Example 76 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class AdminMgrConsole method grantPermission.
void grantPermission(boolean isRole) {
try {
ReaderUtil.clearScreen();
System.out.println("Enter perm object");
String object = ReaderUtil.readLn();
System.out.println("Enter perm operation");
String operation = ReaderUtil.readLn();
Permission pOp = new Permission(object, operation);
String name;
if (isRole) {
System.out.println("Enter role name");
name = ReaderUtil.readLn();
am.grantPermission(pOp, new Role(name));
} else {
System.out.println("Enter userId");
name = ReaderUtil.readLn();
am.grantPermission(pOp, new User(name));
}
System.out.println("perm object [" + object + "] operation [" + operation + "] has been granted to [" + name + "]");
System.out.println("has been granted");
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("grantPermission caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
User(org.apache.directory.fortress.core.model.User)
Permission(org.apache.directory.fortress.core.model.Permission)
Example 77 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class AdminMgrConsole method addPermOperation.
void addPermOperation() {
Permission pe = new Permission();
try {
ReaderUtil.clearScreen();
System.out.println("Enter perm object name:");
pe.setObjName(ReaderUtil.readLn());
System.out.println("Enter perm object id (or NULL to skip):");
String oid = ReaderUtil.readLn();
if (oid != null && oid.length() > 0)
pe.setObjId(oid);
System.out.println("Enter Perm operation name:");
pe.setOpName(ReaderUtil.readLn());
// System.out.println("Enter Perm abstract name:");
// pe.setAbstractName(ReaderUtil.readLn());
System.out.println("Enter role name (or NULL to skip):");
String val = ReaderUtil.readLn();
for (int i = 0; val != null && val.length() > 0; i++) {
pe.setRole(val);
System.out.println("Enter next role name (or NULL if done entering roles):");
val = ReaderUtil.readLn();
}
System.out.println("Enter user (or NULL to skip):");
val = ReaderUtil.readLn();
for (int i = 0; val != null && val.length() > 0; i++) {
pe.setUser(val);
System.out.println("Enter next user (or NULL if done entering users):");
val = ReaderUtil.readLn();
}
System.out.println("Enter prop key (or NULL to skip):");
String key = ReaderUtil.readLn();
for (int i = 0; key != null && key.length() > 0; i++) {
System.out.println("Enter prop val:");
val = ReaderUtil.readLn();
pe.addProperty(key, val);
System.out.println("Enter next prop key (or NULL if done entering properties)");
key = ReaderUtil.readLn();
}
pe = am.addPermission(pe);
System.out.println("perm object name [" + pe.getObjName() + "]");
System.out.println("perm operation name [" + pe.getOpName() + "]");
System.out.println("perm abstract name [" + pe.getAbstractName() + "]");
System.out.println("internalId [" + pe.getInternalId() + "]");
if (pe.getUsers() != null && pe.getUsers().size() > 0) {
int ctr = 0;
for (String user : pe.getUsers()) {
System.out.println("user[" + ctr++ + "]=" + user);
}
}
if (pe.getRoles() != null && pe.getRoles().size() > 0) {
int ctr = 0;
for (String role : pe.getRoles()) {
System.out.println("name[" + ctr++ + "]=" + role);
}
}
if (pe.getProperties() != null && pe.getProperties().size() > 0) {
int ctr = 0;
for (Enumeration e = pe.getProperties().propertyNames(); e.hasMoreElements(); ) {
key = (String) e.nextElement();
val = pe.getProperty(key);
System.out.println("prop key[" + ctr + "]=" + key);
System.out.println("prop value[" + ctr++ + "]=" + val);
}
}
System.out.println("has been added");
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("addPermOperation caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}
Also used :
Enumeration(java.util.Enumeration)
Permission(org.apache.directory.fortress.core.model.Permission)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Example 78 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class AuditMgrConsole method printAuthZReport.
/**
* @param list
*/
void printAuthZReport(List<AuthZ> list) {
ReaderUtil.clearScreen();
if (list != null && list.size() > 0) {
int ctr = 0;
for (AuthZ authZ : list) {
/*
public class AuthZ
{
private String createTimestamp;
private String creatorsName;
private String entryCSN;
private String entryDN;
private String entryUUID;
private String hasSubordinates;
private String modifiersName;
private String modifyTimestamp;
private String objectClass;
private String reqAttr;
private String reqAttrsOnly;
private String reqAuthzID;
private String reqControls;
private String reqDN;
private String reqDerefAliases;
private String reqEnd;
private String reqEntries;
private String reqFilter;
private String reqResult;
private String reqScope;
private String reqSession;
private String reqSizeLimit;
private String reqStart;
private String reqTimeLimit;
private String reqType;
private String structuralObjectClass;
private String subschemaSubentry;
*/
// System.out.println("**********************************");
System.out.println("AUTHORIZATION AUDIT RECORD " + ctr++);
System.out.println("***************************************");
Date aDate = null;
try {
aDate = TUtil.decodeGeneralizedTime(authZ.getReqEnd());
} catch (ParseException pe) {
System.out.println(" Access Time " + "ParseException=" + pe.getMessage());
}
if (aDate != null) {
SimpleDateFormat formatter = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss");
String formattedDate = formatter.format(aDate);
System.out.println(" Access Time " + formattedDate);
}
System.out.println(" userId " + AuditUtil.getAuthZId(authZ.getReqAuthzID()));
try {
Permission pOp = getAuthZPerm(authZ);
System.out.println(" Resource Name " + pOp.getObjName());
System.out.println(" Operation " + pOp.getOpName());
int rCtr = 0;
if (pOp.getRoles() != null) {
// TODO: fix the NPE that happens here:
System.out.println(" Success? " + authZ.getReqEntries().equals(GlobalIds.AUTHZ_COMPARE_FAILURE_FLAG));
for (String role : pOp.getRoles()) {
System.out.println(" Role[" + rCtr++ + "] " + role);
}
}
} catch (LdapInvalidDnException e) {
System.out.println("LdapInvalidDnException=" + e);
}
// System.out.println(" reqStart [" + authZ.getReqStart() + "]");
// System.out.println(" reqEnd [" + authZ.getReqEnd() + "]");
System.out.println();
System.out.println();
// System.out.println("**********************************");
}
} else {
System.out.println("AuthZ list empty");
}
}
Also used :
AuthZ(org.apache.directory.fortress.core.model.AuthZ)
Permission(org.apache.directory.fortress.core.model.Permission)
ParseException(java.text.ParseException)
SimpleDateFormat(java.text.SimpleDateFormat)
Date(java.util.Date)
LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)
Example 79 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class AuditMgrConsole method getAuthZPerm.
/**
* Break the authZ eqDn attribute into 1. permission object name, 2. op name and 3. object id (optional).
*
* @param authZ contains the raw dn format from openldap slapo access log data
* @return Permisison containing objName, opName and optionally the objId populated from the raw data.
*/
public static Permission getAuthZPerm(AuthZ authZ) throws LdapInvalidDnException {
// This will be returned to the caller:
Permission pOp = new Permission();
// Break dn into rdns for leaf and parent. Use the 'type' field in rdn.
// The objId value is optional. If present it will be part of the parent's relative distinguished name..
// Here the sample reqDN=ftOpNm=TOP2_2+ftObjId=002,ftObjNm=TOB2_1,ou=Permissions,ou=RBAC,dc=example,dc=com
// Will be mapped to objName=TOB2_1, opName=TOP2_2, objId=002, in the returned permission object.
Dn dn = new Dn(authZ.getReqDN());
if (dn.getRdns() != null && CollectionUtils.isNotEmpty(dn.getRdns())) {
for (Rdn rdn : dn.getRdns()) {
// The rdn type attribute will be mapped to objName, opName and objId fields.
switch(rdn.getType()) {
case GlobalIds.POP_NAME:
pOp.setOpName(rdn.getType());
break;
case GlobalIds.POBJ_NAME:
pOp.setObjName(rdn.getType());
break;
case GlobalIds.POBJ_ID:
pOp.setObjId(rdn.getType());
break;
}
}
}
return pOp;
}
Also used :
Permission(org.apache.directory.fortress.core.model.Permission)
Dn(org.apache.directory.api.ldap.model.name.Dn)
Rdn(org.apache.directory.api.ldap.model.name.Rdn)
Example 80 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class AuditMgrConsole method getAuthZPerm2.
/**
* Parse slapd access raw data to pull the permission name out.
*
* @param authZ raw data contained in Fortress audit entity.
* @return Permission contains {@link org.apache.directory.fortress.core.model.Permission#objName} and {@link org.apache.directory.fortress.core.model.Permission#opName}
*/
private Permission getAuthZPerm2(AuthZ authZ) {
int indx = 0;
// final int objectClass = 1;
final int oPNm = 2;
final int oBjNm = 3;
final int user = 4;
final int roles = 6;
// reqFilter
// <(&(objectClass=ftOperation)
// (ftOpNm=top1_10)(ftObjNm=tob2_4)
// (|(ftUsers=fttu3user4)
// (ftRoles=ftt3role1)
// (ftRoles=ftt3role2)
// (ftRoles=ftt3role3)
// (ftRoles=ftt3role4)
// (ftRoles=ftt3role5)
// (ftRoles=ftt3role6)
// (ftRoles=ftt3role7)
// (ftRoles=ftt3role8)
// (ftRoles=ftt3role9)
// (ftRoles=ftt3role10)))>
Permission pOp = new Permission();
if (authZ.getReqFilter() != null && authZ.getReqFilter().length() > 0) {
StringTokenizer maxTkn = new StringTokenizer(authZ.getReqFilter(), "=");
// System.out.println("maxTken size=" + maxTkn.countTokens());
int numTokens = maxTkn.countTokens();
for (int i = 0; i < numTokens; i++) {
String val = maxTkn.nextToken();
// System.out.println("token[" + i + "]=" + val);
switch(i) {
case oPNm:
indx = val.indexOf('=');
if (indx >= 1) {
pOp.setOpName(val.substring(indx + 1, val.length() - 1));
}
break;
case oBjNm:
indx = val.indexOf('=');
if (indx >= 1) {
pOp.setObjName(val.substring(indx + 1, val.length() - 1));
}
break;
case user:
indx = val.indexOf('=');
if (indx >= 1) {
pOp.setUser(val.substring(indx + 1, val.length() - 1));
}
break;
default:
int indx2 = 0;
if (i >= roles) {
indx = val.indexOf('=');
indx2 = val.indexOf(')');
}
if (indx >= 1) {
pOp.setRole(val.substring(indx + 1, indx2));
}
break;
}
}
}
return pOp;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
Permission(org.apache.directory.fortress.core.model.Permission)
Aggregations
Permission (org.apache.directory.fortress.core.model.Permission)99
SecurityException (org.apache.directory.fortress.core.SecurityException)58
Role (org.apache.directory.fortress.core.model.Role)24
User (org.apache.directory.fortress.core.model.User)24
AdminMgr (org.apache.directory.fortress.core.AdminMgr)18
UserRole (org.apache.directory.fortress.core.model.UserRole)17
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)16
Session (org.apache.directory.fortress.core.model.Session)12
FortRequest (org.apache.directory.fortress.core.model.FortRequest)11
FortResponse (org.apache.directory.fortress.core.model.FortResponse)11
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)11
ArrayList (java.util.ArrayList)10
FinderException (org.apache.directory.fortress.core.FinderException)10
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)9
AdminRole (org.apache.directory.fortress.core.model.AdminRole)9
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)9
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)9
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)7
SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)7
AccessMgr (org.apache.directory.fortress.core.AccessMgr)7
