Example 21 with ObjectFactory
use of org.apache.directory.fortress.core.model.ObjectFactory in project directory-fortress-core by apache.
the class RoleDAO method unloadLdapEntry.
/**
* @param le
* @param sequence
* @param contextId
* @return
* @throws LdapInvalidAttributeValueException
* @throws LdapException
*/
private Role unloadLdapEntry(Entry le, long sequence, String contextId) throws LdapInvalidAttributeValueException {
Role entity = new ObjectFactory().createRole();
entity.setSequenceId(sequence);
entity.setId(getAttribute(le, GlobalIds.FT_IID));
entity.setName(getAttribute(le, ROLE_NM));
entity.setDescription(getAttribute(le, SchemaConstants.DESCRIPTION_AT));
entity.setOccupants(getAttributes(le, SchemaConstants.ROLE_OCCUPANT_AT));
// entity.setParents(RoleUtil.getParents(entity.getName().toUpperCase(), contextId));
entity.setChildren(RoleUtil.getInstance().getChildren(entity.getName().toUpperCase(), contextId));
entity.setParents(getAttributeSet(le, GlobalIds.PARENT_NODES));
unloadTemporal(le, entity);
entity.setDn(le.getDn().getName());
entity.addProperties(PropUtil.getProperties(getAttributes(le, GlobalIds.PROPS)));
return entity;
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
Example 22 with ObjectFactory
use of org.apache.directory.fortress.core.model.ObjectFactory in project directory-fortress-core by apache.
the class AuditDAO method getBindEntityFromLdapEntry.
/**
* @param le
* @return
* @throws LdapInvalidAttributeValueException
* @throws LdapException
*/
private Bind getBindEntityFromLdapEntry(Entry le, long sequence) throws LdapInvalidAttributeValueException {
Bind auditBind = new ObjectFactory().createBind();
auditBind.setSequenceId(sequence);
auditBind.setCreateTimestamp(getAttribute(le, CREATETIMESTAMP));
auditBind.setCreatorsName(getAttribute(le, CREATORSNAME));
auditBind.setEntryCSN(getAttribute(le, ENTRYCSN));
auditBind.setEntryDN(getAttribute(le, ENTRYDN));
auditBind.setEntryUUID(getAttribute(le, ENTRYUUID));
auditBind.setHasSubordinates(getAttribute(le, HASSUBORDINATES));
auditBind.setModifiersName(getAttribute(le, MODIFIERSNAME));
auditBind.setModifyTimestamp(getAttribute(le, MODIFYTIMESTAMP));
auditBind.setObjectClass(getAttribute(le, OBJECTCLASS));
auditBind.setReqAuthzID(getAttribute(le, REQUAUTHZID));
auditBind.setReqControls(getAttribute(le, REQCONTROLS));
auditBind.setReqDN(getAttribute(le, REQDN));
auditBind.setReqEnd(getAttribute(le, REQEND));
auditBind.setReqMethod(getAttribute(le, REQMETHOD));
auditBind.setReqResult(getAttribute(le, REQRESULT));
auditBind.setReqSession(getAttribute(le, REQSESSION));
auditBind.setReqStart(getAttribute(le, REQSTART));
auditBind.setReqType(getAttribute(le, REQTYPE));
auditBind.setReqVersion(getAttribute(le, REQVERSION));
auditBind.setStructuralObjectClass(getAttribute(le, STRUCTURALOBJECTCLASS));
return auditBind;
}
Also used :
Bind(org.apache.directory.fortress.core.model.Bind)
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
Example 23 with ObjectFactory
use of org.apache.directory.fortress.core.model.ObjectFactory in project directory-fortress-core by apache.
the class AuditDAO method getModEntityFromLdapEntry.
private Mod getModEntityFromLdapEntry(Entry le, long sequence) throws LdapInvalidAttributeValueException {
Mod mod = new ObjectFactory().createMod();
mod.setSequenceId(sequence);
mod.setObjectClass(getAttribute(le, OBJECTCLASS));
mod.setReqAuthzID(getAttribute(le, REQUAUTHZID));
mod.setReqDN(getAttribute(le, REQDN));
mod.setReqEnd(getAttribute(le, REQEND));
mod.setReqResult(getAttribute(le, REQRESULT));
mod.setReqSession(getAttribute(le, REQSESSION));
mod.setReqStart(getAttribute(le, REQSTART));
mod.setReqType(getAttribute(le, REQTYPE));
mod.setReqMod(getAttributes(le, REQMOD));
return mod;
}
Also used :
Mod(org.apache.directory.fortress.core.model.Mod)
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
Example 24 with ObjectFactory
use of org.apache.directory.fortress.core.model.ObjectFactory in project directory-fortress-core by apache.
the class AuditDAO method getAuthzEntityFromLdapEntry.
/**
* @param le
* @return
* @throws LdapInvalidAttributeValueException
* @throws LdapException
*/
private AuthZ getAuthzEntityFromLdapEntry(Entry le, long sequence) throws LdapInvalidAttributeValueException {
// these attrs also on audit bind OC:
AuthZ authZ = new ObjectFactory().createAuthZ();
authZ.setSequenceId(sequence);
authZ.setCreateTimestamp(getAttribute(le, CREATETIMESTAMP));
authZ.setCreatorsName(getAttribute(le, CREATORSNAME));
authZ.setEntryCSN(getAttribute(le, ENTRYCSN));
authZ.setEntryDN(getAttribute(le, ENTRYDN));
authZ.setEntryUUID(getAttribute(le, ENTRYUUID));
authZ.setHasSubordinates(getAttribute(le, HASSUBORDINATES));
authZ.setModifiersName(getAttribute(le, MODIFIERSNAME));
authZ.setModifyTimestamp(getAttribute(le, MODIFYTIMESTAMP));
authZ.setObjectClass(getAttribute(le, OBJECTCLASS));
authZ.setReqAuthzID(getAttribute(le, REQUAUTHZID));
authZ.setReqControls(getAttribute(le, REQCONTROLS));
authZ.setReqDN(getAttribute(le, REQDN));
authZ.setReqEnd(getAttribute(le, REQEND));
authZ.setReqResult(getAttribute(le, REQRESULT));
authZ.setReqSession(getAttribute(le, REQSESSION));
authZ.setReqStart(getAttribute(le, REQSTART));
authZ.setReqType(getAttribute(le, REQTYPE));
authZ.setStructuralObjectClass(getAttribute(le, STRUCTURALOBJECTCLASS));
// these attrs only on audit search OC:
authZ.setReqAttr(getAttribute(le, REQATTR));
authZ.setReqAttrsOnly(getAttribute(le, REQATTRSONLY));
authZ.setReqDerefAliases(getAttribute(le, REQDREFALIASES));
authZ.setReqEntries(getAttribute(le, REQENTRIES));
authZ.setReqFilter(getAttribute(le, REQFILTER));
authZ.setReqScope(getAttribute(le, REQSCOPE));
authZ.setReqSizeLimit(getAttribute(le, REQSIZELIMIT));
authZ.setReqTimeLimit(getAttribute(le, REQTIMELIMIT));
return authZ;
}
Also used :
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
AuthZ(org.apache.directory.fortress.core.model.AuthZ)
Example 25 with ObjectFactory
use of org.apache.directory.fortress.core.model.ObjectFactory in project directory-fortress-core by apache.
the class DSDChecker method validate.
/**
* This method is called during entity activation, {@link org.apache.directory.fortress.core.util.VUtil#validateConstraints} and ensures the role does not violate dynamic separation of duty constraints.
*
* @param session contains list of RBAC roles {@link org.apache.directory.fortress.core.model.UserRole} targeted for activation.
* @param constraint required for Validator interface, not used here..
* @param time required for Validator interface, not used here.
* @param type required by interface, not used here.
* @return '0' if validation succeeds else {@link org.apache.directory.fortress.core.GlobalErrIds#ACTV_FAILED_DSD} if failed.
*/
@Override
public int validate(Session session, Constraint constraint, Time time, VUtil.ConstraintType type) throws org.apache.directory.fortress.core.SecurityException {
int rc = 0;
int matchCount;
// get all candidate activated roles user:
List<UserRole> activeRoleList = session.getRoles();
if (activeRoleList == null || activeRoleList.size() == 0) {
return rc;
}
// Depending on if session is group or user session, fill objects
String contextId = session.isGroupSession() ? session.getGroup().getContextId() : session.getUser().getContextId();
String entityId = session.isGroupSession() ? session.getGroupName() : session.getUserId();
String entityType = session.isGroupSession() ? "groupName" : "userId";
// get the list of authorized roles for this user/group:
Set<String> authorizedRoleSet = RoleUtil.getInstance().getInheritedRoles(activeRoleList, contextId);
// only need to check DSD constraints if more than one role is being activated:
if (authorizedRoleSet != null && authorizedRoleSet.size() > 1) {
// get all DSD sets that contain the candidate activated and authorized roles,
// If DSD cache is disabled, this will search the directory using authorizedRoleSet
Set<SDSet> dsdSets = SDUtil.getInstance().getDsdCache(authorizedRoleSet, contextId);
if (dsdSets != null && dsdSets.size() > 0) {
for (SDSet dsd : dsdSets) {
Iterator<UserRole> activatedRoles = activeRoleList.iterator();
matchCount = 0;
Set<String> map = dsd.getMembers();
// now check the DSD on every role activation candidate contained within session object:
while (activatedRoles.hasNext()) {
UserRole activatedRole = activatedRoles.next();
if (map.contains(activatedRole.getName())) {
matchCount++;
if (matchCount >= dsd.getCardinality()) {
activatedRoles.remove();
String warning = "validate " + entityType + " [" + entityId + "] failed activation of assignedRole [" + activatedRole.getName() + "] validates DSD Set Name:" + dsd.getName() + " Cardinality:" + dsd.getCardinality();
LOG.warn(warning);
rc = GlobalErrIds.ACTV_FAILED_DSD;
session.setWarning(new ObjectFactory().createWarning(rc, warning, Warning.Type.ROLE, activatedRole.getName()));
}
} else {
Set<String> parentSet = RoleUtil.getInstance().getAscendants(activatedRole.getName(), contextId);
// now check for every role inherited from this activated role:
for (String parentRole : parentSet) {
if (map.contains(parentRole)) {
matchCount++;
if (matchCount >= dsd.getCardinality()) {
String warning = "validate " + entityType + " [" + entityId + "] assignedRole [" + activatedRole.getName() + "] parentRole [" + parentRole + "] validates DSD Set Name:" + dsd.getName() + " Cardinality:" + dsd.getCardinality();
rc = GlobalErrIds.ACTV_FAILED_DSD;
// remove the assigned role from session (not the authorized role):
activatedRoles.remove();
session.setWarning(new ObjectFactory().createWarning(rc, warning, Warning.Type.ROLE, activatedRole.getName()));
LOG.warn(warning);
// Breaking out of the loop because assigned role has been removed from session.
break;
}
}
}
}
}
}
}
}
return rc;
}
Also used :
SDSet(org.apache.directory.fortress.core.model.SDSet)
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Aggregations
ObjectFactory (org.apache.directory.fortress.core.model.ObjectFactory)25
Role (org.apache.directory.fortress.core.model.Role)3
UserRole (org.apache.directory.fortress.core.model.UserRole)3
ArrayList (java.util.ArrayList)2
AdminRole (org.apache.directory.fortress.core.model.AdminRole)2
Constraint (org.apache.directory.fortress.core.model.Constraint)2
OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)2
SDSet (org.apache.directory.fortress.core.model.SDSet)2
Session (org.apache.directory.fortress.core.model.Session)2
User (org.apache.directory.fortress.core.model.User)2
HashMap (java.util.HashMap)1
PasswordPolicy (org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicy)1
LdapAuthenticationException (org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)1
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1
BindResponse (org.apache.directory.api.ldap.model.message.BindResponse)1
FinderException (org.apache.directory.fortress.core.FinderException)1
PasswordException (org.apache.directory.fortress.core.PasswordException)1
SecurityException (org.apache.directory.fortress.core.SecurityException)1
ValidationException (org.apache.directory.fortress.core.ValidationException)1
Address (org.apache.directory.fortress.core.model.Address)1
