Example 1 with PermObj
use of org.apache.directory.fortress.core.model.PermObj in project directory-fortress-core by apache.
the class PermDAO method getPerm.
/**
* @param permObj
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
PermObj getPerm(PermObj permObj) throws FinderException {
PermObj entity = null;
LdapConnection ld = null;
String dn = GlobalIds.POBJ_NAME + "=" + permObj.getObjName() + "," + getRootDn(permObj.isAdmin(), permObj.getContextId());
try {
ld = getAdminConnection();
Entry findEntry = read(ld, dn, PERMISION_OBJ_ATRS);
if (findEntry == null) {
String warning = "getPerm Obj no entry found dn [" + dn + "]";
throw new FinderException(GlobalErrIds.PERM_OBJ_NOT_FOUND, warning);
}
entity = unloadPobjLdapEntry(findEntry, 0, permObj.isAdmin());
} catch (LdapNoSuchObjectException e) {
String warning = "getPerm Obj COULD NOT FIND ENTRY for dn [" + dn + "]";
throw new FinderException(GlobalErrIds.PERM_OBJ_NOT_FOUND, warning);
} catch (LdapException e) {
String error = "getPerm Obj dn [" + dn + "] caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_READ_OBJ_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return entity;
}
Also used :
LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)
FinderException(org.apache.directory.fortress.core.FinderException)
PermObj(org.apache.directory.fortress.core.model.PermObj)
DefaultEntry(org.apache.directory.api.ldap.model.entry.DefaultEntry)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 2 with PermObj
use of org.apache.directory.fortress.core.model.PermObj in project directory-fortress-core by apache.
the class PermDAO method unloadPobjLdapEntry.
/**
* @param le
* @param sequence
* @return
* @throws LdapInvalidAttributeValueException
* @throws LdapException
*/
private PermObj unloadPobjLdapEntry(Entry le, long sequence, boolean isAdmin) throws LdapInvalidAttributeValueException {
PermObj entity = new ObjectFactory().createPermObj();
entity.setSequenceId(sequence);
entity.setObjName(getAttribute(le, GlobalIds.POBJ_NAME));
entity.setOu(getAttribute(le, SchemaConstants.OU_AT));
entity.setDn(le.getDn().getName());
entity.setInternalId(getAttribute(le, GlobalIds.FT_IID));
entity.setType(getAttribute(le, GlobalIds.TYPE));
entity.setDescription(getAttribute(le, SchemaConstants.DESCRIPTION_AT));
entity.addProperties(PropUtil.getProperties(getAttributes(le, GlobalIds.PROPS)));
entity.setAdmin(isAdmin);
return entity;
}
Also used :
PermObj(org.apache.directory.fortress.core.model.PermObj)
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
Example 3 with PermObj
use of org.apache.directory.fortress.core.model.PermObj in project directory-fortress-core by apache.
the class DelAccessMgrImpl method checkRolePermission.
/**
* This helper function processes ARBAC PRA "can assign".
* @param session
* @param role
* @param perm
* @return boolean
* @throws SecurityException
*/
private boolean checkRolePermission(Session session, Role role, Permission perm) throws SecurityException {
boolean result = false;
List<UserAdminRole> uaRoles = session.getAdminRoles();
if (CollectionUtils.isNotEmpty(uaRoles)) {
// validate perm and retrieve perm's ou:
PermObj inObj = new PermObj(perm.getObjName());
inObj.setContextId(contextId);
PermObj pObj = permP.read(inObj);
for (UserAdminRole uaRole : uaRoles) {
if (uaRole.getName().equalsIgnoreCase(SUPER_ADMIN)) {
result = true;
break;
}
Set<String> osPs = uaRole.getOsPSet();
if (CollectionUtils.isNotEmpty(osPs)) {
// create Set with case insensitive comparator:
Set<String> osPsFinal = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
for (String osP : osPs) {
// Add osU children to the set:
osPsFinal.add(osP);
Set<String> children = PsoUtil.getInstance().getDescendants(osP, this.contextId);
osPsFinal.addAll(children);
}
// does the admin role have authority over the perm object?
if (osPsFinal.contains(pObj.getOu())) {
// Get the Role range for admin role:
Set<String> range;
if (uaRole.getBeginRange() != null && uaRole.getEndRange() != null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange())) {
range = RoleUtil.getInstance().getAscendants(uaRole.getBeginRange(), uaRole.getEndRange(), uaRole.isEndInclusive(), this.contextId);
if (uaRole.isBeginInclusive()) {
range.add(uaRole.getBeginRange());
}
if (CollectionUtils.isNotEmpty(range)) {
// Does admin role have authority over a role contained with the allowable role range?
if (range.contains(role.getName())) {
result = true;
break;
}
}
} else // Does admin role have authority over the role?
if (uaRole.getBeginRange() != null && uaRole.getBeginRange().equalsIgnoreCase(role.getName())) {
result = true;
break;
}
}
}
}
}
return result;
}
Also used :
PermObj(org.apache.directory.fortress.core.model.PermObj)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
TreeSet(java.util.TreeSet)
Example 4 with PermObj
use of org.apache.directory.fortress.core.model.PermObj in project directory-fortress-core by apache.
the class CommandLineInterpreter method processAdminCommand.
/**
* @param commands
* @param options
*/
private void processAdminCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(ADD_USER)) {
command = ADD_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.addUser(user);
} else if (commands.contains(UPDATE_USER)) {
command = UPDATE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.updateUser(user);
} else if (commands.contains(DELETE_USER)) {
command = DELETE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.deleteUser(user);
} else if (commands.contains(ADD_ROLE)) {
command = ADD_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.addRole(role);
} else if (commands.contains(UPDATE_ROLE)) {
command = UPDATE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.updateRole(role);
} else if (commands.contains(DELETE_ROLE)) {
command = DELETE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.deleteRole(role);
} else if (commands.contains(ASSIGN_ROLE)) {
command = ASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.assignUser(new UserRole(userId, role));
} else if (commands.contains(DEASSIGN_ROLE)) {
command = DEASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.deassignUser(new UserRole(userId, role));
} else if (commands.contains(ADD_ROLE_INHERITANCE)) {
command = ADD_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.addInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
command = DELETE_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.deleteInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(ADD_POBJ)) {
command = ADD_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.addPermObj(permObj);
} else if (commands.contains(UPDATE_POBJ)) {
command = UPDATE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.updatePermObj(permObj);
} else if (commands.contains(DELETE_POBJ)) {
command = DELETE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.deletePermObj(permObj);
} else if (commands.contains(ADD_PERM)) {
command = ADD_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.addPermission(perm);
} else if (commands.contains(UPDATE_PERM)) {
command = UPDATE_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.updatePermission(perm);
} else if (commands.contains(DELETE_PERM)) {
command = DELETE_PERM;
LOG.info(command);
Permission permObj = options.getPermission();
adminMgr.deletePermission(permObj);
} else if (commands.contains(GRANT)) {
command = GRANT;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.grantPermission(perm, role);
} else if (commands.contains(REVOKE)) {
command = REVOKE;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.revokePermission(perm, role);
} else if (commands.contains(CREATE_SSD_SET)) {
command = CREATE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.createSsdSet(ssd);
} else if (commands.contains(DELETE_SSD_SET)) {
command = DELETE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.deleteSsdSet(ssd);
} else if (commands.contains(CREATE_DSD_SET)) {
command = CREATE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.createDsdSet(ssd);
} else if (commands.contains(DELETE_DSD_SET)) {
command = DELETE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.deleteDsdSet(ssd);
} else if (commands.contains(CHANGE_PASSWORD)) {
command = CHANGE_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.changePassword(user, newPassword);
} else if (commands.contains(RESET_PASSWORD)) {
command = RESET_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.resetPassword(user, newPassword);
} else if (commands.contains(LOCK_USER_ACCOUNT)) {
command = LOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.lockUserAccount(user);
} else if (commands.contains(UNLOCK_USER_ACCOUNT)) {
command = UNLOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.unlockUserAccount(user);
} else {
LOG.warn("unknown admin operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SDSet(org.apache.directory.fortress.core.model.SDSet)
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Example 5 with PermObj
use of org.apache.directory.fortress.core.model.PermObj in project directory-fortress-core by apache.
the class CommandLineInterpreter method processReviewCommand.
/**
* @param commands
* @param options
*/
private void processReviewCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(READ_USER)) {
command = READ_USER;
LOG.info(READ_USER);
User inUser = options.getUser();
User outUser = reviewMgr.readUser(inUser);
printUser(outUser);
} else if (commands.contains(FIND_USERS)) {
command = FIND_USERS;
LOG.info(command);
User user = options.getUser();
List<User> outUsers = reviewMgr.findUsers(user);
if (CollectionUtils.isNotEmpty(outUsers)) {
int ctr = 0;
for (User outUser : outUsers) {
printRow("U", "CTR ", "" + ctr++);
printUser(outUser);
}
}
} else if (commands.contains(ASSIGNED_USERS)) {
command = ASSIGNED_USERS;
LOG.info(command);
Role inRole = options.getRole();
List<User> outUsers = reviewMgr.assignedUsers(inRole);
if (CollectionUtils.isNotEmpty(outUsers)) {
for (User outUser : outUsers) {
printUser(outUser);
}
}
} else if (commands.contains(READ_ROLE)) {
command = READ_ROLE;
LOG.info(command);
Role inRole = options.getRole();
Role outRole = reviewMgr.readRole(inRole);
printRole(outRole);
} else if (commands.contains(FIND_ROLES)) {
command = FIND_ROLES;
LOG.info(command);
String inRoleNm = options.getName();
List<Role> outRoles = reviewMgr.findRoles(inRoleNm);
if (CollectionUtils.isNotEmpty(outRoles)) {
int ctr = 0;
for (Role outRole : outRoles) {
printSeparator();
printRow("R", "ROLE[" + ++ctr + "]", outRole.getName());
printRole(outRole);
}
}
} else if (commands.contains(ASSIGNED_ROLES)) {
command = ASSIGNED_ROLES;
LOG.info(command);
String userId = options.getUserId();
List<UserRole> uRoles = reviewMgr.assignedRoles(new User(userId));
if (uRoles != null) {
for (UserRole ur : uRoles) {
printTemporal("R", ur, "RBACROLE");
printSeparator();
}
}
} else if (commands.contains(READ_POBJ)) {
command = READ_POBJ;
LOG.info(command);
PermObj inPermObj = options.getPermObj();
PermObj outPermObj = reviewMgr.readPermObj(inPermObj);
printPermObj(outPermObj);
} else if (commands.contains(FIND_POBJS)) {
command = FIND_POBJS;
LOG.info(command);
PermObj inPermObj = options.getPermObj();
List<PermObj> outPermObjs = reviewMgr.findPermObjs(inPermObj);
if (CollectionUtils.isNotEmpty(outPermObjs)) {
int ctr = 0;
for (PermObj outPermObj : outPermObjs) {
printSeparator();
printRow("PO", "POBJ[" + ++ctr + "]", outPermObj.getObjName());
printPermObj(outPermObj);
}
}
} else if (commands.contains(READ_PERM)) {
command = READ_PERM;
LOG.info(command);
Permission inPerm = options.getPermission();
Permission outPerm = reviewMgr.readPermission(inPerm);
printPermission(outPerm);
} else if (commands.contains(FIND_PERMS)) {
command = FIND_PERMS;
LOG.info(command);
Permission inPerm = options.getPermission();
List<Permission> outPerms = reviewMgr.findPermissions(inPerm);
if (CollectionUtils.isNotEmpty(outPerms)) {
int ctr = 0;
for (Permission outPerm : outPerms) {
printSeparator();
printRow("P", "PERM[" + ++ctr + "]", outPerm.getAbstractName());
printPermission(outPerm);
}
}
} else {
LOG.warn("unknown review operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processReviewCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Permission(org.apache.directory.fortress.core.model.Permission)
ArrayList(java.util.ArrayList)
List(java.util.List)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Aggregations
PermObj (org.apache.directory.fortress.core.model.PermObj)33
SecurityException (org.apache.directory.fortress.core.SecurityException)22
AdminMgr (org.apache.directory.fortress.core.AdminMgr)7
FortRequest (org.apache.directory.fortress.core.model.FortRequest)7
FortResponse (org.apache.directory.fortress.core.model.FortResponse)7
Permission (org.apache.directory.fortress.core.model.Permission)6
Role (org.apache.directory.fortress.core.model.Role)6
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)5
AdminRole (org.apache.directory.fortress.core.model.AdminRole)5
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)5
User (org.apache.directory.fortress.core.model.User)4
ArrayList (java.util.ArrayList)3
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)3
FinderException (org.apache.directory.fortress.core.FinderException)3
Relationship (org.apache.directory.fortress.core.model.Relationship)3
UserRole (org.apache.directory.fortress.core.model.UserRole)3
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)3
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)2
SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)2
Constraint (org.apache.directory.fortress.core.model.Constraint)2
