Search in sources :

Example 41 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreateRoleSample method testDeleteSimpleRole2.

/**
 */
public static void testDeleteSimpleRole2() {
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    String szLocation = ".testDeleteSimpleRole2";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        for (String roleName : TEST_SIMPLE_ROLE2) {
            // At its simplest a Role contains only a name.
            Role inRole = new Role(roleName);
            // Call the API to remove the Role from ldap.
            adminMgr.deleteRole(inRole);
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
    // fail(ex.getMessage());
    }
}
Also used : Role(org.apache.directory.fortress.core.model.Role) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminMgr(org.apache.directory.fortress.core.AdminMgr)

Example 42 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreateRoleSample method testCreateSimpleRole.

/**
 * Demonstrate simple Role creation.  Roles may be assigned to Users or may be targets for Permission grants.
 */
public static void testCreateSimpleRole() {
    String szLocation = ".testCreateSimpleRole";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // At its simplest a Role contains only a name.
        Role inRole = new Role(TEST_SIMPLE_ROLE);
        // Call the API to actually add the Role to ldap.
        adminMgr.addRole(inRole);
        // Instantiate the ReviewMgr implementation which is used to interrogate RBAC policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // now read the newly created Role entity back:
        Role outRole = reviewMgr.readRole(inRole);
        assertTrue(szLocation + " failed read", inRole.equals(outRole));
        LOG.info(szLocation + " [" + outRole.getName() + "] success");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : Role(org.apache.directory.fortress.core.model.Role) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminMgr(org.apache.directory.fortress.core.AdminMgr)

Example 43 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreateUserRoleSample method testAssignComplexRole.

/**
 */
public static void testAssignComplexRole() {
    String szLocation = ".testAssignComplexRole";
    // The key for User entity is the userId attribute.
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Create roles, sampleRole1 - sampleRole10
        for (int i = 1; i < 11; i++) {
            // OpenAccessManagers UserRole entity may override Role's temporal constraints.
            // The key for User-Role addition is userId and role name.
            UserRole inUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
            // Set some random constraints, whatever doesn't get set here will be provided by Constraints in corresponding Role defined in {@code ou=Roles}.
            // Don't set Role start date (accept default):
            // Override default on Role end date:
            inUserRole.setEndDate("21410101");
            // Override Role beginTime:
            inUserRole.setBeginTime("0000");
            // Don't set the Role endTime.
            // Override Role dayMask to Mon, Tue, Wed, Thur, Fri, Sat & Sun.
            inUserRole.setDayMask("1234567");
            // Override the Role beginLockDate to Jan 15, 2112
            inUserRole.setBeginLockDate("21120115");
            // Override the Role endLockDate to Feb 15, 2112.
            inUserRole.setEndLockDate("21120215");
            // Call the API to assign the Role to the User entity.  This will add 'oamRA' and 'oamRC' attributes to the 'oamUserAttrs' object class.
            adminMgr.assignUser(inUserRole);
        }
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Return the list of Roles assigned to User.  The User - Role assignments are loaded into the UserRole entity:
        List<UserRole> assignedRoles = reviewMgr.assignedRoles(inUser);
        // Iterate over list of Roles assigned to User.
        for (UserRole userRole : assignedRoles) {
            LOG.info(szLocation + " userId [" + userRole.getUserId() + " roleNm [" + userRole.getName() + "]");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminMgr(org.apache.directory.fortress.core.AdminMgr)

Example 44 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreateUserRoleSample method testDeassignRoles.

/**
 */
public static void testDeassignRoles() {
    String szLocation = ".testDeassignRoles";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    // The key for User entity is the userId attribute.
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // This should return null because all Roles assigned to User were removed above:
        List<UserRole> assignedRoles = reviewMgr.assignedRoles(inUser);
        if (assignedRoles != null) {
            // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
            AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
            for (UserRole uRole : assignedRoles) {
                // Call the API to deassign the Role from the User entity.  This will remove 'oamRA' and 'oamRC' attributes from the 'oamUserAttrs' object class.
                adminMgr.deassignUser(uRole);
            }
        }
        // This should return null because all Roles assigned to User were removed above:
        assignedRoles = reviewMgr.assignedRoles(inUser);
        assertTrue(szLocation + " failed deassign test", assignedRoles.size() == 0);
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminMgr(org.apache.directory.fortress.core.AdminMgr)

Example 45 with AdminMgr

use of org.apache.directory.fortress.core.AdminMgr in project directory-fortress-core by apache.

the class CreateUserSample method testDeleteUser.

/**
 * The deleteUser will completely remove the User data from the LDAP directory.  There is also a 'softDelete' that
 * can be used to disable the User if hard delete is not the aim.
 */
public static void testDeleteUser() {
    String szLocation = ".testDeleteUser";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        User inUser = new User(TEST_USERID);
        adminMgr.deleteUser(inUser);
        // now read it back:
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        try {
            // this should fail because User was deleted above:
            reviewMgr.readUser(inUser);
            fail(szLocation + " user [" + inUser.getUserId() + "] delete failed");
        } catch (SecurityException se) {
            assertTrue(szLocation + " excep id check", se.getErrorId() == GlobalErrIds.USER_NOT_FOUND);
        // pass
        }
        LOG.info(szLocation + " user [" + inUser.getUserId() + "] success");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminMgr(org.apache.directory.fortress.core.AdminMgr)

Aggregations

AdminMgr (org.apache.directory.fortress.core.AdminMgr)104 SecurityException (org.apache.directory.fortress.core.SecurityException)89 Role (org.apache.directory.fortress.core.model.Role)40 User (org.apache.directory.fortress.core.model.User)39 UserRole (org.apache.directory.fortress.core.model.UserRole)35 ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)27 Permission (org.apache.directory.fortress.core.model.Permission)18 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)16 SDSet (org.apache.directory.fortress.core.model.SDSet)12 DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)11 PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)7 PermObj (org.apache.directory.fortress.core.model.PermObj)7 AccessMgr (org.apache.directory.fortress.core.AccessMgr)6 PermissionAttributeSet (org.apache.directory.fortress.core.model.PermissionAttributeSet)3 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)1 FinderException (org.apache.directory.fortress.core.FinderException)1 AdminRole (org.apache.directory.fortress.core.model.AdminRole)1 Session (org.apache.directory.fortress.core.model.Session)1 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)1