Search in sources :

Example 11 with SecurityException

use of org.apache.directory.fortress.core.SecurityException in project directory-fortress-core by apache.

the class FortressAntTask method addContainers.

/**
 * @throws BuildException An error occurred while building
 */
private void addContainers() throws BuildException {
    if (addcontainers == null) {
        return;
    }
    // Loop through the entityclass elements
    for (Addcontainer addcontainer : addcontainers) {
        List<OrganizationalUnit> containers = addcontainer.getContainers();
        for (OrganizationalUnit ou : containers) {
            LOG.info("addContainers tenant={} name={} description={}", getTenant(), ou.getName(), ou.getDescription());
            try {
                OrganizationalUnitP op = new OrganizationalUnitP();
                // Normally this info would be passed in via a manager constructor.  Since these methods aren't implemented by a manager, we must do this here:
                if (!StringUtils.isEmpty(TENANT) && !TENANT.equals("${tenant}")) {
                    ou.setContextId(TENANT);
                }
                op.add(ou);
            } catch (SecurityException se) {
                LOG.warn("addContainers tenant={} name [{}] caught SecurityException={}", getTenant(), ou.getName(), se.getMessage());
            }
        }
    }
}
Also used : OrganizationalUnitP(org.apache.directory.fortress.core.impl.OrganizationalUnitP) OrganizationalUnit(org.apache.directory.fortress.core.model.OrganizationalUnit) SecurityException(org.apache.directory.fortress.core.SecurityException)

Example 12 with SecurityException

use of org.apache.directory.fortress.core.SecurityException in project directory-fortress-core by apache.

the class CommandLineInterpreter method processSystemCommand.

/**
 * @param commands
 * @param options
 */
private void processSystemCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(CREATE_SESSION)) {
            command = CREATE_SESSION;
            LOG.info(READ_USER);
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, false);
            printSession(session);
        } else if (commands.contains(AUTHENTICATE)) {
            command = AUTHENTICATE;
            LOG.info(command);
            User inUser = options.getUser();
            Session session = accessMgr.authenticate(inUser.getUserId(), inUser.getPassword());
            printSession(session);
        } else if (commands.contains(ASSIGNED_ROLES)) {
            command = ASSIGNED_ROLES;
            LOG.info(command);
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, true);
            List<UserRole> uRoles = accessMgr.sessionRoles(session);
            if (uRoles != null) {
                for (UserRole ur : uRoles) {
                    printTemporal("R", ur, "RBACROLE");
                    printSeparator();
                }
            }
        } else if (commands.contains(CHECK_ACCESS)) {
            command = CHECK_ACCESS;
            LOG.info(command);
            Permission inPerm = options.getPermission();
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, true);
            boolean result = accessMgr.checkAccess(session, inPerm);
            printRow("CA", "PERM", "" + result);
        } else {
            LOG.warn("unknown system operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (SecurityException se) {
        String error = "processSystemCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) UserRole(org.apache.directory.fortress.core.model.UserRole) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session)

Example 13 with SecurityException

use of org.apache.directory.fortress.core.SecurityException in project directory-fortress-core by apache.

the class CommandLineInterpreter method processGroupCommand.

/**
 * @param commands
 * @param options
 */
private void processGroupCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(ADD_GROUP)) {
            command = ADD_GROUP;
            LOG.info(command);
            Group group = options.getGroup();
            groupMgr.add(group);
        } else if (commands.contains(UPDATE_GROUP)) {
            command = UPDATE_GROUP;
            LOG.info(command);
            Group group = options.getGroup();
            groupMgr.update(group);
        } else if (commands.contains(DELETE_GROUP)) {
            command = DELETE_GROUP;
            LOG.info(command);
            Group group = options.getGroup();
            groupMgr.delete(group);
        } else if (commands.contains(READ_GROUP)) {
            command = READ_GROUP;
            LOG.info(command);
            Group group = options.getGroup();
            Group outGroup = groupMgr.read(group);
            printGroup(outGroup);
        } else if (commands.contains(FIND_GROUP)) {
            command = FIND_GROUP;
            LOG.info(command);
            Group inGroup = options.getGroup();
            List<Group> groups = groupMgr.find(inGroup);
            if (CollectionUtils.isNotEmpty(groups)) {
                for (Group outGroup : groups) {
                    printGroup(outGroup);
                }
            }
        } else if (commands.contains(ASSIGN_GROUP)) {
            command = ASSIGN_GROUP;
            LOG.info(command);
            Group group = options.getGroup();
            if (CollectionUtils.isNotEmpty(group.getMembers())) {
                for (String member : group.getMembers()) {
                    groupMgr.assign(group, member);
                }
            }
        } else if (commands.contains(DEASSIGN_GROUP)) {
            command = DEASSIGN_GROUP;
            LOG.info(command);
            Group group = options.getGroup();
            if (CollectionUtils.isNotEmpty(group.getMembers())) {
                for (String member : group.getMembers()) {
                    groupMgr.deassign(group, member);
                }
            }
        } else if (commands.contains(ADD_GROUP_PROP)) {
            command = ADD_GROUP_PROP;
            LOG.info(command);
            Group group = options.getGroup();
            if (PropUtil.isNotEmpty(group.getProperties())) {
                for (Enumeration<?> e = group.getProperties().propertyNames(); e.hasMoreElements(); ) {
                    String key = (String) e.nextElement();
                    String val = group.getProperty(key);
                    groupMgr.add(group, key, val);
                }
            }
        } else if (commands.contains(DELETE_GROUP_PROP)) {
            command = DELETE_GROUP_PROP;
            LOG.info(command);
            Group group = options.getGroup();
            if (PropUtil.isNotEmpty(group.getProperties())) {
                for (Enumeration<?> e = group.getProperties().propertyNames(); e.hasMoreElements(); ) {
                    String key = (String) e.nextElement();
                    String val = group.getProperty(key);
                    groupMgr.delete(group, key, val);
                }
            }
        } else {
            LOG.warn("unknown group operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (SecurityException se) {
        String error = "processGroupCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}
Also used : Group(org.apache.directory.fortress.core.model.Group) Enumeration(java.util.Enumeration) SecurityException(org.apache.directory.fortress.core.SecurityException)

Example 14 with SecurityException

use of org.apache.directory.fortress.core.SecurityException in project directory-fortress-core by apache.

the class CommandLineInterpreter method processAdminCommand.

/**
 * @param commands
 * @param options
 */
private void processAdminCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(ADD_USER)) {
            command = ADD_USER;
            LOG.info(command);
            User user = options.getUser();
            adminMgr.addUser(user);
        } else if (commands.contains(UPDATE_USER)) {
            command = UPDATE_USER;
            LOG.info(command);
            User user = options.getUser();
            adminMgr.updateUser(user);
        } else if (commands.contains(DELETE_USER)) {
            command = DELETE_USER;
            LOG.info(command);
            User user = options.getUser();
            adminMgr.deleteUser(user);
        } else if (commands.contains(ADD_ROLE)) {
            command = ADD_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            adminMgr.addRole(role);
        } else if (commands.contains(UPDATE_ROLE)) {
            command = UPDATE_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            adminMgr.updateRole(role);
        } else if (commands.contains(DELETE_ROLE)) {
            command = DELETE_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            adminMgr.deleteRole(role);
        } else if (commands.contains(ASSIGN_ROLE)) {
            command = ASSIGN_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            String userId = options.getUserId();
            adminMgr.assignUser(new UserRole(userId, role));
        } else if (commands.contains(DEASSIGN_ROLE)) {
            command = DEASSIGN_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            String userId = options.getUserId();
            adminMgr.deassignUser(new UserRole(userId, role));
        } else if (commands.contains(ADD_ROLE_INHERITANCE)) {
            command = ADD_ROLE_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            adminMgr.addInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
        } else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
            command = DELETE_ROLE_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            adminMgr.deleteInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
        } else if (commands.contains(ADD_POBJ)) {
            command = ADD_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            adminMgr.addPermObj(permObj);
        } else if (commands.contains(UPDATE_POBJ)) {
            command = UPDATE_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            adminMgr.updatePermObj(permObj);
        } else if (commands.contains(DELETE_POBJ)) {
            command = DELETE_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            adminMgr.deletePermObj(permObj);
        } else if (commands.contains(ADD_PERM)) {
            command = ADD_PERM;
            LOG.info(command);
            Permission perm = options.getPermission();
            adminMgr.addPermission(perm);
        } else if (commands.contains(UPDATE_PERM)) {
            command = UPDATE_PERM;
            LOG.info(command);
            Permission perm = options.getPermission();
            adminMgr.updatePermission(perm);
        } else if (commands.contains(DELETE_PERM)) {
            command = DELETE_PERM;
            LOG.info(command);
            Permission permObj = options.getPermission();
            adminMgr.deletePermission(permObj);
        } else if (commands.contains(GRANT)) {
            command = GRANT;
            LOG.info(command);
            Permission perm = options.getPermission();
            Role role = options.getRole();
            role.setName(options.getRoleNm());
            adminMgr.grantPermission(perm, role);
        } else if (commands.contains(REVOKE)) {
            command = REVOKE;
            LOG.info(command);
            Permission perm = options.getPermission();
            Role role = options.getRole();
            role.setName(options.getRoleNm());
            adminMgr.revokePermission(perm, role);
        } else if (commands.contains(CREATE_SSD_SET)) {
            command = CREATE_SSD_SET;
            LOG.info(command);
            SDSet ssd = options.getSdSet();
            ssd.setType(SDSet.SDType.STATIC);
            adminMgr.createSsdSet(ssd);
        } else if (commands.contains(DELETE_SSD_SET)) {
            command = DELETE_SSD_SET;
            LOG.info(command);
            SDSet ssd = options.getSdSet();
            ssd.setType(SDSet.SDType.STATIC);
            adminMgr.deleteSsdSet(ssd);
        } else if (commands.contains(CREATE_DSD_SET)) {
            command = CREATE_DSD_SET;
            LOG.info(command);
            SDSet ssd = options.getSdSet();
            ssd.setType(SDSet.SDType.DYNAMIC);
            adminMgr.createDsdSet(ssd);
        } else if (commands.contains(DELETE_DSD_SET)) {
            command = DELETE_DSD_SET;
            LOG.info(command);
            SDSet ssd = options.getSdSet();
            ssd.setType(SDSet.SDType.DYNAMIC);
            adminMgr.deleteDsdSet(ssd);
        } else if (commands.contains(CHANGE_PASSWORD)) {
            command = CHANGE_PASSWORD;
            LOG.info(command);
            User user = options.getUser();
            String newPassword = options.getNewPassword();
            adminMgr.changePassword(user, newPassword);
        } else if (commands.contains(RESET_PASSWORD)) {
            command = RESET_PASSWORD;
            LOG.info(command);
            User user = options.getUser();
            String newPassword = options.getNewPassword();
            adminMgr.resetPassword(user, newPassword);
        } else if (commands.contains(LOCK_USER_ACCOUNT)) {
            command = LOCK_USER_ACCOUNT;
            LOG.info(command);
            User user = options.getUser();
            adminMgr.lockUserAccount(user);
        } else if (commands.contains(UNLOCK_USER_ACCOUNT)) {
            command = UNLOCK_USER_ACCOUNT;
            LOG.info(command);
            User user = options.getUser();
            adminMgr.unlockUserAccount(user);
        } else {
            LOG.warn("unknown admin operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (SecurityException se) {
        String error = "processAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) SDSet(org.apache.directory.fortress.core.model.SDSet) PermObj(org.apache.directory.fortress.core.model.PermObj) User(org.apache.directory.fortress.core.model.User) UserRole(org.apache.directory.fortress.core.model.UserRole) Relationship(org.apache.directory.fortress.core.model.Relationship) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException)

Example 15 with SecurityException

use of org.apache.directory.fortress.core.SecurityException in project directory-fortress-core by apache.

the class CommandLineInterpreter method processReviewCommand.

/**
 * @param commands
 * @param options
 */
private void processReviewCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(READ_USER)) {
            command = READ_USER;
            LOG.info(READ_USER);
            User inUser = options.getUser();
            User outUser = reviewMgr.readUser(inUser);
            printUser(outUser);
        } else if (commands.contains(FIND_USERS)) {
            command = FIND_USERS;
            LOG.info(command);
            User user = options.getUser();
            List<User> outUsers = reviewMgr.findUsers(user);
            if (CollectionUtils.isNotEmpty(outUsers)) {
                int ctr = 0;
                for (User outUser : outUsers) {
                    printRow("U", "CTR ", "" + ctr++);
                    printUser(outUser);
                }
            }
        } else if (commands.contains(ASSIGNED_USERS)) {
            command = ASSIGNED_USERS;
            LOG.info(command);
            Role inRole = options.getRole();
            List<User> outUsers = reviewMgr.assignedUsers(inRole);
            if (CollectionUtils.isNotEmpty(outUsers)) {
                for (User outUser : outUsers) {
                    printUser(outUser);
                }
            }
        } else if (commands.contains(READ_ROLE)) {
            command = READ_ROLE;
            LOG.info(command);
            Role inRole = options.getRole();
            Role outRole = reviewMgr.readRole(inRole);
            printRole(outRole);
        } else if (commands.contains(FIND_ROLES)) {
            command = FIND_ROLES;
            LOG.info(command);
            String inRoleNm = options.getName();
            List<Role> outRoles = reviewMgr.findRoles(inRoleNm);
            if (CollectionUtils.isNotEmpty(outRoles)) {
                int ctr = 0;
                for (Role outRole : outRoles) {
                    printSeparator();
                    printRow("R", "ROLE[" + ++ctr + "]", outRole.getName());
                    printRole(outRole);
                }
            }
        } else if (commands.contains(ASSIGNED_ROLES)) {
            command = ASSIGNED_ROLES;
            LOG.info(command);
            String userId = options.getUserId();
            List<UserRole> uRoles = reviewMgr.assignedRoles(new User(userId));
            if (uRoles != null) {
                for (UserRole ur : uRoles) {
                    printTemporal("R", ur, "RBACROLE");
                    printSeparator();
                }
            }
        } else if (commands.contains(READ_POBJ)) {
            command = READ_POBJ;
            LOG.info(command);
            PermObj inPermObj = options.getPermObj();
            PermObj outPermObj = reviewMgr.readPermObj(inPermObj);
            printPermObj(outPermObj);
        } else if (commands.contains(FIND_POBJS)) {
            command = FIND_POBJS;
            LOG.info(command);
            PermObj inPermObj = options.getPermObj();
            List<PermObj> outPermObjs = reviewMgr.findPermObjs(inPermObj);
            if (CollectionUtils.isNotEmpty(outPermObjs)) {
                int ctr = 0;
                for (PermObj outPermObj : outPermObjs) {
                    printSeparator();
                    printRow("PO", "POBJ[" + ++ctr + "]", outPermObj.getObjName());
                    printPermObj(outPermObj);
                }
            }
        } else if (commands.contains(READ_PERM)) {
            command = READ_PERM;
            LOG.info(command);
            Permission inPerm = options.getPermission();
            Permission outPerm = reviewMgr.readPermission(inPerm);
            printPermission(outPerm);
        } else if (commands.contains(FIND_PERMS)) {
            command = FIND_PERMS;
            LOG.info(command);
            Permission inPerm = options.getPermission();
            List<Permission> outPerms = reviewMgr.findPermissions(inPerm);
            if (CollectionUtils.isNotEmpty(outPerms)) {
                int ctr = 0;
                for (Permission outPerm : outPerms) {
                    printSeparator();
                    printRow("P", "PERM[" + ++ctr + "]", outPerm.getAbstractName());
                    printPermission(outPerm);
                }
            }
        } else {
            LOG.warn("unknown review operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (SecurityException se) {
        String error = "processReviewCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) PermObj(org.apache.directory.fortress.core.model.PermObj) User(org.apache.directory.fortress.core.model.User) UserRole(org.apache.directory.fortress.core.model.UserRole) Permission(org.apache.directory.fortress.core.model.Permission) ArrayList(java.util.ArrayList) List(java.util.List) SecurityException(org.apache.directory.fortress.core.SecurityException) Constraint(org.apache.directory.fortress.core.model.Constraint)

Aggregations

SecurityException (org.apache.directory.fortress.core.SecurityException)441 FortRequest (org.apache.directory.fortress.core.model.FortRequest)152 FortResponse (org.apache.directory.fortress.core.model.FortResponse)152 User (org.apache.directory.fortress.core.model.User)125 AdminMgr (org.apache.directory.fortress.core.AdminMgr)89 UserRole (org.apache.directory.fortress.core.model.UserRole)88 Role (org.apache.directory.fortress.core.model.Role)66 ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)65 Session (org.apache.directory.fortress.core.model.Session)59 Permission (org.apache.directory.fortress.core.model.Permission)56 AccessMgr (org.apache.directory.fortress.core.AccessMgr)41 DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)39 SDSet (org.apache.directory.fortress.core.model.SDSet)37 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)36 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)34 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)33 AdminRole (org.apache.directory.fortress.core.model.AdminRole)25 PermObj (org.apache.directory.fortress.core.model.PermObj)22 Group (org.apache.directory.fortress.core.model.Group)19 PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)17