use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreateRoleSample method testDeleteSimpleRole2.
/**
*/
public static void testDeleteSimpleRole2() {
if (AllSamplesJUnitTest.isFirstRun()) {
return;
}
String szLocation = ".testDeleteSimpleRole2";
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
for (String roleName : TEST_SIMPLE_ROLE2) {
// At its simplest a Role contains only a name.
Role inRole = new Role(roleName);
// Call the API to remove the Role from ldap.
adminMgr.deleteRole(inRole);
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
// fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreateRoleSample method testCreateSimpleRole.
/**
* Demonstrate simple Role creation. Roles may be assigned to Users or may be targets for Permission grants.
*/
public static void testCreateSimpleRole() {
String szLocation = ".testCreateSimpleRole";
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// At its simplest a Role contains only a name.
Role inRole = new Role(TEST_SIMPLE_ROLE);
// Call the API to actually add the Role to ldap.
adminMgr.addRole(inRole);
// Instantiate the ReviewMgr implementation which is used to interrogate RBAC policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
// now read the newly created Role entity back:
Role outRole = reviewMgr.readRole(inRole);
assertTrue(szLocation + " failed read", inRole.equals(outRole));
LOG.info(szLocation + " [" + outRole.getName() + "] success");
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreateUserRoleSample method testAssignComplexRole.
/**
*/
public static void testAssignComplexRole() {
String szLocation = ".testAssignComplexRole";
// The key for User entity is the userId attribute.
User inUser = new User(CreateUserSample.TEST_USERID);
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// Create roles, sampleRole1 - sampleRole10
for (int i = 1; i < 11; i++) {
// OpenAccessManagers UserRole entity may override Role's temporal constraints.
// The key for User-Role addition is userId and role name.
UserRole inUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
// Set some random constraints, whatever doesn't get set here will be provided by Constraints in corresponding Role defined in {@code ou=Roles}.
// Don't set Role start date (accept default):
// Override default on Role end date:
inUserRole.setEndDate("21410101");
// Override Role beginTime:
inUserRole.setBeginTime("0000");
// Don't set the Role endTime.
// Override Role dayMask to Mon, Tue, Wed, Thur, Fri, Sat & Sun.
inUserRole.setDayMask("1234567");
// Override the Role beginLockDate to Jan 15, 2112
inUserRole.setBeginLockDate("21120115");
// Override the Role endLockDate to Feb 15, 2112.
inUserRole.setEndLockDate("21120215");
// Call the API to assign the Role to the User entity. This will add 'oamRA' and 'oamRC' attributes to the 'oamUserAttrs' object class.
adminMgr.assignUser(inUserRole);
}
// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
// Return the list of Roles assigned to User. The User - Role assignments are loaded into the UserRole entity:
List<UserRole> assignedRoles = reviewMgr.assignedRoles(inUser);
// Iterate over list of Roles assigned to User.
for (UserRole userRole : assignedRoles) {
LOG.info(szLocation + " userId [" + userRole.getUserId() + " roleNm [" + userRole.getName() + "]");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreateUserRoleSample method testDeassignRoles.
/**
*/
public static void testDeassignRoles() {
String szLocation = ".testDeassignRoles";
if (AllSamplesJUnitTest.isFirstRun()) {
return;
}
// The key for User entity is the userId attribute.
User inUser = new User(CreateUserSample.TEST_USERID);
try {
// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
// This should return null because all Roles assigned to User were removed above:
List<UserRole> assignedRoles = reviewMgr.assignedRoles(inUser);
if (assignedRoles != null) {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
for (UserRole uRole : assignedRoles) {
// Call the API to deassign the Role from the User entity. This will remove 'oamRA' and 'oamRC' attributes from the 'oamUserAttrs' object class.
adminMgr.deassignUser(uRole);
}
}
// This should return null because all Roles assigned to User were removed above:
assignedRoles = reviewMgr.assignedRoles(inUser);
assertTrue(szLocation + " failed deassign test", assignedRoles.size() == 0);
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.
the class CreateUserSample method testDeleteUser.
/**
* The deleteUser will completely remove the User data from the LDAP directory. There is also a 'softDelete' that
* can be used to disable the User if hard delete is not the aim.
*/
public static void testDeleteUser() {
String szLocation = ".testDeleteUser";
if (AllSamplesJUnitTest.isFirstRun()) {
return;
}
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
User inUser = new User(TEST_USERID);
adminMgr.deleteUser(inUser);
// now read it back:
// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
try {
// this should fail because User was deleted above:
reviewMgr.readUser(inUser);
fail(szLocation + " user [" + inUser.getUserId() + "] delete failed");
} catch (SecurityException se) {
assertTrue(szLocation + " excep id check", se.getErrorId() == GlobalErrIds.USER_NOT_FOUND);
// pass
}
LOG.info(szLocation + " user [" + inUser.getUserId() + "] success");
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Aggregations