Examples with AdminRole org.apache.directory.fortress.core.model.AdminRole used on opensource projects

Search in sources :

Example 6 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class CommandLineInterpreter method processDelegatedAdminCommand.

private void processDelegatedAdminCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(ADD_ROLE)) {
            command = ADD_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.addRole(role);
        } else if (commands.contains(UPDATE_ROLE)) {
            command = UPDATE_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.updateRole(role);
        } else if (commands.contains(DELETE_ROLE)) {
            command = DELETE_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.deleteRole(role);
        } else if (commands.contains(ASSIGN_ROLE)) {
            command = ASSIGN_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            String userId = options.getUserId();
            delAdminMgr.assignUser(new UserAdminRole(userId, role));
        } else if (commands.contains(DEASSIGN_ROLE)) {
            command = DEASSIGN_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            String userId = options.getUserId();
            delAdminMgr.deassignUser(new UserAdminRole(userId, role));
        } else if (commands.contains(ADD_ROLE_INHERITANCE)) {
            command = ADD_ROLE_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
        } else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
            command = DELETE_ROLE_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
        } else if (commands.contains(ADD_POBJ)) {
            command = ADD_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.addPermObj(permObj);
        } else if (commands.contains(UPDATE_POBJ)) {
            command = UPDATE_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.updatePermObj(permObj);
        } else if (commands.contains(DELETE_POBJ)) {
            command = DELETE_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.deletePermObj(permObj);
        } else if (commands.contains(ADD_PERM)) {
            command = ADD_PERM;
            LOG.info(command);
            Permission perm = options.getPermission();
            delAdminMgr.addPermission(perm);
        } else if (commands.contains(UPDATE_PERM)) {
            command = UPDATE_PERM;
            LOG.info(command);
            Permission perm = options.getPermission();
            delAdminMgr.updatePermission(perm);
        } else if (commands.contains(DELETE_PERM)) {
            command = DELETE_PERM;
            LOG.info(command);
            Permission permObj = options.getPermission();
            delAdminMgr.deletePermission(permObj);
        } else if (commands.contains(GRANT)) {
            command = GRANT;
            LOG.info(command);
            Permission perm = options.getPermission();
            AdminRole role = options.getAdminRole();
            role.setName(options.getRoleNm());
            delAdminMgr.grantPermission(perm, role);
        } else if (commands.contains(REVOKE)) {
            command = REVOKE;
            LOG.info(command);
            Permission perm = options.getPermission();
            AdminRole role = options.getAdminRole();
            role.setName(options.getRoleNm());
            delAdminMgr.revokePermission(perm, role);
        } else if (commands.contains(ADD_USERORG)) {
            command = ADD_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.add(orgUnit);
        } else if (commands.contains(UPDATE_USERORG)) {
            command = UPDATE_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.update(orgUnit);
        } else if (commands.contains(DELETE_USERORG)) {
            command = DELETE_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.delete(orgUnit);
        } else if (commands.contains(ADD_USERORG_INHERITANCE)) {
            command = ADD_USERORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
        } else if (commands.contains(DELETE_USERORG_INHERITANCE)) {
            command = DELETE_USERORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
        } else if (commands.contains(ADD_PERMORG)) {
            command = ADD_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.add(orgUnit);
        } else if (commands.contains(UPDATE_PERMORG)) {
            command = UPDATE_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.update(orgUnit);
        } else if (commands.contains(DELETE_PERMORG)) {
            command = DELETE_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.delete(orgUnit);
        } else if (commands.contains(ADD_PERMORG_INHERITANCE)) {
            command = ADD_PERMORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
        } else if (commands.contains(DELETE_PERMORG_INHERITANCE)) {
            command = DELETE_PERMORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
        } else {
            LOG.warn("unknown delegated admin operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (org.apache.directory.fortress.core.SecurityException se) {
        String error = "processDelegatedAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) OrgUnit(org.apache.directory.fortress.core.model.OrgUnit) org.apache.directory.fortress.core(org.apache.directory.fortress.core) PermObj(org.apache.directory.fortress.core.model.PermObj) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) Relationship(org.apache.directory.fortress.core.model.Relationship) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 7 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class Options method getAdminRole.

/**
 */
public AdminRole getAdminRole() {
    AdminRole role = new AdminRole();
    role.setDescription(getDescription());
    role.setBeginRange(getBeginRange());
    role.setEndRange(getEndRange());
    Boolean bVal = Boolean.valueOf(getBeginInclusive());
    role.setBeginInclusive(bVal);
    bVal = Boolean.valueOf(getEndInclusive());
    role.setEndInclusive(bVal);
    updateOsPs(role);
    updateOsUs(role);
    updateTemporal(role);
    return role;
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole)

Example 8 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelReviewMgrImpl method findRoles.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public List<AdminRole> findRoles(String searchVal) throws SecurityException {
    String methodName = "findRoles";
    VUtil.assertNotNull(searchVal, GlobalErrIds.ARLE_NM_NULL, CLS_NM + "." + methodName);
    checkAccess(CLS_NM, methodName);
    AdminRole adminRole = new AdminRole(searchVal);
    adminRole.setContextId(this.contextId);
    return admRP.search(adminRole);
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Example 9 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class UserP method validate.

/**
 * Method will perform various validations to ensure the integrity of the User entity targeted for insertion
 * or updating in directory.  For example the ou attribute will be "read" from the OrgUnit dataset to ensure
 * that it is valid.  Data reasonability checks will be performed on all non-null attributes.
 * This method will also copy the source constraints to target entity iff the target input entity does not have set
 * prior to calling.
 *
 * @param entity   User entity contains data targeted for insertion or update.  The input role constraints will be accepted.
 * @param isUpdate if true update operation is being performed which specifies a different set of targeted attributes.
 * @throws SecurityException in the event of data validation error or DAO error on Org validation.
 */
private void validate(User entity, boolean isUpdate) throws SecurityException {
    if (!isUpdate) {
        // the UserId attribute is required on User:
        VUtil.userId(entity.getUserId());
        // the cn attribute is optional as input.  entity will default to userId if cn not set by caller on add:
        if (StringUtils.isNotEmpty(entity.getCn())) {
            VUtil.safeText(entity.getCn(), GlobalIds.CN_LEN);
        }
        // the sn attribute is optional as input.  entity will default to userId if sn not set by caller on add:
        if (StringUtils.isNotEmpty(entity.getSn())) {
            VUtil.safeText(entity.getSn(), GlobalIds.SN_LEN);
        }
        // password is not required on user object but user cannot execute AccessMgr or DelAccessMgr methods w/out pw.
        if (StringUtils.isNotEmpty(entity.getPassword())) {
            VUtil.safeText(entity.getPassword(), GlobalIds.PASSWORD_LEN);
        }
        // the OU attribute is required:
        if (StringUtils.isEmpty(entity.getOu())) {
            String error = "OU validation failed, null or empty value";
            throw new ValidationException(GlobalErrIds.ORG_NULL_USER, error);
        }
        VUtil.orgUnit(entity.getOu());
        // ensure ou exists in the OS-U pool:
        OrgUnit ou = new OrgUnit(entity.getOu(), OrgUnit.Type.USER);
        ou.setContextId(entity.getContextId());
        if (!orgUnitP.isValid(ou)) {
            String error = "validate detected invalid orgUnit name [" + entity.getOu() + "] adding user with userId [" + entity.getUserId() + "]";
            throw new ValidationException(GlobalErrIds.USER_OU_INVALID, error);
        }
        // description attribute is optional:
        if (StringUtils.isNotEmpty(entity.getDescription())) {
            VUtil.description(entity.getDescription());
        }
    } else {
        // on User update, all attributes are optional:
        if (StringUtils.isNotEmpty(entity.getCn())) {
            VUtil.safeText(entity.getCn(), GlobalIds.CN_LEN);
        }
        if (StringUtils.isNotEmpty(entity.getSn())) {
            VUtil.safeText(entity.getSn(), GlobalIds.SN_LEN);
        }
        if (StringUtils.isNotEmpty(entity.getPassword())) {
            VUtil.safeText(entity.getPassword(), GlobalIds.PASSWORD_LEN);
        }
        if (StringUtils.isNotEmpty(entity.getOu())) {
            VUtil.orgUnit(entity.getOu());
            // ensure ou exists in the OS-U pool:
            OrgUnit ou = new OrgUnit(entity.getOu(), OrgUnit.Type.USER);
            ou.setContextId(entity.getContextId());
            if (!orgUnitP.isValid(ou)) {
                String error = "validate detected invalid orgUnit name [" + entity.getOu() + "] updating user wth userId [" + entity.getUserId() + "]";
                throw new ValidationException(GlobalErrIds.USER_OU_INVALID, error);
            }
        }
        if (StringUtils.isNotEmpty(entity.getDescription())) {
            VUtil.description(entity.getDescription());
        }
    }
    // 1 OpenLDAP password policy name must be valid if set:
    if (StringUtils.isNotEmpty(entity.getPwPolicy())) {
        PwPolicy policy = new PwPolicy(entity.getPwPolicy());
        policy.setContextId(entity.getContextId());
        if (!policyP.isValid(policy)) {
            String error = "validate detected invalid OpenLDAP policy name [" + entity.getPwPolicy() + "] for userId [" + entity.getUserId() + "]. Assignment is optional for User but must be valid if specified.";
            throw new ValidationException(GlobalErrIds.USER_PW_PLCY_INVALID, error);
        }
    }
    // 2 Validate constraints on User object:
    ConstraintUtil.validate(entity);
    // 3 Validate or copy constraints on RBAC roles:
    if (CollectionUtils.isNotEmpty(entity.getRoles())) {
        RoleP rp = new RoleP();
        List<UserRole> roles = entity.getRoles();
        for (UserRole ure : roles) {
            Role inRole = new Role(ure.getName());
            inRole.setContextId(entity.getContextId());
            Role role = rp.read(inRole);
            ConstraintUtil.validateOrCopy(role, ure);
        }
    }
    // 4 Validate and copy constraints on Administrative roles:
    if (CollectionUtils.isNotEmpty(entity.getAdminRoles())) {
        List<UserAdminRole> uRoles = entity.getAdminRoles();
        for (UserAdminRole uare : uRoles) {
            AdminRole inRole = new AdminRole(uare.getName());
            inRole.setContextId(entity.getContextId());
            AdminRole outRole = admRoleP.read(inRole);
            ConstraintUtil.validateOrCopy(outRole, uare);
            // copy the ARBAC AdminRole attributes to UserAdminRole:
            copyAdminAttrs(outRole, uare);
        }
    }
}
Also used : OrgUnit(org.apache.directory.fortress.core.model.OrgUnit) AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) ValidationException(org.apache.directory.fortress.core.ValidationException) UserRole(org.apache.directory.fortress.core.model.UserRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) PwPolicy(org.apache.directory.fortress.core.model.PwPolicy)

Example 10 with AdminRole

use of org.apache.directory.fortress.core.model.AdminRole in project directory-fortress-core by apache.

the class DelAdminMgrRestImpl method addRole.

/**
 * {@inheritDoc}
 */
@Override
public AdminRole addRole(AdminRole role) throws SecurityException {
    VUtil.assertNotNull(role, GlobalErrIds.ARLE_NULL, CLS_NM + ".addRole");
    AdminRole retRole;
    FortRequest request = new FortRequest();
    request.setContextId(this.contextId);
    request.setEntity(role);
    if (this.adminSess != null) {
        request.setSession(adminSess);
    }
    String szRequest = RestUtils.marshal(request);
    String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ARLE_ADD);
    FortResponse response = RestUtils.unmarshall(szResponse);
    if (response.getErrorCode() == 0) {
        retRole = (AdminRole) response.getEntity();
    } else {
        throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
    }
    return retRole;
}
Also used : FortResponse(org.apache.directory.fortress.core.model.FortResponse) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) FortRequest(org.apache.directory.fortress.core.model.FortRequest)

Aggregations

AdminRole (org.apache.directory.fortress.core.model.AdminRole)46 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)37 SecurityException (org.apache.directory.fortress.core.SecurityException)18 DelAdminMgr (org.apache.directory.fortress.core.DelAdminMgr)10 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)8 DelReviewMgr (org.apache.directory.fortress.core.DelReviewMgr)5 Role (org.apache.directory.fortress.core.model.Role)5 FortRequest (org.apache.directory.fortress.core.model.FortRequest)4 FortResponse (org.apache.directory.fortress.core.model.FortResponse)4 Relationship (org.apache.directory.fortress.core.model.Relationship)4 FinderException (org.apache.directory.fortress.core.FinderException)3 User (org.apache.directory.fortress.core.model.User)3 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2 OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)2 PermObj (org.apache.directory.fortress.core.model.PermObj)2 Permission (org.apache.directory.fortress.core.model.Permission)2 UserRole (org.apache.directory.fortress.core.model.UserRole)2 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)2 ArrayList (java.util.ArrayList)1 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial