Example 31 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class AccessMgrImplTest method sessionPermissions.
/**
* @param msg
* @param uArray
* @param oArray
* @param opArray
*/
public static void sessionPermissions(String msg, String[][] uArray, String[][] oArray, String[][] opArray) {
LogUtil.logIt(msg);
try {
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
Session session = accessMgr.createSession(user, false);
assertNotNull(session);
List<Permission> pOps = accessMgr.sessionPermissions(session);
assertNotNull(pOps);
// There should be objs * ops number of perms in the list returned from sessionPermissions method:
assertEquals(CLS_NM + ".sessionPermissions failed list size user[" + user.getUserId() + "]", oArray.length * opArray.length, pOps.size());
// Iterate over objs x ops, see if every expected valid permission is contained within the returned list:
for (String[] obj : oArray) {
for (String[] op : opArray) {
Permission validPOp = PermTestData.getOp(PermTestData.getName(obj), op);
assertTrue(CLS_NM + ".sessionPermissions failed perm list compare USER [" + user.getUserId() + "] PERM Obj [" + PermTestData.getName(obj) + "] " + "OPER [" + PermTestData.getName(op) + "]", pOps.contains(validPOp));
}
}
}
} catch (SecurityException ex) {
LOG.error("sessionPermissions: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 32 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class AccessMgrImplTest method createSessionsHier.
/**
* @param msg
* @param uArray
*/
public static void createSessionsHier(String msg, String[][] uArray) {
LogUtil.logIt(msg);
try {
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
Session session = accessMgr.createSession(user, false);
assertNotNull(session);
String userId = accessMgr.getUserId(session);
assertTrue(CLS_NM + ".createSessionsHier failed compare found userId [" + userId + "] valid userId [" + UserTestData.getUserId(usr) + "]", userId.equalsIgnoreCase(UserTestData.getUserId(usr)));
UserTestData.assertEquals(user, usr);
// Get the authorized roles for this user:
Collection<String> authZRoles = UserTestData.getAuthorizedRoles(usr);
// If there are any assigned roles, add them to list of authorized.
Set<String> asgnRoles = UserTestData.getAssignedRoles(usr);
assertNotNull(asgnRoles);
assertTrue(asgnRoles.size() > 0);
for (String asgnRole : asgnRoles) {
authZRoles.add(asgnRole);
}
Set<String> actualRoles = accessMgr.authorizedRoles(session);
assertNotNull(actualRoles);
assertEquals(CLS_NM + ".createSessionsHier authorized roles list size test case failed for [" + user.getUserId() + "]", authZRoles.size(), actualRoles.size());
for (String name : authZRoles) {
assertTrue(CLS_NM + ".createSessionsHier authorized roles compare test case failed for USER [" + user.getUserId() + "] expect role [" + name + "] nout found", actualRoles.contains(name));
}
}
LOG.debug("createSessionsHier successful");
} catch (SecurityException ex) {
LOG.error("createSessionsHier: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 33 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class DelegatedMgrImplTest method checkAccess.
public static void checkAccess(String msg, String[][] uArray, String[][] oArray, String[][] opArray, String[][] oArrayBad, String[][] opArrayBad) {
LogUtil.logIt(msg);
try {
DelAccessMgr dAccessMgr = DelAccessMgrFactory.createInstance(TestUtils.getContext());
AccessMgr accessMgr = (AccessMgr) dAccessMgr;
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
Session session = accessMgr.createSession(user, false);
assertNotNull(session);
int i = 0;
for (String[] obj : oArray) {
int j = 0;
for (String[] op : opArray) {
// Call checkAccess method
assertTrue(CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + PermTestData.getName(obj) + "] operationName [" + PermTestData.getName(op) + "]", dAccessMgr.checkAccess(session, new Permission(PermTestData.getName(obj), PermTestData.getName(op))));
j++;
}
i++;
}
i = 0;
for (String[] obj : oArrayBad) {
int j = 0;
for (String[] op : opArrayBad) {
// Call checkAccess method (this should fail):
try {
boolean result = dAccessMgr.checkAccess(session, new Permission(PermTestData.getName(oArrayBad[i]), PermTestData.getName(opArrayBad[j])));
assertTrue(CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + PermTestData.getName(oArrayBad[i]) + "] operationName [" + PermTestData.getName(opArrayBad[j]) + "]", !result);
} catch (SecurityException se) {
// The expected condition is security exception perm not exist:
assertTrue(CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + PermTestData.getName(oArrayBad[i]) + "] operationName [" + PermTestData.getName(opArrayBad[j]) + "], negative use case, incorrect exception id=" + se.getErrorId(), se.getErrorId() == GlobalErrIds.PERM_NOT_EXIST);
}
j++;
}
i++;
}
}
LOG.debug("checkAccess successful");
} catch (SecurityException ex) {
LOG.error("checkAccess: caught SecurityException rc=" + ex.getErrorId() + ", msg: " + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
DelAccessMgr(org.apache.directory.fortress.core.DelAccessMgr)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
DelAccessMgr(org.apache.directory.fortress.core.DelAccessMgr)
Session(org.apache.directory.fortress.core.model.Session)
Example 34 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class FortressAntLoadTest method checkPermissions.
/**
* @param msg
* @param permissions
*/
private void checkPermissions(String msg, List<UserAnt> users, List<PermAnt> permissions) {
String DATE_FORMAT = "E yyyy.MM.dd 'at' hh:mm:ss a zzz";
SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT);
Date now = new Date();
String szTimestamp = format.format(now);
AccessMgr accessMgr = null;
CSVWriter writer = null;
LogUtil.logIt(msg);
try {
accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
writer = new CSVWriter(new FileWriter(fileName + ".csv"), '\t');
String[] entries = "user#resource#operation#result#assigned roles#activated roles#timestamp#warnings".split("#");
writer.writeNext(entries);
} catch (SecurityException ex) {
LOG.error("checkPermissions caught SecurityException creating AccessMgr rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage() + ex);
// Can't continue without AccessMgr
fail(ex.getMessage());
} catch (IOException ioe) {
String error = "File IO Exception=" + ioe;
LOG.warn(error);
// Can't continue without output file to write the results in
fail(ioe.getMessage());
}
for (UserAnt user : users) {
try {
List<String> warnings = null;
Session session = accessMgr.createSession(user, false);
assertNotNull(session);
if (session.getWarnings() != null) {
warnings = new ArrayList();
for (Warning warning : session.getWarnings()) {
warnings.add(warning.getMsg());
}
}
ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
List<UserRole> assignedRoles = reviewMgr.assignedRoles(user);
for (PermAnt permAnt : permissions) {
Boolean result = accessMgr.checkAccess(session, permAnt);
// TODO: send this message as CSV output file:
LOG.info("User: " + user.getUserId() + " Perm Obj: " + permAnt.getObjName() + " Perm " + "Operation: " + permAnt.getOpName() + " RESULT: " + result);
String[] entries = (user.getUserId() + "#" + permAnt.getObjName() + "#" + permAnt.getOpName() + "#" + result + "#" + assignedRoles + "#" + session.getUser().getRoles() + "#" + szTimestamp + "#" + warnings).split("#");
writer.writeNext(entries);
}
} catch (SecurityException ex) {
// Log but don't fail test so entire permission matrix can be evaluated.
LOG.error("checkPermissions caught SecurityException rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage() + ex);
}
}
try {
writer.close();
} catch (IOException ioe) {
// ignore
}
}
Also used :
Warning(org.apache.directory.fortress.core.model.Warning)
FileWriter(java.io.FileWriter)
ArrayList(java.util.ArrayList)
CSVWriter(au.com.bytecode.opencsv.CSVWriter)
SecurityException(org.apache.directory.fortress.core.SecurityException)
IOException(java.io.IOException)
Date(java.util.Date)
UserAnt(org.apache.directory.fortress.core.ant.UserAnt)
PermAnt(org.apache.directory.fortress.core.ant.PermAnt)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SimpleDateFormat(java.text.SimpleDateFormat)
Session(org.apache.directory.fortress.core.model.Session)
Example 35 with AccessMgr
use of org.apache.directory.fortress.core.AccessMgr in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method maxFailure.
/**
* PT7
* 5.2.11 pwdMaxFailure
* <p>
* This attribute specifies the number of consecutive failed bind
* attempts after which the password may not be used to authenticate.
* If this attribute is not present, or if the value is 0, this policy
* is not checked, and the value of pwdLockout will be ignored.
*
* @param msg
* @param usr
* @param plcy
*/
public void maxFailure(String msg, String[] usr, String[] plcy) {
LogUtil.logIt(msg);
try {
PwPolicyMgr policyMgr = getManagedPswdMgr();
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
User user = UserTestData.getUser(usr);
policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
int maxFailures = PolicyTestData.getMaxFailure(plcy);
for (int i = 0; i < maxFailures; i++) {
try {
User badUser = new User(user.getUserId(), "wrongpw");
accessMgr.createSession(badUser, false);
fail(CLS_NM + ".maxFailure name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed max failure test=" + maxFailures + " iteration=" + i);
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".maxFailure invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_INVLD);
// still good
TestUtils.sleep(1);
}
}
try {
// now try with valid password - better be locked out...
accessMgr.createSession(user, false);
fail(CLS_NM + ".maxFailure name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed max failure test 2");
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".maxFailure invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_LOCKED);
// still good
}
adminMgr.unlockUserAccount(user);
// now try with valid password - better work this time...
accessMgr.createSession(user, false);
} catch (SecurityException ex) {
LOG.error("maxFailure caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
PwPolicyMgr(org.apache.directory.fortress.core.PwPolicyMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Aggregations
AccessMgr (org.apache.directory.fortress.core.AccessMgr)41
SecurityException (org.apache.directory.fortress.core.SecurityException)41
User (org.apache.directory.fortress.core.model.User)37
Session (org.apache.directory.fortress.core.model.Session)32
UserRole (org.apache.directory.fortress.core.model.UserRole)17
Permission (org.apache.directory.fortress.core.model.Permission)7
AdminMgr (org.apache.directory.fortress.core.AdminMgr)6
PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)6
DelAccessMgr (org.apache.directory.fortress.core.DelAccessMgr)4
ArrayList (java.util.ArrayList)3
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)3
AdminRole (org.apache.directory.fortress.core.model.AdminRole)2
Role (org.apache.directory.fortress.core.model.Role)2
SDSet (org.apache.directory.fortress.core.model.SDSet)2
CSVWriter (au.com.bytecode.opencsv.CSVWriter)1
FileWriter (java.io.FileWriter)1
IOException (java.io.IOException)1
SimpleDateFormat (java.text.SimpleDateFormat)1
Date (java.util.Date)1
Enumeration (java.util.Enumeration)1
