Search in sources :

Example 1 with FinderException

use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.

the class AdminMgrImpl method removeRoleConstraint.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void removeRoleConstraint(UserRole uRole, String roleConstraintId) throws SecurityException {
    String methodName = "assignUser";
    assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
    AdminUtil.canDeassign(uRole.getAdminSession(), new User(uRole.getUserId()), new Role(uRole.getName()), contextId);
    // find role constraint that needs removed
    boolean found = false;
    List<UserRole> userRoles = userP.read(new User(uRole.getUserId()), true).getRoles();
    for (UserRole ur : userRoles) {
        // find matching name
        if (ur.getName().equals(uRole.getName())) {
            // find matching constraint
            List<RoleConstraint> rcs = ur.getRoleConstraints();
            for (RoleConstraint rc : rcs) {
                if (rc.getId().equals(roleConstraintId)) {
                    userP.deassign(uRole, rc);
                    found = true;
                    break;
                }
            }
        }
    }
    if (!found) {
        throw new FinderException(GlobalErrIds.RCON_NOT_FOUND, "Role constraint with id " + roleConstraintId + " not found");
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserRole(org.apache.directory.fortress.core.model.UserRole) FinderException(org.apache.directory.fortress.core.FinderException) User(org.apache.directory.fortress.core.model.User) UserRole(org.apache.directory.fortress.core.model.UserRole) RoleConstraint(org.apache.directory.fortress.core.model.RoleConstraint) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 2 with FinderException

use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.

the class AdminRoleDAO method findAssignedRoles.

/**
 * @param userDn
 * @return
 * @throws FinderException
 */
List<String> findAssignedRoles(String userDn, String contextId) throws FinderException {
    List<String> roleNameList = new ArrayList<>();
    LdapConnection ld = null;
    String roleRoot = getRootDn(contextId, GlobalIds.ADMIN_ROLE_ROOT);
    try {
        String filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")";
        filter += "(" + ROLE_OCCUPANT + "=" + userDn + "))";
        ld = getAdminConnection();
        SearchCursor searchResults = search(ld, roleRoot, SearchScope.ONELEVEL, filter, ROLE_NM_ATR, false, GlobalIds.BATCH_SIZE);
        while (searchResults.next()) {
            roleNameList.add(getAttribute(searchResults.getEntry(), ROLE_NM));
        }
    } catch (LdapException e) {
        String error = "findAssignedRoles userDn [" + userDn + "] caught LdapException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ARLE_OCCUPANT_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "findAssignedRoles userDn [" + userDn + "] caught CursorException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ARLE_OCCUPANT_SEARCH_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return roleNameList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 3 with FinderException

use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.

the class AdminRoleDAO method getAllDescendants.

/**
 * @param contextId
 * @return
 * @throws FinderException
 */
List<Graphable> getAllDescendants(String contextId) throws FinderException {
    String[] DESC_ATRS = { ROLE_NM, GlobalIds.PARENT_NODES };
    List<Graphable> descendants = new ArrayList<>();
    LdapConnection ld = null;
    String roleRoot = getRootDn(contextId, GlobalIds.ADMIN_ROLE_ROOT);
    String filter = null;
    try {
        filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")(" + GlobalIds.PARENT_NODES + "=*))";
        ld = getAdminConnection();
        SearchCursor searchResults = search(ld, roleRoot, SearchScope.ONELEVEL, filter, DESC_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            descendants.add(unloadDescendants(searchResults.getEntry(), sequence++));
        }
    } catch (LdapException e) {
        String error = "getAllDescendants filter [" + filter + "] caught LdapException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ARLE_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "getAllDescendants filter [" + filter + "] caught CursorException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.ARLE_SEARCH_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return descendants;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) Graphable(org.apache.directory.fortress.core.model.Graphable) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Example 4 with FinderException

use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.

the class AdminRoleP method removeOccupant.

/**
 * Remove the User dn occupant attribute from the OrganizationalRole entity in ldap.  This method is called by AdminMgrImpl
 * when the User is being deleted.
 *
 * @param userDn contains the userId targeted for attribute removal.
 * @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
 * @throws SecurityException in the event of DAO search error.
 */
void removeOccupant(String userDn, String contextId) throws SecurityException {
    List<String> list;
    try {
        list = rDao.findAssignedRoles(userDn, contextId);
        for (String roleNm : list) {
            AdminRole role = new AdminRole(roleNm);
            role.setContextId(contextId);
            deassign(role, userDn);
        }
    } catch (FinderException fe) {
        String error = "removeOccupant userDn [" + userDn + "] caught FinderException=" + fe;
        throw new SecurityException(GlobalErrIds.ARLE_REMOVE_OCCUPANT_FAILED, error, fe);
    }
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 5 with FinderException

use of org.apache.directory.fortress.core.FinderException in project directory-fortress-core by apache.

the class PermDAO method findPermissionOperations.

List<Permission> findPermissionOperations(PermObj permObj) throws FinderException {
    List<Permission> permList = new ArrayList<>();
    LdapConnection ld = null;
    String permRoot = getRootDn(permObj.isAdmin(), permObj.getContextId());
    try {
        String permObjVal = encodeSafeText(permObj.getObjName(), GlobalIds.PERM_LEN);
        StringBuilder filterbuf = new StringBuilder();
        filterbuf.append(GlobalIds.FILTER_PREFIX);
        filterbuf.append(PERM_OP_OBJECT_CLASS_NAME);
        filterbuf.append(")(");
        filterbuf.append(GlobalIds.POBJ_NAME);
        filterbuf.append("=");
        filterbuf.append(permObjVal);
        filterbuf.append("))");
        ld = getAdminConnection();
        SearchCursor searchResults = search(ld, permRoot, SearchScope.SUBTREE, filterbuf.toString(), PERMISSION_OP_ATRS, false, GlobalIds.BATCH_SIZE);
        long sequence = 0;
        while (searchResults.next()) {
            permList.add(unloadPopLdapEntry(searchResults.getEntry(), sequence++, permObj.isAdmin()));
        }
    } catch (LdapException e) {
        String error = "findPermissions caught LdapException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, error, e);
    } catch (CursorException e) {
        String error = "findPermissions caught CursorException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.PERM_SEARCH_FAILED, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return permList;
}
Also used : FinderException(org.apache.directory.fortress.core.FinderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) Permission(org.apache.directory.fortress.core.model.Permission) ArrayList(java.util.ArrayList) SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Aggregations

FinderException (org.apache.directory.fortress.core.FinderException)80 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)72 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)72 ArrayList (java.util.ArrayList)49 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)48 SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)48 Entry (org.apache.directory.api.ldap.model.entry.Entry)22 DefaultEntry (org.apache.directory.api.ldap.model.entry.DefaultEntry)21 LdapNoSuchObjectException (org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)17 Permission (org.apache.directory.fortress.core.model.Permission)10 User (org.apache.directory.fortress.core.model.User)8 SecurityException (org.apache.directory.fortress.core.SecurityException)7 DefaultModification (org.apache.directory.api.ldap.model.entry.DefaultModification)6 Modification (org.apache.directory.api.ldap.model.entry.Modification)6 UpdateException (org.apache.directory.fortress.core.UpdateException)6 Role (org.apache.directory.fortress.core.model.Role)6 UserRole (org.apache.directory.fortress.core.model.UserRole)6 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)5 AdminRole (org.apache.directory.fortress.core.model.AdminRole)4 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)4