Examples with ReviewMgr org.apache.directory.fortress.core.ReviewMgr used on opensource projects

Example 11 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreatePermSample method testDelPermObjects.

/**
 * Removal of Permission Object node from ldap will also remove any child Operation nodes that are located
 * directly below.
 */
public static void testDelPermObjects() {
    String szLocation = ".testDelPermObjects";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // this will remove the object along with any operations associated with it:
        adminMgr.deletePermObj(new PermObj(TEST_PERM_OBJECT, CreatePermOrgSample.TEST_PERM_OU_NM));
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        try {
            // this should fail:
            reviewMgr.readPermObj(new PermObj(TEST_PERM_OBJECT));
            fail(szLocation + " permission object delete failed");
        } catch (SecurityException se) {
            assertTrue(szLocation + " excep id check", se.getErrorId() == GlobalErrIds.PERM_OBJ_NOT_FOUND);
        // pass
        }
        LOG.info(szLocation + " permission object [" + TEST_PERM_OBJECT + "] success");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 12 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreatePermSample method testAddPermObjects.

/**
 * The Fortress object entity must be created before operations may be granted.  There is a one-to-many
 * relationship between objects and operations.
 */
public static void testAddPermObjects() {
    String szLocation = ".testAddPermObjects";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Add the PermObj entity to ldap.  The PermObj entity must have a name and an OrgUnit affiliation.
        adminMgr.addPermObj(new PermObj(TEST_PERM_OBJECT, CreatePermOrgSample.TEST_PERM_OU_NM));
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // now read the newly created Object entity back:
        PermObj outObj = reviewMgr.readPermObj(new PermObj(TEST_PERM_OBJECT));
        // Do some validations.
        assertNotNull(outObj);
        assertTrue(szLocation + " failed obj name check", TEST_PERM_OBJECT.equals(outObj.getObjName()));
        assertTrue(szLocation + " failed obj ou check", CreatePermOrgSample.TEST_PERM_OU_NM.equals(outObj.getOu()));
        LOG.info(szLocation + " permission object [" + outObj.getObjName() + "] success");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 13 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreatePermSample method testRevokePermissionUser.

/**
 * Test will remove the associated User attribute from Permission Operation nodes in LDAP.
 */
public static void testRevokePermissionUser() {
    String szLocation = ".testRevokePermissionUser";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over perms...
        for (int i = 1; i < 6; i++) {
            // Permissions contain Object to Operation mapping and once created can then be targeted for assignment of User entities in ldap:
            Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + i);
            // This API will remove the 'oamUsers' attribute associated with User in 'oamOperation' ldap object class:
            adminMgr.revokePermission(inPerm, inUser);
            // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
            ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
            // now read the list of Users that are still granted.  This should be a null list because of revocation performed above:
            List<String> assignedUsers = reviewMgr.permissionUsers(inPerm);
            assertTrue(assignedUsers.size() == 0);
            LOG.info(szLocation + " permission user [" + inUser.getUserId() + "] object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 14 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreatePermSample method testGrantPermissionRole.

/**
 * Permissions contain a multi-occurring String attribute that contains the Role name(s) for which it is granted to.
 * The checkAccess method will determine if User has been assigned to a Role that Permission has been granted to.
 */
public static void testGrantPermissionRole() {
    String szLocation = ".testGrantPermissionRole";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over roles...
        for (int i = 1; i < 11; i++) {
            Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
            for (int j = 1; j < 6; j++) {
                // Permissions contain Object to Operation mapping and once created can then be targeted for assignment to Role entities in ldap:
                Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + j);
                // This API add a 'oamRoles' attribute associated with Role to the 'oamOperation' ldap object class:
                adminMgr.grantPermission(inPerm, inRole);
                LOG.info(szLocation + " permission role [" + inRole.getName() + "] object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
            }
        }
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Iterate test to ensure that all Roles contain the associated Operation assignments:
        for (int i = 1; i < 11; i++) {
            // Create this Role to interrogate the system to return all assigned Operation entities:
            Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
            // Read the list of permissions that have been granted to test Role:
            List<Permission> assignedPerms = reviewMgr.rolePermissions(inRole);
            assertTrue(szLocation + " list check, expected: 5, actual:" + assignedPerms.size(), assignedPerms.size() == 5);
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 15 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreateRoleSample method testCreateSimpleRole2.

public static void testCreateSimpleRole2() {
    String szLocation = ".testCreateSimpleRole2";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        for (String roleName : TEST_SIMPLE_ROLE2) {
            // At its simplest a Role contains only a name.
            Role inRole = new Role(roleName);
            // Call the API to actually add the Role to ldap.
            adminMgr.addRole(inRole);
            // Instantiate the ReviewMgr implementation which is used to interrogate RBAC policy information.
            ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
            // now read the newly created Role entity back:
            Role outRole = reviewMgr.readRole(inRole);
            assertTrue(szLocation + " failed read", inRole.equals(outRole));
            LOG.info(szLocation + " [" + outRole.getName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}