Example 6 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class AccessMgrImplTest method authenticateResetUsers.
/**
* @param msg
* @param uArray
*/
private static void authenticateResetUsers(String msg, String[][] uArray, String[] plcy) {
LogUtil.logIt(msg);
try {
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
PwPolicyMgr policyMgr = PswdPolicyMgrImplTest.getManagedPswdMgr();
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
// update this user with pw policy that requires change after reset:
policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
// now try negative test case:
try {
accessMgr.authenticate(user.getUserId(), user.getPassword());
// accessMgr.authenticate( user.getUserId(), user.getPassword() );
fail(CLS_NM + ".authenticateResetUsers failed test");
} catch (SecurityException se) {
assertTrue(CLS_NM + "authenticateResetUsers reset excep id check", se.getErrorId() == GlobalErrIds.USER_PW_RESET);
// pass
}
}
LOG.debug("authenticateResetUsers successful");
} catch (SecurityException ex) {
LOG.error("authenticateResetUsers: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
PwPolicyMgr(org.apache.directory.fortress.core.PwPolicyMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Example 7 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class AccessMgrImplTest method dropActiveRoles.
/**
* @param msg
* @param uArray
* @param rArray
*/
public static void dropActiveRoles(String msg, String[][] uArray, String[][] rArray) {
LogUtil.logIt(msg);
try {
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
Session session = accessMgr.createSession(user, false);
assertNotNull(session);
List<UserRole> uRoles = session.getRoles();
assertNotNull(uRoles);
assertEquals(CLS_NM + ".dropActiveRoles failed list size user[" + user.getUserId() + "]", rArray.length, uRoles.size());
for (String[] rle : rArray) {
assertTrue(CLS_NM + ".dropActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" + RoleTestData.getName(rle) + "] should be present", uRoles.contains(RoleTestData.getUserRole(UserTestData.getUserId(usr), rle)));
}
// remove all roles from the user's session:
int ctr = rArray.length;
for (String[] rle : rArray) {
// Drop Role:
accessMgr.dropActiveRole(session, new UserRole(RoleTestData.getName(rle)));
assertEquals(CLS_NM + ".dropActiveRoles failed list size user[" + user.getUserId() + "]", (--ctr), session.getRoles().size());
assertTrue(CLS_NM + ".dropActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" + RoleTestData.getName(rle) + "] should not contain role", !session.getRoles().contains(RoleTestData.getUserRole(UserTestData.getUserId(usr), rle)));
// Drop Role again: (This better fail because role has already been deactivated from user's session)
try {
// Drop Role3 (this better fail):
accessMgr.dropActiveRole(session, new UserRole(RoleTestData.getName(rle)));
String error = "dropActiveRoles failed negative test 2 User [" + user.getUserId() + "] Role [" + RoleTestData.getName(rle) + "]";
LOG.info(error);
fail(error);
} catch (SecurityException se) {
assertTrue("dropActiveRoles excep id check", se.getErrorId() == GlobalErrIds.URLE_NOT_ACTIVE);
}
}
}
} catch (SecurityException ex) {
LOG.error("dropActiveRoles: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 8 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class AccessMgrImplTest method createSessions.
/**
* @param msg
* @param uArray
* @param rArray
*/
public static void createSessions(String msg, String[][] uArray, String[][] rArray) {
LogUtil.logIt(msg);
try {
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
Session session = accessMgr.createSession(user, false);
assertNotNull(session);
String userId = accessMgr.getUserId(session);
assertTrue(CLS_NM + ".createSessions failed compare found userId [" + userId + "] valid userId [" + UserTestData.getUserId(usr) + "]", userId.equalsIgnoreCase(UserTestData.getUserId(usr)));
UserTestData.assertEquals(user, usr);
List<UserRole> uRoles = session.getRoles();
assertNotNull(uRoles);
assertEquals(CLS_NM + ".createSessions user role check failed list size user [" + user.getUserId() + "]", rArray.length, uRoles.size());
for (String[] rle : rArray) {
assertTrue(CLS_NM + ".createSessions failed role search USER [" + user.getUserId() + "] ROLE1 [" + RoleTestData.getName(rle) + "] should be present", uRoles.contains(RoleTestData.getUserRole(UserTestData.getUserId(usr), rle)));
}
// now try negative test case:
try {
User userBad = new User(user.getUserId(), "badpw");
accessMgr.createSession(userBad, false);
fail(CLS_NM + ".createSessions failed negative test");
} catch (SecurityException se) {
assertTrue(CLS_NM + "createSessions excep id check", se.getErrorId() == GlobalErrIds.USER_PW_INVLD);
// pass
}
}
LOG.debug("createSessions successful");
} catch (SecurityException ex) {
LOG.error("createSessions: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 9 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class DelegatedMgrImplTest method canAssignUsers.
/**
* @param msg
* @param op
* @param uraArray
* @param uaArray
* @param uArray
* @param rArray
*/
public static void canAssignUsers(String msg, ASSIGN_OP op, String[][] uraArray, String[][] uaArray, String[][] uArray, String[][] rArray) {
LogUtil.logIt(msg);
Role role;
Map<URA, URA> uraTestResults = URATestData.getURAs(uraArray);
try {
DelAccessMgr delAccessMgr = DelAccessMgrFactory.createInstance(TestUtils.getContext());
AccessMgr accessMgr = (AccessMgr) delAccessMgr;
int i = 0;
for (String[] aUsr : uaArray) {
User aUser = UserTestData.getUser(aUsr);
Session session = accessMgr.createSession(aUser, false);
assertNotNull(session);
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
i++;
for (String[] rle : rArray) {
role = RoleTestData.getRole(rle);
String methodName;
boolean result;
if (op == ASSIGN_OP.ASSIGN) {
result = delAccessMgr.canAssign(session, user, role);
methodName = ".canAssignUsers";
} else {
result = delAccessMgr.canDeassign(session, user, role);
methodName = ".canDeassignUsers";
}
List<UserAdminRole> aRoles = session.getAdminRoles();
assertNotNull(aRoles);
assertTrue(CLS_NM + methodName + " Admin User invalid number of roles", aRoles.size() == 1);
// since this user should only have one admin role, get the first one from list:
UserAdminRole aRole = aRoles.get(0);
URA sourceUra = new URA(aRole.getName(), user.getOu(), role.getName(), result);
URA targetUra = uraTestResults.get(sourceUra);
assertTrue(CLS_NM + methodName + " cannot find target URA admin role [" + sourceUra.getArole() + " uou [" + sourceUra.getUou() + "] role [" + sourceUra.getUrole() + "] Result [" + sourceUra.isCanAssign() + "] actual result [" + result + "]", targetUra != null);
LOG.debug(methodName + " User [" + user.getUserId() + "] success URA using admin role [" + targetUra.getArole() + " uou [" + targetUra.getUou() + "] role [" + targetUra.getUrole() + "] target result [" + targetUra.isCanAssign() + "] actual result [" + result + "]");
}
}
}
} catch (SecurityException ex) {
LOG.error("canAssignUsers op [" + op + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
DelAccessMgr(org.apache.directory.fortress.core.DelAccessMgr)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
DelAccessMgr(org.apache.directory.fortress.core.DelAccessMgr)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
Session(org.apache.directory.fortress.core.model.Session)
Example 10 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class DelegatedMgrImplTest method canGrantPerms.
/**
* @param msg
* @param op
* @param uraArray
* @param uaArray
* @param pArray
* @param rArray
*/
public static void canGrantPerms(String msg, GRANT_OP op, String[][] uraArray, String[][] uaArray, String[][] pArray, String[][] rArray) {
LogUtil.logIt(msg);
Role role;
Map<PRA, PRA> praTestResults = PRATestData.getPRAs(uraArray);
try {
DelAccessMgr delAccessMgr = DelAccessMgrFactory.createInstance(TestUtils.getContext());
AccessMgr accessMgr = (AccessMgr) delAccessMgr;
int i = 0;
for (String[] aUsr : uaArray) {
User aUser = UserTestData.getUser(aUsr);
Session session = accessMgr.createSession(aUser, false);
assertNotNull(session);
for (String[] prm : pArray) {
PermObj pObj = PermTestData.getObj(prm);
i++;
for (String[] rle : rArray) {
role = RoleTestData.getRole(rle);
String methodName;
boolean result;
if (op == GRANT_OP.GRANT) {
result = delAccessMgr.canGrant(session, role, new Permission(pObj.getObjName(), ""));
methodName = ".canGrantPerms";
} else {
result = delAccessMgr.canRevoke(session, role, new Permission(pObj.getObjName(), ""));
methodName = ".canRevokePerms";
}
List<UserAdminRole> aRoles = session.getAdminRoles();
assertNotNull(aRoles);
assertTrue(CLS_NM + methodName + " Admin User invalid number of roles", aRoles.size() == 1);
UserAdminRole aRole = aRoles.get(0);
PRA sourceUra = new PRA(aRole.getName(), pObj.getOu(), role.getName(), result);
PRA targetUra = praTestResults.get(sourceUra);
assertTrue(CLS_NM + methodName + " cannot find target PRA admin role [" + sourceUra.getArole() + " pou [" + sourceUra.getPou() + "] role [" + sourceUra.getUrole() + "] Result [" + sourceUra.isCanAssign() + "] actual result [" + result + "]", targetUra != null);
LOG.debug(methodName + " failed target PRA admin role [" + targetUra.getArole() + " pou [" + targetUra.getPou() + "] role [" + targetUra.getUrole() + "] target result [" + targetUra.isCanAssign() + "] actual result [" + result + "]");
}
}
}
} catch (SecurityException ex) {
LOG.error("canGrantPerms op [" + op + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
DelAccessMgr(org.apache.directory.fortress.core.DelAccessMgr)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
DelAccessMgr(org.apache.directory.fortress.core.DelAccessMgr)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
Session(org.apache.directory.fortress.core.model.Session)
Aggregations
AccessMgr (org.apache.directory.fortress.core.AccessMgr)41
SecurityException (org.apache.directory.fortress.core.SecurityException)41
User (org.apache.directory.fortress.core.model.User)37
Session (org.apache.directory.fortress.core.model.Session)32
UserRole (org.apache.directory.fortress.core.model.UserRole)17
Permission (org.apache.directory.fortress.core.model.Permission)7
AdminMgr (org.apache.directory.fortress.core.AdminMgr)6
PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)6
DelAccessMgr (org.apache.directory.fortress.core.DelAccessMgr)4
ArrayList (java.util.ArrayList)3
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)3
AdminRole (org.apache.directory.fortress.core.model.AdminRole)2
Role (org.apache.directory.fortress.core.model.Role)2
SDSet (org.apache.directory.fortress.core.model.SDSet)2
CSVWriter (au.com.bytecode.opencsv.CSVWriter)1
FileWriter (java.io.FileWriter)1
IOException (java.io.IOException)1
SimpleDateFormat (java.text.SimpleDateFormat)1
Date (java.util.Date)1
Enumeration (java.util.Enumeration)1
