Examples with ReviewMgr org.apache.directory.fortress.core.ReviewMgr used on opensource projects

Example 16 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreateRoleSample method testCreateComplexRole.

/**
 * Demonstrate the creation of Roles that contains temporal constraints.  These constraints are used to control
 * the day, date, and time of Role activation.  They also can enforce mandatory blackout periods for Role activation.
 */
public static void testCreateComplexRole() {
    String szLocation = ".testCreateComplexRole";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Create roles, sampleRole2 - sampleRole10
        for (int i = 1; i < 11; i++) {
            // Instantiate the Role entity.
            Role inRole = new Role(TEST_ROLE_PREFIX + i);
            // Set the Role start date to Jan 1, 2011:
            inRole.setBeginDate("20110101");
            // Set the Role end date to never:
            inRole.setEndDate("none");
            // Set the role begin time to 1 am:
            inRole.setBeginTime("0100");
            // Set the role end time to midnight.  This role cannot be activated between hours of midnight and 1 am.
            inRole.setEndTime("0000");
            // set the day mask to Mon, Tue, Wed, Thur, Fri, Sat.  Role can't be activated on Sunday.
            inRole.setDayMask("234567");
            // set the begin lock date to Jan 15, 2011
            inRole.setBeginLockDate("20110115");
            // set the end lock date to Feb 15, 2011 - of course this lockout occurred in the past.
            inRole.setEndLockDate("20110215");
            // Add the Role entity to the directory.
            adminMgr.addRole(inRole);
            // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
            ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
            // now read the newly created Role entity back:
            Role outRole = reviewMgr.readRole(inRole);
            assertTrue(szLocation + " failed read", inRole.equals(outRole));
            LOG.info(szLocation + " role [" + outRole.getName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 17 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreateRoleSample method testCreateSimpleRole.

/**
 * Demonstrate simple Role creation.  Roles may be assigned to Users or may be targets for Permission grants.
 */
public static void testCreateSimpleRole() {
    String szLocation = ".testCreateSimpleRole";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // At its simplest a Role contains only a name.
        Role inRole = new Role(TEST_SIMPLE_ROLE);
        // Call the API to actually add the Role to ldap.
        adminMgr.addRole(inRole);
        // Instantiate the ReviewMgr implementation which is used to interrogate RBAC policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // now read the newly created Role entity back:
        Role outRole = reviewMgr.readRole(inRole);
        assertTrue(szLocation + " failed read", inRole.equals(outRole));
        LOG.info(szLocation + " [" + outRole.getName() + "] success");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 18 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreateUserRoleSample method testAssignComplexRole.

/**
 */
public static void testAssignComplexRole() {
    String szLocation = ".testAssignComplexRole";
    // The key for User entity is the userId attribute.
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Create roles, sampleRole1 - sampleRole10
        for (int i = 1; i < 11; i++) {
            // OpenAccessManagers UserRole entity may override Role's temporal constraints.
            // The key for User-Role addition is userId and role name.
            UserRole inUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
            // Set some random constraints, whatever doesn't get set here will be provided by Constraints in corresponding Role defined in {@code ou=Roles}.
            // Don't set Role start date (accept default):
            // Override default on Role end date:
            inUserRole.setEndDate("21410101");
            // Override Role beginTime:
            inUserRole.setBeginTime("0000");
            // Don't set the Role endTime.
            // Override Role dayMask to Mon, Tue, Wed, Thur, Fri, Sat & Sun.
            inUserRole.setDayMask("1234567");
            // Override the Role beginLockDate to Jan 15, 2112
            inUserRole.setBeginLockDate("21120115");
            // Override the Role endLockDate to Feb 15, 2112.
            inUserRole.setEndLockDate("21120215");
            // Call the API to assign the Role to the User entity.  This will add 'oamRA' and 'oamRC' attributes to the 'oamUserAttrs' object class.
            adminMgr.assignUser(inUserRole);
        }
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Return the list of Roles assigned to User.  The User - Role assignments are loaded into the UserRole entity:
        List<UserRole> assignedRoles = reviewMgr.assignedRoles(inUser);
        // Iterate over list of Roles assigned to User.
        for (UserRole userRole : assignedRoles) {
            LOG.info(szLocation + " userId [" + userRole.getUserId() + " roleNm [" + userRole.getName() + "]");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 19 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreateUserRoleSample method testDeassignRoles.

/**
 */
public static void testDeassignRoles() {
    String szLocation = ".testDeassignRoles";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    // The key for User entity is the userId attribute.
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // This should return null because all Roles assigned to User were removed above:
        List<UserRole> assignedRoles = reviewMgr.assignedRoles(inUser);
        if (assignedRoles != null) {
            // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
            AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
            for (UserRole uRole : assignedRoles) {
                // Call the API to deassign the Role from the User entity.  This will remove 'oamRA' and 'oamRC' attributes from the 'oamUserAttrs' object class.
                adminMgr.deassignUser(uRole);
            }
        }
        // This should return null because all Roles assigned to User were removed above:
        assignedRoles = reviewMgr.assignedRoles(inUser);
        assertTrue(szLocation + " failed deassign test", assignedRoles.size() == 0);
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 20 with ReviewMgr

use of org.apache.directory.fortress.core.ReviewMgr in project directory-fortress-core by apache.

the class CreateUserSample method testDeleteUser.

/**
 * The deleteUser will completely remove the User data from the LDAP directory.  There is also a 'softDelete' that
 * can be used to disable the User if hard delete is not the aim.
 */
public static void testDeleteUser() {
    String szLocation = ".testDeleteUser";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        User inUser = new User(TEST_USERID);
        adminMgr.deleteUser(inUser);
        // now read it back:
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        try {
            // this should fail because User was deleted above:
            reviewMgr.readUser(inUser);
            fail(szLocation + " user [" + inUser.getUserId() + "] delete failed");
        } catch (SecurityException se) {
            assertTrue(szLocation + " excep id check", se.getErrorId() == GlobalErrIds.USER_NOT_FOUND);
        // pass
        }
        LOG.info(szLocation + " user [" + inUser.getUserId() + "] success");
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}