Examples with AuthorizationException org.apache.directory.fortress.core.AuthorizationException used on opensource projects

Search in sources :

Example 1 with AuthorizationException

use of org.apache.directory.fortress.core.AuthorizationException in project directory-fortress-core by apache.

the class AdminUtil method checkAccess.

/**
 * Wrapper function to call {@link DelAccessMgrImpl#checkAccess(org.apache.directory.fortress.core.model.Session, Permission)}.
 * Perform user arbac authorization.  This function returns a Boolean value meaning whether the subject of a given session is
 * allowed or not to perform a given operation on a given object. The function is valid if and
 * only if the session is a valid Fortress session, the object is a member of the OBJS data set,
 * and the operation is a member of the OPS data set. The session's subject has the permission
 * to perform the operation on that object if and only if that permission is assigned to (at least)
 * one of the session's active roles. This implementation will verify the roles or userId correspond
 * to the subject's active roles are registered in the object's access control list.
 *
 * @param session This object must be instantiated by calling {@link org.apache.directory.fortress.core.AccessMgr#createSession} method before passing into the method.  No variables need to be set by client after returned from createSession.
 * @param perm    object contains obj attribute which is a String and contains the name of the object user is trying to access;
 *                perm object contains operation attribute which is also a String and contains the operation name for the object.
 * @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
 * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
 */
static void checkAccess(Session session, Permission perm, String contextId) throws SecurityException {
    if (session != null) {
        DelAccessMgr dAccessMgr = DelAccessMgrFactory.createInstance(contextId);
        boolean result = dAccessMgr.checkAccess(session, perm);
        if (!result) {
            String info = "checkAccess failed for user [" + session.getUserId() + "] object [" + perm.getObjName() + "] operation [" + perm.getOpName() + "]";
            throw new AuthorizationException(GlobalErrIds.USER_ADMIN_NOT_AUTHORIZED, info);
        }
    }
}
Also used : AuthorizationException(org.apache.directory.fortress.core.AuthorizationException) DelAccessMgr(org.apache.directory.fortress.core.DelAccessMgr)

Aggregations

AuthorizationException (org.apache.directory.fortress.core.AuthorizationException)1 DelAccessMgr (org.apache.directory.fortress.core.DelAccessMgr)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial