Example 76 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class AdminMgrImplTest method createSsdSet.
/**
* @param sArray
*/
public static void createSsdSet(String msg, String[][] sArray) {
LogUtil.logIt(msg);
try {
AdminMgr adminMgr = getManagedAdminMgr();
for (String[] ssdle : sArray) {
SDSet ssd = RoleTestData.getSDSet(ssdle);
SDSet entity = adminMgr.createSsdSet(ssd);
LOG.debug("createSsdSet SSD [" + entity.getName() + "] successful");
}
} catch (SecurityException ex) {
LOG.error("createSsdSet caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
SDSet(org.apache.directory.fortress.core.model.SDSet)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 77 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class ReviewMgrImplTest method testDeassignRoleWithRoleConstraint.
public void testDeassignRoleWithRoleConstraint() throws SecurityException {
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
adminMgr.deassignUser(new UserRole(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]));
ReviewMgr reviewMgr = getManagedReviewMgr();
reviewMgr.assignedRoles(new User(UserTestData.USERS_TU1[0][0]));
adminMgr.assignUser(new UserRole(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]));
}Example 78 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method maxFailure.
/**
* PT7
* 5.2.11 pwdMaxFailure
* <p>
* This attribute specifies the number of consecutive failed bind
* attempts after which the password may not be used to authenticate.
* If this attribute is not present, or if the value is 0, this policy
* is not checked, and the value of pwdLockout will be ignored.
*
* @param msg
* @param usr
* @param plcy
*/
public void maxFailure(String msg, String[] usr, String[] plcy) {
LogUtil.logIt(msg);
try {
PwPolicyMgr policyMgr = getManagedPswdMgr();
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
User user = UserTestData.getUser(usr);
policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
int maxFailures = PolicyTestData.getMaxFailure(plcy);
for (int i = 0; i < maxFailures; i++) {
try {
User badUser = new User(user.getUserId(), "wrongpw");
accessMgr.createSession(badUser, false);
fail(CLS_NM + ".maxFailure name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed max failure test=" + maxFailures + " iteration=" + i);
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".maxFailure invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_INVLD);
// still good
TestUtils.sleep(1);
}
}
try {
// now try with valid password - better be locked out...
accessMgr.createSession(user, false);
fail(CLS_NM + ".maxFailure name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed max failure test 2");
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".maxFailure invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_LOCKED);
// still good
}
adminMgr.unlockUserAccount(user);
// now try with valid password - better work this time...
accessMgr.createSession(user, false);
} catch (SecurityException ex) {
LOG.error("maxFailure caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
PwPolicyMgr(org.apache.directory.fortress.core.PwPolicyMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 79 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method safeModify.
/**
* PT13
* 5.2.15 pwdSafeModify
* <p>
* This attribute specifies whether or not the existing password must be
* sent along with the new password when being changed. If this
* attribute is not present, a "FALSE" value is assumed.
*
* @param msg
* @param usr
* @param plcy
*/
public void safeModify(String msg, String[] usr, String[] plcy) {
LogUtil.logIt(msg);
try {
PwPolicyMgr policyMgr = getManagedPswdMgr();
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
User user = UserTestData.getUser(usr);
policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
boolean safeModify = PolicyTestData.getSafeModify(plcy);
if (safeModify) {
try {
// because safe modify flag is true, this better fail:
adminMgr.changePassword(user, "newPassword");
fail(CLS_NM + ".safeModify name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed safe modify test flag=" + safeModify);
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".safeModify invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_MOD_NOT_ALLOWED);
// still good
TestUtils.sleep(1);
}
} else {
// this better work:
adminMgr.changePassword(user, "newPassword");
}
} catch (SecurityException ex) {
LOG.error("safeModify policy [" + PolicyTestData.getName(plcy) + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
PwPolicyMgr(org.apache.directory.fortress.core.PwPolicyMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 80 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method lockout.
/**
* PT9
* 5.2.9 pwdLockout
* <p>
* This attribute indicates, when its value is "TRUE", that the password
* may not be used to authenticate after a specified number of
* consecutive failed bind attempts. The maximum number of consecutive
* failed bind attempts is specified in pwdMaxFailure.
* <p>
* If this attribute is not present, or if the value is "FALSE", the
* password may be used to authenticate when the number of failed bind
* attempts has been reached.
*
* @param msg
* @param usr
* @param plcy
*/
public void lockout(String msg, String[] usr, String[] plcy) {
LogUtil.logIt(msg);
try {
PwPolicyMgr policyMgr = getManagedPswdMgr();
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
User user = UserTestData.getUser(usr);
policyMgr.updateUserPolicy(user.getUserId(), PolicyTestData.getName(plcy));
for (int i = 0; i < 3; i++) {
// first lock it:
adminMgr.lockUserAccount(user);
try {
// because account is locked, this better fail:
accessMgr.createSession(user, false);
fail(CLS_NM + ".lockout name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed lockout test iteration=" + i);
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".lockout invalid error message userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_LOCKED);
// still good
TestUtils.sleep(1);
}
// now unlock it:
adminMgr.unlockUserAccount(user);
// this better work:
accessMgr.createSession(user, false);
}
} catch (SecurityException ex) {
LOG.error("lockout caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
PwPolicyMgr(org.apache.directory.fortress.core.PwPolicyMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Aggregations
AdminMgr (org.apache.directory.fortress.core.AdminMgr)104
SecurityException (org.apache.directory.fortress.core.SecurityException)89
Role (org.apache.directory.fortress.core.model.Role)40
User (org.apache.directory.fortress.core.model.User)39
UserRole (org.apache.directory.fortress.core.model.UserRole)35
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)27
Permission (org.apache.directory.fortress.core.model.Permission)18
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)16
SDSet (org.apache.directory.fortress.core.model.SDSet)12
DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)11
PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)7
PermObj (org.apache.directory.fortress.core.model.PermObj)7
AccessMgr (org.apache.directory.fortress.core.AccessMgr)6
PermissionAttributeSet (org.apache.directory.fortress.core.model.PermissionAttributeSet)3
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)1
FinderException (org.apache.directory.fortress.core.FinderException)1
AdminRole (org.apache.directory.fortress.core.model.AdminRole)1
Session (org.apache.directory.fortress.core.model.Session)1
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)1
