Example 1 with Constraint
use of org.apache.directory.fortress.core.model.Constraint in project directory-fortress-core by apache.
the class VUtil method validateConstraints.
/**
* This utility iterates over all of the Validators initialized for runtime and calls them passing the {@link org.apache.directory.fortress.core.model.Constraint} contained within the
* targeted entity. If a particular {@link org.apache.directory.fortress.core.model.UserRole} violates constraint it will not be activated. If {@link org.apache.directory.fortress.core.model.User} validation fails a ValidationException will be thrown thus preventing User logon.
*
* @param session contains {@link org.apache.directory.fortress.core.model.User} and {@link org.apache.directory.fortress.core.model.UserRole} constraints {@link org.apache.directory.fortress.core.model.Constraint} to be checked.
* @param type specifies User {@link ConstraintType#USER} or rOLE {@link ConstraintType#ROLE}.
* @param checkDsd will check DSD constraints if true
* @throws org.apache.directory.fortress.core.SecurityException in the event validation fails for User or system error occurs.
*/
public void validateConstraints(Session session, ConstraintType type, boolean checkDsd) throws SecurityException {
String location = "validateConstraints";
String entityId = session.isGroupSession() ? session.getGroupName() : session.getUserId();
String entityType = session.isGroupSession() ? "groupName" : "userId";
int rc;
if (validators == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("{} " + entityType + " [{}] has no constraints enabled", location, entityId);
}
return;
} else // no need to continue if the role list is empty and we're trying to check role constraints:
if (type == ConstraintType.ROLE && CollectionUtils.isEmpty(session.getRoles()) && CollectionUtils.isEmpty(session.getAdminRoles())) {
if (LOG.isDebugEnabled()) {
LOG.debug("{} " + entityType + " [{}] has no roles assigned", location, entityId);
}
return;
}
for (Validator val : validators) {
Time currTime = TUtil.getCurrentTime();
// first check the constraint on the user:
if (type == ConstraintType.USER && !session.isGroupSession()) {
rc = val.validate(session, session.getUser(), currTime, type);
if (rc > 0) {
String info = location + " user [" + entityId + "] was deactivated reason code [" + rc + "]";
throw new ValidationException(rc, info);
}
} else // Check the constraints for each activated role:
{
if (CollectionUtils.isNotEmpty(session.getRoles())) {
// now check the constraint on every role activation candidate contained within session object:
List<UserRole> rolesToRemove = new ArrayList<>();
for (UserRole role : session.getRoles()) {
rc = val.validate(session, role, currTime, type);
if (rc > 0) {
rolesToRemove.add(role);
String msg = location + " role [" + role.getName() + "] for " + entityType + "[" + entityId + "]" + " was deactivated reason code [" + rc + "]";
LOG.info(msg);
session.setWarning(new ObjectFactory().createWarning(rc, msg, Warning.Type.ROLE, role.getName()));
}
}
// remove all roles not passing validation
session.getRoles().removeAll(rolesToRemove);
}
if (CollectionUtils.isNotEmpty(session.getAdminRoles())) {
// now check the constraint on every arbac role activation candidate contained within session object:
List<UserRole> rolesToRemove = new ArrayList<>();
for (UserRole role : session.getAdminRoles()) {
rc = val.validate(session, role, currTime, type);
if (rc > 0) {
rolesToRemove.add(role);
String msg = location + " admin role [" + role.getName() + "] for " + entityType + "[" + entityId + "]" + " was deactivated reason code [" + rc + "]";
LOG.info(msg);
session.setWarning(new ObjectFactory().createWarning(rc, msg, Warning.Type.ROLE, role.getName()));
}
}
// remove all roles not passing validation
session.getAdminRoles().removeAll(rolesToRemove);
}
}
}
// now perform DSD validation on session's impl roles:
if (checkDsd && DSDVALIDATOR != null && DSDVALIDATOR.length() > 0 && type == ConstraintType.ROLE && CollectionUtils.isNotEmpty(session.getRoles())) {
Validator dsdVal = (Validator) ClassUtil.createInstance(DSDVALIDATOR);
if (session.isGroupSession()) {
// pass session's group wrapped into constraint interface
dsdVal.validate(session, new ConstraintedGroup(session.getGroup()), null, null);
} else {
dsdVal.validate(session, session.getUser(), null, null);
}
}
// reset the user's last access timestamp:
session.setLastAccess();
}
Also used :
ValidationException(org.apache.directory.fortress.core.ValidationException)
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
UserRole(org.apache.directory.fortress.core.model.UserRole)
ArrayList(java.util.ArrayList)
Time(org.apache.directory.fortress.core.util.time.Time)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Validator(org.apache.directory.fortress.core.util.time.Validator)
Example 2 with Constraint
use of org.apache.directory.fortress.core.model.Constraint in project directory-fortress-core by apache.
the class VUtil method getValidators.
/**
* Utility is used internally by this class to retrieve a list of all Validator class names, instantiate and return.
*
* @return list of type {@link Validator} containing all active validation routines for entity constraint processing.
* @throws org.apache.directory.fortress.core.CfgException in the event validator cannot be instantiated.
*/
private List<Validator> getValidators() throws CfgException {
List<Validator> validators = new ArrayList<>();
for (int i = 0; ; i++) {
String prop = GlobalIds.VALIDATOR_PROPS + i;
String className = Config.getInstance().getProperty(prop);
if (className == null) {
break;
}
validators.add((Validator) ClassUtil.createInstance(className));
}
return validators;
}
Also used :
ArrayList(java.util.ArrayList)
Validator(org.apache.directory.fortress.core.util.time.Validator)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Example 3 with Constraint
use of org.apache.directory.fortress.core.model.Constraint in project directory-fortress-core by apache.
the class RoleTestData method assertEquals.
/**
* @param role
* @param rle
*/
public static void assertEquals(Role role, String[] rle) {
Constraint validConstraint = RoleTestData.getRoleConstraint(rle);
assertEquals(RoleTestData.class.getName() + ".assertEquals failed compare role name", getName(rle), role.getName());
assertEquals(RoleTestData.class.getName() + ".assertEquals failed compare role desc", getDescription(rle), role.getDescription());
TestUtils.assertTemporal(RoleTestData.class.getName() + ".assertEquals", validConstraint, role);
LOG.debug(RoleTestData.class.getName() + ".assertEquals [" + role.getName() + "] successful");
}
Also used :
Constraint(org.apache.directory.fortress.core.model.Constraint)
Example 4 with Constraint
use of org.apache.directory.fortress.core.model.Constraint in project directory-fortress-core by apache.
the class UserTestData method assertEquals.
/**
* @param user
* @param usr
*/
public static void assertEquals(User user, String[] usr) {
assertEquals(UserTestData.class.getName() + ".assertEquals failed compare user userId", getUserId(usr).toUpperCase(), user.getUserId().toUpperCase());
assertEquals(UserTestData.class.getName() + ".assertEquals failed compare user desc", getDescription(usr), user.getDescription());
// assertEquals(UserTestData.class.getName() + ".assertEquals failed compare user pw policy", getPwPolicy(usr), user.getPwPolicy());
/*
assertEquals( UserTestData.class.getName() + ".assertEquals failed compare user name",
( getFName( usr ) + " " + getLName( usr ) ), user.getName() );
*/
assertEquals(UserTestData.class.getName() + ".assertEquals failed compare user cn", (getFName(usr) + " " + getLName(usr)), user.getCn());
assertEquals(UserTestData.class.getName() + ".assertEquals failed compare user sn", getLName(usr), user.getSn());
assertEquals(UserTestData.class.getName() + ".assertEquals failed compare user ou", getOu(usr), user.getOu());
assertTrue(UserTestData.class.getName() + ".assertEquals failed compare user address", getAddress(usr).equals(user.getAddress()));
// assertAddress(usr, user.getAddress());
assertEquals(UserTestData.class.getName() + ".assertEquals failed compare user phones", getPhones(usr), user.getPhones());
assertEquals(UserTestData.class.getName() + ".assertEquals failed compare user mobiles", getMobiles(usr), user.getMobiles());
assertProps(usr, user.getProperties());
assertEmail(usr, user.getEmails());
Constraint validConstraint = getUserConstraint(usr);
TestUtils.assertTemporal(UserTestData.class.getName() + ".assertEquals", validConstraint, user);
}
Also used :
Constraint(org.apache.directory.fortress.core.model.Constraint)
Example 5 with Constraint
use of org.apache.directory.fortress.core.model.Constraint in project directory-fortress-core by apache.
the class RoleTestData method assertEquals.
/**
* @param userId
* @param uRole
* @param urle
*/
public static void assertEquals(String userId, UserRole uRole, String[] urle) {
Constraint validConstraint = RoleTestData.getRoleConstraint(urle);
assertEquals(RoleTestData.class.getName() + ".assertEquals failed compare userrole userId", userId, uRole.getUserId());
assertEquals(RoleTestData.class.getName() + ".assertEquals failed compare userrole name", getName(urle), uRole.getName());
TestUtils.assertTemporal(RoleTestData.class.getName() + ".assertEquals", validConstraint, uRole);
LOG.debug(RoleTestData.class.getName() + ".assertEquals userId [" + userId + "] role name [" + uRole.getName() + "] successful");
}
Also used :
Constraint(org.apache.directory.fortress.core.model.Constraint)
Aggregations
Constraint (org.apache.directory.fortress.core.model.Constraint)9
ArrayList (java.util.ArrayList)2
ObjectFactory (org.apache.directory.fortress.core.model.ObjectFactory)2
UserRole (org.apache.directory.fortress.core.model.UserRole)2
Validator (org.apache.directory.fortress.core.util.time.Validator)2
ValidationException (org.apache.directory.fortress.core.ValidationException)1
SDSet (org.apache.directory.fortress.core.model.SDSet)1
Time (org.apache.directory.fortress.core.util.time.Time)1
