Examples with Permission org.apache.directory.fortress.core.model.Permission used on opensource projects

Example 71 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class AccessMgrSample method testSessionPermissions.

/**
 * The sessionPermissions API is useful for GUI programs that need to cache all of the User's Permissions in the
 * HTTP Session or application cache.  This is useful when providing access control lists for menu items and other
 * controls that sometimes need to check authorizations on.  This API will return all permissions that are granted
 * to User's activated Roles along with Permissions that have been granted directly to the User entity itself.
 */
public static void testSessionPermissions() {
    String szLocation = ".testSessionPermissions";
    try {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // utility function will create an Fortress Session.  The Session contains the user's activated
        // roles along with other related attributes and status information (i.e. password status)
        Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
        assertNotNull(session);
        List<Permission> perms = accessMgr.sessionPermissions(session);
        assertNotNull(perms);
        assertTrue(szLocation + " list check, expected: 5, actual:" + perms.size(), perms.size() == 5);
        // iterate over expected permissions to make sure they are returned from sessionPermissions API.
        for (int i = 1; i < 6; i++) {
            // A Permission consists of an object name and operation name.
            Permission checkPerm = new Permission(CreatePermSample.TEST_PERM_OBJECT, CreatePermSample.TEST_PERM_OPERATION_PREFIX + i);
            boolean result = accessMgr.checkAccess(session, checkPerm);
            assertTrue(szLocation, result);
            LOG.info(szLocation + " user [" + session.getUserId() + "] permission object [" + checkPerm.getObjName() + "] operation name [" + checkPerm.getOpName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 72 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class CreatePermSample method testGrantPermissionUser.

/**
 * Fortress allows Permissions to be granted directly to User entities.  Note this is not an RBAC specified
 * capability but can otherwise be useful for certain circumstances.
 */
public static void testGrantPermissionUser() {
    String szLocation = ".testGrantPermissionUser";
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over perms...
        for (int i = 1; i < 6; i++) {
            // Permissions contain Object to Operation mapping and once created can then be targeted for assignment to User entities in ldap:
            Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + i);
            // This API add a 'oamUsers' attribute associated with User to the 'oamOperation' ldap object class:
            adminMgr.grantPermission(inPerm, inUser);
            LOG.info(szLocation + " permission user [" + inUser.getUserId() + "] object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
        }
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over roles...
        for (int i = 1; i < 6; i++) {
            // now read the list of Permissions that have been granted to the test User:
            List<Permission> assignedUserPerms = reviewMgr.userPermissions(inUser);
            assertTrue(szLocation + " list check, expected: 5, actual:" + assignedUserPerms.size(), assignedUserPerms.size() == 5);
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 73 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class CreatePermSample method testRevokePermissionRole.

/**
 * This test will remove the RBAC Role name associated with a particular Permission Operation node in ldap.
 */
public static void testRevokePermissionRole() {
    String szLocation = ".testRevokePermissionRole";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over roles...
        for (int i = 1; i < 11; i++) {
            Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
            List<Permission> perms = reviewMgr.rolePermissions(inRole);
            for (Permission perm : perms) {
                // This API removes the 'oamRoles' attribute associated with Role from the 'oamOperation' ldap object class:
                adminMgr.revokePermission(perm, inRole);
            }
        }
        // Iterate to ensure all Operation entities no longer contain Role assignments (for test purposes only):
        for (int j = 1; j < 6; j++) {
            // Permissions contain Object to Operation mapping and once created can then be targeted for assignment to Role entities in ldap:
            Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + j);
            // now retrieve the list of Roles that are still assigned to perm.  This should be a null list because of revocation performed above:
            List<String> assignedRoles = reviewMgr.permissionRoles(inPerm);
            assertTrue(assignedRoles.size() == 0);
            LOG.info(szLocation + " permission roles revocation check for object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] revocation success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 74 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class CreatePermSample method testAddPermOperations.

/**
 * The Permission entity contains operation name along with any assigned Role and User entities.  The Permission
 * ldap node is located as child node of Permission Object node.
 */
public static void testAddPermOperations() {
    String szLocation = ".testAddPermOperations";
    try {
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        for (int i = 1; i < 6; i++) {
            // The Permission entity is associated with PermObj (name) entity and is uniquely identified by Operation name:
            Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + i);
            // The Permission entity will be a child node of specified PermObject entity.
            adminMgr.addPermission(inPerm);
            // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
            ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
            // now read the newly created Permission entity back.
            Permission outPerm = reviewMgr.readPermission(inPerm);
            // Do some validations.
            assertNotNull(outPerm);
            assertTrue(szLocation + " failed permission check", outPerm.equals(inPerm));
            LOG.info(szLocation + " permission object [" + outPerm.getObjName() + "] operation name [" + outPerm.getOpName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 75 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class TestAccelerator method testCombinedCalls.

@Test
public void testCombinedCalls() {
    LOG.info("testCombinedCalls...");
    try {
        AccelMgr accelMgr = AccelMgrFactory.createInstance(TestUtils.getContext());
        Session session;
        User user = new User();
        // positive test case:
        user.setUserId("rbacuser1");
        user.setPassword("secret");
        session = accelMgr.createSession(user, false);
        // positive test case:
        Permission perm = new Permission();
        perm.setObjName("/impl/cal2.jsp");
        perm.setOpName("8am");
        boolean result = accelMgr.checkAccess(session, perm);
        assertTrue(result);
        // drop role1:
        UserRole userRole = new UserRole(user.getUserId(), "rbacrole1");
        accelMgr.dropActiveRole(session, userRole);
        // this should return false:
        result = accelMgr.checkAccess(session, perm);
        assertTrue(!result);
        // now add role1 back again:
        userRole = new UserRole(user.getUserId(), "rbacrole1");
        accelMgr.addActiveRole(session, userRole);
        // this should return true:
        result = accelMgr.checkAccess(session, perm);
        assertTrue(result);
    } catch (SecurityException se) {
        se.printStackTrace();
        fail();
    }
}