Examples with ReviewMgr org.apache.directory.fortress.core.ReviewMgr used on opensource projects

Example 71 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreatePermSample method testGrantPermissionUser.

/**
 * Fortress allows Permissions to be granted directly to User entities.  Note this is not an RBAC specified
 * capability but can otherwise be useful for certain circumstances.
 */
public static void testGrantPermissionUser() {
    String szLocation = ".testGrantPermissionUser";
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over perms...
        for (int i = 1; i < 6; i++) {
            // Permissions contain Object to Operation mapping and once created can then be targeted for assignment to User entities in ldap:
            Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + i);
            // This API add a 'oamUsers' attribute associated with User to the 'oamOperation' ldap object class:
            adminMgr.grantPermission(inPerm, inUser);
            LOG.info(szLocation + " permission user [" + inUser.getUserId() + "] object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
        }
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over roles...
        for (int i = 1; i < 6; i++) {
            // now read the list of Permissions that have been granted to the test User:
            List<Permission> assignedUserPerms = reviewMgr.userPermissions(inUser);
            assertTrue(szLocation + " list check, expected: 5, actual:" + assignedUserPerms.size(), assignedUserPerms.size() == 5);
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 72 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreatePermSample method testRevokePermissionRole.

/**
 * This test will remove the RBAC Role name associated with a particular Permission Operation node in ldap.
 */
public static void testRevokePermissionRole() {
    String szLocation = ".testRevokePermissionRole";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over roles...
        for (int i = 1; i < 11; i++) {
            Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
            List<Permission> perms = reviewMgr.rolePermissions(inRole);
            for (Permission perm : perms) {
                // This API removes the 'oamRoles' attribute associated with Role from the 'oamOperation' ldap object class:
                adminMgr.revokePermission(perm, inRole);
            }
        }
        // Iterate to ensure all Operation entities no longer contain Role assignments (for test purposes only):
        for (int j = 1; j < 6; j++) {
            // Permissions contain Object to Operation mapping and once created can then be targeted for assignment to Role entities in ldap:
            Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + j);
            // now retrieve the list of Roles that are still assigned to perm.  This should be a null list because of revocation performed above:
            List<String> assignedRoles = reviewMgr.permissionRoles(inPerm);
            assertTrue(assignedRoles.size() == 0);
            LOG.info(szLocation + " permission roles revocation check for object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] revocation success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 73 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreatePermSample method testAddPermOperations.

/**
 * The Permission entity contains operation name along with any assigned Role and User entities.  The Permission
 * ldap node is located as child node of Permission Object node.
 */
public static void testAddPermOperations() {
    String szLocation = ".testAddPermOperations";
    try {
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        for (int i = 1; i < 6; i++) {
            // The Permission entity is associated with PermObj (name) entity and is uniquely identified by Operation name:
            Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + i);
            // The Permission entity will be a child node of specified PermObject entity.
            adminMgr.addPermission(inPerm);
            // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
            ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
            // now read the newly created Permission entity back.
            Permission outPerm = reviewMgr.readPermission(inPerm);
            // Do some validations.
            assertNotNull(outPerm);
            assertTrue(szLocation + " failed permission check", outPerm.equals(inPerm));
            LOG.info(szLocation + " permission object [" + outPerm.getObjName() + "] operation name [" + outPerm.getOpName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 74 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class GroupMgrImpl method loadUserDns.

private void loadUserDns(Group group) throws SecurityException {
    if (CollectionUtils.isNotEmpty(group.getMembers())) {
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
        List<String> userDns = new ArrayList<String>();
        for (String member : group.getMembers()) {
            User user = reviewMgr.readUser(new User(member));
            userDns.add(user.getDn());
        }
        group.setMembers(userDns);
    }
}

Example 75 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class GroupMgrImpl method loadRoleDn.

private void loadRoleDn(Role inRole) throws SecurityException {
    ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
    Role outRole = reviewMgr.readRole(inRole);
    inRole.setDn(outRole.getDn());
}