Examples with AdminMgr org.apache.directory.fortress.core.AdminMgr used on opensource projects

Example 91 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreateRoleSample method testDeleteRoles.

/**
 * Remove the Role from the directory.  Role removal will trigger automatic deassignment from all Users or revocation of Permission as well.
 */
public static void testDeleteRoles() {
    String szLocation = ".testDeleteRoles";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        for (int i = 1; i < 11; i++) {
            // The key that must be set to locate any Role is simply the name.
            Role inRole = new Role(TEST_ROLE_PREFIX + i);
            // Remove the Role from directory along with associated assignments:
            adminMgr.deleteRole(inRole);
            // Instantiate the ReviewMgr implementation which is used to interrogate RBAC policy information.
            ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
            try {
                // this should fail because the Role was deleted above:
                reviewMgr.readRole(inRole);
                fail(szLocation + " role [" + inRole.getName() + "] delete failed");
            } catch (FinderException se) {
                assertTrue(szLocation + " excep id check", se.getErrorId() == GlobalErrIds.ROLE_NOT_FOUND);
            // pass
            }
            LOG.info(szLocation + " role [" + inRole.getName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 92 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreateRoleSample method testDeleteSimpleRole.

public static void testDeleteSimpleRole() {
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    String szLocation = ".testDeleteSimpleRole";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // At its simplest a Role contains only a name.
        Role inRole = new Role(TEST_SIMPLE_ROLE);
        // Call the API to remove the Role from ldap.
        adminMgr.deleteRole(inRole);
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 93 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreateUserSample method testCreateUser.

/**
 * Demonstrate how to create a simple user and assign to a single RBAC Role in one API call.  The example will
 * also read the User back from LDAP after creation but this is not required for real world examples.
 */
public static void testCreateUser() {
    String szLocation = ".testCreateUser";
    try {
        // Instantiate the AdminMgr implementation.  All AdminMgr APIs can throw a SecurityException in the event
        // of rule violation or system error.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // You do not have to assign a Role to User when calling 'addUser'.  Role assignment may be done using the 'assignUser' API.
        /**
         * Create new User entity:
         *   {@link org.apache.directory.fortress.core.model.User#userId}="sampleUser1"
         *   {@link User#password}="password1"
         *   {@link User#setRole(String)}="sampleRole1"
         *   {@link User#ou}="sampleUserOU1"
         */
        // User inUser = new User(TEST_USERID, TEST_PASSWORD, CreateRoleSample.TEST_SIMPLE_ROLE, CreateUserOrgSample.TEST_USER_OU_NM);
        // User inUser = new User(TEST_USERID, TEST_PASSWORD, CreateRoleSample.TEST_SIMPLE_ROLE, CreateUserOrgSample.TEST_USER_OU_NM);
        User inUser = new User(TEST_USERID, TEST_PASSWORD);
        inUser.setOu(CreateUserOrgSample.TEST_USER_OU_NM);
        // Now call the add API.  The API will return User entity with associated LDAP dn if creation was successful.
        User outUser = adminMgr.addUser(inUser);
        assertNotNull(outUser);
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // now read the newly created User entity back:
        User outUser2 = reviewMgr.readUser(inUser);
        assertTrue(szLocation + " failed read", inUser.equals(outUser2));
        LOG.info(szLocation + " user [" + outUser2.getUserId() + "] success");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 94 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class LoadTestUserSample method testAssignUser.

/**
 * Demonstrate how to create a simple user and assign to a single RBAC Role in one API call.  The example will
 * also read the User back from LDAP after creation but this is not required for real world examples.
 */
public static void testAssignUser() {
    String szLocation = ".testCreateUser";
    try {
        // Instantiate the AdminMgr implementation.  All AdminMgr APIs can throw a SecurityException in the event
        // of rule violation or system error.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // You do not have to assign a Role to User when calling 'addUser'.  Role assignment may be done using the 'assignUser' API.
        /**
         * Create new User entity:
         *   {@link org.apache.directory.fortress.core.model.User#userId}="sampleUser1"
         *   {@link User#password}="password1"
         *   {@link User#setRole(String)}="sampleRole1"
         *   {@link User#ou}="sampleUserOU1"
         */
        // User inUser = new User(TEST_USERID, TEST_PASSWORD, CreateRoleSample.TEST_SIMPLE_ROLE, CreateUserOrgSample.TEST_USER_OU_NM);
        // User inUser = new User(TEST_USERID, TEST_PASSWORD, CreateRoleSample.TEST_SIMPLE_ROLE, CreateUserOrgSample.TEST_USER_OU_NM);
        LOG.info(szLocation + "ASSIGNING [" + NUMBER_TEST_USERS + "] users to [" + NUMBER_TEST_ROLES + "] roles (every '@' is 1000 users)");
        for (int i = 1; i <= NUMBER_TEST_USERS; i++) {
            for (int j = 1; j <= NUMBER_TEST_ROLES; j++) {
                try {
                    UserRole inUserRole = new UserRole(TEST_USERID + i, TEST_ROLE + j);
                    // Now call the assignUser API.  The API will assign user to specified role.
                    adminMgr.assignUser(inUserRole);
                } catch (SecurityException ex) {
                    LOG.error(szLocation + "testAssignUsers caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
                // fail(ex.getMessage());
                }
                if (i % 1000 == 0) {
                    System.out.print("@");
                }
            }
        }
        System.out.println("");
        LOG.info(szLocation + " users assignment success");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 95 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreatePermSample method testGrantPermissionUser.

/**
 * Fortress allows Permissions to be granted directly to User entities.  Note this is not an RBAC specified
 * capability but can otherwise be useful for certain circumstances.
 */
public static void testGrantPermissionUser() {
    String szLocation = ".testGrantPermissionUser";
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over perms...
        for (int i = 1; i < 6; i++) {
            // Permissions contain Object to Operation mapping and once created can then be targeted for assignment to User entities in ldap:
            Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + i);
            // This API add a 'oamUsers' attribute associated with User to the 'oamOperation' ldap object class:
            adminMgr.grantPermission(inPerm, inUser);
            LOG.info(szLocation + " permission user [" + inUser.getUserId() + "] object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
        }
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over roles...
        for (int i = 1; i < 6; i++) {
            // now read the list of Permissions that have been granted to the test User:
            List<Permission> assignedUserPerms = reviewMgr.userPermissions(inUser);
            assertTrue(szLocation + " list check, expected: 5, actual:" + assignedUserPerms.size(), assignedUserPerms.size() == 5);
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}