Examples with AccessMgr org.apache.directory.fortress.core.AccessMgr used on opensource projects

Search in sources :

Example 21 with AccessMgr

use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.

the class AccessMgrSample method testDropActiveRoles.

/**
 * RBAC compliant systems allow User Roles to be activated and deactivated from their Session.  This facilitates
 * the principle of least privilege which prescribes only giving User's as much capability as they need to complete
 * their job duties.  This means not all Roles that a User may be authorized to activated will necessarily be active
 * at any one point in time.  This allows for separation of duty restrictions to be enforced.
 */
public static void testDropActiveRoles() {
    String szLocation = ".testDropActiveRoles";
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // Calling createSession and not setting any roles on User beforehand will attempt to activate all assigned Roles:
        Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
        assertNotNull(session);
        // now, drop roles from User's Session one at a time:
        for (int i = 1; i < 11; i++) {
            UserRole dropUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
            accessMgr.dropActiveRole(session, dropUserRole);
            LOG.info(szLocation + " userId [" + dropUserRole.getUserId() + "] deactivated role [" + dropUserRole.getName() + "] removed from session");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) AccessMgr(org.apache.directory.fortress.core.AccessMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session)

Example 22 with AccessMgr

use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.

the class AccessMgrSample method testDisplayUserSession.

/**
 * This test will display all of the User Session attributes to the System out of test machine.  It is intended
 * to demonstrate what data is carried within a User's Fortress Session object.
 */
public static void testDisplayUserSession() {
    String szLocation = ".testDisplayUserSession";
    try {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // utility function will create an Fortress Session.  The Session contains the user's activated
        // roles along with other related attributes and status information (i.e. password status)
        Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
        assertNotNull(session);
        User user = accessMgr.getUser(session);
        assertNotNull(user);
        LOG.info(szLocation);
        LOG.info("S   UID  [" + session.getUserId() + "]:");
        LOG.info("S   IID  [" + session.getInternalUserId() + "]");
        LOG.info("S   ERR  [" + session.getErrorId() + "]");
        LOG.info("S   WARN [" + session.getWarnings() + "]");
        LOG.info("S   MSG  [" + session.getMsg() + "]");
        LOG.info("S   EXP  [" + session.getExpirationSeconds() + "]");
        LOG.info("S   GRAC [" + session.getGraceLogins() + "]");
        LOG.info("S   AUTH [" + session.isAuthenticated() + "]");
        LOG.info("S   LAST [" + session.getLastAccess() + "]");
        LOG.info("S   SID  [" + session.getSessionId() + "]");
        LOG.info("------------------------------------------");
        LOG.info("U   UID  [" + user.getUserId() + "]");
        LOG.info("U   IID  [" + user.getInternalId() + "]");
        LOG.info("U   CN   [" + user.getCn() + "]");
        LOG.info("U   DESC [" + user.getDescription() + "]");
        LOG.info("U   OU   [" + user.getOu() + "]");
        LOG.info("U   SN   [" + user.getSn() + "]");
        LOG.info("U   BDTE [" + user.getBeginDate() + "]");
        LOG.info("U   EDTE [" + user.getEndDate() + "]");
        LOG.info("U   BLDT [" + user.getBeginLockDate() + "]");
        LOG.info("U   ELDT [" + user.getEndLockDate() + "]");
        LOG.info("U   DMSK [" + user.getDayMask() + "]");
        LOG.info("U   TO   [" + user.getTimeout() + "]");
        LOG.info("U   REST [" + user.isReset() + "]");
        if (user.getProperties() != null && user.getProperties().size() > 0) {
            int ctr = 0;
            for (Enumeration e = user.getProperties().propertyNames(); e.hasMoreElements(); ) {
                String key = (String) e.nextElement();
                String val = user.getProperty(key);
                LOG.info("U   PROP[" + ctr++ + "]=" + key + " VAL=" + val);
            }
        }
        List<UserRole> roles = session.getRoles();
        if (roles != null) {
            for (int i = 0; i < roles.size(); i++) {
                UserRole ur = roles.get(i);
                LOG.info("    USER ROLE[" + i + "]:");
                LOG.info("        role name [" + ur.getName() + "]");
                LOG.info("        begin time [" + ur.getBeginTime() + "]");
                LOG.info("        end time [" + ur.getEndTime() + "]");
                LOG.info("        begin date [" + ur.getBeginDate() + "]");
                LOG.info("        end date [" + ur.getEndDate() + "]");
                LOG.info("        begin lock [" + ur.getBeginLockDate() + "]");
                LOG.info("        end lock [" + ur.getEndLockDate() + "]");
                LOG.info("        day mask [" + ur.getDayMask() + "]");
                LOG.info("        time out [" + ur.getTimeout() + "]");
            }
        }
        List<UserAdminRole> aRoles = session.getAdminRoles();
        if (aRoles != null) {
            for (int i = 0; i < aRoles.size(); i++) {
                UserAdminRole ur = aRoles.get(i);
                LOG.info("    USER ADMIN ROLE[" + i + "]:");
                LOG.info("        admin role name [" + ur.getName() + "]");
                LOG.info("        OsU [" + ur.getOsUSet() + "]");
                LOG.info("        OsP [" + ur.getOsPSet() + "]");
                LOG.info("        begin range [" + ur.getBeginRange() + "]");
                LOG.info("        end range [" + ur.getEndRange() + "]");
                LOG.info("        begin time [" + ur.getBeginTime() + "]");
                LOG.info("        end time [" + ur.getEndTime() + "]");
                LOG.info("        begin date [" + ur.getBeginDate() + "]");
                LOG.info("        end date [" + ur.getEndDate() + "]");
                LOG.info("        begin lock [" + ur.getBeginLockDate() + "]");
                LOG.info("        end lock [" + ur.getEndLockDate() + "]");
                LOG.info("        day mask [" + ur.getDayMask() + "]");
                LOG.info("        time out [" + ur.getTimeout() + "]");
            }
        }
        java.util.Properties jProps = System.getProperties();
        if (jProps != null && jProps.size() > 0) {
            int ctr = 0;
            for (Enumeration e = jProps.propertyNames(); e.hasMoreElements(); ) {
                String key = (String) e.nextElement();
                String val = jProps.getProperty(key);
                LOG.info("J   PROP[" + ctr++ + "]=" + key + " VAL=" + val);
            }
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) Enumeration(java.util.Enumeration) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) SecurityException(org.apache.directory.fortress.core.SecurityException) AccessMgr(org.apache.directory.fortress.core.AccessMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) Session(org.apache.directory.fortress.core.model.Session)

Example 23 with AccessMgr

use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.

the class AccessMgrImplTest method createSessionsTrusted.

/**
 * @param msg
 * @param uArray
 * @param rArray
 */
public static void createSessionsTrusted(String msg, String[][] uArray, String[][] rArray) {
    LogUtil.logIt(msg);
    try {
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        for (String[] usr : uArray) {
            User user = UserTestData.getUser(usr);
            Session session = accessMgr.createSession(user, true);
            assertNotNull(session);
            String userId = accessMgr.getUserId(session);
            assertTrue(CLS_NM + ".createSessionsTrusted failed compare found userId [" + userId + "] valid userId [" + UserTestData.getUserId(usr) + "]", userId.equalsIgnoreCase(UserTestData.getUserId(usr)));
            UserTestData.assertEquals(user, usr);
            List<UserRole> uRoles = session.getRoles();
            assertNotNull(uRoles);
            assertEquals(CLS_NM + ".createSessionsTrusted user role check failed list size user [" + user.getUserId() + "]", rArray.length, uRoles.size());
            for (String[] rle : rArray) {
                assertTrue(CLS_NM + ".createSessionsTrusted failed role search USER [" + user.getUserId() + "] ROLE1 [" + RoleTestData.getName(rle) + "] should be present", uRoles.contains(RoleTestData.getUserRole(UserTestData.getUserId(usr), rle)));
            }
            // now try negative test case:
            try {
                User badUser = new User(user.getUserId() + "wrong");
                accessMgr.createSession(badUser, true);
                fail(CLS_NM + ".createSessionsTrusted failed negative test");
            } catch (SecurityException se) {
                assertTrue(CLS_NM + "createSessionsTrusted excep id check", se.getErrorId() == GlobalErrIds.USER_NOT_FOUND);
            // pass
            }
        }
        LOG.debug("createSessionsTrusted successful");
    } catch (SecurityException ex) {
        LOG.error("createSessionsTrusted: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) AccessMgr(org.apache.directory.fortress.core.AccessMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session)

Example 24 with AccessMgr

use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.

the class AccessMgrImplTest method checkAccess.

public static void checkAccess(String msg, String[][] uArray, String[][] oArray, String[][] opArray, String[][] oArrayBad, String[][] opArrayBad) {
    LogUtil.logIt(msg);
    try {
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        for (String[] usr : uArray) {
            User user = UserTestData.getUser(usr);
            Session session = accessMgr.createSession(user, false);
            assertNotNull(session);
            int i = 0;
            for (String[] obj : oArray) {
                int j = 0;
                for (String[] op : opArray) {
                    Permission goodPerm;
                    if (StringUtils.isNotEmpty(PermTestData.getObjId(opArray[j]))) {
                        // with an objectId:
                        goodPerm = new Permission(PermTestData.getName(obj), PermTestData.getName(op), PermTestData.getObjId(opArray[j]));
                    } else {
                        // without an objectId:
                        goodPerm = new Permission(PermTestData.getName(obj), PermTestData.getName(op));
                    }
                    // Positive test case, call checkAccess method, should return 'true':
                    assertTrue(CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + PermTestData.getName(obj) + "] operationName [" + PermTestData.getName(op) + "]", accessMgr.checkAccess(session, goodPerm));
                    Permission badPerm;
                    if (StringUtils.isNotEmpty(PermTestData.getObjId(opArrayBad[j]))) {
                        // with an objectId:
                        badPerm = new Permission(PermTestData.getName(oArrayBad[i]), PermTestData.getName(opArrayBad[j]), PermTestData.getObjId(opArrayBad[j]));
                    } else {
                        // without an objectId:
                        badPerm = new Permission(PermTestData.getName(oArrayBad[i]), PermTestData.getName(opArrayBad[j]));
                    }
                    // LOG.warn("Assert False userId [" + user.getUserId() + "], perm: " + badPerm);
                    // Negative test case, call checkAccess method again, should return 'false':
                    assertFalse(CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + PermTestData.getName(oArrayBad[i]) + "] operationName [" + PermTestData.getName(opArrayBad[j]) + "]", accessMgr.checkAccess(session, badPerm));
                    j++;
                }
                i++;
            }
        }
        LOG.debug("checkAccess successful");
    } catch (SecurityException ex) {
        LOG.error("checkAccess: failed with SecurityException rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) AccessMgr(org.apache.directory.fortress.core.AccessMgr) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session)

Example 25 with AccessMgr

use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.

the class AccessMgrImplTest method getUsers.

/**
 * @param msg
 * @param uArray
 */
public static void getUsers(String msg, String[][] uArray) {
    LogUtil.logIt(msg);
    try {
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        for (String[] usr : uArray) {
            User user = UserTestData.getUser(usr);
            Session session = accessMgr.createSession(user, false);
            assertNotNull(session);
            user = accessMgr.getUser(session);
            UserTestData.assertEquals(user, usr);
        }
        LOG.debug("getUsers successful");
    } catch (SecurityException ex) {
        LOG.error("getUsers: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) AccessMgr(org.apache.directory.fortress.core.AccessMgr) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session)

Aggregations

AccessMgr (org.apache.directory.fortress.core.AccessMgr)41 SecurityException (org.apache.directory.fortress.core.SecurityException)41 User (org.apache.directory.fortress.core.model.User)37 Session (org.apache.directory.fortress.core.model.Session)32 UserRole (org.apache.directory.fortress.core.model.UserRole)17 Permission (org.apache.directory.fortress.core.model.Permission)7 AdminMgr (org.apache.directory.fortress.core.AdminMgr)6 PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)6 DelAccessMgr (org.apache.directory.fortress.core.DelAccessMgr)4 ArrayList (java.util.ArrayList)3 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)3 AdminRole (org.apache.directory.fortress.core.model.AdminRole)2 Role (org.apache.directory.fortress.core.model.Role)2 SDSet (org.apache.directory.fortress.core.model.SDSet)2 CSVWriter (au.com.bytecode.opencsv.CSVWriter)1 FileWriter (java.io.FileWriter)1 IOException (java.io.IOException)1 SimpleDateFormat (java.text.SimpleDateFormat)1 Date (java.util.Date)1 Enumeration (java.util.Enumeration)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial