Examples with Permission org.apache.directory.fortress.core.model.Permission used on opensource projects

Search in sources :

Example 11 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class CommandLineInterpreter method processDelegatedAdminCommand.

private void processDelegatedAdminCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(ADD_ROLE)) {
            command = ADD_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.addRole(role);
        } else if (commands.contains(UPDATE_ROLE)) {
            command = UPDATE_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.updateRole(role);
        } else if (commands.contains(DELETE_ROLE)) {
            command = DELETE_ROLE;
            LOG.info(command);
            AdminRole role = options.getAdminRole();
            delAdminMgr.deleteRole(role);
        } else if (commands.contains(ASSIGN_ROLE)) {
            command = ASSIGN_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            String userId = options.getUserId();
            delAdminMgr.assignUser(new UserAdminRole(userId, role));
        } else if (commands.contains(DEASSIGN_ROLE)) {
            command = DEASSIGN_ROLE;
            LOG.info(command);
            Role role = options.getRole();
            String userId = options.getUserId();
            delAdminMgr.deassignUser(new UserAdminRole(userId, role));
        } else if (commands.contains(ADD_ROLE_INHERITANCE)) {
            command = ADD_ROLE_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
        } else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
            command = DELETE_ROLE_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new AdminRole(relationship.getParent()), new AdminRole(relationship.getChild()));
        } else if (commands.contains(ADD_POBJ)) {
            command = ADD_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.addPermObj(permObj);
        } else if (commands.contains(UPDATE_POBJ)) {
            command = UPDATE_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.updatePermObj(permObj);
        } else if (commands.contains(DELETE_POBJ)) {
            command = DELETE_POBJ;
            LOG.info(command);
            PermObj permObj = options.getPermObj();
            delAdminMgr.deletePermObj(permObj);
        } else if (commands.contains(ADD_PERM)) {
            command = ADD_PERM;
            LOG.info(command);
            Permission perm = options.getPermission();
            delAdminMgr.addPermission(perm);
        } else if (commands.contains(UPDATE_PERM)) {
            command = UPDATE_PERM;
            LOG.info(command);
            Permission perm = options.getPermission();
            delAdminMgr.updatePermission(perm);
        } else if (commands.contains(DELETE_PERM)) {
            command = DELETE_PERM;
            LOG.info(command);
            Permission permObj = options.getPermission();
            delAdminMgr.deletePermission(permObj);
        } else if (commands.contains(GRANT)) {
            command = GRANT;
            LOG.info(command);
            Permission perm = options.getPermission();
            AdminRole role = options.getAdminRole();
            role.setName(options.getRoleNm());
            delAdminMgr.grantPermission(perm, role);
        } else if (commands.contains(REVOKE)) {
            command = REVOKE;
            LOG.info(command);
            Permission perm = options.getPermission();
            AdminRole role = options.getAdminRole();
            role.setName(options.getRoleNm());
            delAdminMgr.revokePermission(perm, role);
        } else if (commands.contains(ADD_USERORG)) {
            command = ADD_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.add(orgUnit);
        } else if (commands.contains(UPDATE_USERORG)) {
            command = UPDATE_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.update(orgUnit);
        } else if (commands.contains(DELETE_USERORG)) {
            command = DELETE_USERORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.USER);
            delAdminMgr.delete(orgUnit);
        } else if (commands.contains(ADD_USERORG_INHERITANCE)) {
            command = ADD_USERORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
        } else if (commands.contains(DELETE_USERORG_INHERITANCE)) {
            command = DELETE_USERORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.USER), new OrgUnit(relationship.getChild(), OrgUnit.Type.USER));
        } else if (commands.contains(ADD_PERMORG)) {
            command = ADD_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.add(orgUnit);
        } else if (commands.contains(UPDATE_PERMORG)) {
            command = UPDATE_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.update(orgUnit);
        } else if (commands.contains(DELETE_PERMORG)) {
            command = DELETE_PERMORG;
            LOG.info(command);
            OrgUnit orgUnit = options.getOrgUnit();
            orgUnit.setType(OrgUnit.Type.PERM);
            delAdminMgr.delete(orgUnit);
        } else if (commands.contains(ADD_PERMORG_INHERITANCE)) {
            command = ADD_PERMORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.addInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
        } else if (commands.contains(DELETE_PERMORG_INHERITANCE)) {
            command = DELETE_PERMORG_INHERITANCE;
            LOG.info(command);
            Relationship relationship = options.getRelationship();
            delAdminMgr.deleteInheritance(new OrgUnit(relationship.getParent(), OrgUnit.Type.PERM), new OrgUnit(relationship.getChild(), OrgUnit.Type.PERM));
        } else {
            LOG.warn("unknown delegated admin operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (org.apache.directory.fortress.core.SecurityException se) {
        String error = "processDelegatedAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) OrgUnit(org.apache.directory.fortress.core.model.OrgUnit) org.apache.directory.fortress.core(org.apache.directory.fortress.core) PermObj(org.apache.directory.fortress.core.model.PermObj) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) Relationship(org.apache.directory.fortress.core.model.Relationship) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException) AdminRole(org.apache.directory.fortress.core.model.AdminRole) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)

Example 12 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class Manageable method setAdminData.

/**
 * Method is called by Manager APIs to load contextual information on {@link FortEntity}.
 * <p>
 * The information is used to
 * <ol>
 *   <li>
 *     Load the administrative User's {@link Session} object into entity.  This is used for checking to ensure
 *     administrator has privilege to perform administrative operation.
 *   </li>
 *   <li>
 *     Load the target operation's permission into the audit context.  This is used for Fortress audit log stored in
 *     OpenLDAP
 *   </li>
 * </ol>
 *
 * @param className contains the class name.
 * @param opName contains operation name.
 * @param entity  used to pass contextual information through Fortress layers for administrative security checks and
 * audit.
 */
protected final void setAdminData(String className, String opName, FortEntity entity) {
    if (this.adminSess != null) {
        Permission perm = new Permission(className, opName);
        entity.setAdminSession(this.adminSess);
        entity.setModCode(AdminUtil.getObjName(perm.getObjName()) + "." + perm.getOpName());
    }
    entity.setContextId(this.contextId);
}
Also used : Permission(org.apache.directory.fortress.core.model.Permission)

Example 13 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class FortressAntTask method deletePermGrants.

/**
 * @throws BuildException An error occurred while building
 */
private void deletePermGrants() throws BuildException {
    if (delpermGrants == null) {
        return;
    }
    // Loop through the entityclass elements
    for (DelpermGrant delpermGrant : delpermGrants) {
        List<PermGrant> permGrants = delpermGrant.getPermGrants();
        for (PermGrant permGrant : permGrants) {
            try {
                Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.isAdmin());
                perm.setOpName(permGrant.getOpName());
                perm.setObjId(permGrant.getObjId());
                if (permGrant.getRoleNm() != null && permGrant.getRoleNm().length() > 0) {
                    LOG.info("deletePermGrants tenant={} roleName={} objName={} opName={} objId={}", getTenant(), permGrant.getRoleNm(), permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
                    adminMgr.revokePermission(perm, new Role(permGrant.getRoleNm()));
                } else if (permGrant.getUserId() != null && permGrant.getUserId().length() > 0) {
                    LOG.info("deletePermGrants tenant={} userId={} objName={} opName={} objId={}", getTenant(), permGrant.getUserId(), permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
                    adminMgr.revokePermission(perm, new User(permGrant.getUserId()));
                } else {
                    String warning = "deletePermGrants called without user or role set in xml";
                    LOG.warn(warning);
                }
            } catch (SecurityException se) {
                LOG.warn("deletePermGrants tenant={} roleName={} objName={} opName={} objId={} caught SecurityException={}", getTenant(), permGrant.getRoleNm(), permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId(), se);
            }
        }
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) PermGrant(org.apache.directory.fortress.core.model.PermGrant) User(org.apache.directory.fortress.core.model.User) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException)

Example 14 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class FortressAntTask method addPermGrants.

/**
 * @throws BuildException An error occurred while building
 */
private void addPermGrants() throws BuildException {
    if (addpermGrants == null) {
        return;
    }
    // Loop through the entityclass elements
    for (AddpermGrant addpermGrant : addpermGrants) {
        List<PermGrant> permGrants = addpermGrant.getPermGrants();
        for (PermGrant permGrant : permGrants) {
            try {
                Permission perm = new Permission(permGrant.getObjName(), permGrant.getOpName(), permGrant.isAdmin());
                perm.setOpName(permGrant.getOpName());
                perm.setObjId(permGrant.getObjId());
                if (permGrant.getRoleNm() != null && permGrant.getRoleNm().length() > 0) {
                    LOG.info("addPermGrants tenant={} roleName={} objName={} opName={} objId={}", getTenant(), permGrant.getRoleNm(), permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
                    adminMgr.grantPermission(perm, new Role(permGrant.getRoleNm()));
                } else if (permGrant.getUserId() != null && permGrant.getUserId().length() > 0) {
                    LOG.info("addPermGrants tenant={} userId={} objName={} opName={} objId={}", getTenant(), permGrant.getUserId(), permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId());
                    adminMgr.grantPermission(perm, new User(permGrant.getUserId()));
                } else {
                    String warning = "addPermGrants called without user or role set in xml";
                    LOG.warn(warning);
                }
            } catch (SecurityException se) {
                LOG.warn("addPermGrants tenant={} roleName={} objName={} opName={} objId={} caught SecurityException={}", getTenant(), permGrant.getRoleNm(), permGrant.getObjName(), permGrant.getOpName(), permGrant.getObjId(), se);
            }
        }
    }
}
Also used : AdminRole(org.apache.directory.fortress.core.model.AdminRole) Role(org.apache.directory.fortress.core.model.Role) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) UserRole(org.apache.directory.fortress.core.model.UserRole) PermGrant(org.apache.directory.fortress.core.model.PermGrant) User(org.apache.directory.fortress.core.model.User) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException)

Example 15 with Permission

use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.

the class DelAccessMgrRestImpl method sessionPermissions.

/**
 * {@inheritDoc}
 */
@Override
public List<Permission> sessionPermissions(Session session) throws SecurityException {
    VUtil.assertNotNull(session, GlobalErrIds.USER_SESS_NULL, CLS_NM + ".sessionPermissions");
    List<Permission> retPerms;
    FortRequest request = new FortRequest();
    request.setContextId(this.contextId);
    request.setSession(session);
    String szRequest = RestUtils.marshal(request);
    String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ADMIN_PERMS);
    FortResponse response = RestUtils.unmarshall(szResponse);
    if (response.getErrorCode() == 0) {
        retPerms = response.getEntities();
        Session outSession = response.getSession();
        session.copy(outSession);
    } else {
        throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
    }
    return retPerms;
// throw new java.lang.UnsupportedOperationException();
}
Also used : Permission(org.apache.directory.fortress.core.model.Permission) FortResponse(org.apache.directory.fortress.core.model.FortResponse) SecurityException(org.apache.directory.fortress.core.SecurityException) FortRequest(org.apache.directory.fortress.core.model.FortRequest) Session(org.apache.directory.fortress.core.model.Session)

Aggregations

Permission (org.apache.directory.fortress.core.model.Permission)99 SecurityException (org.apache.directory.fortress.core.SecurityException)58 Role (org.apache.directory.fortress.core.model.Role)24 User (org.apache.directory.fortress.core.model.User)24 AdminMgr (org.apache.directory.fortress.core.AdminMgr)18 UserRole (org.apache.directory.fortress.core.model.UserRole)17 ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)16 Session (org.apache.directory.fortress.core.model.Session)12 FortRequest (org.apache.directory.fortress.core.model.FortRequest)11 FortResponse (org.apache.directory.fortress.core.model.FortResponse)11 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)11 ArrayList (java.util.ArrayList)10 FinderException (org.apache.directory.fortress.core.FinderException)10 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)9 AdminRole (org.apache.directory.fortress.core.model.AdminRole)9 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)9 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)9 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)7 SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)7 AccessMgr (org.apache.directory.fortress.core.AccessMgr)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial