConditionName&quot;, pConditionName);
-        return jo;
-    }
-
-    /**
-     * Returns &lt;code&gt;true&lt;/code&gt; if the passed in object is equal to \
                this object
-     * @param obj object to check for equality
-     * @return  &lt;code&gt;true&lt;/code&gt; if the passed in object is equal to \
                this object
-     */
-    @Override
-    public boolean equals(Object obj) {
-        if (!super.equals(obj)) {
-            return false;
-        }
-        if (!getClass().equals(obj.getClass())) {
-            return false;
-        }
-        DNSNameCondition object = (DNSNameCondition) obj;
-        if (getDomainNameMask() == null) {
-            if (object.getDomainNameMask() != null) {
-                return false;
-            }
-        } else {
-            if (!domainNameMask.equals(object.getDomainNameMask())) {
-                return false;
-            }
-        }
-        if (getPConditionName() == null) {
-            if (object.getPConditionName() != null) {
-                return false;
-            }
-        } else {
-            if (!pConditionName.equals(object.getPConditionName())) {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    /**
-     * Returns hash code of the object
-     * @return hash code of the object
-     */
-    @Override
-    public int hashCode() {
-        int code = super.hashCode();
-        if (domainNameMask != null) {
-            code += domainNameMask.hashCode();
-        }
-        if (pConditionName != null) {
-            code += pConditionName.hashCode();
-        }
-        return code;
-    }
-
-    /**
-     * Returns string representation of the object
-     * @return string representation of the object
-     */
-    @Override
-    public String toString() {
-        String s = null;
-        try {
-            s = toJSONObject().toString(2);
-        } catch (JSONException e) {
-            PrivilegeManager.debug.error(&quot;DNSNameCondition.toString()&quot;, \
                e);
-        }
-        return s;
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementEntitlementExceptionjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/EntitlementException.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/EntitlementException.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/EntitlementException.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -83,7 +83,26 @@
</span><span class="cx">     public static final int MISSING_RESOURCE = 420;
</span><span class="cx">     public static final int JSON_PARSE_ERROR = 425;
</span><span class="cx">     public static final int AUTHENTICATION_ERROR = 434;
</span><ins>+    public static final int CLIENT_IP_EMPTY = 437;
+    public static final int RESOURCE_ENV_NOT_KNOWN = 438;
</ins><span class="cx"> 
</span><ins>+    public static final int CONDITION_EVALUTATION_FAILED = 510;
+
+    public static final int INVALID_OAUTH2_SCOPE = 700;
+    public static final int AUTH_LEVEL_NOT_INTEGER = 710;
+    public static final int PROPERTY_VALUE_NOT_DEFINED = 711;
+    public static final int AUTH_LEVEL_NOT_INT_OR_SET = 712;
+    public static final int AUTH_SCHEME_NOT_FOUND = 713;
+    public static final int INVALID_ADMIN = 720;
+    public static final int AM_ID_SUBJECT_MEMBERSHIP_EVALUATION_ERROR = 721;
+    public static final int UNABLE_TO_PARSE_SSOTOKEN_AUTHINSTANT = 730;
+    public static final int AT_LEAST_ONE_OF_TIME_PROPS_SHOULD_BE_DEFINED = 740;
+    public static final int PAIR_PROPERTY_NOT_DEFINED = 741;
+    public static final int END_IP_BEFORE_START_IP = 750;
+
+    public static final int PROPERTY_IS_NOT_AN_INTEGER = 800;
+    public static final int PROPERTY_IS_NOT_A_SET = 801;
+
</ins><span class="cx">     private int errorCode;
</span><span class="cx">     private String message;
</span><span class="cx">     private Object[] params;
</span><span class="lines">@@ -179,4 +198,4 @@
</span><span class="cx">         return (params != null) ? MessageFormat.format(msg, \
params) : </span><span class="cx">             msg;
</span><span class="cx">     }
</span><del>-}
</del><span class="cx">\ No newline at end of file
</span><ins>+}
</ins></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementEntitlementSubjectImpljava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/EntitlementSubjectImpl.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/EntitlementSubjectImpl.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/EntitlementSubjectImpl.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,6 +24,11 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: EntitlementSubjectImpl.java,v 1.2 2009/10/29 \
19:05:18 veiming Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import java.security.Principal;
</span><span class="lines">@@ -34,7 +39,10 @@
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="cx">  * EntitlementSubject to represent group identity for \
membership check. </span><ins>+ *
+ * @deprecated As of ForgeRock OpenAM 12.
</ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public abstract class EntitlementSubjectImpl implements \
SubjectImplementation { </span><span class="cx">     private String uuid;
</span><span class="cx">     private String pSubjectName;
</span></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementGroupSubjectjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/GroupSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/GroupSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/GroupSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,6 +24,11 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: GroupSubject.java,v 1.1 2009/08/19 05:40:33 veiming \
Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import java.util.Collections;
</span><span class="lines">@@ -35,7 +40,10 @@
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="cx">  * This class represents group identity for membership check
</span><ins>+ *
+ * @deprecated As of ForgeRock OpenAM 12.
</ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public class GroupSubject extends EntitlementSubjectImpl {
</span><span class="cx">     public static final String GROUP_NAME = \
&quot;group&quot;; </span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementIPConditionjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/IPCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/IPCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/IPCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,351 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: IPCondition.java,v 1.3 2009/09/05 00:24:04 veiming Exp $
- */
-
-/*
- * Portions Copyrighted 2013 ForgeRock Inc
- */
-
-package com.sun.identity.entitlement;
-
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.StringTokenizer;
-import javax.security.auth.Subject;
-
-import org.forgerock.openam.utils.ValidateIPaddress;
-import org.json.JSONObject;
-import org.json.JSONException;
-
-import com.googlecode.ipv6.IPv6Address;
-import com.googlecode.ipv6.IPv6AddressRange;
-
-/**
- * Entitlement Condition to represent IP constraint
-  */
-public class IPCondition extends EntitlementConditionAdaptor {
-    /** Key that is used to define request IP address that is passed in
-     * the &lt;code&gt;env&lt;/code&gt; parameter while invoking
-     * &lt;code&gt;getConditionDecision&lt;/code&gt; method of an \
                &lt;code&gt;IPCondition&lt;/code&gt;.
-     * Value for the key should be a &lt;code&gt;String&lt;/code&gt; that is a \
                string
-     * representation of IP of the client, in the form n.n.n.n where n is a
-     * value between 0 and 255 inclusive.
-     *
-     * @see com.sun.identity.policy.interfaces.Condition#getConditionDecision(com.iplanet.sso.SSOToken, \
                java.util.Map)
-     * @see DNSNameCondition#REQUEST_DNS_NAME
-     */
-    public static final String REQUEST_IP = &quot;requestIp&quot;;
-
-    private String startIp;
-    private String endIp;
-    private String pConditionName;
-
-    /**
-     * Constructs an IPCondition
-     */
-    public IPCondition() {
-    }
-
-    /**
-     * Constructs IPCondition object:w
-     * @param startIp starting ip of a range for example 121.122.123.124
-     * @param endIp ending ip of a range, for example 221.222.223.224
-     */
-    public IPCondition(String startIp, String endIp) {
-        this.startIp = startIp;
-        this.endIp = endIp;
-    }
-
-    /**
-     * Returns state of the object
-     * @return state of the object encoded as string
-     */
-    public String getState() {
-        return toString();
-    }
-
-    /**
-     * Sets state of the object
-     * @param state State of the object encoded as string
-     */
-    public void setState(String state) {
-        try {
-            JSONObject jo = new JSONObject(state);
-            setState(jo);
-            startIp = jo.optString(&quot;startIp&quot;);
-            endIp = jo.optString(&quot;endIp&quot;);
-            pConditionName = jo.optString(&quot;pConditionName&quot;);
-        } catch (JSONException e) {
-            PrivilegeManager.debug.error(&quot;IPCondition.setState&quot;, e);
-        }
-    }
-
-    /**
-     * Returns &lt;code&gt;ConditionDecision&lt;/code&gt; of
-     * &lt;code&gt;EntitlementCondition&lt;/code&gt; evaluation
-     *
-     * @param realm Realm Name.
-     * @param subject EntitlementCondition who is under evaluation.
-     * @param resourceName Resource name.
-     * @param environment Environment parameters.
-     * @return &lt;code&gt;ConditionDecision&lt;/code&gt; of
-     * &lt;code&gt;EntitlementCondition&lt;/code&gt; evaluation
-     * @throws EntitlementException if any errors occur.
-     */
-    public ConditionDecision evaluate(
-        String realm,
-        Subject subject,
-        String resourceName,
-        Map&lt;String, Set&lt;String&gt;&gt; environment
-    ) throws EntitlementException {
-        String ip = null;
-        Object ipObject = environment.get(REQUEST_IP);
-
-        // code changed to fix issue 5440
-        // IPCondition evaluation is breaking
-        if (ipObject != null) {
-            if (ipObject instanceof String) {
-                ip = (String)ipObject;
-            } else if (ipObject instanceof Set) {
-                Set&lt;String&gt; setIP= (Set&lt;String&gt;)ipObject;
-                ip =  !setIP.isEmpty() ?
-                    setIP.iterator().next() : null;
-            }
-        }
-
-        if ((ip != null) &amp;&amp; isAllowedByIp(ip)) {
-            return new ConditionDecision(true, Collections.EMPTY_MAP);
-        }
-
-        Set&lt;String&gt; set = new HashSet&lt;String&gt;();
-        set.add(REQUEST_IP + &quot;=&quot; + startIp + &quot;-&quot; + endIp);
-        Map&lt;String, Set&lt;String&gt;&gt; advice = new HashMap&lt;String, \
                Set&lt;String&gt;&gt;();
-        advice.put(getClass().getName(), set);
-        return new ConditionDecision(false, advice);
-    }
-
-    private boolean isAllowedByIp(String ip) throws EntitlementException {
-        String args[] = { &quot;ip&quot;, ip };
-        if(ValidateIPaddress.isIPv4(ip) &amp;&amp;
-                ValidateIPaddress.isIPv4(startIp) &amp;&amp; \
                ValidateIPaddress.isIPv4(endIp)) {
-            try{
-                long requestIp = stringToIp(ip);
-                long startIpNum = stringToIp(startIp);
-                long endIpNum = stringToIp(endIp);
-                return ((requestIp &gt;= startIpNum) &amp;&amp; (requestIp &lt;= \
                endIpNum));
-            } catch (Exception e){
-                throw new EntitlementException(400, args);
-            }
-        } else if(ValidateIPaddress.isIPv6(ip) &amp;&amp;
-                ValidateIPaddress.isIPv6(startIp) &amp;&amp; \
                ValidateIPaddress.isIPv6(endIp)) {
-            try{
-                IPv6AddressRange ipv6Range = IPv6AddressRange.fromFirstAndLast(
-                        \
                IPv6Address.fromString(startIp),IPv6Address.fromString(endIp));
-                return ipv6Range.contains(IPv6Address.fromString(ip));
-            } catch (Exception e){
-                throw new EntitlementException(400, args);
-            }
-        } else {
-            PrivilegeManager.debug.error(&quot;IP address invalid&quot; + ip);
-            throw new EntitlementException(400, args);
-        }
-    }
-
-    private long stringToIp(String ip) throws EntitlementException {
-        StringTokenizer st = new StringTokenizer(ip, &quot;.&quot;);
-        int tokenCount = st.countTokens();
-        if ( tokenCount != 4 ) {
-            String args[] = { &quot;ip&quot;, ip };
-            throw new EntitlementException(400, args);
-        }
-        long ipValue = 0L;
-        while ( st.hasMoreElements()) {
-            String s = st.nextToken();
-            short ipElement = 0;
-            try {
-                ipElement = Short.parseShort(s);
-            } catch(Exception e) {
-                String args[] = { &quot;ip&quot;, ip };
-                throw new EntitlementException(400, args);
-            }
-            if ( ipElement &lt; 0 || ipElement &gt; 255 ) {
-                String args[] = { &quot;ipElement&quot;, s };
-                throw new EntitlementException(400, args);
-            }
-            ipValue = ipValue * 256L + ipElement;
-        }
-        return ipValue;
-    }
-
-    /**
-     * Return start IP.
-     *
-     * @return the start IP.
-     */
-    public String getStartIp() {
-        return startIp;
-    }
-
-    /**
-     * Set start IP.
-     *
-     * @param startIp Start IP.
-     */
-    public void setStartIp(String startIp) {
-        this.startIp = startIp;
-    }
-
-    /**
-     * Returns end IP.
-     *
-     * @return the end IP.
-     */
-    public String getEndIp() {
-        return endIp;
-    }
-
-    /**
-     * Sets end IP.
-     *
-     * @param endIp the end IP.
-     */
-    public void setEndIp(String endIp) {
-        this.endIp = endIp;
-    }
-
-    /**
-     * Returns OpenSSO policy subject name of the object
-     * @return subject name as used in OpenSSO policy,
-     * this is releavant only when UserECondition was created from
-     * OpenSSO policy Condition
-     */
-    public String getPConditionName() {
-        return pConditionName;
-    }
-
-    /**
-     * Sets OpenSSO policy subject name of the object
-     * @param pConditionName subject name as used in OpenSSO policy,
-     * this is releavant only when UserECondition was created from
-     * OpenSSO policy Condition
-     */
-    public void setPConditionName(String pConditionName) {
-        this.pConditionName = pConditionName;
-    }
-
-    /**
-     * Returns JSONObject mapping of the object
-     * @return JSONObject mapping  of the object
-     */
-    public JSONObject toJSONObject() throws JSONException {
-        JSONObject jo = new JSONObject();
-        toJSONObject(jo);
-        jo.put(&quot;startIp&quot;, startIp);
-        jo.put(&quot;endIp&quot;, endIp);
-        jo.put(&quot;pConditionName&quot;, pConditionName);
-        return jo;
-    }
-
-    /**
-     * Returns &lt;code&gt;true&lt;/code&gt; if the passed in object is equal to \
                this object
-     * @param obj object to check for equality
-     * @return  &lt;code&gt;true&lt;/code&gt; if the passed in object is equal to \
                this object
-     */
-    @Override
-    public boolean equals(Object obj) {
-        if (!super.equals(obj)) {
-            return false;
-        }
-        IPCondition object = (IPCondition) obj;
-        if (getStartIp() == null) {
-            if (object.getStartIp() != null) {
-                return false;
-            }
-        } else {
-            if (!startIp.equals(object.getStartIp())) {
-                return false;
-            }
-        }
-        if (getEndIp() == null) {
-            if (object.getEndIp() != null) {
-                return false;
-            }
-        } else {
-            if (!endIp.equals(object.getEndIp())) {
-                return false;
-            }
-        }
-        if (getPConditionName() == null) {
-            if (object.getPConditionName() != null) {
-                return false;
-            }
-        } else {
-            if (!pConditionName.equals(object.getPConditionName())) {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    /**
-     * Returns hash code of the object
-     * @return hash code of the object
-     */
-    @Override
-    public int hashCode() {
-        int code = super.hashCode();
-        
-        if (startIp != null) {
-            code += startIp.hashCode();
-        }
-        if (endIp != null) {
-            code += endIp.hashCode();
-        }
-        if (pConditionName != null) {
-            code += pConditionName.hashCode();
-        }
-        return code;
-    }
-
-    /**
-     * Returns string representation of the object
-     * @return string representation of the object
-     */
-    @Override
-    public String toString() {
-        String s = null;
-        try {
-            s = toJSONObject().toString(2);
-        } catch (JSONException e) {
-            PrivilegeManager.debug.error(&quot;IPCondiiton.toString&quot;, e);
-        }
-        return s;
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementIdRepoRoleSubjectjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/IdRepoRoleSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/IdRepoRoleSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/IdRepoRoleSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,33 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: IdRepoRoleSubject.java,v 1.1 2009/08/19 05:40:33 veiming Exp $
- */
-package com.sun.identity.entitlement;
-
-/**
- * Identity Repository Role Subject.
- */
-public class IdRepoRoleSubject extends RoleSubject {
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementRoleSubjectjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/RoleSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/RoleSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/RoleSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,135 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: RoleSubject.java,v 1.1 2009/08/19 05:40:33 veiming Exp $
- */
-package com.sun.identity.entitlement;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-
-/**
- * EntitlementSubject to represent role identity for membership check.
- */
-public class RoleSubject extends EntitlementSubjectImpl {
-    public static final String ROLE_NAME = &quot;role&quot;;
-
-    /**
-     * Constructs an RoleSubject
-     */
-    public RoleSubject() {
-        super();
-    }
-
-    /**
-     * Constructs RoleSubject
-     * @param role the uuid of the role who is member of the EntitlementSubject
-     */
-    public RoleSubject(String role) {
-        super(role);
-    }
-
-    /**
-     * Constructs RoleSubject
-     * @param role the uuid of the role who is member of the EntitlementSubject
-     * @param pSubjectName subject name as used in OpenSSO policy,
-     * this is releavant only when RoleSubject was created from
-     * OpenSSO policy Subject
-     */
-    public RoleSubject(String role, String pSubjectName) {
-        super(role, pSubjectName);
-    }
-
-    /**
-     * Returns &lt;code&gt;SubjectDecision&lt;/code&gt; of
-     * &lt;code&gt;EntitlementSubject&lt;/code&gt; evaluation
-     *
-     * @param realm Realm name.
-     * @param subject EntitlementSubject who is under evaluation.
-     * @param resourceName Resource name.
-     * @param environment Environment parameters.
-     * @return &lt;code&gt;SubjectDecision&lt;/code&gt; of
-     * &lt;code&gt;EntitlementSubject&lt;/code&gt; evaluation
-     * @throws EntitlementException if any errors ocurr.
-     */
-    public SubjectDecision evaluate(
-        String realm,
-        SubjectAttributesManager mgr,
-        Subject subject,
-        String resourceName,
-        Map&lt;String, Set&lt;String&gt;&gt; environment)
-        throws EntitlementException {
-        boolean satified = false;
-        Set publicCreds = subject.getPublicCredentials();
-        if ((publicCreds != null) &amp;&amp; !publicCreds.isEmpty()) {
-            Map&lt;String, Set&lt;String&gt;&gt; attributes = (Map&lt;String, \
                Set&lt;String&gt;&gt;)
-                publicCreds.iterator().next();
-            Set&lt;String&gt; values = attributes.get(
-                SubjectAttributesCollector.NAMESPACE_MEMBERSHIP + ROLE_NAME);
-            satified = (values != null) ? values.contains(getID()) : false;
-        }
-
-        satified = satified ^ isExclusive();
-        return new SubjectDecision(satified, Collections.EMPTY_MAP);
-    }
-
-
-    /**
-     * Returns search index attributes.
-     *
-     * @return search index attributes.
-     */
-    public Map&lt;String, Set&lt;String&gt;&gt; getSearchIndexAttributes() {
-        Map&lt;String, Set&lt;String&gt;&gt; map = new HashMap&lt;String, \
                Set&lt;String&gt;&gt;(2);
-        Set&lt;String&gt; set = new HashSet&lt;String&gt;();
-        set.add(getID());
-        map.put(SubjectAttributesCollector.NAMESPACE_MEMBERSHIP + ROLE_NAME,
-            set);
-        return map;
-    }
-
-    /**
-     * Returns required attribute names.
-     *
-     * @return required attribute names.
-     */
-    public Set&lt;String&gt; getRequiredAttributeNames() {
-        Set&lt;String&gt; set = new HashSet&lt;String&gt;(2);
-        set.add(SubjectAttributesCollector.NAMESPACE_MEMBERSHIP + ROLE_NAME);
-        return set;
-    }
-
-    /**
-     * Returns &lt;code&gt;true&lt;/code&gt; is this subject is an identity object.
-     *
-     * @return &lt;code&gt;true&lt;/code&gt; is this subject is an identity object.
-     */
-    public boolean isIdentity() {
-        return true;
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementTimeConditionjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/TimeCondition.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/TimeCondition.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/TimeCondition.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,754 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: TimeCondition.java,v 1.4 2010/01/05 22:00:26 dillidorai Exp $
- */
-package com.sun.identity.entitlement;
-
-
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.GregorianCalendar;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.StringTokenizer;
-import java.util.TimeZone;
-import javax.security.auth.Subject;
-import org.json.JSONObject;
-import org.json.JSONException;
-
-/**
- * EntitlementCondition to represent time based constraint
- * @author dorai
- */
-public class TimeCondition extends EntitlementConditionAdaptor {
-    /**
-     * Key that is used to define current time that is passed in the
-     *  &lt;code&gt;env&lt;/code&gt; parameter while invoking \
                &lt;code&gt;getConditionDecision
-     *  &lt;/code&gt; method of the &lt;code&gt;SimpleTimeCondition&lt;/code&gt;. \
                Value for the
-     *  key should be a &lt;code&gt;Long&lt;/code&gt; object whose value is time in
-     *  milliseconds since epoch. If no value is given for this, it is assumed
-     *  to be the current system time
-     *
-     *  @see com.sun.identity.policy.interfaces.Condition#getConditionDecision(com.iplanet.sso.SSOToken, \
                java.util.Map)
-     *  @see com.sun.identity.policy.plugins.SimpleTimeCondition#ENFORCEMENT_TIME_ZONE
                
-     */
-    public static final String REQUEST_TIME = &quot;requestTime&quot;;
-
-    /**
-     * Key that is used to define the time zone that is passed in
-     *  the &lt;code&gt;env&lt;/code&gt; parameter while invoking
-     *  &lt;code&gt;getConditionDecision&lt;/code&gt; method of a
-     *  &lt;code&gt;SimpleTimeCondition&lt;/code&gt;
-     *  Value for the key should be a &lt;code&gt;TimeZone&lt;/code&gt; object. This
-     *  would be used only if the &lt;code&gt;ENFORCEMENT_TIME_ZONE&lt;/code&gt; is \
                not
-     *  defined for the &lt;code&gt;SimpleTimeCondition&lt;/code&gt;
-     *
-     *  @see com.sun.identity.policy.interfaces.Condition#getConditionDecision(com.iplanet.sso.SSOToken, \
                java.util.Map)
-     *  @see com.sun.identity.policy.plugins.SimpleTimeCondition#ENFORCEMENT_TIME_ZONE
                
-     *  @see java.util.TimeZone
-     */
-    public static final String REQUEST_TIME_ZONE = &quot;requestTimeZone&quot;;
-    
-    private static final String DATE_FORMAT = &quot;yyyy:MM:dd&quot;;
-    private static final String[] DAYS_OF_WEEK = { &quot;&quot;, &quot;sun&quot;, \
                &quot;mon&quot;, &quot;tue&quot;,
-        &quot;wed&quot;, &quot;thu&quot;, &quot;fri&quot;, &quot;sat&quot;};
-
-    private String startTime;
-    private String endTime;
-    private String startDay;
-    private String endDay;
-    private String startDate;
-    private String endDate;
-    private String enforcementTimeZone;
-    private String pConditionName;
-
-    /**
-     * Constructs an TimeCondition
-     */
-    public TimeCondition() {
-    }
-
-    /**
-     * Constructs IPCondition object:w
-     *
-     * @param startTime
-     * @param endTime
-     * @param startDay
-     * @param endDay
-     */
-    public TimeCondition(String startTime, String endTime,
-            String startDay, String endDay) {
-        this.startTime = startTime;
-        this.endTime = endTime;
-        this.startDay = startDay;
-        this.endDay = endDay;
-    }
-
-    /**
-     * Returns state of the object
-     * @return state of the object encoded as string
-     */
-    public String getState() {
-        return toString();
-    }
-
-    /**
-     * Sets state of the object
-     * @param state State of the object encoded as string
-     */
-    public void setState(String state) {
-        try {
-            JSONObject jo = new JSONObject(state);
-            setState(jo);
-            startTime = jo.optString(&quot;startTime&quot;);
-            endTime = (jo.has(&quot;endTime&quot;)) ? \
                jo.optString(&quot;endTime&quot;) : null;
-            startDay = jo.optString(&quot;startDay&quot;);
-            endDay = jo.optString(&quot;endDay&quot;);
-            startDate = jo.optString(&quot;startDate&quot;);
-            endDate = (jo.has(&quot;endDate&quot;)) ? \
                jo.optString(&quot;endDate&quot;) : null;
-            pConditionName = jo.optString(&quot;pConditionName&quot;);
-            enforcementTimeZone = jo.optString(&quot;enforcementTimeZone&quot;);
-        } catch (JSONException joe) {
-        }
-    }
-
-    /**
-     * Returns &lt;code&gt;ConditionDecision&lt;/code&gt; of
-     * &lt;code&gt;EntitlementCondition&lt;/code&gt; evaluation
-     *
-     * @param realm Realm name.
-     * @param subject EntitlementCondition who is under evaluation.
-     * @param resourceName Resource name.
-     * @param environment Environment parameters.
-     * @return &lt;code&gt;ConditionDecision&lt;/code&gt; of
-     * &lt;code&gt;EntitlementCondition&lt;/code&gt; evaluation
-     * @throws com.sun.identity.entitlement,  EntitlementException in case
-     * of any error
-     */
-    public ConditionDecision evaluate(
-        String realm,
-        Subject subject,
-        String resourceName,
-        Map&lt;String, Set&lt;String&gt;&gt; environment)
-        throws EntitlementException {
-        boolean allowed = false;
-        long currentGmt = System.currentTimeMillis();
-
-
-        TimeZone timeZone = TimeZone.getDefault();
-        if (environment != null) {
-            String time = getProperty(environment, REQUEST_TIME);
-            if (time != null) {
-                try {
-                    currentGmt = Long.parseLong(time);
-                } catch (NumberFormatException e) {
-                    //ignore
-                }
-            }
-
-            String tZone = getProperty(environment, REQUEST_TIME_ZONE);
-            if (tZone != null) {
-                timeZone = TimeZone.getTimeZone(enforcementTimeZone);
-            }
-        }
-
-        long[] effectiveRange = getEffectiveRange(currentGmt, timeZone);
-        Map&lt;String, Set&lt;String&gt;&gt; advices = new HashMap&lt;String, \
                Set&lt;String&gt;&gt;();
-
-        if ((currentGmt &gt;= effectiveRange[0]) &amp;&amp;
-            (currentGmt &lt;= effectiveRange[1])
-        ) {
-            allowed = true;
-            long timeToLive = effectiveRange[1] - currentGmt;
-            Set&lt;String&gt; setDuration = new HashSet&lt;String&gt;(2);
-            Set&lt;String&gt; setMaxTime = new HashSet&lt;String&gt;(2);
-            setDuration.add(Long.toString(timeToLive));
-            setMaxTime.add(Long.toString(effectiveRange[1]));
-            advices.put(ConditionDecision.TIME_TO_LIVE, setDuration);
-            advices.put(ConditionDecision.MAX_TIME, setMaxTime);
-        } else if (currentGmt &lt; effectiveRange[0]) {
-            long timeToLive = effectiveRange[0] - currentGmt;
-            Set&lt;String&gt; setDuration = new HashSet&lt;String&gt;(2);
-            Set&lt;String&gt; setMaxTime = new HashSet&lt;String&gt;(2);
-            setDuration.add(Long.toString(timeToLive));
-            setMaxTime.add(Long.toString(effectiveRange[0]));
-            advices.put(ConditionDecision.TIME_TO_LIVE, setDuration);
-            advices.put(ConditionDecision.MAX_TIME, setMaxTime);
-        }
-
-        return new ConditionDecision(allowed, advices);
-    }
-
-    private static String getProperty(
-        Map&lt;String, Set&lt;String&gt;&gt; environment,
-        String name
-    ) {
-        Set&lt;String&gt; set = environment.get(name);
-        return ((set != null) &amp;&amp; !set.isEmpty()) ? set.iterator().next() \
                :null;
-    }
-
-    /**
-     * @return the startTime
-     */
-    public String getStartTime() {
-        return startTime;
-    }
-
-    /**
-     * @param startTime the startTime to set
-     */
-    public void setStartTime(String startTime) {
-        this.startTime = startTime;
-    }
-
-    /**
-     * @return the endTime
-     */
-    public String getEndTime() {
-        return endTime;
-    }
-
-    /**
-     * @param endTime the endTime to set
-     */
-    public void setEndTime(String endTime) {
-        this.endTime = endTime;
-    }
-
-    /**
-     * @return the startDay
-     */
-    public String getStartDay() {
-        return startDay;
-    }
-
-    /**
-     * @param startDay the startDay to set
-     */
-    public void setStartDay(String startDay) {
-        this.startDay = startDay;
-    }
-
-    /**
-     * @return the endDay
-     */
-    public String getEndDay() {
-        return endDay;
-    }
-
-    /**
-     * @param endDay the endDay to set
-     */
-    public void setEndDay(String endDay) {
-        this.endDay = endDay;
-    }
-
-    /**
-     * @return the startDate
-     */
-    public String getStartDate() {
-        return startDate;
-    }
-
-    /**
-     * @param startDate the startDate to set
-     */
-    public void setStartDate(String startDate) {
-        this.startDate = startDate;
-    }
-
-    /**
-     * @return the endDate
-     */
-    public String getEndDate() {
-        return endDate;
-    }
-
-    /**
-     * @param endDate the endDate to set
-     */
-    public void setEndDate(String endDate) {
-        this.endDate = endDate;
-    }
-
-    /**
-     * @return the enforcementTimeZone
-     */
-    public String getEnforcementTimeZone() {
-        return enforcementTimeZone;
-    }
-
-    /**
-     * @param enforcementTimeZone the enforcementTimeZone to set
-     */
-    public void setEnforcementTimeZone(String enforcementTimeZone) {
-        this.enforcementTimeZone = enforcementTimeZone;
-    }
-
-    /**
-     * Returns OpenSSO policy subject name of the object
-     * @return subject name as used in OpenSSO policy,
-     * this is releavant only when UserECondition was created from
-     * OpenSSO policy Condition
-     */
-    public String getPConditionName() {
-        return pConditionName;
-    }
-
-    /**
-     * Sets OpenSSO policy subject name of the object
-     * @param pConditionName subject name as used in OpenSSO policy,
-     * this is releavant only when UserECondition was created from
-     * OpenSSO policy Condition
-     */
-    public void setPConditionName(String pConditionName) {
-        this.pConditionName = pConditionName;
-    }
-
-    /**
-     * Returns JSONObject mapping of the object
-     * @return JSONObject mapping  of the object
-     */
-    public JSONObject toJSONObject() throws JSONException {
-        JSONObject jo = new JSONObject();
-        toJSONObject(jo);
-        jo.put(&quot;startTime&quot;, startTime);
-
-        if (endTime != null) {
-            jo.put(&quot;endTime&quot;, endTime);
-        }
-
-        jo.put(&quot;startDay&quot;, startDay);
-        jo.put(&quot;endDay&quot;, endDay);
-        jo.put(&quot;startDate&quot;, startDate);
-
-        if (endDate != null) {
-            jo.put(&quot;endDate&quot;, endDate);
-        }
-        jo.put(&quot;enforcementTimeZone&quot;, enforcementTimeZone);
-        jo.put(&quot;pConditionName&quot;, pConditionName);
-        return jo;
-    }
-
-    /**
-     * Returns &lt;code&gt;true&lt;/code&gt; if the passed in object is equal to \
                this object
-     * @param obj object to check for equality
-     * @return  &lt;code&gt;true&lt;/code&gt; if the passed in object is equal to \
                this object
-     */
-    @Override
-    public boolean equals(Object obj) {
-        if (!super.equals(obj)) {
-            return false;
-        }
-        if (!getClass().equals(obj.getClass())) {
-            return false;
-        }
-        TimeCondition object = (TimeCondition) obj;
-        if (startDay == null) {
-            if (object.getStartDay() != null) {
-                return false;
-            }
-        } else {
-            if (!startDay.equals(object.getStartDay())) {
-                return false;
-            }
-        }
-        if (getEndDay() == null) {
-            if (object.getEndDay() != null) {
-                return false;
-            }
-        } else {
-            if (!endDay.equals(object.getEndDay())) {
-                return false;
-            }
-        }
-        if (startDate == null) {
-            if (object.getStartDate() != null) {
-                return false;
-            }
-        } else {
-            if (!startDate.equals(object.getStartDate())) {
-                return false;
-            }
-        }
-        if (getEndDate() == null) {
-            if (object.getEndDate() != null) {
-                return false;
-            }
-        } else {
-            if (!endDate.equals(object.getEndDate())) {
-                return false;
-            }
-        }
-
-        if (getEnforcementTimeZone() == null) {
-            if (object.getEnforcementTimeZone() != null) {
-                return false;
-            }
-        } else {
-            if (!enforcementTimeZone.equals(object.getEnforcementTimeZone())) {
-                return false;
-            }
-        }
-
-        if (getPConditionName() == null) {
-            if (object.getPConditionName() != null) {
-                return false;
-            }
-        } else {
-            if (!pConditionName.equals(object.getPConditionName())) {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    /**
-     * Returns hash code of the object
-     * @return hash code of the object
-     */
-    @Override
-    public int hashCode() {
-        int code = super.hashCode();
-        if (startTime != null) {
-            code += startTime.hashCode();
-        }
-        if (startDate != null) {
-            code += startDate.hashCode();
-        }
-        if (startDay != null) {
-            code += startDay.hashCode();
-        }
-        if (endTime != null) {
-            code += endTime.hashCode();
-        }
-        if (endDate != null) {
-            code += endDate.hashCode();
-        }
-        if (endDay != null) {
-            code += endDay.hashCode();
-        }
-        if (enforcementTimeZone != null) {
-            code += enforcementTimeZone.hashCode();
-        }
-        if (pConditionName != null) {
-            code += pConditionName.hashCode();
-        }
-        return code;
-    }
-
-    /**
-     * Returns string representation of the object
-     * @return string representation of the object
-     */
-    @Override
-    public String toString() {
-        String s = null;
-        try {
-            s = toJSONObject().toString(2);
-        } catch (JSONException e) {
-            PrivilegeManager.debug.error(&quot;TimeCondition.toString()&quot;, e);
-        }
-        return s;
-    }
-
-    private long getTime(Calendar calendar, String time, long defaultVal)
-        throws EntitlementException {
-        if ((time == null) || (time.length() == 0)) {
-            return defaultVal;
-        }
-
-        int t = parseTimeString(time);
-        if (t == -1) {
-            return defaultVal;
-        }
-
-        int hours = t / 60;
-        int minutes = t - hours * 60;
-        calendar.set(Calendar.HOUR_OF_DAY, hours);
-        calendar.set(Calendar.MINUTE, minutes);
-        calendar.set(Calendar.SECOND, 0);
-        calendar.set(Calendar.MILLISECOND, 0);
-        return calendar.getTime().getTime();
-    }
-
-    /**
-     * Using the start and end times and dates get the effective
-     * start and end date in the &lt;code&gt;timeZone&lt;/code&gt; specified
-     * using the current time in GMT ( &lt;code&gt;currentGmt&lt;/code&gt;).
-     * @return long[] Array of &lt;code&gt;long&lt;/code&gt; of size 2 where
-     * end range.
-     */
-    private long[] getEffectiveRange(long currentGmt, TimeZone timeZone)
-        throws EntitlementException {
-        long[] effectiveRange = new long[2];
-
-        Calendar calendar = new GregorianCalendar(timeZone);
-        calendar.setTime( new Date(currentGmt) );
-
-        long timeStart = getTime(calendar, startTime, Long.MIN_VALUE);
-        long timeEnd = getTime(calendar, endTime, Long.MAX_VALUE);
-
-        if( timeEnd &lt; timeStart) {
-            Calendar cal = new GregorianCalendar(timeZone);
-            if (currentGmt &lt; timeStart) {
-                cal.setTime(new Date(timeStart));
-                cal.roll(Calendar.DAY_OF_YEAR, false);
-                timeStart = cal.getTime().getTime();
-            } else {
-                cal.setTime(new Date(timeEnd));
-                cal.roll(Calendar.DAY_OF_YEAR, true);
-                timeEnd = cal.getTime().getTime();
-            }
-        }
-
-        long dayStart = Long.MIN_VALUE;
-        /* need to set the date again on the calendar object
-        Reason was discovered to be the fact that when HOUR_OF_DAY etc
-        are set on the calendar the WEEK_OF_MONTH, DAY_OF_THE_WEEK
-        gets initialized to &quot;?&quot; , and once that happens the below
-        calendar.set(Calendar.DAY_OF_WEEK, startDay) does not seem
-        to set the DAY_OF_WEEK, since the fields which it needs to set
-        on the basis of like WEEK_OF_MONTH, WEEK_OF_YEAR are lost  too.
-          Setting the date again reinitializes all the necessary fields
-        to be able to set &quot;DAY_OF_WEEK&quot; correctly below.
-        */
-
-        calendar.setTime( new Date(currentGmt) );
-        int startD = parseDayString(startDay);
-        if (startD != -1) {
-            calendar.set(Calendar.DAY_OF_WEEK, startD);
-            calendar.set(Calendar.HOUR_OF_DAY, 0);
-            calendar.set(Calendar.MINUTE, 0);
-            calendar.set(Calendar.SECOND, 0);
-            calendar.set(Calendar.MILLISECOND, 0);
-            dayStart = calendar.getTime().getTime();
-        }
-
-        long dayEnd = Long.MAX_VALUE;
-        int endD = parseDayString(endDay);
-        if (endD != -1) {
-            calendar.set(Calendar.DAY_OF_WEEK, endD);
-            calendar.set(Calendar.HOUR_OF_DAY, 24);
-            calendar.set(Calendar.MINUTE, 0);
-            calendar.set(Calendar.SECOND, 0);
-            calendar.set(Calendar.MILLISECOND, 0);
-            dayEnd = calendar.getTime().getTime();
-        }
-        if( dayEnd &lt;= dayStart) {
-            Calendar cal = new GregorianCalendar(timeZone);
-            if ( currentGmt &lt; dayStart) {
-                cal.setTime(new Date(dayStart));
-                cal.roll(Calendar.WEEK_OF_YEAR, false);
-                dayStart = cal.getTime().getTime();
-            } else {
-                cal.setTime(new Date(dayEnd));
-                cal.roll(Calendar.WEEK_OF_YEAR, true);
-                dayEnd = cal.getTime().getTime();
-                if (dayEnd &lt;= dayStart) {
-                    // week is rolling over year, see issue 4326 
-                    int ye = cal.get(Calendar.YEAR);
-                    cal.set(Calendar.YEAR, ye + 1);
-                    cal.set(Calendar.DAY_OF_WEEK, endD);
-                    cal.set(Calendar.HOUR_OF_DAY, 24);
-                    cal.set(Calendar.MINUTE, 0);
-                    cal.set(Calendar.SECOND, 0);
-                    cal.set(Calendar.MILLISECOND, 0);
-                    dayEnd = cal.getTime().getTime();
-                }
-            }
-        }
-
-        long dateStart = Long.MIN_VALUE;
-        DateArray dateArray = validateDates(startDate, endDate);
-
-        if (dateArray.startDateArray[0] != -1) {
-            calendar.set(Calendar.YEAR, dateArray.startDateArray[0]);
-            calendar.set(Calendar.MONTH, dateArray.startDateArray[1]);
-            calendar.set(Calendar.DAY_OF_MONTH, dateArray.startDateArray[2]);
-            calendar.set(Calendar.HOUR_OF_DAY, 0);
-            calendar.set(Calendar.MINUTE, 0);
-            calendar.set(Calendar.SECOND, 0);
-            calendar.set(Calendar.MILLISECOND, 0);
-            dateStart = calendar.getTime().getTime();
-        }
-
-        long dateEnd = Long.MAX_VALUE;
-        if (dateArray.endDateArray[0] != -1) {
-            calendar.set(Calendar.YEAR, dateArray.endDateArray[0]);
-            calendar.set(Calendar.MONTH, dateArray.endDateArray[1]);
-            calendar.set(Calendar.DAY_OF_MONTH, dateArray.endDateArray[2]);
-            calendar.set(Calendar.HOUR_OF_DAY, 24);
-            calendar.set(Calendar.MINUTE, 0);
-            calendar.set(Calendar.SECOND, 0);
-            calendar.set(Calendar.MILLISECOND, 0);
-            dateEnd = calendar.getTime().getTime();
-        }
-
-        long rangeStart = Long.MIN_VALUE;
-        if ( timeStart &gt; rangeStart ) {
-            rangeStart = timeStart;
-        }
-        if ( dayStart &gt; rangeStart ) {
-            rangeStart = dayStart;
-        }
-        if ( dateStart &gt; rangeStart ) {
-            rangeStart = dateStart;
-        }
-
-        long rangeEnd = Long.MAX_VALUE;
-        if ( timeEnd &lt; rangeEnd ) {
-            rangeEnd = timeEnd;
-        }
-        if ( dayEnd &lt; rangeEnd )  {
-            rangeEnd = dayEnd;
-        }
-        if ( dateEnd &lt; rangeEnd ) {
-            rangeEnd = dateEnd;
-        }
-
-        effectiveRange[0] = rangeStart;
-        effectiveRange[1] = rangeEnd;
-
-        return effectiveRange;
-    }
-
-    /**
-     * Converts time in &lt;code&gt;String&lt;/code&gt; format to an int.
-     * @exception PolicyException for invalid data.
-     */
-    private static int parseTimeString(String timeString)
-        throws EntitlementException {
-        if ((timeString == null) || (timeString.length() == 0)) {
-            return -1;
-        }
-        StringTokenizer st = new StringTokenizer(timeString, &quot;:&quot;);
-        if ( st.countTokens() != 2 ) {
-            String[] args = { &quot;time&quot;, timeString };
-            throw new EntitlementException(400, args);
-        }
-        String token1 = st.nextToken();
-        String token2 = st.nextToken();
-        int hour = -1;
-        int minute = -1;
-        try {
-            hour = Integer.parseInt(token1);
-            minute = Integer.parseInt(token2);
-        } catch ( Exception e) {
-            String[] args = { &quot;time&quot;, timeString };
-            throw new EntitlementException(400, args);
-        }
-        if ( (hour &lt; 0) || (hour &gt; 24) || (minute &lt; 0) || (minute &gt; 59) \
                ) {
-            String[] args = { &quot;time&quot;, timeString };
-            throw new EntitlementException(400, args);
-        }
-        return hour * 60 + minute;
-    }
-
-    /**
-     * Converts day in &lt;code&gt;String&lt;/code&gt; format to an int.
-     * based on the &lt;code&gt;DAYS_OF_WEEK&lt;/code&gt;
-     * @see #DAYS_OF_WEEK
-     */
-    private static int parseDayString(String dayString) {
-        int day = -1;
-        if ((dayString != null) &amp;&amp; (dayString.length() &gt; 0)) {
-            String dayStringLc = dayString.toLowerCase();
-            for (int i = 1; i &lt; 8; i++) {
-                if (DAYS_OF_WEEK[i].equals(dayStringLc)) {
-                    day = i;
-                    break;
-                }
-            }
-        }
-        return day;
-    }
-
-    /**
-     * extracts &lt;code&gt;startDate&lt;/code&gt; and \
                &lt;code&gt;endDate&lt;/code&gt; from the
-     * respective &lt;code&gt;Set&lt;/code&gt;, throws Exception for invalid data
-     * like startDate &gt; endDate or format.
-     * @see #START_DATE
-     * @see #END_DATE
-     */
-    private DateArray validateDates(String startDate, String endDate)
-        throws EntitlementException {
-        DateArray dateArray = new DateArray();
-
-        if ((startDate == null) || (startDate.length() == 0)) {
-            return dateArray;
-        }
-
-        DateFormat df = new SimpleDateFormat(DATE_FORMAT);
-        df.setLenient(false);
-        df.setTimeZone(TimeZone.getTimeZone(&quot;GMT&quot;));
-
-        Date dateStart = getDate(df, startDate);
-        Date dateEnd = ((endDate == null) || (endDate.length() == 0)) ? null :
-            getDate(df, endDate);
-
-        if (dateEnd != null) {
-            if (dateStart.getTime() &gt; dateEnd.getTime()) {
-                String[] args = {startDate, endDate};
-                throw new EntitlementException(402, args);
-            }
-        }
-
-        Calendar cal = new GregorianCalendar(TimeZone.getTimeZone(&quot;GMT&quot;));
-        
-        cal.setTime(dateStart);
-        dateArray.startDateArray[0] = cal.get(Calendar.YEAR);
-        dateArray.startDateArray[1] = cal.get(Calendar.MONTH);
-        dateArray.startDateArray[2] = cal.get(Calendar.DAY_OF_MONTH);
-
-        if (dateEnd != null) {
-            cal.setTime(dateEnd);
-            dateArray.endDateArray[0] = cal.get(Calendar.YEAR);
-            dateArray.endDateArray[1] = cal.get(Calendar.MONTH);
-            dateArray.endDateArray[2] = cal.get(Calendar.DAY_OF_MONTH);
-        }
-        
-        return dateArray;
-    }
-
-    private Date getDate(DateFormat df, String date)
-        throws EntitlementException {
-        try {
-            return df.parse(date);
-        } catch (Exception e) {
-            String[] args = {startDate};
-            throw new EntitlementException(401, args, e);
-        }
-    }
-
-    class DateArray {
-        int startDateArray[] = {-1,0,0};
-        int endDateArray[] = {-1,0,0};
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementUserSubjectjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/UserSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/UserSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/UserSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,6 +24,11 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: UserSubject.java,v 1.1 2009/08/19 05:40:34 veiming \
Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="lines">@@ -36,8 +41,10 @@
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="cx">  * EntitlementSubject to represent user identity for \
membership check </span><del>- * @author dorai
</del><ins>+ *
+ * @deprecated As of ForgeRock OpenAM 12.
</ins><span class="cx">  */
</span><ins>+@Deprecated
</ins><span class="cx"> public class UserSubject extends EntitlementSubjectImpl {
</span><span class="cx">     /**
</span><span class="cx">      * Constructs an UserSubject
</span></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavacomsunidentityentitlementVirtualSubjectjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/VirtualSubject.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/VirtualSubject.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/com/sun/identity/entitlement/VirtualSubject.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,51 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: VirtualSubject.java,v 1.2 2009/10/29 19:05:19 veiming Exp $
- */
-
-package com.sun.identity.entitlement;
-
-
-public abstract class VirtualSubject implements SubjectImplementation {
-    public enum VirtualId {
-        ANY_USER,
-        AUTHENTICATED;
-
-        public VirtualSubject newVirtualSubject() {
-            switch (this) {
-                case ANY_USER:
-                    return new AnyUserSubject();
-
-                case AUTHENTICATED:
-                    return new AuthenticatedESubject();
-
-                default:
-                    throw new AssertionError(&quot;undefined virtual ID:&quot; + \
                this);
-            }
-        }
-    }
-
-    public abstract VirtualId getVirtualId();
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamentitlementssrcmainjavaorgforgerockopenamentitlementEntitlementRegistryjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-entitlements/src/main/java/org/forgerock/openam/entitlement/EntitlementRegistry.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-entitlements/src/main/java/org/forgerock/openam/entitlement/EntitlementRegistry.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-entitlements/src/main/java/org/forgerock/openam/entitlement/EntitlementRegistry.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -21,13 +21,10 @@
</span><span class="cx"> import com.sun.identity.entitlement.AnyUserSubject;
</span><span class="cx"> import \
com.sun.identity.entitlement.AttributeLookupCondition; </span><span class="cx"> \
import com.sun.identity.entitlement.AttributeSubject; </span><del>-import \
com.sun.identity.entitlement.DNSNameCondition; </del><span class="cx"> import \
com.sun.identity.entitlement.DenyOverride; </span><span class="cx"> import \
com.sun.identity.entitlement.EntitlementCombiner; </span><span class="cx"> import \
com.sun.identity.entitlement.EntitlementCondition; </span><span class="cx"> import \
com.sun.identity.entitlement.EntitlementSubject; </span><del>-import \
                com.sun.identity.entitlement.GroupSubject;
-import com.sun.identity.entitlement.IPCondition;
</del><span class="cx"> import com.sun.identity.entitlement.NoSubject;
</span><span class="cx"> import com.sun.identity.entitlement.NotCondition;
</span><span class="cx"> import com.sun.identity.entitlement.NotSubject;
</span><span class="lines">@@ -35,12 +32,9 @@
</span><span class="cx"> import com.sun.identity.entitlement.OrCondition;
</span><span class="cx"> import com.sun.identity.entitlement.OrSubject;
</span><span class="cx"> import com.sun.identity.entitlement.ResourceAttribute;
</span><del>-import com.sun.identity.entitlement.RoleSubject;
</del><span class="cx"> import com.sun.identity.entitlement.StaticAttributes;
</span><span class="cx"> import \
com.sun.identity.entitlement.StringAttributeCondition; </span><del>-import \
com.sun.identity.entitlement.TimeCondition; </del><span class="cx"> import \
com.sun.identity.entitlement.UserAttributes; </span><del>-import \
com.sun.identity.entitlement.UserSubject; </del><span class="cx"> 
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.ServiceLoader;
</span><span class="lines">@@ -98,22 +92,14 @@
</span><span class="cx">         registry.registerSubjectType(&quot;NOT&quot;, \
NotSubject.class); </span><span class="cx"> 
</span><span class="cx">         // Standard OpenAM entitlement conditions (policy \
conditions will be loaded later) </span><del>-        \
                registry.registerConditionType(IPCondition.class);
-        registry.registerConditionType(DNSNameCondition.class);
</del><span class="cx">         \
registry.registerConditionType(NumericAttributeCondition.class); </span><del>-        \
registry.registerConditionType(TimeCondition.class); </del><span class="cx">         \
registry.registerConditionType(AttributeLookupCondition.class); </span><span \
class="cx">         registry.registerConditionType(StringAttributeCondition.class); \
</span><span class="cx">  </span><span class="cx">         // Standard OpenAM \
subjects </span><span class="cx">         \
registry.registerSubjectType(&quot;NONE&quot;, NoSubject.class); </span><span \
class="cx">         registry.registerSubjectType(AnyUserSubject.class); </span><del>- \
                //registry.registerSubjectType(AuthenticatedESubject.class); // Not \
                implemented?
-        registry.registerSubjectType(GroupSubject.class);
</del><span class="cx">         registry.registerSubjectType(AttributeSubject.class);
</span><del>-        registry.registerSubjectType(UserSubject.class);
-        registry.registerSubjectType(RoleSubject.class);
-        //registry.registerSubjectType(IdRepoRoleSubject.class);
</del><span class="cx"> 
</span><span class="cx">         // Standard OpenAM resource attribute types
</span><span class="cx">         registry.registerAttributeType(&quot;User&quot;, \
UserAttributes.class); </span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementAndConditionEvalTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndConditionEvalTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndConditionEvalTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndConditionEvalTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,11 +27,16 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.sun.identity.entitlement.opensso.SubjectUtils;
</span><span class="cx"> import com.sun.identity.security.AdminTokenAction;
</span><ins>+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
 </ins><span class="cx"> import java.security.AccessController;
</span><span class="cx"> import java.util.HashMap;
</span><span class="cx"> import java.util.HashSet;
</span><span class="lines">@@ -43,6 +48,8 @@
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="cx"> 
</span><ins>+import static \
org.forgerock.openam.entitlement.conditions.environment.ConditionConstants.REQUEST_IP;
 +
</ins><span class="cx"> public class AndConditionEvalTest {
</span><span class="cx">     private static final String PRIVILEGE_NAME = \
&quot;AndConditionEvalTest&quot;; </span><span class="cx">     private static final \
String ROOT_RESOURCE_NAME =  </span><span class="lines">@@ -68,8 +75,10 @@
</span><span class="cx">             AndCondition cond = new AndCondition();
</span><span class="cx">             Set&lt;EntitlementCondition&gt; conditions = new \
 </span><span class="cx">                     HashSet&lt;EntitlementCondition&gt;();
</span><del>-            conditions.add(new DNSNameCondition(DNS_MASK));
-            conditions.add(new IPCondition(START_IP, END_IP));
</del><ins>+            IPCondition ipc = new IPCondition();
+            ipc.setStartIp(START_IP);
+            ipc.setEndIp(END_IP);
+            conditions.add(ipc);
</ins><span class="cx">             cond.setEConditions(conditions);
</span><span class="cx"> 
</span><span class="cx">             Privilege privilege = \
Privilege.getNewInstance(); </span><span class="lines">@@ -160,24 +169,12 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         String adv = advice.iterator().next();
</span><del>-        if (!adv.equals(IPCondition.REQUEST_IP + &quot;=&quot; + \
START_IP + &quot;-&quot; + END_IP) </del><ins>+        if (!adv.equals(REQUEST_IP + \
&quot;=&quot; + START_IP + &quot;-&quot; + END_IP) </ins><span class="cx">         ) \
{ </span><span class="cx">             throw new Exception(
</span><span class="cx">                 &quot;AndConditionEvalTest.negativeTest: \
advice for IP Condition&quot;); </span><span class="cx">         }
</span><span class="cx"> 
</span><del>-        advice = advices.get(DNSNameCondition.class.getName());
-        if ((advice == null) || advice.isEmpty()) {
-            throw new Exception(
-                &quot;AndConditionEvalTest.negativeTest: no advice for DNS \
                Condition.&quot;);
-        }
-
-        adv = advice.iterator().next();
-        if (!adv.equals(DNSNameCondition.REQUEST_DNS_NAME + &quot;=&quot; + \
                DNS_MASK)) {
-            throw new Exception(
-                &quot;AndConditionEvalTest.negativeTest: incorrect advice for DNS \
                Condition&quot;);
-        }
-
</del><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     private Map&lt;String, Set&lt;String&gt;&gt; \
getEnvironment(String ipAddr, String dns) { </span><span class="lines">@@ -185,11 \
+182,11 @@ </span><span class="cx">                 new HashMap&lt;String, \
Set&lt;String&gt;&gt;(); </span><span class="cx">         Set&lt;String&gt; dnsMask = \
new HashSet&lt;String&gt;(); </span><span class="cx">         dnsMask.add(dns);
</span><del>-        environment.put(DNSNameCondition.REQUEST_DNS_NAME, dnsMask);
</del><ins>+        environment.put(&quot;requestDnsName&quot;, dnsMask);
</ins><span class="cx"> 
</span><span class="cx">         Set&lt;String&gt; ip = new HashSet&lt;String&gt;();
</span><span class="cx">         ip.add(ipAddr);
</span><del>-        environment.put(IPCondition.REQUEST_IP, ip);
</del><ins>+        environment.put(REQUEST_IP, ip);
</ins><span class="cx"> 
</span><span class="cx">         return environment;
</span><span class="cx">     }
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementAndConditionTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndConditionTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndConditionTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndConditionTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,10 +24,18 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: AndConditionTest.java,v 1.1 2009/08/19 05:41:00 \
veiming Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import java.util.HashSet;
</span><span class="cx"> import java.util.Set;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition;
+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
</ins><span class="cx"> import org.testng.annotations.Test;
</span><span class="cx"> 
</span><span class="cx"> /**
</span><span class="lines">@@ -39,20 +47,20 @@
</span><span class="cx">     @Test
</span><span class="cx">     public void testConstruction() throws Exception {
</span><span class="cx"> 
</span><del>-        IPCondition ipc = new IPCondition(&quot;100.100.100.100&quot;, \
                &quot;200.200.200.200&quot;);
-        ipc.setPConditionName(&quot;ip1&quot;);
-        DNSNameCondition dnsc = new DNSNameCondition(&quot;*.sun.com&quot;);
-        dnsc.setPConditionName(&quot;ip2&quot;);
-        TimeCondition tc = new TimeCondition(&quot;08:00&quot;, &quot;16:00&quot;,
-                &quot;mon&quot;, &quot;fri&quot;);
</del><ins>+        IPCondition ipc = new IPCondition();
+        ipc.setStartIp(&quot;100.100.100.100&quot;);
+        ipc.setEndIp(&quot;200.200.200.200&quot;);
+        SimpleTimeCondition tc = new SimpleTimeCondition();
+        tc.setStartTime(&quot;08:00&quot;);
+        tc.setEndTime(&quot;16:00&quot;);
+        tc.setStartDay(&quot;mon&quot;);
+        tc.setEndDay(&quot;fri&quot;);
</ins><span class="cx">         tc.setStartDate(&quot;01/01/2001&quot;);
</span><span class="cx">         tc.setEndDate(&quot;02/02/2002&quot;);
</span><span class="cx">         tc.setEnforcementTimeZone(&quot;PST&quot;);
</span><del>-        tc.setPConditionName(&quot;tc1&quot;);
</del><span class="cx">         Set&lt;EntitlementCondition&gt; conditions
</span><span class="cx">                 = new HashSet&lt;EntitlementCondition&gt;();
</span><span class="cx">         conditions.add(ipc);
</span><del>-        conditions.add(dnsc);
</del><span class="cx">         conditions.add(tc);
</span><span class="cx">         AndCondition ac = new AndCondition(conditions);
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementAndSubjectTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndSubjectTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndSubjectTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/AndSubjectTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,6 +24,11 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: AndSubjectTest.java,v 1.1 2009/08/19 05:41:00 \
veiming Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="lines">@@ -48,16 +53,11 @@
</span><span class="cx">         gs1.setPSubjectName(&quot;g1&quot;);
</span><span class="cx">         GroupSubject gs3 = new \
GroupSubject(&quot;group31&quot;); </span><span class="cx">         \
gs1.setPSubjectName(&quot;g3&quot;); </span><del>-        RoleSubject rs1 = new \
                RoleSubject(&quot;role1&quot;);
-        rs1.setPSubjectName(&quot;r1&quot;);
-        NotSubject ns1 = new NotSubject(rs1);
-        ns1.setPSubjectName(&quot;r1&quot;);
</del><span class="cx">         Set&lt;EntitlementSubject&gt; subjects = new \
HashSet&lt;EntitlementSubject&gt;(); </span><span class="cx">         \
subjects.add(us1); </span><span class="cx">         subjects.add(us2);
</span><span class="cx">         subjects.add(gs1);
</span><span class="cx">         subjects.add(gs2);
</span><del>-        subjects.add(ns1);
</del><span class="cx">         AndSubject andSubject = new AndSubject(subjects);
</span><span class="cx">         AndSubject andSubuject1 = new AndSubject();
</span><span class="cx">         andSubuject1.setState(andSubject.getState());
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementCanBeDeletedAppTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/CanBeDeletedAppTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/CanBeDeletedAppTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/CanBeDeletedAppTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,6 +27,10 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="lines">@@ -41,6 +45,8 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="lines">@@ -128,7 +134,7 @@
</span><span class="cx">         Entitlement entitlement = new Entitlement(APPL_NAME,
</span><span class="cx">             \
&quot;http://www.CanBeDeletedAppTest.com/*&quot;, actionValues); </span><span \
class="cx">         p.setEntitlement(entitlement); </span><del>-        \
p.setSubject(new AuthenticatedESubject()); </del><ins>+        p.setSubject(new \
AuthenticatedUsers()); </ins><span class="cx">         pm.add(p);
</span><span class="cx">     }
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementDNSNameEvalTestjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DNSNameEvalTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DNSNameEvalTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DNSNameEvalTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,169 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: DNSNameEvalTest.java,v 1.1 2009/09/05 00:24:03 veiming Exp $
- *
- * Portions Copyrighted 2014 ForgeRock AS
- */
-
-package com.sun.identity.entitlement;
-
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.entitlement.opensso.SubjectUtils;
-import com.sun.identity.security.AdminTokenAction;
-import java.security.AccessController;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-public class DNSNameEvalTest {
-    private static final String PRIVILEGE_NAME = &quot;DNSNameEvalTest&quot;;
-    private static final String ROOT_RESOURCE_NAME = 
-            &quot;http://www.DNSNameEvalTest.com&quot;;
-    private static final String DNS_MASK =  &quot;*.dnsnameevaltest.com&quot;;
-
-    private SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-    private Subject adminSubject = SubjectUtils.createSubject(adminToken);
-    private boolean migrated = EntitlementConfiguration.getInstance(
-        adminSubject, &quot;/&quot;).migratedToEntitlementService();
-
-    @BeforeClass
-    public void setup() throws Exception {
-        if (migrated) {
-            Map&lt;String, Boolean&gt; actions = new HashMap&lt;String, \
                Boolean&gt;();
-            actions.put(&quot;GET&quot;, Boolean.TRUE);
-            Entitlement ent = new Entitlement(
-                    ApplicationTypeManager.URL_APPLICATION_TYPE_NAME,
-                    ROOT_RESOURCE_NAME + &quot;/*&quot;, actions);
-
-            Privilege privilege = Privilege.getNewInstance();
-            privilege.setName(PRIVILEGE_NAME);
-            privilege.setEntitlement(ent);
-            privilege.setSubject(new AnyUserSubject());
-            privilege.setCondition(new DNSNameCondition(DNS_MASK));
-
-            PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-                    adminSubject);
-            pm.add(privilege);
-            Thread.sleep(1000);
-        }
-    }
-
-    @AfterClass
-    public void clean() throws EntitlementException {
-        if (migrated) {
-            PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-                    adminSubject);
-            pm.remove(PRIVILEGE_NAME);
-        }
-    }
-
-    @Test
-    public void positiveTest() throws Exception {
-        Map&lt;String, Set&lt;String&gt;&gt; environment = getEnvironment(
-                &quot;www.dnsnameevaltest.com&quot;);
-
-        Evaluator evaluator = new Evaluator(adminSubject,
-                ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
-        List&lt;Entitlement&gt; entitlements = evaluator.evaluate(&quot;/&quot;, \
                adminSubject,
-                ROOT_RESOURCE_NAME + &quot;/index.html&quot;, environment, false);
-
-        if ((entitlements == null) || entitlements.isEmpty()) {
-            throw new Exception(
-                    &quot;DNSNameEvalTest.positiveTest: no entitlements \
                returned&quot;);
-        }
-
-        Entitlement ent = entitlements.get(0);
-        Boolean result = ent.getActionValue(&quot;GET&quot;);
-
-        if ((result == null) || !result) {
-            throw new Exception(
-                    &quot;DNSNameEvalTest.positiveTest: incorrect decision&quot;);
-        }
-
-        Map&lt;String, Set&lt;String&gt;&gt; advice = ent.getAdvices();
-        if ((advice != null) &amp;&amp; !advice.isEmpty()) {
-            throw new Exception(
-                    &quot;DNSNameEvalTest.positiveTest: do not expect \
                advices.&quot;);
-        }
-    }
-    
-    @Test
-    public void negativeTest() throws Exception {
-        Map&lt;String, Set&lt;String&gt;&gt; environment = getEnvironment(
-                &quot;www.dnsnameevaltest1.com&quot;);
-
-        Evaluator evaluator = new Evaluator(adminSubject,
-                ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
-        List&lt;Entitlement&gt; entitlements = evaluator.evaluate(&quot;/&quot;, \
                adminSubject,
-                ROOT_RESOURCE_NAME + &quot;/index.html&quot;, environment, false);
-
-        if ((entitlements == null) || entitlements.isEmpty()) {
-            throw new Exception(
-                    &quot;DNSNameEvalTest.negativeTest: no entitlements \
                returned&quot;);
-        }
-
-        Entitlement ent = entitlements.get(0);
-        Boolean result = ent.getActionValue(&quot;GET&quot;);
-
-        if ((result != null) &amp;&amp; result) {
-            throw new Exception(
-                    &quot;DNSNameEvalTest.negativeTest: incorrect decision&quot;);
-        }
-
-        Map&lt;String, Set&lt;String&gt;&gt; advices = ent.getAdvices();
-        if ((advices == null) || advices.isEmpty()) {
-            throw new Exception(
-                    &quot;DNSNameEvalTest.negativeTest: no advices.&quot;);
-        }
-
-        Set&lt;String&gt; advice = advices.get(DNSNameCondition.class.getName());
-        if ((advice == null) || advice.isEmpty()) {
-            throw new Exception(
-                    &quot;DNSNameEvalTest.negativeTest: no advice for \
                DNSNameCondition.&quot;);
-        }
-
-        String adv = advice.iterator().next();
-        if (!adv.equals(DNSNameCondition.REQUEST_DNS_NAME + &quot;=&quot; + \
                DNS_MASK)) {
-            throw new Exception(
-                    &quot;DNSNameEvalTest.negativeTest: incorrect decision&quot;);
-        }
-    }
-
-    private Map&lt;String, Set&lt;String&gt;&gt; getEnvironment(String dns) {
-        Map&lt;String, Set&lt;String&gt;&gt; environment =
-                new HashMap&lt;String, Set&lt;String&gt;&gt;();
-        Set&lt;String&gt; ip = new HashSet&lt;String&gt;();
-        ip.add(dns);
-        environment.put(DNSNameCondition.REQUEST_DNS_NAME, ip);
-        return environment;
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementDateRangeConditionEvaluationjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DateRangeConditionEvaluation.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DateRangeConditionEvaluation.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DateRangeConditionEvaluation.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,146 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: DateRangeConditionEvaluation.java,v 1.2 2009/10/13 22:37:53 veiming Exp $
- *
- * Portions Copyrighted 2014 ForgeRock AS
- */
-
-package com.sun.identity.entitlement;
-
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.entitlement.opensso.SubjectUtils;
-import com.sun.identity.security.AdminTokenAction;
-import java.security.AccessController;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-public class DateRangeConditionEvaluation {
-    private static final String PRIVILEGE_NAME =
-        &quot;DateRangeConditionEvaluationPrivilege&quot;;
-    private static final String URL = 
-        &quot;http://www.daterangeconditionevaluation.com&quot;;
-    private SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-        AdminTokenAction.getInstance());
-    private Subject adminSubject = SubjectUtils.createSubject(adminToken);
-    private boolean migrated = EntitlementConfiguration.getInstance(
-        adminSubject, &quot;/&quot;).migratedToEntitlementService();
-
-    @BeforeClass
-    public void setup() throws Exception {
-        if (!migrated) {
-            return;
-        }
-
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        Map&lt;String, Boolean&gt; actions = new HashMap&lt;String, Boolean&gt;();
-        actions.put(&quot;GET&quot;, Boolean.TRUE);
-        Entitlement ent = new Entitlement(
-            ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, URL, actions);
-
-        Privilege privilege = Privilege.getNewInstance();
-        privilege.setName(PRIVILEGE_NAME);
-        privilege.setEntitlement(ent);
-        privilege.setSubject(new AnyUserSubject());
-
-        TimeCondition tc = new TimeCondition();
-        tc.setStartDate(&quot;2008:01:01&quot;);
-        tc.setEndDate(&quot;2010:01:01&quot;);
-        privilege.setCondition(tc);
-        pm.add(privilege);
-    }
-
-    @AfterClass
-    public void cleanup() throws Exception {
-        if (!migrated) {
-            return;
-        }
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        pm.remove(PRIVILEGE_NAME);
-    }
-
-    @Test
-    public void positiveTest() throws Exception {
-        boolean result = evaluate();
-        if (!result) {
-            throw new Exception(&quot;DateRangeConditionEvaluation.positiveTest \
                fails&quot;);
-        }
-    }
-
-    private boolean evaluate()
-        throws Exception {
-        Set actions = new HashSet();
-        actions.add(&quot;GET&quot;);
-        Evaluator evaluator = new Evaluator(
-            SubjectUtils.createSubject(adminToken),
-            ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
-        Map&lt;String, Set&lt;String&gt;&gt; conditions = new
-            HashMap&lt;String, Set&lt;String&gt;&gt;();
-        Set&lt;String&gt; setTime = new HashSet&lt;String&gt;();
-        // 7/31/09 12:05 AM
-        setTime.add(&quot;1249027551534&quot;);
-        conditions.put(TimeCondition.REQUEST_TIME, setTime);
-        return evaluator.hasEntitlement(&quot;/&quot;, null,
-            new Entitlement(URL, actions), conditions);
-
-    }
-
-    @Test (dependsOnMethods = {&quot;positiveTest&quot;})
-    public void negativeTest() throws Exception {
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        Privilege p = pm.findByName(PRIVILEGE_NAME);
-        TimeCondition tc = (TimeCondition)p.getCondition();
-        tc.setEndDate(&quot;2008:01:02&quot;);
-        pm.modify(p);
-        boolean result = evaluate();
-        if (result) {
-            throw new Exception(&quot;DateRangeConditionEvaluation.negativeTest \
                fails&quot;);
-        }
-    }
-
-    @Test (dependsOnMethods = {&quot;negativeTest&quot;})
-    public void indefiniteEndDate() throws Exception {
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        Privilege p = pm.findByName(PRIVILEGE_NAME);
-        TimeCondition tc = (TimeCondition)p.getCondition();
-        tc.setEndDate(null);
-        pm.modify(p);
-        boolean result = evaluate();
-        if (!result) {
-            throw new Exception(&quot;DateRangeConditionEvaluation.indefiniteEndDate \
                fails&quot;);
-        }
-    }
-
-}
-
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementDayConditionEvaluationjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DayConditionEvaluation.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DayConditionEvaluation.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DayConditionEvaluation.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,111 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: DayConditionEvaluation.java,v 1.1 2009/08/19 05:41:00 veiming Exp $
- *
- * Portions Copyrighted 2014 ForgeRock AS
- */
-
-package com.sun.identity.entitlement;
-
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.entitlement.opensso.SubjectUtils;
-import com.sun.identity.security.AdminTokenAction;
-import java.security.AccessController;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-public class DayConditionEvaluation {
-    private static final String PRIVILEGE_NAME =
-        &quot;DayConditionEvaluationPrivilege&quot;;
-    private static final String URL = \
                &quot;http://www.dayconditionevaluation.com&quot;;
-    private SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-    private Subject adminSubject = SubjectUtils.createSubject(adminToken);
-    private boolean migrated = EntitlementConfiguration.getInstance(
-        adminSubject, &quot;/&quot;).migratedToEntitlementService();
-
-    @BeforeClass
-    public void setup() throws Exception {
-        if (!migrated) {
-            return;
-        }
-
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        Map&lt;String, Boolean&gt; actions = new HashMap&lt;String, Boolean&gt;();
-        actions.put(&quot;GET&quot;, Boolean.TRUE);
-        Entitlement ent = new Entitlement(
-            ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, URL, actions);
-
-        Privilege privilege = Privilege.getNewInstance();
-        privilege.setName(PRIVILEGE_NAME);
-        privilege.setEntitlement(ent);
-        privilege.setSubject(new AnyUserSubject());
-
-        TimeCondition tc = new TimeCondition();
-        tc.setStartDay(&quot;mon&quot;);
-        tc.setEndDay(&quot;fri&quot;);
-        privilege.setCondition(tc);
-        pm.add(privilege);
-        Thread.sleep(1000);
-    }
-
-    @AfterClass
-    public void cleanup() throws Exception {
-        if (!migrated) {
-            return;
-        }
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        pm.remove(PRIVILEGE_NAME);
-    }
-
-    @Test
-    public void evaluate()
-        throws Exception {
-        Set actions = new HashSet();
-        actions.add(&quot;GET&quot;);
-        Evaluator evaluator = new Evaluator(
-            SubjectUtils.createSubject(adminToken),
-            ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
-        Map&lt;String, Set&lt;String&gt;&gt; conditions = new
-            HashMap&lt;String, Set&lt;String&gt;&gt;();
-        Set&lt;String&gt; setTime = new HashSet&lt;String&gt;();
-        setTime.add(&quot;1249027551534&quot;);
-        conditions.put(TimeCondition.REQUEST_TIME, setTime);
-        Boolean result = evaluator.hasEntitlement(&quot;/&quot;, null,
-            new Entitlement(URL, actions), conditions);
-        if (!result) {
-            throw new Exception(&quot;DayConditionEvaluation.evaluate fails&quot;);
-        }
-    }
-}
-
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementDecisionMergeTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DecisionMergeTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DecisionMergeTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/DecisionMergeTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,6 +27,10 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="lines">@@ -44,6 +48,8 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="lines">@@ -69,7 +75,7 @@
</span><span class="cx">         actionValues.put(&quot;GET&quot;, true);
</span><span class="cx">         Entitlement e1 = new \
Entitlement(&quot;http://www.DecisionMergeTest.com/a/*&quot;, </span><span \
class="cx">             actionValues); </span><del>-        EntitlementSubject sbj = \
new AuthenticatedESubject(); </del><ins>+        EntitlementSubject sbj = new \
AuthenticatedUsers(); </ins><span class="cx"> 
</span><span class="cx">         Privilege p1 = Privilege.getNewInstance();
</span><span class="cx">         p1.setName(&quot;DecisionMergeTestPolicy1&quot;);
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementHttpStarEvaluationTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/HttpStarEvaluationTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/HttpStarEvaluationTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/HttpStarEvaluationTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,6 +27,10 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="lines">@@ -39,6 +43,8 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="lines">@@ -64,7 +70,7 @@
</span><span class="cx">             \
ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, &quot;http://*&quot;, </span><span \
class="cx">             actions); </span><span class="cx">         \
privilege.setEntitlement(entitlement); </span><del>-        privilege.setSubject(new \
AuthenticatedESubject()); </del><ins>+        privilege.setSubject(new \
AuthenticatedUsers()); </ins><span class="cx">         pm.add(privilege);
</span><span class="cx">     }
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementIPConditionEvalTestjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/IPConditionEvalTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/IPConditionEvalTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/IPConditionEvalTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,171 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: IPConditionEvalTest.java,v 1.1 2009/09/05 00:24:03 veiming Exp $
- *
- * Portions Copyrighted 2014 ForgeRock AS
- */
-
-package com.sun.identity.entitlement;
-
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.entitlement.opensso.SubjectUtils;
-import com.sun.identity.security.AdminTokenAction;
-import java.security.AccessController;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-public class IPConditionEvalTest {
-    private static final String PRIVILEGE_NAME = &quot;IPConditionEvalTest&quot;;
-    private static final String ROOT_RESOURCE_NAME = 
-            &quot;http://www.IPConditionEvalTest.com&quot;;
-    private static final String START_IP =  &quot;100.100.100.100&quot;;
-    private static final String END_IP =  &quot;200.200.200.200&quot;;
-
-    private SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-    private Subject adminSubject = SubjectUtils.createSubject(adminToken);
-    private boolean migrated = EntitlementConfiguration.getInstance(
-        adminSubject, &quot;/&quot;).migratedToEntitlementService();
-
-    @BeforeClass
-    public void setup() throws Exception {
-        if (migrated) {
-            Map&lt;String, Boolean&gt; actions = new HashMap&lt;String, \
                Boolean&gt;();
-            actions.put(&quot;GET&quot;, Boolean.TRUE);
-            Entitlement ent = new Entitlement(
-                    ApplicationTypeManager.URL_APPLICATION_TYPE_NAME,
-                    ROOT_RESOURCE_NAME + &quot;/*&quot;, actions);
-
-            Privilege privilege = Privilege.getNewInstance();
-            privilege.setName(PRIVILEGE_NAME);
-            privilege.setEntitlement(ent);
-            privilege.setSubject(new AnyUserSubject());
-            privilege.setCondition(new IPCondition(START_IP, END_IP));
-
-            PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-                    adminSubject);
-            pm.add(privilege);
-            Thread.sleep(1000);
-        }
-    }
-
-    @AfterClass
-    public void clean() throws EntitlementException {
-        if (migrated) {
-            PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-                    adminSubject);
-            pm.remove(PRIVILEGE_NAME);
-        }
-    }
-
-    @Test
-    public void positiveTest() throws Exception {
-        Map&lt;String, Set&lt;String&gt;&gt; environment = getEnvironment(
-                &quot;100.100.100.200&quot;);
-
-        Evaluator evaluator = new Evaluator(adminSubject,
-                ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
-        List&lt;Entitlement&gt; entitlements = evaluator.evaluate(&quot;/&quot;, \
                adminSubject,
-                ROOT_RESOURCE_NAME + &quot;/index.html&quot;, environment, false);
-
-        if ((entitlements == null) || entitlements.isEmpty()) {
-            throw new Exception(
-                    &quot;IPConditionEvalTest.positiveTest: no entitlements \
                returned&quot;);
-        }
-
-        Entitlement ent = entitlements.get(0);
-        Boolean result = ent.getActionValue(&quot;GET&quot;);
-
-        if ((result == null) || !result) {
-            throw new Exception(
-                    &quot;IPConditionEvalTest.positiveTest: incorrect \
                decision&quot;);
-        }
-
-        Map&lt;String, Set&lt;String&gt;&gt; advice = ent.getAdvices();
-        if ((advice != null) &amp;&amp; !advice.isEmpty()) {
-            throw new Exception(
-                    &quot;IPConditionEvalTest.positiveTest: do not expect \
                advices.&quot;);
-        }
-    }
-    
-    @Test
-    public void negativeTest() throws Exception {
-        Map&lt;String, Set&lt;String&gt;&gt; environment = getEnvironment(
-                &quot;210.100.100.200&quot;);
-
-        Evaluator evaluator = new Evaluator(adminSubject,
-                ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
-        List&lt;Entitlement&gt; entitlements = evaluator.evaluate(&quot;/&quot;, \
                adminSubject,
-                ROOT_RESOURCE_NAME + &quot;/index.html&quot;, environment, false);
-
-        if ((entitlements == null) || entitlements.isEmpty()) {
-            throw new Exception(
-                    &quot;IPConditionEvalTest.negativeTest: no entitlements \
                returned&quot;);
-        }
-
-        Entitlement ent = entitlements.get(0);
-        Boolean result = ent.getActionValue(&quot;GET&quot;);
-
-        if ((result != null) &amp;&amp; result) {
-            throw new Exception(
-                    &quot;IPConditionEvalTest.negativeTest: incorrect \
                decision&quot;);
-        }
-
-        Map&lt;String, Set&lt;String&gt;&gt; advices = ent.getAdvices();
-        if ((advices == null) || advices.isEmpty()) {
-            throw new Exception(
-                    &quot;IPConditionEvalTest.negativeTest: no advices.&quot;);
-        }
-
-        Set&lt;String&gt; advice = advices.get(IPCondition.class.getName());
-        if ((advice == null) || advice.isEmpty()) {
-            throw new Exception(
-                    &quot;IPConditionEvalTest.negativeTest: no advice for \
                IPCondition.&quot;);
-        }
-
-        String adv = advice.iterator().next();
-        if (!adv.equals(IPCondition.REQUEST_IP + &quot;=&quot; + START_IP + \
                &quot;-&quot; + END_IP)
-        ) {
-            throw new Exception(
-                    &quot;IPConditionEvalTest.negativeTest: incorrect \
                decision&quot;);
-        }
-    }
-
-    private Map&lt;String, Set&lt;String&gt;&gt; getEnvironment(String ipAddr) {
-        Map&lt;String, Set&lt;String&gt;&gt; environment =
-                new HashMap&lt;String, Set&lt;String&gt;&gt;();
-        Set&lt;String&gt; ip = new HashSet&lt;String&gt;();
-        ip.add(ipAddr);
-        environment.put(IPCondition.REQUEST_IP, ip);
-        return environment;
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementIPConditionTestjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/IPConditionTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/IPConditionTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/IPConditionTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,109 +0,0 @@
</span><del>-/** 
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: IPConditionTest.java,v 1.1 2009/08/19 05:41:00 veiming Exp $
- */
-package com.sun.identity.entitlement;
-
-
-import org.testng.annotations.Test;
-
-/**
- *
- * @author dillidorai
- */
-public class IPConditionTest {
-
-    @Test
-    public void testConstruction() throws Exception {
-        String startIp = &quot;100.100.100.100&quot;;
-        String endIp = &quot;200.200.200.200&quot;;
-
-        IPCondition ipc = new IPCondition(startIp, endIp);
-        ipc.setPConditionName(&quot;ip1&quot;);
-
-        String readIp = ipc.getStartIp();
-        if (!startIp.equals(readIp)) {
-            throw new Exception(&quot;IPConditionTest.testConstruction():&quot; +
-                &quot; read startIp did not equal startIp set in constructor&quot;);
-        }
-
-        readIp = ipc.getEndIp();
-        if (!endIp.equals(readIp)) {
-            throw new Exception(&quot;IPConditionTest.testConstruction():&quot; +
-                &quot; read endIp did not equal endIp set in constructor&quot;);
-        }
-
-        startIp = &quot;120.120.120.120&quot;;
-        endIp = &quot;220.220.220.220&quot;;
-        ipc.setStartIp(startIp);
-        ipc.setEndIp(endIp);
-
-        readIp = ipc.getStartIp();
-        if (!startIp.equals(readIp)) {
-            throw new Exception(&quot;IPConditionTest.testConstruction():&quot; +
-                &quot; read startIp did no tequal startIp set&quot;);
-        }
-
-        readIp = ipc.getEndIp();
-        if (!endIp.equals(readIp)) {
-            throw new Exception(&quot;IPConditionTest.testConstruction():&quot; +
-                &quot; read endIp did not tequal endIp set&quot;);
-        }
-
-        String dnsName = &quot;*.sun.com&quot;;
-        DNSNameCondition dnsc = new DNSNameCondition(dnsName);
-        dnsc.setPConditionName(&quot;ip2&quot;);
-
-        String rdnsName = dnsc.getDomainNameMask();
-        if (!dnsName.equals(rdnsName)) {
-            throw new Exception(&quot;IPConditionTest.testConstruction():&quot; +
-                &quot; read dnsName did not equal dnsName set in constructor&quot;);
-        }
-
-        dnsName = &quot;*.iplanet.com&quot;;
-        dnsc.setDomainNameMask(dnsName);
-        rdnsName = dnsc.getDomainNameMask();
-        if (!dnsName.equals(rdnsName)) {
-            throw new Exception(&quot;IPConditionTest.testConstruction():&quot; +
-                &quot; read dnsName did not equal dnsName set&quot;);
-        }
-
-        IPCondition ipc1 = new IPCondition();
-        ipc1.setState(ipc.getState());
-        DNSNameCondition dnsc1 = new DNSNameCondition();
-        dnsc1.setState(dnsc.getState());
-
-        if (!ipc1.equals(ipc)) {
-            throw new Exception(&quot;IPConditionTest.testConstruction():&quot; +
-                &quot; ipc1 not equal ipc&quot;);
-        }
-        if (!dnsc1.equals(dnsc)) {
-            throw new Exception(&quot;IPConditionTest.testConstruction():&quot; +
-                &quot; dnsc1 not equal dnsc&quot;);
-        }
-
-    }
-
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementMultiWildcardEvalTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/MultiWildcardEvalTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/MultiWildcardEvalTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/MultiWildcardEvalTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,6 +27,10 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="lines">@@ -39,6 +43,8 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="lines">@@ -55,7 +61,7 @@
</span><span class="cx">         actionValues.put(&quot;GET&quot;, true);
</span><span class="cx">         Entitlement e1 = new Entitlement(
</span><span class="cx">             &quot;http://sun.com/a/*/b/*/c&quot;, \
actionValues); </span><del>-        EntitlementSubject sbj = new \
AuthenticatedESubject(); </del><ins>+        EntitlementSubject sbj = new \
AuthenticatedUsers(); </ins><span class="cx"> 
</span><span class="cx">         Privilege p1 = Privilege.getNewInstance();
</span><span class="cx">         p1.setName(&quot;MultiWildcardEvalTest&quot;);
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementNotConditionTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/NotConditionTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/NotConditionTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/NotConditionTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import static org.testng.Assert.assertTrue;
</span><span class="cx"> import org.testng.annotations.Test;
</span><ins>+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
 </ins><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> public class NotConditionTest {
</span><span class="lines">@@ -42,8 +43,9 @@
</span><span class="cx">     @Test
</span><span class="cx">     public void testConstruction() throws Exception {
</span><span class="cx"> 
</span><del>-        IPCondition ipc = new IPCondition(&quot;100.100.100.100&quot;, \
                &quot;200.200.200.200&quot;);
-        ipc.setPConditionName(&quot;ip1&quot;);
</del><ins>+        IPCondition ipc = new IPCondition();
+        ipc.setStartIp(&quot;100.100.100.100&quot;);
+        ipc.setEndIp(&quot;200.200.200.200&quot;);
</ins><span class="cx">         NotCondition ac = new NotCondition(ipc);
</span><span class="cx">         NotCondition ac1 = new NotCondition();
</span><span class="cx">         ac1.setState(ac.getState());
</span><span class="lines">@@ -63,8 +65,12 @@
</span><span class="cx">         //given
</span><span class="cx">         Set&lt;EntitlementCondition&gt; conditions = new \
HashSet&lt;EntitlementCondition&gt;(); </span><span class="cx"> 
</span><del>-        IPCondition ip = new IPCondition(&quot;192.168.0.1&quot;, \
                &quot;192.168.0.2&quot;);
-        IPCondition ip2 = new IPCondition(&quot;192.168.0.5&quot;, \
&quot;192.168.0.6&quot;); </del><ins>+        IPCondition ip = new IPCondition();
+        ip.setStartIp(&quot;192.168.0.1&quot;);
+        ip.setEndIp(&quot;192.168.0.2&quot;);
+        IPCondition ip2 = new IPCondition();
+        ip2.setStartIp(&quot;192.168.0.5&quot;);
+        ip2.setEndIp(&quot;192.168.0.6&quot;);
</ins><span class="cx"> 
</span><span class="cx">         conditions.add(ip);
</span><span class="cx">         conditions.add(ip2);
</span><span class="lines">@@ -82,7 +88,9 @@
</span><span class="cx">     public void testSingleSubjectEnforced() {
</span><span class="cx">         //given
</span><span class="cx">         Set&lt;EntitlementCondition&gt; conditions = new \
HashSet&lt;EntitlementCondition&gt;(); </span><del>-        IPCondition ip = new \
IPCondition(&quot;192.168.0.1&quot;, &quot;192.168.0.2&quot;); </del><ins>+        \
IPCondition ip = new IPCondition(); +        ip.setStartIp(&quot;192.168.0.1&quot;);
+        ip.setEndIp(&quot;192.168.0.2&quot;);
</ins><span class="cx">         conditions.add(ip);
</span><span class="cx">         NotCondition myNotCondition = new NotCondition();
</span><span class="cx"> 
</span><span class="lines">@@ -97,7 +105,9 @@
</span><span class="cx">     @Test
</span><span class="cx">     public void testSingleSubjectEnforcedRetrieval() {
</span><span class="cx">         //given
</span><del>-        IPCondition ip = new IPCondition(&quot;192.168.0.1&quot;, \
&quot;192.168.0.2&quot;); </del><ins>+        IPCondition ip = new IPCondition();
+        ip.setStartIp(&quot;192.168.0.1&quot;);
+        ip.setEndIp(&quot;192.168.0.2&quot;);
</ins><span class="cx">         NotCondition myNotCondition = new NotCondition(ip);
</span><span class="cx"> 
</span><span class="cx">         //when
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementNotSubjectTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/NotSubjectTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/NotSubjectTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/NotSubjectTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -38,24 +38,6 @@
</span><span class="cx"> 
</span><span class="cx"> public class NotSubjectTest {
</span><span class="cx"> 
</span><del>-    @Test
-    public void testConstruction() throws Exception {
-        RoleSubject rs1 = new RoleSubject(&quot;role1&quot;);
-        rs1.setPSubjectName(&quot;r1&quot;);
-        NotSubject ns1 = new NotSubject(rs1);
-        ns1.setPSubjectName(&quot;r1&quot;);
-        NotSubject ns2 = new NotSubject();
-        ns2.setState(ns1.getState());
-
-        boolean result = ns1.equals(ns2);
-        if (!result) {
-            throw new Exception(&quot;NotSubjectTest.testConstruction():&quot;
-                    + &quot;NotSubject with setState=&quot;
-                    + &quot;does not equal NotSubject with getState()&quot;);
-
-        }
-    }
-
</del><span class="cx">     @Test (expectedExceptions = \
IllegalArgumentException.class) </span><span class="cx">     public void \
testSingleSubject() { </span><span class="cx">         //given
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementOrConditionEvalTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrConditionEvalTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrConditionEvalTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrConditionEvalTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,11 +27,16 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.sun.identity.entitlement.opensso.SubjectUtils;
</span><span class="cx"> import com.sun.identity.security.AdminTokenAction;
</span><ins>+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
 </ins><span class="cx"> import java.security.AccessController;
</span><span class="cx"> import java.util.HashMap;
</span><span class="cx"> import java.util.HashSet;
</span><span class="lines">@@ -43,6 +48,8 @@
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="cx"> 
</span><ins>+import static \
org.forgerock.openam.entitlement.conditions.environment.ConditionConstants.REQUEST_IP;
 +
</ins><span class="cx"> public class OrConditionEvalTest {
</span><span class="cx">     private static final String PRIVILEGE_NAME = \
&quot;OrConditionEvalTest&quot;; </span><span class="cx">     private static final \
String ROOT_RESOURCE_NAME =  </span><span class="lines">@@ -68,8 +75,10 @@
</span><span class="cx">             OrCondition cond = new OrCondition();
</span><span class="cx">             Set&lt;EntitlementCondition&gt; conditions = new \
 </span><span class="cx">                     HashSet&lt;EntitlementCondition&gt;();
</span><del>-            conditions.add(new DNSNameCondition(DNS_MASK));
-            conditions.add(new IPCondition(START_IP, END_IP));
</del><ins>+            IPCondition ipc = new IPCondition();
+            ipc.setStartIp(START_IP);
+            ipc.setEndIp(END_IP);
+            conditions.add(ipc);
</ins><span class="cx">             cond.setEConditions(conditions);
</span><span class="cx"> 
</span><span class="cx">             Privilege privilege = \
Privilege.getNewInstance(); </span><span class="lines">@@ -160,23 +169,11 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         String adv = ipAdvice.iterator().next();
</span><del>-        if (!adv.equals(IPCondition.REQUEST_IP + &quot;=&quot; + \
START_IP + &quot;-&quot; + END_IP) </del><ins>+        if (!adv.equals(REQUEST_IP + \
&quot;=&quot; + START_IP + &quot;-&quot; + END_IP) </ins><span class="cx">         ) \
{ </span><span class="cx">             throw new Exception(
</span><span class="cx">                     &quot;OrConditionEvalTest.negativeTest: \
incorrect decision for IPCondition&quot;); </span><span class="cx">         }
</span><del>-
-        Set&lt;String&gt; dsnAdvice = advices.get(DNSNameCondition.class.getName());
-        if ((dsnAdvice == null) || dsnAdvice.isEmpty()) {
-            throw new Exception(
-                    &quot;OrConditionEvalTest.negativeTest: no advice for \
                DNSNameCondition.&quot;);
-        }
-
-        String dnsAdv = dsnAdvice.iterator().next();
-        if (!dnsAdv.equals(DNSNameCondition.REQUEST_DNS_NAME + &quot;=&quot; + \
                DNS_MASK)){
-            throw new Exception(
-                    &quot;OrConditionEvalTest.negativeTest: incorrect decision for \
                DNSNameCondition&quot;);
-        }
</del><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     private Map&lt;String, Set&lt;String&gt;&gt; \
getEnvironment(String ipAddr, String dns) { </span><span class="lines">@@ -184,11 \
+181,11 @@ </span><span class="cx">                 new HashMap&lt;String, \
Set&lt;String&gt;&gt;(); </span><span class="cx">         Set&lt;String&gt; dnsMask = \
new HashSet&lt;String&gt;(); </span><span class="cx">         dnsMask.add(dns);
</span><del>-        environment.put(DNSNameCondition.REQUEST_DNS_NAME, dnsMask);
</del><ins>+        environment.put(&quot;requestDnsName&quot;, dnsMask);
</ins><span class="cx"> 
</span><span class="cx">         Set&lt;String&gt; ip = new HashSet&lt;String&gt;();
</span><span class="cx">         ip.add(ipAddr);
</span><del>-        environment.put(IPCondition.REQUEST_IP, ip);
</del><ins>+        environment.put(REQUEST_IP, ip);
</ins><span class="cx"> 
</span><span class="cx">         return environment;
</span><span class="cx">     }
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementOrConditionTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrConditionTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrConditionTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrConditionTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,32 +24,40 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: OrConditionTest.java,v 1.2 2009/09/05 00:24:03 \
veiming Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.unittest.UnittestLog;
</span><span class="cx"> import java.util.HashSet;
</span><span class="cx"> import java.util.Set;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition;
+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
</ins><span class="cx"> import org.testng.annotations.Test;
</span><span class="cx"> 
</span><span class="cx"> public class OrConditionTest {
</span><span class="cx"> 
</span><span class="cx">     @Test
</span><span class="cx">     public void testConstruction() throws Exception {
</span><del>-        IPCondition ipc = new IPCondition(&quot;100.100.100.100&quot;, \
                &quot;200.200.200.200&quot;);
-        ipc.setPConditionName(&quot;ip1&quot;);
-        DNSNameCondition dnsc = new DNSNameCondition(&quot;*.sun.com&quot;);
-        dnsc.setPConditionName(&quot;dns1&quot;);
</del><ins>+        IPCondition ipc = new IPCondition();
+        ipc.setStartIp(&quot;192.168.0.1&quot;);
+        ipc.setEndIp(&quot;192.168.0.2&quot;);
</ins><span class="cx"> 
</span><del>-        TimeCondition tc = new TimeCondition(&quot;08:00&quot;, \
                &quot;16:00&quot;,
-                &quot;mon&quot;, &quot;fri&quot;);
</del><ins>+        SimpleTimeCondition tc = new SimpleTimeCondition();
+        tc.setStartTime(&quot;08:00&quot;);
+        tc.setEndTime(&quot;16:00&quot;);
+        tc.setStartDay(&quot;mon&quot;);
+        tc.setEndDay(&quot;fri&quot;);
</ins><span class="cx">         tc.setStartDate(&quot;01/01/2001&quot;);
</span><span class="cx">         tc.setEndDate(&quot;02/02/2002&quot;);
</span><span class="cx">         tc.setEnforcementTimeZone(&quot;PST&quot;);
</span><del>-        tc.setPConditionName(&quot;tc1&quot;);
</del><span class="cx"> 
</span><span class="cx">         Set&lt;EntitlementCondition&gt; conditions = new \
HashSet&lt;EntitlementCondition&gt;(); </span><span class="cx">         \
conditions.add(ipc); </span><del>-        conditions.add(dnsc);
</del><span class="cx">         conditions.add(tc);
</span><span class="cx">         OrCondition oc = new OrCondition(conditions);
</span><span class="cx">         OrCondition oc1 = new OrCondition();
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementOrSubjectTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrSubjectTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrSubjectTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrSubjectTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,6 +24,11 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: OrSubjectTest.java,v 1.1 2009/08/19 05:41:00 veiming \
Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import java.util.HashSet;
</span><span class="lines">@@ -49,16 +54,11 @@
</span><span class="cx">         gs1.setPSubjectName(&quot;g1&quot;);
</span><span class="cx">         GroupSubject gs3 = new \
GroupSubject(&quot;group31&quot;); </span><span class="cx">         \
gs1.setPSubjectName(&quot;g3&quot;); </span><del>-        RoleSubject rs1 = new \
                RoleSubject(&quot;role1&quot;);
-        rs1.setPSubjectName(&quot;r1&quot;);
-        NotSubject ns1 = new NotSubject(rs1);
-        ns1.setPSubjectName(&quot;r1&quot;);
</del><span class="cx">         Set&lt;EntitlementSubject&gt; subjects = new \
HashSet&lt;EntitlementSubject&gt;(); </span><span class="cx">         \
subjects.add(us1); </span><span class="cx">         subjects.add(us2);
</span><span class="cx">         subjects.add(gs1);
</span><span class="cx">         subjects.add(gs2);
</span><del>-        subjects.add(ns1);
</del><span class="cx">         OrSubject os = new OrSubject(subjects);
</span><span class="cx">         OrSubject os1 = new OrSubject();
</span><span class="cx">         os1.setState(os.getState());
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementOrgAliasReferralTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrgAliasReferralTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrgAliasReferralTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/OrgAliasReferralTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,6 +27,10 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="lines">@@ -42,6 +46,8 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="lines">@@ -95,7 +101,7 @@
</span><span class="cx">         Entitlement e1 = new Entitlement(
</span><span class="cx">             \
&quot;http://www.OrgAliasReferralTest.com:80/*.*&quot;, </span><span class="cx">      \
actionValues); </span><del>-        EntitlementSubject sbj = new \
AuthenticatedESubject(); </del><ins>+        EntitlementSubject sbj = new \
AuthenticatedUsers(); </ins><span class="cx"> 
</span><span class="cx">         Privilege p1 = Privilege.getNewInstance();
</span><span class="cx">         p1.setName(&quot;OrgAliasReferralTest&quot;);
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementPrivilegeManagerTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/PrivilegeManagerTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/PrivilegeManagerTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/PrivilegeManagerTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -26,6 +26,11 @@
</span><span class="cx">  *
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="lines">@@ -46,6 +51,9 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.environment.SimpleTimeCondition;
+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
</ins><span class="cx"> import org.json.JSONObject;
</span><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="lines">@@ -204,14 +212,15 @@
</span><span class="cx">         subjects.add(ua2);
</span><span class="cx">         OrSubject os = new OrSubject(subjects);
</span><span class="cx"> 
</span><del>-        IPCondition ipc = new IPCondition(startIp, endIp);
-        ipc.setPConditionName(&quot;ipc&quot;);
-        DNSNameCondition dnsc = new DNSNameCondition(&quot;*.sun.com&quot;);
-        dnsc.setPConditionName(&quot;dnsc&quot;);
-        TimeCondition tc = new TimeCondition(&quot;08:00&quot;, &quot;16:00&quot;, \
                &quot;mon&quot;, &quot;fri&quot;);
-        tc.setPConditionName(&quot;tc&quot;);
</del><ins>+        IPCondition ipc = new IPCondition();
+        ipc.setStartIp(startIp);
+        ipc.setEndIp(endIp);
+        SimpleTimeCondition tc = new SimpleTimeCondition();
+        tc.setStartTime(&quot;08:00&quot;);
+        tc.setEndTime(&quot;16:00&quot;);
+        tc.setStartDay(&quot;mon&quot;);
+        tc.setEndDay(&quot;fri&quot;);
</ins><span class="cx">         Set&lt;EntitlementCondition&gt; conditions = new \
HashSet&lt;EntitlementCondition&gt;(); </span><del>-        conditions.add(dnsc);
</del><span class="cx">         conditions.add(tc);
</span><span class="cx"> 
</span><span class="cx">         StaticAttributes sa1 = new StaticAttributes();
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementRoleSubjectTestjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/RoleSubjectTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/RoleSubjectTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/RoleSubjectTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,46 +0,0 @@
</span><del>-/** 
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: RoleSubjectTest.java,v 1.1 2009/08/19 05:41:00 veiming Exp $
- */
-package com.sun.identity.entitlement;
-
-import org.testng.annotations.Test;
-
-public class RoleSubjectTest {
-
-    @Test
-    public void testConstruction() throws Exception {
-        RoleSubject role = new RoleSubject(&quot;role1&quot;);
-        role.setPSubjectName(&quot;r1&quot;);
-
-        RoleSubject role1 = new RoleSubject();
-        role1.setState(role.getState());
-
-        if (!role1.equals(role)) {
-            throw new Exception(
-                &quot;RoleSubjectTest.testConstruction: setState failed&quot;);
-        }
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementSingleWildCardEvaluatorTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/SingleWildCardEvaluatorTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/SingleWildCardEvaluatorTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/SingleWildCardEvaluatorTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,6 +27,10 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="lines">@@ -39,6 +43,8 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="lines">@@ -76,7 +82,7 @@
</span><span class="cx">         Privilege privilege = Privilege.getNewInstance();
</span><span class="cx">         privilege.setName(PRIVILEGE_NAME);
</span><span class="cx">         privilege.setEntitlement(ent);
</span><del>-        privilege.setSubject(new AuthenticatedESubject());
</del><ins>+        privilege.setSubject(new AuthenticatedUsers());
</ins><span class="cx">         pm.add(privilege);
</span><span class="cx">        
</span><span class="cx">         Thread.sleep(1000);
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementTimeConditionEvaluationjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeConditionEvaluation.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeConditionEvaluation.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeConditionEvaluation.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,216 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: TimeConditionEvaluation.java,v 1.3 2009/10/13 22:37:53 veiming Exp $
- *
- * Portions Copyrighted 2014 ForgeRock AS
- */
-
-package com.sun.identity.entitlement;
-
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.entitlement.opensso.SubjectUtils;
-import com.sun.identity.security.AdminTokenAction;
-import java.security.AccessController;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-public class TimeConditionEvaluation {
-    private static final String PRIVILEGE_NAME =
-        &quot;TimeConditionEvaluationPrivilege&quot;;
-    private static final String URL = \
                &quot;http://www.timeconditionevaluation.com&quot;;
-    private SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-            AdminTokenAction.getInstance());
-    private Subject adminSubject = SubjectUtils.createSubject(adminToken);
-    private boolean migrated = EntitlementConfiguration.getInstance(
-        adminSubject, &quot;/&quot;).migratedToEntitlementService();
-
-    @BeforeClass
-    public void setup() throws Exception {
-        if (!migrated) {
-            return;
-        }
-
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        Map&lt;String, Boolean&gt; actions = new HashMap&lt;String, Boolean&gt;();
-        actions.put(&quot;GET&quot;, Boolean.TRUE);
-        Entitlement ent = new Entitlement(
-            ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, URL, actions);
-
-        Privilege privilege = Privilege.getNewInstance();
-        privilege.setName(PRIVILEGE_NAME);
-        privilege.setEntitlement(ent);
-        privilege.setSubject(new AnyUserSubject());
-
-        TimeCondition tc = new TimeCondition();
-        tc.setStartTime(&quot;15:00&quot;);
-        tc.setEndTime(&quot;16:00&quot;);
-
-        privilege.setCondition(tc);
-        pm.add(privilege);
-    }
-
-    @AfterClass
-    public void cleanup() throws Exception {
-        if (!migrated) {
-            return;
-        }
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        pm.remove(PRIVILEGE_NAME);
-    }
-
-    private List&lt;Entitlement&gt; evaluate(String time) throws Exception {
-        Evaluator evaluator = new Evaluator(
-            SubjectUtils.createSubject(adminToken),
-            ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
-        return evaluator.evaluate(&quot;/&quot;, null, URL, envTime(time),
-            false);
-    }
-
-    @Test
-    public void positiveTest()
-        throws Exception {
-        List&lt;Entitlement&gt; entitlements = evaluate(&quot;1251847000000&quot;);
-
-        if ((entitlements == null) || entitlements.isEmpty()) {
-            throw new Exception(&quot;TimeConditionEvaluation.positiveTest: no \
                entitlements&quot;);
-        }
-
-        Entitlement ent = entitlements.get(0);
-        Boolean result = ent.getActionValue(&quot;GET&quot;);
-        if ((result == null) || !result) {
-            throw new Exception(&quot;TimeConditionEvaluation.positiveTest: \
                incorrect result&quot;);
-        }
-
-        Map&lt;String, Set&lt;String&gt;&gt; advices = ent.getAdvices();
-        if ((advices == null) || advices.isEmpty()) {
-            throw new Exception(&quot;TimeConditionEvaluation.positiveTest: no \
                advices&quot;);
-        }
-
-        Set&lt;String&gt; set = advices.get(ConditionDecision.MAX_TIME);
-
-        if ((set == null) || set.isEmpty()) {
-            throw new Exception(&quot;TimeConditionEvaluation.positiveTest: no \
                advices for MAX_TIME&quot;);
-        }
-
-        if (!set.contains(&quot;1251849600000&quot;)) {
-            throw new Exception(&quot;TimeConditionEvaluation.positiveTest: \
                incorrect advices for MAX_TIME&quot;);
-        }
-    }
-
-
-    @Test (dependsOnMethods={&quot;positiveTest&quot;})
-    public void negativeLowerLimitTest()
-        throws Exception {
-        List&lt;Entitlement&gt; entitlements = evaluate(&quot;1248994000000&quot;);
-
-        if ((entitlements == null) || entitlements.isEmpty()) {
-            throw new \
Exception(&quot;TimeConditionEvaluation.negativeLowerLimitTest: no \
                entitlements&quot;);
-        }
-
-        Entitlement ent = entitlements.get(0);
-        Boolean result = ent.getActionValue(&quot;GET&quot;);
-        if ((result != null) &amp;&amp; result) {
-            throw new \
Exception(&quot;TimeConditionEvaluation.negativeLowerLimitTest: incorrect \
                result&quot;);
-        }
-
-        Map&lt;String, Set&lt;String&gt;&gt; advices = ent.getAdvices();
-        if ((advices == null) || advices.isEmpty()) {
-            throw new \
                Exception(&quot;TimeConditionEvaluation.negativeLowerLimitTest: no \
                advices&quot;);
-        }
-
-        Set&lt;String&gt; set = advices.get(ConditionDecision.MAX_TIME);
-
-        if ((set == null) || set.isEmpty()) {
-            throw new \
Exception(&quot;TimeConditionEvaluation.negativeLowerLimitTest: no advices for \
                MAX_TIME&quot;);
-        }
-
-        if (!set.contains(&quot;1248994800000&quot;)) {
-            throw new \
Exception(&quot;TimeConditionEvaluation.negativeLowerLimitTest: incorrect advices for \
                MAX_TIME&quot;);
-        }
-    }
-
-    @Test (dependsOnMethods={&quot;negativeLowerLimitTest&quot;})
-    public void negativeUpperLimitTest()
-        throws Exception {
-        List&lt;Entitlement&gt; entitlements = evaluate(&quot;128999400000&quot;);
-
-        if ((entitlements == null) || entitlements.isEmpty()) {
-            throw new \
Exception(&quot;TimeConditionEvaluation.negativeUpperLimitTest: no \
                entitlements&quot;);
-        }
-
-        Entitlement ent = entitlements.get(0);
-        Boolean result = ent.getActionValue(&quot;GET&quot;);
-        if ((result != null) &amp;&amp; result) {
-            throw new \
Exception(&quot;TimeConditionEvaluation.negativeUpperLimitTest: incorrect \
                result&quot;);
-        }
-
-        Map&lt;String, Set&lt;String&gt;&gt; advices = ent.getAdvices();
-        if ((advices != null) &amp;&amp; !advices.isEmpty()) {
-            throw new \
                Exception(&quot;TimeConditionEvaluation.negativeUpperLimitTest: no \
                advices&quot;);
-        }
-    }
-
-    @Test (dependsOnMethods={&quot;negativeUpperLimitTest&quot;})
-    public void indefiniteEndTimeTest() throws Exception {
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        Privilege p = pm.findByName(PRIVILEGE_NAME);
-        TimeCondition tc = (TimeCondition)p.getCondition();
-        tc.setEndTime(null);
-        pm.modify(p);
-
-        List&lt;Entitlement&gt; entitlements = evaluate(&quot;128999400000&quot;);
-        if ((entitlements == null) || entitlements.isEmpty()) {
-            throw new Exception(
-                &quot;TimeConditionEvaluation.indefiniteEndTimeTest: no \
                entitlements&quot;);
-        }
-
-        Entitlement ent = entitlements.get(0);
-        Boolean result = ent.getActionValue(&quot;GET&quot;);
-        if ((result == null) || !result) {
-            throw new Exception(
-                &quot;TimeConditionEvaluation.indefiniteEndTimeTest: incorrect \
                result&quot;);
-        }
-    }
-
-    private Map&lt;String, Set&lt;String&gt;&gt; envTime(String time) {
-        Map&lt;String, Set&lt;String&gt;&gt; conditions = new
-            HashMap&lt;String, Set&lt;String&gt;&gt;();
-        Set&lt;String&gt; setTime = new HashSet&lt;String&gt;();
-        setTime.add(time);
-        conditions.put(TimeCondition.REQUEST_TIME, setTime);
-        return conditions;
-    }
-}
-
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementTimeConditionTestjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeConditionTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeConditionTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeConditionTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,61 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: TimeConditionTest.java,v 1.1 2009/08/19 05:41:01 veiming Exp $
- */
-package com.sun.identity.entitlement;
-
-import com.sun.identity.unittest.UnittestLog;
-
-import com.sun.identity.entitlement.IPCondition;
-import java.util.Date;
-
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.Test;
-import org.testng.annotations.BeforeClass;
-
-/**
- *
- * @author dillidorai
- */
-public class TimeConditionTest {
-
-    @Test
-    public void testConstruction() throws Exception {
-        TimeCondition tc = new TimeCondition(&quot;08:00&quot;, &quot;16:00&quot;,
-                &quot;mon&quot;, &quot;fri&quot;);
-        tc.setStartDate(&quot;01/01/2001&quot;);
-        tc.setEndDate(&quot;02/02/2002&quot;);
-        tc.setEnforcementTimeZone(&quot;PST&quot;);
-        tc.setPConditionName(&quot;tc1&quot;);
-
-        TimeCondition tc1 = new TimeCondition();
-        tc1.setState(tc.getState());
-    }
-
-    public static void main(String[] args) throws Exception {
-        new TimeConditionTest().testConstruction();
-        UnittestLog.flush(new Date().toString());
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementTimeZoneConditionEvaluationjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeZoneConditionEvaluation.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeZoneConditionEvaluation.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/TimeZoneConditionEvaluation.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,112 +0,0 @@
</span><del>-/**
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: TimeZoneConditionEvaluation.java,v 1.1 2009/08/19 05:41:01 veiming Exp $
- *
- * Portions Copyrighted 2014 ForgeRock AS
- */
-
-package com.sun.identity.entitlement;
-
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.entitlement.opensso.SubjectUtils;
-import com.sun.identity.security.AdminTokenAction;
-import java.security.AccessController;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-public class TimeZoneConditionEvaluation {
-    private static final String PRIVILEGE_NAME =
-        &quot;TimeZoneConditionEvaluationPrivilege&quot;;
-    private static final String TIME_ZONE = &quot;US/Pacific&quot;;
-    private static final String URL =
-        &quot;http://www.timezoneconditionevaluation.com&quot;;
-    private SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-        AdminTokenAction.getInstance());
-    private Subject adminSubject = SubjectUtils.createSubject(adminToken);
-    private boolean migrated = EntitlementConfiguration.getInstance(
-        adminSubject, &quot;/&quot;).migratedToEntitlementService();
-
-    @BeforeClass
-    public void setup() throws Exception {
-        if (!migrated) {
-            return;
-        }
-
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        Map&lt;String, Boolean&gt; actions = new HashMap&lt;String, Boolean&gt;();
-        actions.put(&quot;GET&quot;, Boolean.TRUE);
-        Entitlement ent = new Entitlement(
-            ApplicationTypeManager.URL_APPLICATION_TYPE_NAME, URL, actions);
-
-        Privilege privilege = Privilege.getNewInstance();
-        privilege.setName(PRIVILEGE_NAME);
-        privilege.setEntitlement(ent);
-        privilege.setSubject(new AnyUserSubject());
-
-        TimeCondition tc = new TimeCondition();
-        tc.setEnforcementTimeZone(TIME_ZONE);
-        privilege.setCondition(tc);
-        pm.add(privilege);
-        Thread.sleep(1000);
-    }
-
-    @AfterClass
-    public void cleanup() throws Exception {
-        if (!migrated) {
-            return;
-        }
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-            adminSubject);
-        pm.remove(PRIVILEGE_NAME);
-    }
-
-    @Test
-    public void evaluate()
-        throws Exception {
-        Set actions = new HashSet();
-        actions.add(&quot;GET&quot;);
-        Evaluator evaluator = new Evaluator(
-            SubjectUtils.createSubject(adminToken),
-            ApplicationTypeManager.URL_APPLICATION_TYPE_NAME);
-        Map&lt;String, Set&lt;String&gt;&gt; conditions = new
-            HashMap&lt;String, Set&lt;String&gt;&gt;();
-        Set&lt;String&gt; setTimeZone = new HashSet&lt;String&gt;();
-        setTimeZone.add(TIME_ZONE);
-        conditions.put(TimeCondition.REQUEST_TIME_ZONE, setTimeZone);
-        Boolean result = evaluator.hasEntitlement(&quot;/&quot;, null,
-            new Entitlement(URL, actions), conditions);
-        if (!result) {
-            throw new Exception(&quot;TimeZoneConditionEvaluation.evaluate \
                fails&quot;);
-        }
-    }
-}
-
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementWebServiceApplicationTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/WebServiceApplicationTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/WebServiceApplicationTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/WebServiceApplicationTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,6 +27,10 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="lines">@@ -42,6 +46,8 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="cx"> import org.testng.annotations.Test;
</span><span class="lines">@@ -91,7 +97,7 @@
</span><span class="cx">         Entitlement entitlement = new Entitlement(APPL_NAME, \
URL + &quot;index.html&quot;, </span><span class="cx">             actions);
</span><span class="cx">         privilege.setEntitlement(entitlement);
</span><del>-        privilege.setSubject(new AuthenticatedESubject());
</del><ins>+        privilege.setSubject(new AuthenticatedUsers());
</ins><span class="cx">         pm.add(privilege);
</span><span class="cx"> 
</span><span class="cx">         Privilege p = pm.findByName(POLICY_NAME);
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementXACMLExportTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/XACMLExportTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/XACMLExportTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/XACMLExportTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -26,6 +26,11 @@
</span><span class="cx">  *
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="lines">@@ -35,6 +40,7 @@
</span><span class="cx"> import com.sun.identity.entitlement.opensso.SubjectUtils;
</span><span class="cx"> import \
com.sun.identity.entitlement.xacml3.XACMLPrivilegeUtils; </span><span class="cx"> \
import com.sun.identity.entitlement.xacml3.core.PolicySet; </span><ins>+import \
org.forgerock.openam.entitlement.conditions.environment.IPCondition; </ins><span \
class="cx">  </span><span class="cx"> import com.sun.identity.idm.IdRepoException;
</span><span class="cx"> import com.sun.identity.security.AdminTokenAction;
</span><span class="lines">@@ -115,8 +121,9 @@
</span><span class="cx">         Set&lt;EntitlementCondition&gt; conditions = new \
HashSet&lt;EntitlementCondition&gt;(); </span><span class="cx">         String \
startIp = &quot;100.100.100.100&quot;; </span><span class="cx">         String endIp \
= &quot;200.200.200.200&quot;; </span><del>-        IPCondition ipc = new \
                IPCondition(startIp, endIp);
-        ipc.setPConditionName(&quot;ipc&quot;);
</del><ins>+        IPCondition ipc = new IPCondition();
+        ipc.setStartIp(startIp);
+        ipc.setEndIp(endIp);
</ins><span class="cx">         conditions.add(ipc);
</span><span class="cx">         OrCondition oc = new OrCondition(conditions);
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityentitlementxacml3PrivilegeUtilsTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/xacml3/PrivilegeUtilsTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/xacml3/PrivilegeUtilsTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/entitlement/xacml3/PrivilegeUtilsTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,13 +24,18 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: PrivilegeUtilsTest.java,v 1.1 2009/08/19 05:41:02 \
veiming Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.entitlement.xacml3;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.entitlement.AndCondition;
</span><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementCondition;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><del>-import com.sun.identity.entitlement.IPCondition;
</del><ins>+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
 </ins><span class="cx"> import com.sun.identity.entitlement.OrCondition;
</span><span class="cx"> import com.sun.identity.entitlement.OrSubject;
</span><span class="cx"> import com.sun.identity.entitlement.Privilege;
</span><span class="lines">@@ -95,8 +100,9 @@
</span><span class="cx">         Set&lt;EntitlementCondition&gt; conditions = new \
HashSet&lt;EntitlementCondition&gt;(); </span><span class="cx">         String \
startIp = &quot;100.100.100.100&quot;; </span><span class="cx">         String endIp \
= &quot;200.200.200.200&quot;; </span><del>-        IPCondition ipc = new \
                IPCondition(startIp, endIp);
-        ipc.setPConditionName(&quot;ipc&quot;);
</del><ins>+        IPCondition ipc = new IPCondition();
+        ipc.setStartIp(startIp);
+        ipc.setEndIp(endIp);
</ins><span class="cx">         conditions.add(ipc);
</span><span class="cx">         OrCondition oc = new OrCondition(conditions);
</span><span class="cx">         AndCondition ac = new AndCondition(conditions);
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentitypolicyIPCEvaluatorTestjava"></a>
 <div class="delfile"><h4>Deleted: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/policy/IPCEvaluatorTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/policy/IPCEvaluatorTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/policy/IPCEvaluatorTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -1,237 +0,0 @@
</span><del>-/** 
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
- *
- * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
- *
- * The contents of this file are subject to the terms
- * of the Common Development and Distribution License
- * (the License). You may not use this file except in
- * compliance with the License.
- *
- * You can obtain a copy of the License at
- * https://opensso.dev.java.net/public/CDDLv1.0.html or
- * opensso/legal/CDDLv1.0.txt
- * See the License for the specific language governing
- * permission and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL
- * Header Notice in each file and include the License file
- * at opensso/legal/CDDLv1.0.txt.
- * If applicable, add the following below the CDDL Header,
- * with the fields enclosed by brackets [] replaced by
- * your own identifying information:
- * &quot;Portions Copyrighted [year] [name of copyright owner]&quot;
- *
- * $Id: IPCEvaluatorTest.java,v 1.1 2009/08/21 05:27:00 dillidorai Exp $
- *
- * Portions Copyrighted 2014 ForgeRock AS
- */
-package com.sun.identity.policy;
-
-import com.iplanet.sso.SSOException;
-import com.iplanet.sso.SSOToken;
-import com.sun.identity.authentication.AuthContext;
-
-import com.sun.identity.entitlement.Entitlement;
-import com.sun.identity.entitlement.EntitlementCondition;
-import com.sun.identity.entitlement.EntitlementConfiguration;
-import com.sun.identity.entitlement.EntitlementException;
-import com.sun.identity.entitlement.EntitlementSubject;
-import com.sun.identity.entitlement.IPCondition;
-import com.sun.identity.entitlement.Privilege;
-import com.sun.identity.entitlement.PrivilegeManager;
-
-import com.sun.identity.entitlement.opensso.SubjectUtils;
-import com.sun.identity.entitlement.opensso.OpenSSOUserSubject;
-
-import com.sun.identity.idm.AMIdentity;
-import com.sun.identity.idm.AMIdentityRepository;
-import com.sun.identity.idm.IdRepoException;
-import com.sun.identity.idm.IdType;
-import com.sun.identity.security.AdminTokenAction;
-import com.sun.identity.unittest.UnittestLog;
-
-import java.security.AccessController;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.security.auth.Subject;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.Test;
-import org.testng.annotations.BeforeClass;
-
-/**
- *
- * @author dilli
- *
- * Unittest to verify the fix for issue 5440 
- * IP Address condition is broken
- */
-public class IPCEvaluatorTest {
-
-    private static String PRIVILEGE_NAME1 = &quot;IPCEvaluatorTestP1&quot;;
-    private static String URL_RESOURCE1
-            = &quot;http://www.sample.com:8080/ipc-evaluation.html&quot;;
-    private static String TEST_USER_NAME = &quot;policyTestUser&quot;;
-    private static String APPL_NAME = &quot;iPlanetAMWebAgentService&quot;;
-    private AMIdentity testUser;
-    private AuthContext lc;
-    private SSOToken userSSOToken;
-
-    @BeforeClass
-    public void setup() throws Exception {
-        try {
-            SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-                    AdminTokenAction.getInstance());
-            Subject adminSubject = SubjectUtils.createSubject(adminToken);
-            boolean migrated = EntitlementConfiguration.getInstance(
-                    adminSubject, &quot;/&quot;).migratedToEntitlementService();
-            if (!migrated) {
-                UnittestLog.logError(&quot;IPCEvaluatorTest.setup():&quot;
-                        + &quot; not migrated to entitlement service&quot;);
-                throw new Exception(&quot;IPCEvaluatorTest.setup():&quot;
-                        + &quot;not migrated to entitlement service&quot;);
-            }
-
-            testUser = createUser(adminToken);
-            userSSOToken = login();
-
-            PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-                    adminSubject);
-
-            Privilege privilege = Privilege.getNewInstance();
-            privilege.setName(PRIVILEGE_NAME1);
-
-            Map&lt;String, Boolean&gt; actionMap = new HashMap&lt;String, \
                Boolean&gt;();
-            actionMap.put(&quot;GET&quot;, Boolean.TRUE);
-
-            Entitlement ent = new Entitlement(APPL_NAME, URL_RESOURCE1,
-                    actionMap);
-            privilege.setEntitlement(ent);
-
-            EntitlementSubject es = new OpenSSOUserSubject(
-                    testUser.getUniversalId());
-            privilege.setSubject(es);
-
-            EntitlementCondition ec = new IPCondition(
-                    &quot;100.100.100.100&quot;, &quot;200.200.200.200&quot;);
-            privilege.setCondition(ec);
-
-            pm.add(privilege);
-        } catch (Exception e) {
-            UnittestLog.logError(&quot;IPCEvaluatorTest.setup():hit \
                exception&quot;);
-            UnittestLog.logError(&quot;Exception STACKTRACE, message:&quot;
-                    + e.getMessage());
-            UnittestLog.logError(&quot;Exception Class:&quot; + \
                e.getClass().getName());
-            StackTraceElement[] elems = e.getStackTrace();
-            for (StackTraceElement elem : elems) {
-                UnittestLog.logMessage(elem.toString());
-            }
-            UnittestLog.logMessage(&quot;END STACKTRACE&quot;);
-            throw e;
-        }
-    }
-
-    @AfterClass
-    public void cleanup() throws PolicyException, SSOException, 
-            IdRepoException,
-            EntitlementException {
-        try {
-            lc.logout();
-        } catch (Exception e) {
-            //ignore
-        }
-        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(
-                AdminTokenAction.getInstance());
-
-        Subject adminSubject = SubjectUtils.createSubject(adminToken);
-        PrivilegeManager pm = PrivilegeManager.getInstance(&quot;/&quot;,
-                adminSubject);
-        pm.remove(PRIVILEGE_NAME1);
-
-        AMIdentityRepository amir = new AMIdentityRepository(
-                adminToken, &quot;/&quot;);
-        Set&lt;AMIdentity&gt; identities = new HashSet&lt;AMIdentity&gt;();
-        identities.add(testUser);
-        amir.deleteIdentities(identities);
-    }
-
-    @Test
-    public void testAllowedWithStringIp() throws Exception {
-        PolicyEvaluator pe = new \
                PolicyEvaluator(&quot;iPlanetAMWebAgentService&quot;);
-        Map env = new HashMap();
-        env.put(&quot;requestIp&quot;, &quot;120.120.120.120&quot;);
-        if (!pe.isAllowed(userSSOToken, URL_RESOURCE1, &quot;GET&quot;, env)) {
-            throw new Exception(&quot;testIsAllowedWithStringIp:&quot; +
-                    URL_RESOURCE1 + &quot;, failed&quot;);
-        }
-    }
-
-    @Test
-    public void testAllowedWithSetIp() throws Exception {
-        PolicyEvaluator pe = new \
                PolicyEvaluator(&quot;iPlanetAMWebAgentService&quot;);
-        Map env = new HashMap();
-        Set requestIpSet = new HashSet();
-        requestIpSet.add(&quot;120.120.120.120&quot;);
-        env.put(&quot;requestIp&quot;, requestIpSet);
-        if (!pe.isAllowed(userSSOToken, URL_RESOURCE1, &quot;GET&quot;, env)) {
-            throw new Exception(&quot;testIsAllowedWithSetIp:&quot; +
-                    URL_RESOURCE1 + &quot;, failed&quot;);
-        }
-    }
-
-    private AMIdentity createUser(SSOToken adminToken)
-            throws IdRepoException, SSOException {
-        AMIdentityRepository amir = new AMIdentityRepository(
-                adminToken, &quot;/&quot;);
-        Map&lt;String, Set&lt;String&gt;&gt; attrValues = new HashMap&lt;String,
-                Set&lt;String&gt;&gt;();
-        Set&lt;String&gt; set = new HashSet&lt;String&gt;();
-        set.add(TEST_USER_NAME);
-        attrValues.put(&quot;givenname&quot;, set);
-        attrValues.put(&quot;sn&quot;, set);
-        attrValues.put(&quot;cn&quot;, set);
-        attrValues.put(&quot;userpassword&quot;, set);
-
-        testUser = amir.createIdentity(IdType.USER, TEST_USER_NAME,
-                attrValues);
-        return testUser;
-    }
-
-    private SSOToken login()
-            throws Exception {
-        lc = new AuthContext(&quot;/&quot;);
-        AuthContext.IndexType indexType
-                = AuthContext.IndexType.MODULE_INSTANCE;
-        lc.login(indexType, &quot;DataStore&quot;);
-        Callback[] callbacks = null;
-
-        // get information requested from module
-        while (lc.hasMoreRequirements()) {
-            callbacks = lc.getRequirements();
-            if (callbacks != null) {
-                addLoginCallbackMessage(callbacks);
-                lc.submitRequirements(callbacks);
-            }
-        }
-
-        return (lc.getStatus() == AuthContext.Status.SUCCESS) 
-                ? lc.getSSOToken() : null;
-    }
-
-    private void addLoginCallbackMessage(Callback[] callbacks) {
-        for (int i = 0; i &lt; callbacks.length; i++) {
-            if (callbacks[i] instanceof NameCallback) {
-                ((NameCallback) callbacks[i]).setName(TEST_USER_NAME);
-            } else if (callbacks[i] instanceof PasswordCallback) {
-                ((PasswordCallback) callbacks[i]).setPassword(
-                        TEST_USER_NAME.toCharArray());
-            }
-        }
-    }
-}
</del></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentitypolicyPrivilegeUtilsTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/policy/PrivilegeUtilsTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/policy/PrivilegeUtilsTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/policy/PrivilegeUtilsTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -24,17 +24,21 @@
</span><span class="cx">  *
</span><span class="cx">  * $Id: PrivilegeUtilsTest.java,v 1.1 2009/08/19 05:41:03 \
veiming Exp $ </span><span class="cx">  */
</span><ins>+
+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.policy;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.entitlement.opensso.PrivilegeUtils;
</span><span class="cx"> import com.iplanet.sso.SSOException;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.sun.identity.entitlement.AndCondition;
</span><del>-import com.sun.identity.entitlement.DNSNameCondition;
</del><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementCondition;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><del>-import com.sun.identity.entitlement.IPCondition;
</del><ins>+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
 </ins><span class="cx"> import com.sun.identity.entitlement.IPrivilege;
</span><span class="cx"> import com.sun.identity.entitlement.OrSubject;
</span><span class="cx"> import com.sun.identity.entitlement.Privilege;
</span><span class="lines">@@ -83,12 +87,12 @@
</span><span class="cx">         subjects.add(us1);
</span><span class="cx">         subjects.add(us2);
</span><span class="cx">         OrSubject os = new OrSubject(subjects);
</span><del>-        EntitlementCondition dnsc = new \
                DNSNameCondition(&quot;*.sun.com&quot;);
-        EntitlementCondition ipc = new IPCondition(&quot;100.100.100.100&quot;,
-            &quot;200.200.200.200&quot;);
</del><ins>+        IPCondition ipc = new IPCondition();
+        ipc.setStartIp(&quot;100.100.100.100&quot;);
+        ipc.setEndIp(&quot;200.200.200.200&quot;);
+
</ins><span class="cx">         Set&lt;EntitlementCondition&gt; setConditions = new
</span><span class="cx">             HashSet&lt;EntitlementCondition&gt;();
</span><del>-        setConditions.add(dnsc);
</del><span class="cx">         setConditions.add(ipc);
</span><span class="cx">         AndCondition andCondition = new AndCondition();
</span><span class="cx">         andCondition.setEConditions(setConditions);
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityrestListenerRestTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/ListenerRestTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/ListenerRestTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/ListenerRestTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,12 +27,15 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.rest;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.sun.identity.entitlement.ApplicationTypeManager;
</span><del>-import com.sun.identity.entitlement.AuthenticatedESubject;
</del><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementListener;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><span class="lines">@@ -62,6 +65,8 @@
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><span class="cx"> import javax.ws.rs.core.Cookie;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.json.JSONObject;
</span><span class="cx"> import org.owasp.esapi.ESAPI;
</span><span class="cx"> import org.owasp.esapi.errors.EncodingException;
</span><span class="lines">@@ -121,7 +126,7 @@
</span><span class="cx">             Entitlement entitlement = new \
Entitlement(RESOURCE_NAME + &quot;/*&quot;, </span><span class="cx">                 \
actions); </span><span class="cx">             privilege.setEntitlement(entitlement);
</span><del>-            EntitlementSubject sbj = new AuthenticatedESubject();
</del><ins>+            EntitlementSubject sbj = new AuthenticatedUsers();
</ins><span class="cx">             privilege.setSubject(sbj);
</span><span class="cx">             pm.add(privilege);
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityrestMultipleResourceRestTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/MultipleResourceRestTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/MultipleResourceRestTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/MultipleResourceRestTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,11 +27,14 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.rest;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><del>-import com.sun.identity.entitlement.AuthenticatedESubject;
</del><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><span class="cx"> import com.sun.identity.entitlement.JSONEntitlement;
</span><span class="lines">@@ -54,6 +57,8 @@
</span><span class="cx"> import javax.security.auth.Subject;
</span><span class="cx"> import javax.ws.rs.core.Cookie;
</span><span class="cx"> import javax.ws.rs.core.MultivaluedMap;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.json.JSONObject;
</span><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="lines">@@ -92,7 +97,7 @@
</span><span class="cx">             Entitlement entitlement = new \
Entitlement(RESOURCE_NAME + &quot;/*&quot;, </span><span class="cx">                 \
actions); </span><span class="cx">             privilege.setEntitlement(entitlement);
</span><del>-            EntitlementSubject sbj = new AuthenticatedESubject();
</del><ins>+            EntitlementSubject sbj = new AuthenticatedUsers();
</ins><span class="cx">             privilege.setSubject(sbj);
</span><span class="cx">             pm.add(privilege);
</span><span class="cx">         }
</span><span class="lines">@@ -104,7 +109,7 @@
</span><span class="cx">             Entitlement entitlement = new \
Entitlement(RESOURCE_NAME + </span><span class="cx">                 \
&quot;/index.html&quot;, actions); </span><span class="cx">             \
privilege.setEntitlement(entitlement); </span><del>-            EntitlementSubject \
sbj = new AuthenticatedESubject(); </del><ins>+            EntitlementSubject sbj = \
new AuthenticatedUsers(); </ins><span class="cx">             \
privilege.setSubject(sbj); </span><span class="cx">             pm.add(privilege);
</span><span class="cx">         }
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityrestPrivilegeRestTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/PrivilegeRestTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/PrivilegeRestTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/PrivilegeRestTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,11 +27,14 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.rest;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><del>-import com.sun.identity.entitlement.AuthenticatedESubject;
</del><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><span class="cx"> import com.sun.identity.entitlement.Privilege;
</span><span class="lines">@@ -50,6 +53,8 @@
</span><span class="cx"> import java.util.Map;
</span><span class="cx"> import javax.security.auth.Subject;
</span><span class="cx"> import javax.ws.rs.core.Cookie;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.json.JSONArray;
</span><span class="cx"> import org.json.JSONObject;
</span><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="lines">@@ -85,7 +90,7 @@
</span><span class="cx">         Entitlement entitlement = new \
Entitlement(RESOURCE_NAME + &quot;/*&quot;, </span><span class="cx">             \
actions); </span><span class="cx">         privilege.setEntitlement(entitlement);
</span><del>-        EntitlementSubject sbj = new AuthenticatedESubject();
</del><ins>+        EntitlementSubject sbj = new AuthenticatedUsers();
</ins><span class="cx">         privilege.setSubject(sbj);
</span><span class="cx">         pm.add(privilege);
</span><span class="cx"> 
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityrestRestPermissionTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/RestPermissionTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/RestPermissionTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/RestPermissionTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,13 +27,16 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.rest;
</span><span class="cx"> 
</span><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><span class="cx"> import com.sun.identity.delegation.DelegationManager;
</span><span class="cx"> import com.sun.identity.delegation.DelegationPrivilege;
</span><del>-import com.sun.identity.entitlement.AuthenticatedESubject;
</del><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementException;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><span class="lines">@@ -58,6 +61,8 @@
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><span class="cx"> import javax.ws.rs.core.Cookie;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.json.JSONObject;
</span><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="lines">@@ -112,7 +117,7 @@
</span><span class="cx">         Entitlement entitlement = new \
Entitlement(RESOURCE_NAME + &quot;/*&quot;, </span><span class="cx">             \
actions); </span><span class="cx">         privilege.setEntitlement(entitlement);
</span><del>-        EntitlementSubject sbj = new AuthenticatedESubject();
</del><ins>+        EntitlementSubject sbj = new AuthenticatedUsers();
</ins><span class="cx">         privilege.setSubject(sbj);
</span><span class="cx">         pm.add(privilege);
</span><span class="cx">     }
</span></span></pre></div>
<a id="branchesAME4616openamopenamfederationOpenFMsrctestjavacomsunidentityrestRestTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/RestTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/RestTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-federation/OpenFM/src/test/java/com/sun/identity/rest/RestTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -27,12 +27,15 @@
</span><span class="cx">  * Portions Copyrighted 2014 ForgeRock AS
</span><span class="cx">  */
</span><span class="cx"> 
</span><ins>+/**
+ * Portions copyright 2014 ForgeRock AS.
+ */
+
</ins><span class="cx"> package com.sun.identity.rest;
</span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.entitlement.util.AuthUtils;
</span><span class="cx"> import com.iplanet.am.util.SystemProperties;
</span><span class="cx"> import com.iplanet.sso.SSOToken;
</span><del>-import com.sun.identity.entitlement.AuthenticatedESubject;
</del><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><span class="cx"> import com.sun.identity.entitlement.JSONEntitlement;
</span><span class="lines">@@ -55,6 +58,8 @@
</span><span class="cx"> import java.util.Set;
</span><span class="cx"> import javax.security.auth.Subject;
</span><span class="cx"> import javax.ws.rs.core.Cookie;
</span><ins>+
+import org.forgerock.openam.entitlement.conditions.subject.AuthenticatedUsers;
</ins><span class="cx"> import org.json.JSONArray;
</span><span class="cx"> import org.json.JSONObject;
</span><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="lines">@@ -96,7 +101,7 @@
</span><span class="cx">             Entitlement entitlement = new \
Entitlement(RESOURCE_NAME + &quot;/*&quot;, </span><span class="cx">                 \
actions); </span><span class="cx">             privilege.setEntitlement(entitlement);
</span><del>-            EntitlementSubject sbj = new AuthenticatedESubject();
</del><ins>+            EntitlementSubject sbj = new AuthenticatedUsers();
</ins><span class="cx">             privilege.setSubject(sbj);
</span><span class="cx"> 
</span><span class="cx">             NumericAttributeCondition cond = new \
NumericAttributeCondition(); </span></span></pre></div>
<a id="branchesAME4616openamopenamoauth2"></a>
<div class="propset"><h4>Property changes: \
branches/AME-4616/openam/openam-oauth2</h4> <pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2629/openam/openam-oauth2:7585-7632
</span><span class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-oauth2:8749-8823
 </span><span class="cx">/branches/AME-3423/openam/openam-oauth2:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-oauth2:9534-9723
</span><span class="cx">/branches/AME-3719/openam/openam-oauth2:9517-9879
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-oauth2:9663-9819
 </span><span class="cx">/branches/AME-4378/openam/openam-oauth2:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-oauth2:10437-10535
</span><span class="cx">/branches/CTS-Async/openam/openam-oauth2:8847-9739
</span><span class="cx">/branches/IIS7PostData/openam/openam-oauth2:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-oauth2:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-oauth2:6910-6946
 </span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-oauth2:6958-6972
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-oauth2:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-oauth2:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-oauth2:8747-8835
 </span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-oauth2:9750-10171
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-oauth2:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-oauth2:7834-7844
 </span><span class="cx">/branches/ame4272/openam/openam-oauth2:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-oauth2:7508-7697
</span><span class="cx">/branches/andyAme3102/openam/openam-oauth2:8312-8413
</span><span class="cx">/branches/maven_merge/openam/openam-oauth2:2556-2558,2756-3124
 </span><span class="cx">/branches/oidc_authn/openam-oauth2:8507,8540,8557-8559,8565-8566
 </span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-oauth2:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-oauth2:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-oauth2:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-oauth2:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-oauth2:6767-6804
 </span><span class="cx">/branches/openam_10.1.0_SAML2_FIXES/openam-oauth2:3725-3740
</span><span class="cx">/branches/openam_10.1.0_jeff/openam-oauth2:3128-3527
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-oauth2:4039-4140
 </span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-oauth2:4141-4379
 </span><span class="cx">/branches/openid_connect_implementation/openam-oauth2:4140-5165
 </span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-oauth2:8348-8473
 </span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-oauth2:8476-8577
 </span><span class="cx">/branches/pcunnington-oauth2/openam/openam-oauth2:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-oauth2:8314-8341
 </span><span class="cx">/branches/rest_sts_view_bean/openam-oauth2:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-oauth2:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-oauth2:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-oauth2:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-oauth2:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-oauth2:5609-5614
 </span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-oauth2:6086-6319
 </span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-oauth2:6058-6069
 </span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-oauth2:5548-6055
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-oauth2:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-oauth2:5442-5484
 </span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-oauth2:6170-6194
 </span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-oauth2:6247-6257
 </span><span class="cx">/branches/sts_oidc_saml_redux/openam-oauth2:8417-8422,8424,8440,8445-8446,8460,8490,8498
 </span><span class="cx">/branches/sts_restart_persistence/openam-oauth2:9003-9005,9009-9414
 </span><span class="cx">/branches/sts_saml2_encrypt/openam-oauth2:10424-10472,10474-10550
 </span><span class="cx">/branches/sts_service_listeners/openam-oauth2:9968-10031,10047-10048,10053
 </span><span class="cx">/branches/sts_token_gen_service/openam-oauth2:8706,8717-8720, \
8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
 </span><span class="cx">/branches/sts_token_gen_service2/openam-oauth2:8844-8887,8894-9000
 </span><span class="cx">/branches/sts_x509/openam-oauth2:10206-10398
</span><span class="cx">/trunk/openam/openam-oauth2:3127-3577,10686-10687,10694-10696,10701,10713,10716,10719,10721,10723,10725,10728,10735
 </span><span class="cx">   + \
/branches/AME-2526-SFO-between-sites/openam/openam-oauth2:7510-8258 </span><span \
class="cx">/branches/AME-2629/openam/openam-oauth2:7585-7632 </span><span \
class="cx">/branches/AME-3405-session-read-from-cts/openam/openam-oauth2:8749-8823 \
</span><span class="cx">/branches/AME-3423/openam/openam-oauth2:10105-10414 \
</span><span class="cx">/branches/AME-3612-pcunnington/openam/openam-oauth2:9534-9723 \
</span><span class="cx">/branches/AME-3719/openam/openam-oauth2:9517-9879 \
</span><span class="cx">/branches/AME-3726-script-sandboxing/openam/openam-oauth2:9663-9819
 </span><span class="cx">/branches/AME-4378/openam/openam-oauth2:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-oauth2:10437-10535
</span><span class="cx">/branches/AME-4547/openam/openam-oauth2:10585-10783
</span><span class="cx">/branches/AME-4595/openam/openam-oauth2:10581-10789
</span><span class="cx">/branches/CTS-Async/openam/openam-oauth2:8847-9739
</span><span class="cx">/branches/IIS7PostData/openam/openam-oauth2:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam/openam-oauth2:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam/openam-oauth2:6910-6946
 </span><span class="cx">/branches/OPENAM-3130-session-quota/openam/openam-oauth2:6958-6972
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam/openam-oauth2:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam/openam-oauth2:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam/openam-oauth2:8747-8835
 </span><span class="cx">/branches/OPENAM-4028-connection-pool/openam/openam-oauth2:9750-10171
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam/openam-oauth2:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam/openam-oauth2:7834-7844
 </span><span class="cx">/branches/ame4272/openam/openam-oauth2:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam/openam-oauth2:7508-7697
</span><span class="cx">/branches/andyAme3102/openam/openam-oauth2:8312-8413
</span><span class="cx">/branches/maven_merge/openam/openam-oauth2:2556-2558,2756-3124
 </span><span class="cx">/branches/oidc_authn/openam-oauth2:8507,8540,8557-8559,8565-8566
 </span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam/openam-oauth2:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/openam/openam-oauth2:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/openam/openam-oauth2:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/openam/openam-oauth2:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/openam/openam-oauth2:6767-6804
 </span><span class="cx">/branches/openam_10.1.0_SAML2_FIXES/openam-oauth2:3725-3740
</span><span class="cx">/branches/openam_10.1.0_jeff/openam-oauth2:3128-3527
</span><span class="cx">/branches/openam_10.1.0_xacml3_JAS/openam/openam-oauth2:4039-4140
 </span><span class="cx">/branches/openam_10.2.0_xacml3_JAS/openam/openam-oauth2:4141-4379
 </span><span class="cx">/branches/openid_connect_implementation/openam-oauth2:4140-5165
 </span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam/openam-oauth2:8348-8473
 </span><span class="cx">/branches/pcunnington-AME-3158/openam/openam-oauth2:8476-8577
 </span><span class="cx">/branches/pcunnington-oauth2/openam/openam-oauth2:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam/openam-oauth2:8314-8341
 </span><span class="cx">/branches/rest_sts_view_bean/openam-oauth2:9690-9965
</span><span class="cx">/branches/rwapshott-AME-1739/openam/openam-oauth2:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam/openam-oauth2:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam/openam-oauth2:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam/openam-oauth2:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2027-cts-oids-should-follow-fr-oid-scheme/openam/openam-oauth2:5609-5614
 </span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam/openam-oauth2:6086-6319
 </span><span class="cx">/branches/rwapshott-ame-2311-index-names/openam/openam-oauth2:6058-6069
 </span><span class="cx">/branches/rwapshott-ame-258-cts-replication/openam/openam-oauth2:5548-6055
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam/openam-oauth2:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/openam/openam-oauth2:5442-5484
 </span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam/openam-oauth2:6170-6194
 </span><span class="cx">/branches/rwapshott-openam-2729-saml2-error/openam/openam-oauth2:6247-6257
 </span><span class="cx">/branches/sts_oidc_saml_redux/openam-oauth2:8417-8422,8424,8440,8445-8446,8460,8490,8498
 </span><span class="cx">/branches/sts_restart_persistence/openam-oauth2:9003-9005,9009-9414
 </span><span class="cx">/branches/sts_saml2_encrypt/openam-oauth2:10424-10472,10474-10550
 </span><span class="cx">/branches/sts_service_listeners/openam-oauth2:9968-10031,10047-10048,10053
 </span><span class="cx">/branches/sts_token_gen_service/openam-oauth2:8706,8717-8720, \
8723-8725,8727-8728,8731,8737,8740-8742,8759-8760,8774-8776,8796-8797,8800-8801,8818-8819,8821
 </span><span class="cx">/branches/sts_token_gen_service2/openam-oauth2:8844-8887,8894-9000
 </span><span class="cx">/branches/sts_x509/openam-oauth2:10206-10398
</span><span class="cx">/trunk/openam/openam-oauth2:3127-3577,10652-10812
</span><a id="branchesAME4616openamopenamrestsrcmainjavaorgforgerockopenamforgerockrestIdentityResourceV1java"></a>
 <div class="propset"><h4>Property changes: \
branches/AME-4616/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java</h4>
 <pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-4460_AME-4459/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10437-10535
 </span><span class="cx">/branches/maven_merge/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResource.java:3122-3124
 </span><span class="cx">/trunk/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResource.java:3125-10502
 </span><span class="cx">/trunk/openam/openam-rest/src/main/java/org/forgerock/openam/ \
forgerockrest/IdentityResourceV1.java:10443-10567,10686-10687,10694-10696,10701,10713,10716,10719,10721,10723,10725,10728,10735
 </span><span class="cx">   + \
/branches/AME-4378/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10443-10621
 </span><span class="cx">/branches/AME-4460_AME-4459/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10437-10535
 </span><span class="cx">/branches/AME-4547/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10585-10783
 </span><span class="cx">/branches/AME-4595/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10581-10789
 </span><span class="cx">/branches/maven_merge/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResource.java:3122-3124
 </span><span class="cx">/trunk/openam/openam-forgerock-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResource.java:3125-10502
 </span><span class="cx">/trunk/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/IdentityResourceV1.java:10443-10567,10652-10812
 </span><a id="branchesAME4616openamopenamrestsrcmainjavaorgforgerockopenamforgerockrestentitlementsmodeljsonJsonEntitlementSubjectMixinjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/entitlements/model/json/JsonEntitlementSubjectMixin.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/entitlements/model/json/JsonEntitlementSubjectMixin.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-rest/src/main/java/org/forgerock/openam/forgerockrest/entitlements/model/json/JsonEntitlementSubjectMixin.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -17,7 +17,6 @@
</span><span class="cx"> package \
org.forgerock.openam.forgerockrest.entitlements.model.json; </span><span class="cx"> 
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementSubject;
</span><del>-import com.sun.identity.entitlement.VirtualSubject;
</del><span class="cx"> import org.codehaus.jackson.annotate.JsonIgnore;
</span><span class="cx"> import org.codehaus.jackson.annotate.JsonProperty;
</span><span class="cx"> import org.codehaus.jackson.annotate.JsonTypeInfo;
</span><span class="lines">@@ -40,9 +39,6 @@
</span><span class="cx">     public abstract String getState();
</span><span class="cx"> 
</span><span class="cx">     @JsonIgnore
</span><del>-    public abstract VirtualSubject.VirtualId getVirtualId();
-
-    @JsonIgnore
</del><span class="cx">     public abstract Map&lt;String, Set&lt;String&gt;&gt; \
getSearchIndexAttributes(); </span><span class="cx"> 
</span><span class="cx">     @JsonIgnore
</span></span></pre></div>
<a id="branchesAME4616openamopenamrestsrctestjavaorgforgerockopenamforgerockrestentitlementsJsonPolicyParserTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-rest/src/test/java/org/forgerock/openam/forgerockrest/entitlements/JsonPolicyParserTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-rest/src/test/java/org/forgerock/openam/forgerockrest/entitlements/JsonPolicyParserTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-rest/src/test/java/org/forgerock/openam/forgerockrest/entitlements/JsonPolicyParserTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -22,7 +22,6 @@
</span><span class="cx"> import com.sun.identity.entitlement.Entitlement;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementCondition;
</span><span class="cx"> import com.sun.identity.entitlement.EntitlementException;
</span><del>-import com.sun.identity.entitlement.IPCondition;
</del><span class="cx"> import com.sun.identity.entitlement.NotCondition;
</span><span class="cx"> import com.sun.identity.entitlement.OrCondition;
</span><span class="cx"> import com.sun.identity.entitlement.Privilege;
</span><span class="lines">@@ -35,6 +34,8 @@
</span><span class="cx"> import com.sun.identity.shared.DateUtils;
</span><span class="cx"> import org.forgerock.json.fluent.JsonPointer;
</span><span class="cx"> import org.forgerock.json.fluent.JsonValue;
</span><ins>+import org.forgerock.openam.entitlement.conditions.environment.IPCondition;
 +import org.forgerock.openam.entitlement.conditions.environment.OAuth2ScopeCondition;
 </ins><span class="cx"> import org.forgerock.openam.utils.CollectionUtils;
</span><span class="cx"> import org.testng.annotations.AfterClass;
</span><span class="cx"> import org.testng.annotations.BeforeClass;
</span><span class="lines">@@ -294,20 +295,18 @@
</span><span class="cx">     @Test
</span><span class="cx">     public void shouldCorrectlyParseConditionTypes() throws \
Exception { </span><span class="cx">         // Given
</span><del>-        String startIp = &quot;127.0.0.1&quot;;
-        String endIp = &quot;127.0.0.255&quot;;
</del><ins>+        String scope = &quot;cn givenName&quot;;
</ins><span class="cx">         JsonValue content = \
json(object(field(&quot;condition&quot;, </span><del>-                \
                object(field(&quot;type&quot;, &quot;IP&quot;),
-                       field(&quot;startIp&quot;, startIp),
-                       field(&quot;endIp&quot;, endIp)))));
</del><ins>+                object(field(&quot;type&quot;, &quot;OAuth2Scope&quot;),
+                       field(&quot;requiredScopes&quot;, array(scope))))));
</ins><span class="cx"> 
</span><span class="cx">         // When
</span><span class="cx">         Privilege result = parser.parsePolicy(POLICY_NAME, \
content); </span><span class="cx"> 
</span><span class="cx">         // Then
</span><del>-        \
                assertThat(result.getCondition()).isInstanceOf(IPCondition.class);
-        assertThat(((IPCondition) \
                result.getCondition()).getStartIp()).isEqualTo(startIp);
-        assertThat(((IPCondition) \
result.getCondition()).getEndIp()).isEqualTo(endIp); </del><ins>+        \
assertThat(result.getCondition()).isInstanceOf(OAuth2ScopeCondition.class); +        \
assertThat(((OAuth2ScopeCondition) result.getCondition()).getRequiredScopes()) +      \
.isEqualTo(Collections.singleton(scope)); </ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     @Test(expectedExceptions = EntitlementException.class)
</span><span class="lines">@@ -330,15 +329,13 @@
</span><span class="cx">     @Test
</span><span class="cx">     public void shouldParseNestedAndConditions() throws \
Exception { </span><span class="cx">         // Given
</span><del>-        // An AND condition containing a single IP condition
-        String startIp = &quot;127.0.0.1&quot;;
-        String endIp = &quot;127.0.0.255&quot;;
</del><ins>+        // An AND condition containing a single OAuth2Scope condition
+        String scope = &quot;cn givenName&quot;;
</ins><span class="cx">         JsonValue content = \
json(object(field(&quot;condition&quot;, </span><span class="cx">                 \
object(field(&quot;type&quot;, &quot;AND&quot;), </span><span class="cx">             \
field(&quot;conditions&quot;, </span><del>-                               \
                Collections.singletonList(object(field(&quot;type&quot;, \
                &quot;IP&quot;),
-                                       field(&quot;startIp&quot;, startIp),
-                                       field(&quot;endIp&quot;, endIp))))))));
</del><ins>+                               \
Collections.singletonList(object(field(&quot;type&quot;, &quot;OAuth2Scope&quot;), +  \
field(&quot;requiredScopes&quot;, array(scope))))))))); </ins><span class="cx"> 
</span><span class="cx">         // When
</span><span class="cx">         Privilege result = parser.parsePolicy(POLICY_NAME, \
content); </span><span class="lines">@@ -347,24 +344,21 @@
</span><span class="cx">         \
assertThat(result.getCondition()).isInstanceOf(AndCondition.class); </span><span \
class="cx">         AndCondition and = (AndCondition) result.getCondition(); \
</span><span class="cx">         assertThat(and.getEConditions()).hasSize(1); \
</span><del>-        \
                assertThat(and.getEConditions().iterator().next()).isInstanceOf(IPCondition.class);
                
-        IPCondition ip = (IPCondition) and.getEConditions().iterator().next();
-        assertThat(ip.getStartIp()).isEqualTo(startIp);
-        assertThat(ip.getEndIp()).isEqualTo(endIp);
</del><ins>+        assertThat(and.getEConditions().iterator().next()).isInstanceOf(OAuth2ScopeCondition.class);
 +        OAuth2ScopeCondition oauth2Scope = (OAuth2ScopeCondition) \
and.getEConditions().iterator().next(); +        \
assertThat(oauth2Scope.getRequiredScopes()).isEqualTo(Collections.singleton(scope)); \
</ins><span class="cx">     } </span><span class="cx"> 
</span><span class="cx">     @Test
</span><span class="cx">     public void shouldParseNestedOrConditions() throws \
Exception { </span><span class="cx">         // Given
</span><del>-        // An OR condition containing a single IP condition
-        String startIp = &quot;127.0.0.1&quot;;
-        String endIp = &quot;127.0.0.255&quot;;
</del><ins>+        // An OR condition containing a single OAuth2Scope condition
+        String scope = &quot;cn givenName&quot;;
</ins><span class="cx">         JsonValue content = \
json(object(field(&quot;condition&quot;, </span><span class="cx">                 \
object(field(&quot;type&quot;, &quot;OR&quot;), </span><span class="cx">              \
field(&quot;conditions&quot;, </span><del>-                                \
                Collections.singletonList(object(field(&quot;type&quot;, \
                &quot;IP&quot;),
-                                        field(&quot;startIp&quot;, startIp),
-                                        field(&quot;endIp&quot;, endIp))))))));
</del><ins>+                                \
Collections.singletonList(object(field(&quot;type&quot;, &quot;OAuth2Scope&quot;), +  \
field(&quot;requiredScopes&quot;, array(scope))))))))); </ins><span class="cx"> 
</span><span class="cx">         // When
</span><span class="cx">         Privilege result = parser.parsePolicy(POLICY_NAME, \
content); </span><span class="lines">@@ -373,23 +367,20 @@
</span><span class="cx">         \
assertThat(result.getCondition()).isInstanceOf(OrCondition.class); </span><span \
class="cx">         OrCondition or = (OrCondition) result.getCondition(); \
</span><span class="cx">         assertThat(or.getEConditions()).hasSize(1); \
</span><del>-        \
                assertThat(or.getEConditions().iterator().next()).isInstanceOf(IPCondition.class);
                
-        IPCondition ip = (IPCondition) or.getEConditions().iterator().next();
-        assertThat(ip.getStartIp()).isEqualTo(startIp);
-        assertThat(ip.getEndIp()).isEqualTo(endIp);
</del><ins>+        assertThat(or.getEConditions().iterator().next()).isInstanceOf(OAuth2ScopeCondition.class);
 +        OAuth2ScopeCondition oauth2Scope = (OAuth2ScopeCondition) \
or.getEConditions().iterator().next(); +        \
assertThat(oauth2Scope.getRequiredScopes()).isEqualTo(Collections.singleton(scope)); \
</ins><span class="cx">     } </span><span class="cx"> 
</span><span class="cx">     @Test
</span><span class="cx">     public void shouldParseNotConditions() throws Exception \
{ </span><span class="cx">         // Given
</span><del>-        // A NOT condition containing an IP condition
-        String startIp = &quot;127.0.0.1&quot;;
-        String endIp = &quot;127.0.0.255&quot;;
</del><ins>+        // A NOT condition containing an OAuth2Scope condition
+        String scope = &quot;cn givenName&quot;;
</ins><span class="cx">         JsonValue content = \
json(object(field(&quot;condition&quot;, </span><span class="cx">                 \
object(field(&quot;type&quot;, &quot;NOT&quot;), </span><del>-                        \
                field(&quot;condition&quot;, object(field(&quot;type&quot;, \
                &quot;IP&quot;),
-                                field(&quot;startIp&quot;, startIp),
-                                field(&quot;endIp&quot;, endIp)))))));
</del><ins>+                        field(&quot;condition&quot;, \
object(field(&quot;type&quot;, &quot;OAuth2Scope&quot;), +                            \
field(&quot;requiredScopes&quot;, array(scope)))))))); </ins><span class="cx"> 
</span><span class="cx">         // When
</span><span class="cx">         Privilege result = parser.parsePolicy(POLICY_NAME, \
content); </span><span class="lines">@@ -397,10 +388,9 @@
</span><span class="cx">         // Then
</span><span class="cx">         \
assertThat(result.getCondition()).isInstanceOf(NotCondition.class); </span><span \
class="cx">         NotCondition not = (NotCondition) result.getCondition(); \
                </span><del>-        \
                assertThat(not.getECondition()).isInstanceOf(IPCondition.class);
-        IPCondition ip = (IPCondition) not.getECondition();
-        assertThat(ip.getStartIp()).isEqualTo(startIp);
-        assertThat(ip.getEndIp()).isEqualTo(endIp);
</del><ins>+        assertThat(not.getECondition()).isInstanceOf(OAuth2ScopeCondition.class);
 +        OAuth2ScopeCondition ip = (OAuth2ScopeCondition) not.getECondition();
+        assertThat(ip.getRequiredScopes()).isEqualTo(Collections.singleton(scope));
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     @Test
</span></span></pre></div>
<a id="branchesAME4616openamopenamtoolsopenaminstalltoolspomxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-tools/openam-installtools/pom.xml (10813 => \
10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-tools/openam-installtools/pom.xml	2014-09-30 13:48:08 \
                UTC (rev 10813)
+++ branches/AME-4616/openam/openam-tools/openam-installtools/pom.xml	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -46,9 +46,6 @@
</span><span class="cx">                 \
&lt;artifactId&gt;maven-surefire-plugin&lt;/artifactId&gt; </span><span class="cx">   \
&lt;configuration&gt; </span><span class="cx">                     \
&lt;systemPropertyVariables&gt; </span><del>-                        &lt;!-- Used by \
                the OSChecker Test Case --&gt;
-                        &lt;os.name&gt;Linux&lt;/os.name&gt;
-                        &lt;os.arch&gt;x86&lt;/os.arch&gt;
</del><span class="cx">                         \
&lt;com.sun.identity.product.logs.dir&gt;${project.build.testOutputDirectory}&lt;/com.sun.identity.product.logs.dir&gt;
 </span><span class="cx">                     &lt;/systemPropertyVariables&gt;
</span><span class="cx">                 &lt;/configuration&gt;
</span></span></pre></div>
<a id="branchesAME4616openamopenamtoolsopenaminstalltoolssrctestjavacomsunidentityinstalltoolsutilOSCheckerTestjava"></a>
 <div class="modfile"><h4>Modified: \
branches/AME-4616/openam/openam-tools/openam-installtools/src/test/java/com/sun/identity/install/tools/util/OSCheckerTest.java \
(10813 => 10814)</h4> <pre class="diff"><span>
<span class="info">--- \
branches/AME-4616/openam/openam-tools/openam-installtools/src/test/java/com/sun/identity/install/tools/util/OSCheckerTest.java	2014-09-30 \
                13:48:08 UTC (rev 10813)
+++ branches/AME-4616/openam/openam-tools/openam-installtools/src/test/java/com/sun/identity/install/tools/util/OSCheckerTest.java	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -16,55 +16,58 @@
</span><span class="cx"> 
</span><span class="cx"> package com.sun.identity.install.tools.util;
</span><span class="cx"> 
</span><del>-import org.testng.Assert;
</del><span class="cx"> import org.testng.annotations.Test;
</span><span class="cx"> 
</span><ins>+import java.util.Arrays;
+import java.util.List;
+
+import static org.testng.Assert.*;
+import static com.sun.identity.install.tools.util.OSChecker.*;
+
</ins><span class="cx"> public class OSCheckerTest {
</span><span class="cx"> 
</span><ins>+    private static final String OS_NAME = \
System.getProperty(&quot;os.name&quot;); +    private static final List&lt;String&gt; \
ARCHITECTURES = Arrays.asList( +            &quot;i386&quot;, &quot;i686&quot;, \
&quot;x86&quot;, &quot;x86_64&quot;, &quot;PowerPC&quot;, &quot;ppc&quot;, \
&quot;ppc64&quot;, &quot;sparc&quot;); +
</ins><span class="cx">     @Test
</span><span class="cx">     public void testIsUnixOrWindows() {
</span><del>-
-        Assert.assertTrue(OSChecker.isUnix() || OSChecker.isWindows());
</del><ins>+        assertTrue(isUnix() || isWindows());
+        assertFalse(isUnix() &amp;&amp; isWindows());
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     @Test
</span><span class="cx">     public void testLinuxVersionStringParsing() {
</span><span class="cx"> 
</span><span class="cx">         String linuxVersionString = \
&quot;2.6.32-279.14.1.el6.x86_64&quot;; </span><del>-        \
                OSChecker.parseVersion(linuxVersionString);
-        Assert.assertEquals(OSChecker.getOsMajorVersion(), 2);
-        Assert.assertEquals(OSChecker.getOsMinorVersion(), 6);
-        // These are hard-coded in the POM
-        Assert.assertTrue(OSChecker.atleast(&quot;Linux&quot;, 2, 6));
-        Assert.assertTrue(OSChecker.matchArch(&quot;x86&quot;));
</del><ins>+        parseVersion(linuxVersionString);
+        assertEquals(getOsMajorVersion(), 2);
+        assertEquals(getOsMinorVersion(), 6);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     @Test
</span><span class="cx">     public void testOSXVersionStringParsing() {
</span><del>-
</del><span class="cx">         String osXVersionString = &quot;10.9.5&quot;;
</span><del>-        OSChecker.parseVersion(osXVersionString);
-        Assert.assertEquals(OSChecker.getOsMajorVersion(), 10);
-        Assert.assertEquals(OSChecker.getOsMinorVersion(), 9);
-
</del><ins>+        parseVersion(osXVersionString);
+        assertEquals(getOsMajorVersion(), 10);
+        assertEquals(getOsMinorVersion(), 9);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     @Test
</span><span class="cx">     public void testWindowsVersionStringParsing() {
</span><del>-
</del><span class="cx">         String windowsVersionString = &quot;5.1&quot;;
</span><del>-        OSChecker.parseVersion(windowsVersionString);
-        Assert.assertEquals(OSChecker.getOsMajorVersion(), 5);
-        Assert.assertEquals(OSChecker.getOsMinorVersion(), 1);
</del><ins>+        parseVersion(windowsVersionString);
+        assertEquals(getOsMajorVersion(), 5);
+        assertEquals(getOsMinorVersion(), 1);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     @Test
</span><span class="cx">     public void testNoMinorVersionStringParsing() {
</span><span class="cx"> 
</span><span class="cx">         String noMinorString = &quot;100&quot;;
</span><del>-        OSChecker.parseVersion(noMinorString);
-        Assert.assertEquals(OSChecker.getOsMajorVersion(), 100);
-        Assert.assertEquals(OSChecker.getOsMinorVersion(), 0);
</del><ins>+        parseVersion(noMinorString);
+        assertEquals(getOsMajorVersion(), 100);
+        assertEquals(getOsMinorVersion(), 0);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     @Test
</span><span class="lines">@@ -73,8 +76,32 @@
</span><span class="cx">         // The exception output will end up in the TestCase \
debug log under the </span><span class="cx">         // target/test-cases directory \
as set in the POM. </span><span class="cx">         String exceptionString = \
&quot;abc.10&quot;; </span><del>-        OSChecker.parseVersion(exceptionString);
-        Assert.assertEquals(OSChecker.getOsMajorVersion(), 0);
-        Assert.assertEquals(OSChecker.getOsMinorVersion(), 0);
</del><ins>+        parseVersion(exceptionString);
+        assertEquals(getOsMajorVersion(), 0);
+        assertEquals(getOsMinorVersion(), 0);
</ins><span class="cx">     }
</span><ins>+
+    @Test
+    public void testAtLeast() {
+        parseVersion(&quot;1.2.3&quot;);
+        assertTrue(atleast(OS_NAME, 1, 0));
+        assertTrue(atleast(OS_NAME, 1, 2));
+        assertFalse(atleast(OS_NAME, 1, 3));
+        assertFalse(atleast(OS_NAME, 2, 1));
+        assertFalse(atleast(&quot;iOS&quot;, 1, 0));
+    }
+    
+    @Test
+    public void testArchitecture() {
+        int foundArch = 0;
+
+        // non-exhaustive list, covers conceivable architectures that might be \
running unit tests +        for (String arch : ARCHITECTURES) {
+            if (matchArch(arch)) {
+                foundArch++;
+            }
+        }
+
+        assertEquals(foundArch, 1, &quot;Expected &quot; + \
System.getProperty(&quot;os.arch&quot;) + &quot; to be one of &quot; + \
ARCHITECTURES); +    }
</ins><span class="cx"> }
</span></span></pre></div>
<a id="branchesAME4616openamagents"></a>
<div class="propset"><h4>Property changes: branches/AME-4616/openam-agents</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-2526-SFO-between-sites/openam-agents:7510-8258
</span><span class="cx">/branches/AME-3423/openam-agents:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam-agents:9534-9723
</span><span class="cx">/branches/AME-3719/openam-agents:9517-9879
</span><span class="cx">/branches/AME-4378/openam-agents:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam-agents:10437-10535
</span><span class="cx">/branches/IIS7PostData/openam-agents:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam-agents:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam-agents:6910-6946
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam-agents:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam-agents:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam-agents:8747-8835
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam-agents:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam-agents:7834-7844
 </span><span class="cx">/branches/ame4272/openam-agents:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam-agents:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam-agents:5311-5328
 </span><span class="cx">/branches/andyOpenam1708/openam-agents:5576-5592
</span><span class="cx">/branches/andyOpenam2373/openam-agents:5600-5706
</span><span class="cx">/branches/apforrest-ame1316/openam-agents:4881-5305
</span><span class="cx">/branches/maven_merge/openam-agents:2556-3124
</span><span class="cx">/branches/mdr_javaagents_mvn/openam-agents:5293-5729
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam-agents:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/openam-agents:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/openam-agents:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/openam-agents:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/openam-agents:6767-6804
 </span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam-agents:8348-8473
 </span><span class="cx">/branches/pcunnington-AME-3158/openam-agents:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam-agents:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam-agents:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam-agents:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam-agents:8314-8341
</span><span class="cx">/branches/policyimprovements/openam-agents:5513-5515
</span><span class="cx">/branches/rwapshott-AME-1739/openam-agents:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam-agents:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam-agents:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam-agents:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam-agents:6086-6319
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam-agents:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/openam-agents:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam-agents:6170-6194
 </span><span class="cx">/trunk/openam-agents:10686-10687,10694-10696,10701,10713,10716,10719,10721,10723,10725,10728,10735
 </span><span class="cx">   + /branches/10.1.0-Xpress/openam-agents:3888-3892
</span><span class="cx">/branches/AME-2526-SFO-between-sites/openam-agents:7510-8258
</span><span class="cx">/branches/AME-3423/openam-agents:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/openam-agents:9534-9723
</span><span class="cx">/branches/AME-3719/openam-agents:9517-9879
</span><span class="cx">/branches/AME-4378/openam-agents:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/openam-agents:10437-10535
</span><span class="cx">/branches/AME-4547/openam-agents:10585-10783
</span><span class="cx">/branches/AME-4595/openam-agents:10581-10789
</span><span class="cx">/branches/IIS7PostData/openam-agents:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/openam-agents:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/openam-agents:6910-6946
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/openam-agents:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/openam-agents:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/openam-agents:8747-8835
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/openam-agents:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/openam-agents:7834-7844
 </span><span class="cx">/branches/ame4272/openam-agents:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/openam-agents:7508-7697
</span><span class="cx">/branches/andy-ame1316-connectionfactory/openam-agents:5311-5328
 </span><span class="cx">/branches/andyOpenam1708/openam-agents:5576-5592
</span><span class="cx">/branches/andyOpenam2373/openam-agents:5600-5706
</span><span class="cx">/branches/apforrest-ame1316/openam-agents:4881-5305
</span><span class="cx">/branches/maven_merge/openam-agents:2556-3124
</span><span class="cx">/branches/mdr_javaagents_mvn/openam-agents:5293-5729
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/openam-agents:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/openam-agents:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/openam-agents:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/openam-agents:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/openam-agents:6767-6804
 </span><span class="cx">/branches/pcunnington-AME-3115-refactor/openam-agents:8348-8473
 </span><span class="cx">/branches/pcunnington-AME-3158/openam-agents:8476-8577
</span><span class="cx">/branches/pcunnington-AME-350/openam-agents:4165-4344
</span><span class="cx">/branches/pcunnington-ame-344/openam-agents:4651-5199
</span><span class="cx">/branches/pcunnington-oauth2/openam-agents:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/openam-agents:8314-8341
</span><span class="cx">/branches/policyimprovements/openam-agents:5513-5515
</span><span class="cx">/branches/rwapshott-AME-1739/openam-agents:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/openam-agents:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/openam-agents:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/openam-agents:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/openam-agents:6086-6319
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/openam-agents:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/openam-agents:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/openam-agents:6170-6194
 </span><span class="cx">/trunk/openam-agents:10652-10812
</span><a id="branchesAME4616opensso"></a>
<div class="propset"><h4>Property changes: branches/AME-4616/opensso</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-3423/opensso:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/opensso:9534-9723
</span><span class="cx">/branches/AME-3719/opensso:9517-9879
</span><span class="cx">/branches/AME-4378/opensso:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/opensso:10437-10535
</span><span class="cx">/branches/IIS7PostData/opensso:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/opensso:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/opensso:6910-6946
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/opensso:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/opensso:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/opensso:8747-8835
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/opensso:10263-10264
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/opensso:7834-7844
 </span><span class="cx">/branches/allanCSDK:64-163
</span><span class="cx">/branches/ame4272/opensso:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/opensso:7508-7697
</span><span class="cx">/branches/maven_merge/opensso:2556-3124
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/opensso:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/opensso:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/opensso:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/opensso:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/opensso:6767-6804
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/opensso:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/opensso:8476-8577
</span><span class="cx">/branches/pcunnington-oauth2/opensso:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/opensso:8314-8341
</span><span class="cx">/branches/rwapshott-AME-1739/opensso:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/opensso:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/opensso:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/opensso:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/opensso:6086-6319
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/opensso:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/opensso:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/opensso:6170-6194
 </span><span class="cx">/trunk/opensso:10652-10678,10686-10687,10694-10696,10701,10713,10716,10719,10721,10723,10725,10728,10735
 </span><span class="cx">   + /branches/AME-2526-SFO-between-sites/opensso:7510-8258
</span><span class="cx">/branches/AME-3423/opensso:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/opensso:9534-9723
</span><span class="cx">/branches/AME-3719/opensso:9517-9879
</span><span class="cx">/branches/AME-4378/opensso:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/opensso:10437-10535
</span><span class="cx">/branches/AME-4547/opensso:10585-10783
</span><span class="cx">/branches/AME-4595/opensso:10581-10789
</span><span class="cx">/branches/IIS7PostData/opensso:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/opensso:8322-8362
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/opensso:6910-6946
</span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/opensso:7270-7369
</span><span class="cx">/branches/OPENAM-3425-class-cast-exception/opensso:8333-8359
</span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/opensso:8747-8835
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/opensso:10263-10264
</span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/opensso:7834-7844
 </span><span class="cx">/branches/allanCSDK:64-163
</span><span class="cx">/branches/ame4272/opensso:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/opensso:7508-7697
</span><span class="cx">/branches/maven_merge/opensso:2556-3124
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/opensso:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/opensso:6672-6721
</span><span class="cx">/branches/openam-3072-cts-configuration/opensso:6691-6714
</span><span class="cx">/branches/openam-3092-store-mode-error/opensso:6729-6733
</span><span class="cx">/branches/openam-3110-create-or-update-bug/opensso:6767-6804
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/opensso:8348-8473
</span><span class="cx">/branches/pcunnington-AME-3158/opensso:8476-8577
</span><span class="cx">/branches/pcunnington-oauth2/opensso:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/opensso:8314-8341
</span><span class="cx">/branches/rwapshott-AME-1739/opensso:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/opensso:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/opensso:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/opensso:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/opensso:6086-6319
</span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/opensso:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/opensso:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/opensso:6170-6194
 </span><span class="cx">/trunk/opensso:10652-10812
</span><a id="branchesAME4616openssoproducts"></a>
<div class="propset"><h4>Property changes: branches/AME-4616/opensso/products</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnmergeinfo"></a>
<div class="modfile"><h4>Modified: svn:mergeinfo</h4></div>
<span class="cx">/branches/AME-3423/opensso/products:10105-10414
</span><span class="cx">/branches/AME-3612-pcunnington/opensso/products:9534-9723
</span><span class="cx">/branches/AME-3719/opensso/products:9517-9879
</span><span class="cx">/branches/AME-4378/opensso/products:10443-10621
</span><span class="cx">/branches/AME-4460_AME-4459/opensso/products:10437-10535
</span><span class="cx">/branches/IIS7PostData/opensso/products:224-261
</span><span class="cx">/branches/OPENAM-2961-forgot-password-404/opensso/products:8322-8362
 </span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/opensso/products:6910-6946
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/opensso/products:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/opensso/products:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/opensso/products:8747-8835
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/opensso/products:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/opensso/products:7834-7844
 </span><span class="cx">/branches/ame4272/opensso/products:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/opensso/products:7508-7697
</span><span class="cx">/branches/j2eePostData/opensso/products:482-520
</span><span class="cx">/branches/maven_merge/opensso/products:2556-3124
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/opensso/products:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/opensso/products:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/opensso/products:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/opensso/products:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/opensso/products:6767-6804
 </span><span class="cx">/branches/opends23_build002/products:132-181
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/opensso/products:8348-8473
 </span><span class="cx">/branches/pcunnington-AME-3158/opensso/products:8476-8577
</span><span class="cx">/branches/pcunnington-oauth2/opensso/products:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/opensso/products:8314-8341
</span><span class="cx">/branches/rwapshott-AME-1739/opensso/products:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/opensso/products:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/opensso/products:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/opensso/products:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/opensso/products:6086-6319
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/opensso/products:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/opensso/products:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/opensso/products:6170-6194
 </span><span class="cx">/trunk/opensso/products:10652-10678,10686-10687,10694-10696,10701,10713,10716,10719,10721,10723,10725,10728,10735
 </span><span class="cx">   + \
/branches/AME-2526-SFO-between-sites/opensso/products:7510-8258 </span><span \
class="cx">/branches/AME-3423/opensso/products:10105-10414 </span><span \
class="cx">/branches/AME-3612-pcunnington/opensso/products:9534-9723 </span><span \
class="cx">/branches/AME-3719/opensso/products:9517-9879 </span><span \
class="cx">/branches/AME-4378/opensso/products:10443-10621 </span><span \
class="cx">/branches/AME-4460_AME-4459/opensso/products:10437-10535 </span><span \
class="cx">/branches/AME-4547/opensso/products:10585-10783 </span><span \
class="cx">/branches/AME-4595/opensso/products:10581-10789 </span><span \
class="cx">/branches/IIS7PostData/opensso/products:224-261 </span><span \
class="cx">/branches/OPENAM-2961-forgot-password-404/opensso/products:8322-8362 \
</span><span class="cx">/branches/OPENAM-3097-sessions-not-deleted/opensso/products:6910-6946
 </span><span class="cx">/branches/OPENAM-3283-CTS-thread-exceptions/opensso/products:7270-7369
 </span><span class="cx">/branches/OPENAM-3425-class-cast-exception/opensso/products:8333-8359
 </span><span class="cx">/branches/OPENAM-3782-forgotten-password-changes/opensso/products:8747-8835
 </span><span class="cx">/branches/OPENAM-4384-ssoadm-classpath/opensso/products:10263-10264
 </span><span class="cx">/branches/OPENAM-OPENAM-3528-client-side-session-validation/opensso/products:7834-7844
 </span><span class="cx">/branches/ame4272/opensso/products:10073-10101
</span><span class="cx">/branches/andy-ame-2227-v2/opensso/products:7508-7697
</span><span class="cx">/branches/j2eePostData/opensso/products:482-520
</span><span class="cx">/branches/maven_merge/opensso/products:2556-3124
</span><span class="cx">/branches/openam-3049-cts-reaper-connection-usage/opensso/products:6658-6745
 </span><span class="cx">/branches/openam-3053-cts-tab-exception/opensso/products:6672-6721
 </span><span class="cx">/branches/openam-3072-cts-configuration/opensso/products:6691-6714
 </span><span class="cx">/branches/openam-3092-store-mode-error/opensso/products:6729-6733
 </span><span class="cx">/branches/openam-3110-create-or-update-bug/opensso/products:6767-6804
 </span><span class="cx">/branches/opends23_build002/products:132-181
</span><span class="cx">/branches/pcunnington-AME-3115-refactor/opensso/products:8348-8473
 </span><span class="cx">/branches/pcunnington-AME-3158/opensso/products:8476-8577
</span><span class="cx">/branches/pcunnington-oauth2/opensso/products:8710-8793
</span><span class="cx">/branches/phcunnington-AME-3114/opensso/products:8314-8341
</span><span class="cx">/branches/rwapshott-AME-1739/opensso/products:5331-5353
</span><span class="cx">/branches/rwapshott-AME-215/opensso/products:4091-4155
</span><span class="cx">/branches/rwapshott-AME-257/opensso/products:4047-4126
</span><span class="cx">/branches/rwapshott-AME-804/opensso/products:4267-5404
</span><span class="cx">/branches/rwapshott-ame-2160-session-size/opensso/products:6086-6319
 </span><span class="cx">/branches/rwapshott-openam-2198-session-resource-protection/opensso/products:5628-5824
 </span><span class="cx">/branches/rwapshott-openam-2526/opensso/products:5442-5484
</span><span class="cx">/branches/rwapshott-openam-2716-cts-invalid-chars/opensso/products:6170-6194
 </span><span class="cx">/trunk/opensso/products:10652-10812
</span><a id="branchesAME4616openssoproductswebagentsMakefilelinuxmk"></a>
<div class="modfile"><h4>Modified: \
branches/AME-4616/opensso/products/webagents/Makefile.linux.mk (10813 => 10814)</h4> \
<pre class="diff"><span> <span class="info">--- \
branches/AME-4616/opensso/products/webagents/Makefile.linux.mk	2014-09-30 13:48:08 \
                UTC (rev 10813)
+++ branches/AME-4616/opensso/products/webagents/Makefile.linux.mk	2014-09-30 \
13:49:13 UTC (rev 10814) </span><span class="lines">@@ -64,10 +64,12 @@
</span><span class="cx"> 
</span><span class="cx"> varnishi: $(VRNSHOBJS)
</span><span class="cx"> 	@echo &quot;[*** Creating &quot;$@&quot; shared library \
***]&quot; </span><ins>+	$(MAKE) -C install/varnish/
</ins><span class="cx"> 	${CC} -shared -Wl,-export-dynamic -fPIC \
-Wl,-soname,libvmod_am.so $(LDFLAGS) -Wl,-rpath,'$$ORIGIN/../lib' \
-Wl,-rpath,'$$ORIGIN' -z origin $(VRNSHOBJS) -o agents/source/varnish/libvmod_am.so \
am/source/libamsdk.a -lstdc++ $(EXT_LIBS) </span><span class="cx"> 
</span><span class="cx"> varnish302i: varnish_agent_302.o vcc_if_302.o
</span><span class="cx"> 	@echo &quot;[*** Creating &quot;$@&quot; shared library \
***]&quot; </span><ins>+	$(MAKE) -C install/varnish/
</ins><span class="cx"> 	${CC} -shared -Wl,-export-dynamic -fPIC \
-Wl,-soname,libvmod_am.so $(LDFLAGS) -Wl,-rpath,'$$ORIGIN/../lib' \
-Wl,-rpath,'$$ORIGIN' -z origin agents/source/varnish/varnish_agent_302.o \
agents/source/varnish/vcc_if_302.o -o agents/source/varnish/libvmod_am.so \
am/source/libamsdk.a -lstdc++ $(EXT_LIBS) </span><span class="cx"> 
</span><span class="cx"> oiwsi: $(OIWSOBJS)
</span></span></pre></div>
<a id="branchesAME4616openssoproductswebagentsbuildxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-4616/opensso/products/webagents/build.xml (10813 => 10814)</h4> <pre \
class="diff"><span> <span class="info">--- \
branches/AME-4616/opensso/products/webagents/build.xml	2014-09-30 13:48:08 UTC (rev \
                10813)
+++ branches/AME-4616/opensso/products/webagents/build.xml	2014-09-30 13:49:13 UTC \
(rev 10814) </span><span class="lines">@@ -135,6 +135,8 @@
</span><span class="cx"> 
</span><span class="cx">     &lt;target name=&quot;clean&quot;&gt;
</span><span class="cx">         &lt;echo message=&quot;Dispatch to clean&quot;/&gt;
</span><ins>+        &lt;ant antfile=&quot;${webagents.basedir}/build_agent.xml&quot; \
 +             target=&quot;clean&quot; inheritRefs=&quot;true&quot;/&gt;
</ins><span class="cx">         &lt;exec executable=&quot;gmake&quot; \
failonerror=&quot;true&quot;&gt; </span><span class="cx">             &lt;arg \
value=&quot;clean&quot; /&gt; </span><span class="cx">         &lt;/exec&gt;
</span></span></pre></div>
<a id="branchesAME4616openssoproductswebagentsbuild_agentxml"></a>
<div class="modfile"><h4>Modified: \
branches/AME-4616/opensso/products/webagents/build_agent.xml (10813 => 10814)</h4> \
<pre class="diff"><span> <span class="info">--- \
branches/AME-4616/opensso/products/webagents/build_agent.xml	2014-09-30 13:48:08 UTC \
                (rev 10813)
+++ branches/AME-4616/opensso/products/webagents/build_agent.xml	2014-09-30 13:49:13 \
UTC (rev 10814) </span><span class="lines">@@ -178,6 +178,11 @@
</span><span class="cx">         &lt;delete \
dir=&quot;${webagents.container.lib.dir}&quot;/&gt; </span><span class="cx">         \
&lt;delete dir=&quot;${webagents.container.classes.dir}&quot;/&gt; </span><span \
class="cx">         &lt;delete dir=&quot;${webagents.container.built.dir}&quot;/&gt; \
</span><ins>+        &lt;delete&gt; +            &lt;fileset \
dir=&quot;${webagents.basedir}/install/varnish/source/&quot; \
includes=&quot;**/*.o&quot;/&gt; +            &lt;fileset \
dir=&quot;${webagents.basedir}/install/varnish/include/&quot; \
includes=&quot;version.h&quot;/&gt; +            &lt;fileset \
dir=&quot;${webagents.basedir}/install/varnish/&quot; \
includes=&quot;agentadmin&quot;/&gt; +        &lt;/delete&gt;
</ins><span class="cx">     &lt;/target&gt;
</span><span class="cx"> 
</span><span class="cx">     &lt;target name=&quot;all&quot; \
depends=&quot;preparebuild, scratch&quot;&gt; </span><span class="lines">@@ -187,11 \
+192,13 @@ </span><span class="cx">     
</span><span class="cx">     &lt;target name=&quot;varnish&quot; \
depends=&quot;preparebuild, scratch&quot;&gt; </span><span class="cx">         \
&lt;zip file=&quot;${webagents.dist.dir}/${containername}_v30_${build.os}${build.type.suffix}_agent_${agentversion}.zip&quot; \
whenempty=&quot;create&quot;&gt;   </span><del>-            &lt;zipfileset \
filemode=&quot;755&quot; prefix=&quot;web_agents/varnish/bin&quot; \
dir=&quot;${webagents.basedir}/extlib/${build.os.ext}/varnish${build.type.suffix}/bin/&quot; \
includes=&quot;agentadmin&quot;/&gt; </del><ins>+            &lt;zipfileset \
filemode=&quot;755&quot; prefix=&quot;web_agents/varnish/bin&quot; \
dir=&quot;${webagents.basedir}/install/varnish/&quot; \
includes=&quot;agentadmin&quot;/&gt; </ins><span class="cx">             \
&lt;zipfileset prefix=&quot;web_agents/varnish/instances&quot; \
includes=&quot;**&quot; dir=&quot;${container.web_agent.logs.dir}&quot;/&gt; \
</span><span class="cx">             &lt;zipfileset \
prefix=&quot;web_agents/varnish/logs&quot; includes=&quot;**&quot; \
dir=&quot;${container.web_agent.logs.dir}&quot; /&gt; </span><span class="cx">        \
&lt;zipfileset filemode=&quot;755&quot; prefix=&quot;web_agents/varnish/lib&quot; \
dir=&quot;${webagents.basedir}/agents/source/varnish/&quot; \
includes=&quot;libvmod_am.so&quot;/&gt; </span><span class="cx">             \
&lt;zipfileset dir=&quot;${webagents.basedir}/extlib/${build.os.ext}/legal-notices/&quot; \
includes=&quot;license.txt&quot; \
fullpath=&quot;web_agents/varnish/legal-notices/license.txt&quot;/&gt; </span><ins>+  \
&lt;zipfileset dir=&quot;${container.web_agent.config.dir}/&quot; \
includes=&quot;OpenSSOAgentBootstrap.template&quot; \
fullpath=&quot;web_agents/varnish/conf/OpenSSOAgentBootstrap.template&quot;/&gt; +    \
&lt;zipfileset dir=&quot;${container.web_agent.config.dir}/&quot; \
includes=&quot;OpenSSOAgentConfiguration.template&quot; \
fullpath=&quot;web_agents/varnish/conf/OpenSSOAgentConfiguration.template&quot;/&gt; \
</ins><span class="cx">         &lt;/zip&gt; </span><span class="cx">         \
&lt;checksum file=&quot;${webagents.dist.dir}/${containername}_v30_${build.os}${build.type.suffix}_agent_${agentversion}.zip&quot;
 </span><span class="cx">                   algorithm=&quot;SHA&quot; \
fileext=&quot;.sha&quot; /&gt;   </span><span class="lines">@@ -199,11 +206,13 @@
</span><span class="cx">     
</span><span class="cx">     &lt;target name=&quot;varnish302&quot; \
depends=&quot;preparebuild, scratch&quot;&gt; </span><span class="cx">         \
&lt;zip file=&quot;${webagents.dist.dir}/${containername}_${build.os}${build.type.suffix}_agent_${agentversion}.zip&quot; \
whenempty=&quot;create&quot;&gt;   </span><del>-            &lt;zipfileset \
filemode=&quot;755&quot; prefix=&quot;web_agents/varnish/bin&quot; \
dir=&quot;${webagents.basedir}/extlib/Linux/varnish302_64/bin/&quot; \
includes=&quot;agentadmin&quot;/&gt; </del><ins>+            &lt;zipfileset \
filemode=&quot;755&quot; prefix=&quot;web_agents/varnish/bin&quot; \
dir=&quot;${webagents.basedir}/install/varnish/&quot; \
includes=&quot;agentadmin&quot;/&gt; </ins><span class="cx">             \
&lt;zipfileset prefix=&quot;web_agents/varnish/instances&quot; \
includes=&quot;**&quot; dir=&quot;${container.web_agent.logs.dir}&quot;/&gt; \
</span><span class="cx">             &lt;zipfileset \
prefix=&quot;web_agents/varnish/logs&quot; includes=&quot;**&quot; \
dir=&quot;${container.web_agent.logs.dir}&quot; /&gt; </span><span class="cx">        \
&lt;zipfileset filemode=&quot;755&quot; prefix=&quot;web_agents/varnish/lib&quot; \
dir=&quot;${webagents.basedir}/agents/source/varnish/&quot; \
includes=&quot;libvmod_am.so&quot;/&gt; </span><span class="cx">             \
&lt;zipfileset dir=&quot;${webagents.basedir}/extlib/${build.os.ext}/legal-notices/&quot; \
includes=&quot;license.txt&quot; \
fullpath=&quot;web_agents/varnish/legal-notices/license.txt&quot;/&gt; </span><ins>+  \
&lt;zipfileset dir=&quot;${container.web_agent.config.dir}/&quot; \
includes=&quot;OpenSSOAgentBootstrap.template&quot; \
fullpath=&quot;web_agents/varnish/conf/OpenSSOAgentBootstrap.template&quot;/&gt; +    \
&lt;zipfileset dir=&quot;${container.web_agent.config.dir}/&quot; \
includes=&quot;OpenSSOAgentConfiguration.template&quot; \
fullpath=&quot;web_agents/varnish/conf/OpenSSOAgentConfiguration.template&quot;/&gt; \
</ins><span class="cx">         &lt;/zip&gt; </span><span class="cx">         \
&lt;checksum file=&quot;${webagents.dist.dir}/${containername}_${build.os}${build.type.suffix}_agent_${agentversion}.zip&quot;
 </span><span class="cx">                   algorithm=&quot;SHA&quot; \
fileext=&quot;.sha&quot; /&gt;   </span></span></pre>
</div>
</div>
<div id="footer">Copyright (c) by ForgeRock. All rights reserved.</div>

</body>
</html>


_______________________________________________
CommitOpenAM mailing list
CommitOpenAM@forgerock.org
https://lists.forgerock.org/mailman/listinfo/commitopenam


[prev in list] [next in list] [prev in thread] [next in thread]