Example 96 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreatePermSample method testRevokePermissionRole.
/**
* This test will remove the RBAC Role name associated with a particular Permission Operation node in ldap.
*/
public static void testRevokePermissionRole() {
String szLocation = ".testRevokePermissionRole";
if (AllSamplesJUnitTest.isFirstRun()) {
return;
}
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
// Iterate over roles...
for (int i = 1; i < 11; i++) {
Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
List<Permission> perms = reviewMgr.rolePermissions(inRole);
for (Permission perm : perms) {
// This API removes the 'oamRoles' attribute associated with Role from the 'oamOperation' ldap object class:
adminMgr.revokePermission(perm, inRole);
}
}
// Iterate to ensure all Operation entities no longer contain Role assignments (for test purposes only):
for (int j = 1; j < 6; j++) {
// Permissions contain Object to Operation mapping and once created can then be targeted for assignment to Role entities in ldap:
Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + j);
// now retrieve the list of Roles that are still assigned to perm. This should be a null list because of revocation performed above:
List<String> assignedRoles = reviewMgr.permissionRoles(inPerm);
assertTrue(assignedRoles.size() == 0);
LOG.info(szLocation + " permission roles revocation check for object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] revocation success");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 97 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreatePermSample method testAddPermOperations.
/**
* The Permission entity contains operation name along with any assigned Role and User entities. The Permission
* ldap node is located as child node of Permission Object node.
*/
public static void testAddPermOperations() {
String szLocation = ".testAddPermOperations";
try {
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
for (int i = 1; i < 6; i++) {
// The Permission entity is associated with PermObj (name) entity and is uniquely identified by Operation name:
Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + i);
// The Permission entity will be a child node of specified PermObject entity.
adminMgr.addPermission(inPerm);
// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
// now read the newly created Permission entity back.
Permission outPerm = reviewMgr.readPermission(inPerm);
// Do some validations.
assertNotNull(outPerm);
assertTrue(szLocation + " failed permission check", outPerm.equals(inPerm));
LOG.info(szLocation + " permission object [" + outPerm.getObjName() + "] operation name [" + outPerm.getOpName() + "] success");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 98 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class AdminManagerTest method addUsers.
/**
* @param uArray
*/
private void addUsers(String msg, String[][] uArray, boolean isAdmin) {
LogUtil.logIt(msg);
try {
AdminMgr adminMgr;
if (isAdmin) {
adminMgr = getManagedAdminMgr();
} else {
adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
}
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
adminMgr.addUser(user);
LOG.debug("addUsers user [" + user.getUserId() + "] successful");
// Does User have Role assignments?
Set<String> asgnRoles = UserTestData.getAssignedRoles(usr);
if (asgnRoles != null) {
for (String name : asgnRoles) {
adminMgr.assignUser(new UserRole(user.getUserId(), name));
}
}
}
} catch (SecurityException ex) {
ex.printStackTrace();
LOG.error("addUsers: caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 99 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class DelAdminMgrImpl method revokePermission.
/**
* {@inheritDoc}
*/
@Override
public void revokePermission(Permission perm, User user) throws SecurityException {
final AdminMgr adminMgr = AdminMgrFactory.createInstance(this.contextId);
perm.setAdmin(true);
adminMgr.revokePermission(perm, user);
}
Also used :
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
DelAdminMgr(org.apache.directory.fortress.core.DelAdminMgr)
Example 100 with AdminMgr
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class DelAdminMgrImpl method revokePermission.
/**
* {@inheritDoc}
*/
@Override
public void revokePermission(Permission perm, AdminRole role) throws SecurityException {
final AdminMgr adminMgr = AdminMgrFactory.createInstance(this.contextId);
perm.setAdmin(true);
adminMgr.revokePermission(perm, role);
}
Also used :
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
DelAdminMgr(org.apache.directory.fortress.core.DelAdminMgr)
Aggregations
AdminMgr (org.apache.directory.fortress.core.AdminMgr)104
SecurityException (org.apache.directory.fortress.core.SecurityException)89
Role (org.apache.directory.fortress.core.model.Role)40
User (org.apache.directory.fortress.core.model.User)39
UserRole (org.apache.directory.fortress.core.model.UserRole)35
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)27
Permission (org.apache.directory.fortress.core.model.Permission)18
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)16
SDSet (org.apache.directory.fortress.core.model.SDSet)12
DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)11
PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)7
PermObj (org.apache.directory.fortress.core.model.PermObj)7
AccessMgr (org.apache.directory.fortress.core.AccessMgr)6
PermissionAttributeSet (org.apache.directory.fortress.core.model.PermissionAttributeSet)3
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)1
FinderException (org.apache.directory.fortress.core.FinderException)1
AdminRole (org.apache.directory.fortress.core.model.AdminRole)1
Session (org.apache.directory.fortress.core.model.Session)1
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)1
