Example 11 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class DelegatedMgrImplTest method createAdminSession.
/**
*/
public static Session createAdminSession() {
Session adminSess = null;
try {
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
User admin = UserTestData.getUser(UserTestData.USERS_TU0[0]);
adminSess = accessMgr.createSession(admin, false);
} catch (SecurityException ex) {
String error = " static initializer caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage();
LOG.error(error);
}
return adminSess;
}
Also used :
User(org.apache.directory.fortress.core.model.User)
DelAccessMgr(org.apache.directory.fortress.core.DelAccessMgr)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 12 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method graceLoginLimit.
/**
* PT6
* 5.2.8 pwdGraceAuthNLimit
* <p>
* This attribute specifies the number of times an expired password can
* be used to authenticate. If this attribute is not present or if the
* value is 0, authentication will fail.
* @param msg
* @param usr
* @param plcy
*/
public void graceLoginLimit(String msg, String[] usr, String[] plcy) {
LogUtil.logIt(msg);
try {
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
User user = UserTestData.getUser(usr);
user.setPwPolicy(PolicyTestData.getName(plcy));
adminMgr.updateUser(user);
String newPassword = user.getPassword() + "a";
adminMgr.changePassword(user, newPassword);
user.setPassword(newPassword);
TestUtils.sleep(PolicyTestData.getMaxAge(plcy));
TestUtils.sleep(1);
int numGrace = PolicyTestData.getGraceLoginLimit(plcy);
for (int i = 0; i < numGrace; i++) {
try {
accessMgr.createSession(user, false);
TestUtils.sleep(1);
} catch (SecurityException ex) {
fail(CLS_NM + ".graceLoginLimit name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed grace allowed=" + numGrace + " iteration=" + i);
assertTrue(CLS_NM + ".graceLoginLimit invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_EXPIRED);
// still good
}
}
try {
accessMgr.createSession(user, false);
fail(CLS_NM + ".graceLoginLimit name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed grace test 2");
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".graceLoginLimit invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_EXPIRED);
// still good
}
} catch (SecurityException ex) {
LOG.error("graceLoginLimit caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 13 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method failureCountInterval.
/**
* PT10
* <p>
* This attribute holds the number of seconds after which the password
* failures are purged from the failure counter, even though no
* successful authentication occurred.
* <p>
* If this attribute is not present, or if its value is 0, the failure
* counter is only reset by a successful authentication.
*
* @param msg
* @param usr
* @param plcy
*/
public void failureCountInterval(String msg, String[] usr, String[] plcy) {
LogUtil.logIt(msg);
try {
PwPolicyMgr policyMgr = getManagedPswdMgr();
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
User user = UserTestData.getUser(usr);
policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
int maxFailures = PolicyTestData.getMaxFailure(plcy);
int failureInterval = PolicyTestData.getFailureCountInterval(plcy);
for (int i = 0; i < maxFailures - 1; i++) {
try {
User badUser = new User(user.getUserId(), "wrongpw");
accessMgr.createSession(badUser, false);
fail(CLS_NM + ".failureCountInterval name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed failure count interval test, maxfailures=" + maxFailures + " iteration=" + i);
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".failureCountInterval invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_INVLD);
// still good
TestUtils.sleep(1);
}
}
// now sleep for failure count interval - password failure count should reset automatically:
TestUtils.sleep(failureInterval);
// sleep one more second for good measure.
TestUtils.sleep(1);
// now loop thru another set of bad pw tries:
for (int i = 0; i < maxFailures - 1; i++) {
try {
User badUser = new User(user.getUserId(), "wrongpw");
accessMgr.createSession(badUser, false);
fail(CLS_NM + ".failureCountInterval name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed failure count interval test 2, maxfailures=" + maxFailures + " iteration=" + i);
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".failureCountInterval invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_INVLD);
// still good
TestUtils.sleep(1);
}
}
// now sleep for failure count interval - password failure count should reset automatically:
TestUtils.sleep(failureInterval);
// sleep one more second for good measure.
TestUtils.sleep(1);
// now try with valid password - it should work...
accessMgr.createSession(user, false);
} catch (SecurityException ex) {
LOG.error("failureCountInterval caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
PwPolicyMgr(org.apache.directory.fortress.core.PwPolicyMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Example 14 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method mustChange.
/**
* PT11
* This attribute specifies with a value of "TRUE" that users must
* change their passwords when they first bind to the directory after a
* password is set or reset by a password administrator. If this
* attribute is not present, or if the value is "FALSE", users are not
* required to change their password upon binding after the password
* administrator sets or resets the password. This attribute is not set
* due to any actions specified by this document, it is typically set by
* a password administrator after resetting a user's password.
*
* @param msg
* @param usr
* @param plcy
*/
public void mustChange(String msg, String[] usr, String[] plcy) {
LogUtil.logIt(msg);
try {
PwPolicyMgr policyMgr = getManagedPswdMgr();
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
User user = UserTestData.getUser(usr);
policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
boolean mustChange = PolicyTestData.getMustChange(plcy);
adminMgr.resetPassword(user, "newpassword");
if (mustChange) {
try {
// because mustchange flag is set, this better fail:
User badUser = new User(user.getUserId(), "newpassword");
accessMgr.createSession(badUser, false);
fail(CLS_NM + ".mustChange name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed must change test flag=" + mustChange);
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".mustChange invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_RESET);
// still good
TestUtils.sleep(1);
}
} else {
// this better work:
User goodUser = new User(user.getUserId(), "newpassword");
accessMgr.createSession(goodUser, false);
}
} catch (SecurityException ex) {
LOG.error(CLS_NM + ".mustChange policy [" + PolicyTestData.getName(plcy) + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
PwPolicyMgr(org.apache.directory.fortress.core.PwPolicyMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 15 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class CreateSessionSample method createSessionsWithRolesTrusted.
/**
* Create RBAC Session and activated supplied Roles. This scenario perform authentication in trusted manner
* which does not require User password.
*
* @param userId Case insensitive userId.
* @param roles array of Role names to activate into RBAC Session.
* @param expectedRoles integer contains the expected number of Roles in the Session.
*/
public static void createSessionsWithRolesTrusted(String userId, String[] roles, int expectedRoles) {
String szLocation = ".createSessionsWithRolesTrusted";
try {
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// The User entity is used to pass data into the createSession API.
User user = new User(userId);
// iterate over array of input Role names.
for (String roleName : roles) {
// Add the Role name to list of Roles to be activated on Session.
user.setRoleName(roleName);
}
// The API will verify User is good and perform Role activations. Request will fail if User is locked out of ldap for any reason.
Session session = accessMgr.createSession(user, true);
// createSession will throw SecurityException if fails thus the Session should never be null.
assertNotNull(session);
// Get the User's activated Roles.
List<UserRole> sessRoles = session.getRoles();
// do some validations
assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, sessRoles.size());
for (String roleName : roles) {
assertTrue(szLocation + " userId [" + userId + "] with roles trusted failed role check", sessRoles.contains(new UserRole(roleName)));
}
LOG.info(szLocation + " userId [" + userId + "] successful");
} catch (SecurityException ex) {
LOG.error(szLocation + " caught userId [" + userId + "] SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Aggregations
AccessMgr (org.apache.directory.fortress.core.AccessMgr)41
SecurityException (org.apache.directory.fortress.core.SecurityException)41
User (org.apache.directory.fortress.core.model.User)37
Session (org.apache.directory.fortress.core.model.Session)32
UserRole (org.apache.directory.fortress.core.model.UserRole)17
Permission (org.apache.directory.fortress.core.model.Permission)7
AdminMgr (org.apache.directory.fortress.core.AdminMgr)6
PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)6
DelAccessMgr (org.apache.directory.fortress.core.DelAccessMgr)4
ArrayList (java.util.ArrayList)3
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)3
AdminRole (org.apache.directory.fortress.core.model.AdminRole)2
Role (org.apache.directory.fortress.core.model.Role)2
SDSet (org.apache.directory.fortress.core.model.SDSet)2
CSVWriter (au.com.bytecode.opencsv.CSVWriter)1
FileWriter (java.io.FileWriter)1
IOException (java.io.IOException)1
SimpleDateFormat (java.text.SimpleDateFormat)1
Date (java.util.Date)1
Enumeration (java.util.Enumeration)1
