Example 6 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class PermDAO method findPermissions.
/**
* @param session
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<Permission> findPermissions(Session session, boolean isAdmin) throws FinderException {
List<Permission> permList = new ArrayList<>();
LdapConnection ld = null;
String permRoot = getRootDn(isAdmin, session.getContextId());
try {
StringBuilder filterbuf = new StringBuilder();
filterbuf.append(GlobalIds.FILTER_PREFIX);
filterbuf.append(PERM_OP_OBJECT_CLASS_NAME);
filterbuf.append(")(|");
if (!session.isGroupSession()) {
filterbuf.append("(");
filterbuf.append(USERS);
filterbuf.append("=");
filterbuf.append(session.getUserId());
filterbuf.append(")");
}
Set<String> roles;
if (isAdmin) {
roles = AdminRoleUtil.getInheritedRoles(session.getAdminRoles(), session.getContextId());
} else {
roles = RoleUtil.getInstance().getInheritedRoles(session.getRoles(), session.getContextId());
}
if (CollectionUtils.isNotEmpty(roles)) {
for (String uRole : roles) {
filterbuf.append("(");
filterbuf.append(ROLES);
filterbuf.append("=");
filterbuf.append(uRole);
filterbuf.append(")");
}
}
filterbuf.append("))");
ld = getAdminConnection();
SearchCursor searchResults = search(ld, permRoot, SearchScope.SUBTREE, filterbuf.toString(), PERMISSION_OP_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
permList.add(unloadPopLdapEntry(searchResults.getEntry(), sequence++, isAdmin));
}
} catch (LdapException e) {
String error = "findPermissions user [" + session.getUserId() + "] caught LdapException in PermDAO.findPermissions=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_SESS_SEARCH_FAILED, error, e);
} catch (CursorException e) {
String error = "findPermissions user [" + session.getUserId() + "] caught CursorException in PermDAO.findPermissions=" + e.getMessage();
throw new FinderException(GlobalErrIds.PERM_SESS_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return permList;
}
Also used :
FinderException(org.apache.directory.fortress.core.FinderException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
Permission(org.apache.directory.fortress.core.model.Permission)
ArrayList(java.util.ArrayList)
SearchCursor(org.apache.directory.api.ldap.model.cursor.SearchCursor)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 7 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class PermP method remove.
/**
* Remove the Admin Role assignment attribute from all Admin permssions. This method is called by DelAdminMgrImpl
* when the AdminRole is being deleted.
*
* @param role contains the name of AdminRole targeted for attribute removal.
* @throws SecurityException in the event of DAO search error.
*/
void remove(AdminRole role) throws SecurityException {
List<Permission> list;
try {
list = search(role);
for (Permission perm : list) {
perm.setAdmin(true);
revoke(perm, role);
}
} catch (FinderException fe) {
String error = "remove admin role [" + role.getName() + "] caught FinderException=" + fe;
throw new SecurityException(GlobalErrIds.PERM_BULK_ADMINROLE_REVOKE_FAILED, error, fe);
}
}
Also used :
FinderException(org.apache.directory.fortress.core.FinderException)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Example 8 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class CommandLineInterpreter method processSystemCommand.
/**
* @param commands
* @param options
*/
private void processSystemCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(CREATE_SESSION)) {
command = CREATE_SESSION;
LOG.info(READ_USER);
User inUser = options.getUser();
Session session = accessMgr.createSession(inUser, false);
printSession(session);
} else if (commands.contains(AUTHENTICATE)) {
command = AUTHENTICATE;
LOG.info(command);
User inUser = options.getUser();
Session session = accessMgr.authenticate(inUser.getUserId(), inUser.getPassword());
printSession(session);
} else if (commands.contains(ASSIGNED_ROLES)) {
command = ASSIGNED_ROLES;
LOG.info(command);
User inUser = options.getUser();
Session session = accessMgr.createSession(inUser, true);
List<UserRole> uRoles = accessMgr.sessionRoles(session);
if (uRoles != null) {
for (UserRole ur : uRoles) {
printTemporal("R", ur, "RBACROLE");
printSeparator();
}
}
} else if (commands.contains(CHECK_ACCESS)) {
command = CHECK_ACCESS;
LOG.info(command);
Permission inPerm = options.getPermission();
User inUser = options.getUser();
Session session = accessMgr.createSession(inUser, true);
boolean result = accessMgr.checkAccess(session, inPerm);
printRow("CA", "PERM", "" + result);
} else {
LOG.warn("unknown system operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processSystemCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 9 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class CommandLineInterpreter method processAdminCommand.
/**
* @param commands
* @param options
*/
private void processAdminCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(ADD_USER)) {
command = ADD_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.addUser(user);
} else if (commands.contains(UPDATE_USER)) {
command = UPDATE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.updateUser(user);
} else if (commands.contains(DELETE_USER)) {
command = DELETE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.deleteUser(user);
} else if (commands.contains(ADD_ROLE)) {
command = ADD_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.addRole(role);
} else if (commands.contains(UPDATE_ROLE)) {
command = UPDATE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.updateRole(role);
} else if (commands.contains(DELETE_ROLE)) {
command = DELETE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.deleteRole(role);
} else if (commands.contains(ASSIGN_ROLE)) {
command = ASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.assignUser(new UserRole(userId, role));
} else if (commands.contains(DEASSIGN_ROLE)) {
command = DEASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.deassignUser(new UserRole(userId, role));
} else if (commands.contains(ADD_ROLE_INHERITANCE)) {
command = ADD_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.addInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
command = DELETE_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.deleteInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(ADD_POBJ)) {
command = ADD_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.addPermObj(permObj);
} else if (commands.contains(UPDATE_POBJ)) {
command = UPDATE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.updatePermObj(permObj);
} else if (commands.contains(DELETE_POBJ)) {
command = DELETE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.deletePermObj(permObj);
} else if (commands.contains(ADD_PERM)) {
command = ADD_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.addPermission(perm);
} else if (commands.contains(UPDATE_PERM)) {
command = UPDATE_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.updatePermission(perm);
} else if (commands.contains(DELETE_PERM)) {
command = DELETE_PERM;
LOG.info(command);
Permission permObj = options.getPermission();
adminMgr.deletePermission(permObj);
} else if (commands.contains(GRANT)) {
command = GRANT;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.grantPermission(perm, role);
} else if (commands.contains(REVOKE)) {
command = REVOKE;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.revokePermission(perm, role);
} else if (commands.contains(CREATE_SSD_SET)) {
command = CREATE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.createSsdSet(ssd);
} else if (commands.contains(DELETE_SSD_SET)) {
command = DELETE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.deleteSsdSet(ssd);
} else if (commands.contains(CREATE_DSD_SET)) {
command = CREATE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.createDsdSet(ssd);
} else if (commands.contains(DELETE_DSD_SET)) {
command = DELETE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.deleteDsdSet(ssd);
} else if (commands.contains(CHANGE_PASSWORD)) {
command = CHANGE_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.changePassword(user, newPassword);
} else if (commands.contains(RESET_PASSWORD)) {
command = RESET_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.resetPassword(user, newPassword);
} else if (commands.contains(LOCK_USER_ACCOUNT)) {
command = LOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.lockUserAccount(user);
} else if (commands.contains(UNLOCK_USER_ACCOUNT)) {
command = UNLOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.unlockUserAccount(user);
} else {
LOG.warn("unknown admin operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SDSet(org.apache.directory.fortress.core.model.SDSet)
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Example 10 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class CommandLineInterpreter method processReviewCommand.
/**
* @param commands
* @param options
*/
private void processReviewCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(READ_USER)) {
command = READ_USER;
LOG.info(READ_USER);
User inUser = options.getUser();
User outUser = reviewMgr.readUser(inUser);
printUser(outUser);
} else if (commands.contains(FIND_USERS)) {
command = FIND_USERS;
LOG.info(command);
User user = options.getUser();
List<User> outUsers = reviewMgr.findUsers(user);
if (CollectionUtils.isNotEmpty(outUsers)) {
int ctr = 0;
for (User outUser : outUsers) {
printRow("U", "CTR ", "" + ctr++);
printUser(outUser);
}
}
} else if (commands.contains(ASSIGNED_USERS)) {
command = ASSIGNED_USERS;
LOG.info(command);
Role inRole = options.getRole();
List<User> outUsers = reviewMgr.assignedUsers(inRole);
if (CollectionUtils.isNotEmpty(outUsers)) {
for (User outUser : outUsers) {
printUser(outUser);
}
}
} else if (commands.contains(READ_ROLE)) {
command = READ_ROLE;
LOG.info(command);
Role inRole = options.getRole();
Role outRole = reviewMgr.readRole(inRole);
printRole(outRole);
} else if (commands.contains(FIND_ROLES)) {
command = FIND_ROLES;
LOG.info(command);
String inRoleNm = options.getName();
List<Role> outRoles = reviewMgr.findRoles(inRoleNm);
if (CollectionUtils.isNotEmpty(outRoles)) {
int ctr = 0;
for (Role outRole : outRoles) {
printSeparator();
printRow("R", "ROLE[" + ++ctr + "]", outRole.getName());
printRole(outRole);
}
}
} else if (commands.contains(ASSIGNED_ROLES)) {
command = ASSIGNED_ROLES;
LOG.info(command);
String userId = options.getUserId();
List<UserRole> uRoles = reviewMgr.assignedRoles(new User(userId));
if (uRoles != null) {
for (UserRole ur : uRoles) {
printTemporal("R", ur, "RBACROLE");
printSeparator();
}
}
} else if (commands.contains(READ_POBJ)) {
command = READ_POBJ;
LOG.info(command);
PermObj inPermObj = options.getPermObj();
PermObj outPermObj = reviewMgr.readPermObj(inPermObj);
printPermObj(outPermObj);
} else if (commands.contains(FIND_POBJS)) {
command = FIND_POBJS;
LOG.info(command);
PermObj inPermObj = options.getPermObj();
List<PermObj> outPermObjs = reviewMgr.findPermObjs(inPermObj);
if (CollectionUtils.isNotEmpty(outPermObjs)) {
int ctr = 0;
for (PermObj outPermObj : outPermObjs) {
printSeparator();
printRow("PO", "POBJ[" + ++ctr + "]", outPermObj.getObjName());
printPermObj(outPermObj);
}
}
} else if (commands.contains(READ_PERM)) {
command = READ_PERM;
LOG.info(command);
Permission inPerm = options.getPermission();
Permission outPerm = reviewMgr.readPermission(inPerm);
printPermission(outPerm);
} else if (commands.contains(FIND_PERMS)) {
command = FIND_PERMS;
LOG.info(command);
Permission inPerm = options.getPermission();
List<Permission> outPerms = reviewMgr.findPermissions(inPerm);
if (CollectionUtils.isNotEmpty(outPerms)) {
int ctr = 0;
for (Permission outPerm : outPerms) {
printSeparator();
printRow("P", "PERM[" + ++ctr + "]", outPerm.getAbstractName());
printPermission(outPerm);
}
}
} else {
LOG.warn("unknown review operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processReviewCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Permission(org.apache.directory.fortress.core.model.Permission)
ArrayList(java.util.ArrayList)
List(java.util.List)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Aggregations
Permission (org.apache.directory.fortress.core.model.Permission)99
SecurityException (org.apache.directory.fortress.core.SecurityException)58
Role (org.apache.directory.fortress.core.model.Role)24
User (org.apache.directory.fortress.core.model.User)24
AdminMgr (org.apache.directory.fortress.core.AdminMgr)18
UserRole (org.apache.directory.fortress.core.model.UserRole)17
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)16
Session (org.apache.directory.fortress.core.model.Session)12
FortRequest (org.apache.directory.fortress.core.model.FortRequest)11
FortResponse (org.apache.directory.fortress.core.model.FortResponse)11
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)11
ArrayList (java.util.ArrayList)10
FinderException (org.apache.directory.fortress.core.FinderException)10
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)9
AdminRole (org.apache.directory.fortress.core.model.AdminRole)9
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)9
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)9
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)7
SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)7
AccessMgr (org.apache.directory.fortress.core.AccessMgr)7
