Example 41 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class ReviewMgrConsole method searchPermissions.
/**
* Description of the Method
*/
void searchPermissions() {
Permission pe;
/*
* This is the Fortress Logical Data Model for Perm:
* public class Perm
* implements java.io.Serializable
* {
* public void setInternalId()
* public void setInternalId(String internalId)
* public String getInternalId()
* public void setName(String name)
* public String getName()
* public void setDescription(String description)
* public String getDescription()
* public void addRole(String name)
* public List getRoles()
* public void addRoles(ArrayList roles)
* public void addUser(String user)
* public List getUsers()
* public void addUsers(ArrayList users)
* public void addGroup(String group)
* public List getGroups()
* public void addGroups(ArrayList groups)
* public void addProperty(String key, String value)
* public void addProperties(Properties props)
* public Properties getProperties()
* public String getProperty(String key)
* public void setOu(String ou)
* public String getOu()
* public void setType(String type)
* public String getType()
* public void setDn(String dn)
* public String getDn()
* public void addFinePerm(FinePerm fPerm)
* public HashMap getFinePerms()
* public void addFinePerms(HashMap fPerms)
* }
* public class FinePerm
* implements java.io.Serializable
* {
* public String getObjName()
* public void setObjName(String objName)
* public void addRole(String name)
* public List getRoles()
* public void addUser(String user)
* public List getUsers()
* public void addGroup(String group)
* public List getGroups()
* }
*/
try {
// ReaderUtil.clearScreen();
// System.out.println("Enter operationid");
System.out.println("Enter object name:");
String name = ReaderUtil.readLn();
System.out.println("Enter op name:");
String opname = ReaderUtil.readLn();
pe = new Permission();
pe.setObjName(name);
pe.setOpName(opname);
List list = rm.findPermissions(pe);
if (list != null) {
for (int i = 0; i < list.size(); i++) {
pe = (Permission) list.get(i);
System.out.println("**perm:" + (i + 1) + "***");
// System.out.println("perm operation [" + pe.operation + "]");
System.out.println("object name [" + pe.getObjName() + "]");
System.out.println("object id [" + pe.getObjId() + "]");
System.out.println("operation name [" + pe.getOpName() + "]");
System.out.println("abstract perm name [" + pe.getAbstractName() + "]");
System.out.println("internalId [" + pe.getInternalId() + "]");
if (pe.getUsers() != null && pe.getUsers().size() > 0) {
int ctr = 0;
for (String user : pe.getUsers()) {
System.out.println("user[" + ctr++ + "]=" + user);
}
}
if (pe.getRoles() != null && pe.getRoles().size() > 0) {
int ctr = 0;
for (String role : pe.getRoles()) {
System.out.println("name[" + ctr++ + "]=" + role);
}
}
if (pe.getProperties() != null && pe.getProperties().size() > 0) {
int ctr = 0;
for (Enumeration e = pe.getProperties().propertyNames(); e.hasMoreElements(); ) {
String key = (String) e.nextElement();
String val = pe.getProperty(key);
System.out.println("prop key[" + ctr + "]=" + key);
System.out.println("prop value[" + ctr++ + "]=" + val);
}
}
// prettyPrintFinePermissions(pe.getFinePerms());
System.out.println("**");
}
System.out.println("search complete");
System.out.println("ENTER to continue");
}
} catch (SecurityException e) {
LOG.error("searchPermissions caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}
Also used :
Enumeration(java.util.Enumeration)
Permission(org.apache.directory.fortress.core.model.Permission)
ArrayList(java.util.ArrayList)
List(java.util.List)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Example 42 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class CreatePermSample method testRevokePermissionUser.
/**
* Test will remove the associated User attribute from Permission Operation nodes in LDAP.
*/
public static void testRevokePermissionUser() {
String szLocation = ".testRevokePermissionUser";
if (AllSamplesJUnitTest.isFirstRun()) {
return;
}
User inUser = new User(CreateUserSample.TEST_USERID);
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// Iterate over perms...
for (int i = 1; i < 6; i++) {
// Permissions contain Object to Operation mapping and once created can then be targeted for assignment of User entities in ldap:
Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + i);
// This API will remove the 'oamUsers' attribute associated with User in 'oamOperation' ldap object class:
adminMgr.revokePermission(inPerm, inUser);
// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
// now read the list of Users that are still granted. This should be a null list because of revocation performed above:
List<String> assignedUsers = reviewMgr.permissionUsers(inPerm);
assertTrue(assignedUsers.size() == 0);
LOG.info(szLocation + " permission user [" + inUser.getUserId() + "] object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 43 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class CreatePermSample method testGrantPermissionRole.
/**
* Permissions contain a multi-occurring String attribute that contains the Role name(s) for which it is granted to.
* The checkAccess method will determine if User has been assigned to a Role that Permission has been granted to.
*/
public static void testGrantPermissionRole() {
String szLocation = ".testGrantPermissionRole";
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// Iterate over roles...
for (int i = 1; i < 11; i++) {
Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
for (int j = 1; j < 6; j++) {
// Permissions contain Object to Operation mapping and once created can then be targeted for assignment to Role entities in ldap:
Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + j);
// This API add a 'oamRoles' attribute associated with Role to the 'oamOperation' ldap object class:
adminMgr.grantPermission(inPerm, inRole);
LOG.info(szLocation + " permission role [" + inRole.getName() + "] object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
}
}
// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
// Iterate test to ensure that all Roles contain the associated Operation assignments:
for (int i = 1; i < 11; i++) {
// Create this Role to interrogate the system to return all assigned Operation entities:
Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
// Read the list of permissions that have been granted to test Role:
List<Permission> assignedPerms = reviewMgr.rolePermissions(inRole);
assertTrue(szLocation + " list check, expected: 5, actual:" + assignedPerms.size(), assignedPerms.size() == 5);
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 44 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class SessionPermissions method runTest.
/**
*224
* Description of the Method
*
* @param samplerContext Description of the Parameter
* @return Description of the Return Value
*/
public SampleResult runTest(JavaSamplerContext samplerContext) {
SampleResult sampleResult = new SampleResult();
try {
sampleResult.sampleStart();
String message;
if (isFortress) {
message = "FT ";
} else {
message = "AC ";
}
message += "SessionPermissions isFortress: " + isFortress + ", userId: " + userId;
/*
LOG.info( message );
System.out.println( message );
*/
assertNotNull(session);
assertTrue(session.isAuthenticated());
List<Permission> result;
if (isFortress) {
assertNotNull(accessMgr);
result = accessMgr.sessionPermissions(session);
} else {
assertNotNull(accelMgr);
result = accelMgr.sessionPermissions(session);
}
// positive test case:
assertNotNull(message, result);
assertTrue(message, result.size() > 0);
sampleResult.sampleEnd();
sampleResult.setBytes(1);
sampleResult.setResponseMessage("test sessionPermissions completed, message=" + message);
sampleResult.setSuccessful(true);
} catch (org.apache.directory.fortress.core.SecurityException se) {
String error = "ThreadId:" + getThreadId() + "Error running test: " + se;
LOG.error(error);
System.out.println(error);
se.printStackTrace();
fail(error);
sampleResult.setSuccessful(false);
}
return sampleResult;
}
Also used :
org.apache.directory.fortress.core(org.apache.directory.fortress.core)
Permission(org.apache.directory.fortress.core.model.Permission)
SampleResult(org.apache.jmeter.samplers.SampleResult)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Example 45 with Permission
use of org.apache.directory.fortress.core.model.Permission in project directory-fortress-core by apache.
the class AccessMgrSample method testCheckAccess.
/**
* The checkAccess API is used to perform authorization on User. It will return a 'true' if User is authorized to
* perform operation or a 'false' if User is not. This API is useful for performing method or service level authorization
* within Server side programs. It is expected that this API will be wrapped by other application Security frameworks
* i.e. Spring or Java EE to provide fine-grained permission check authorization capabilities to business applications
* running in the datacenter.
*/
public static void testCheckAccess() {
String szLocation = ".testCheckAccess";
try {
// Instantiate the AccessMgr implementation.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// utility function will create an Fortress Session. The Session contains the user's activated
// roles along with other related attributes and status information (i.e. password status)
Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
assertNotNull(session);
for (int i = 1; i < 6; i++) {
// Fortress Permissions have an Object name and Operation name. There is a one to many relationship between
// objects and operations. An example is object name "MyDataBaseTable" operations "READ", "WRITE", "DELETE". or object "MyFile" operations "R", "W", "C" or "MyClassName" "methodA", "methodB", "methodC", or "MyPageName.ControlName" "checkOut", "applyDiscount".
Permission inPerm = new Permission(CreatePermSample.TEST_PERM_OBJECT, CreatePermSample.TEST_PERM_OPERATION_PREFIX + i);
// method will return a 'true' if authorized or 'false' if not.
boolean result = accessMgr.checkAccess(session, inPerm);
assertTrue(szLocation, result);
LOG.info(szLocation + " user [" + session.getUserId() + "] permission object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Aggregations
Permission (org.apache.directory.fortress.core.model.Permission)99
SecurityException (org.apache.directory.fortress.core.SecurityException)58
Role (org.apache.directory.fortress.core.model.Role)24
User (org.apache.directory.fortress.core.model.User)24
AdminMgr (org.apache.directory.fortress.core.AdminMgr)18
UserRole (org.apache.directory.fortress.core.model.UserRole)17
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)16
Session (org.apache.directory.fortress.core.model.Session)12
FortRequest (org.apache.directory.fortress.core.model.FortRequest)11
FortResponse (org.apache.directory.fortress.core.model.FortResponse)11
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)11
ArrayList (java.util.ArrayList)10
FinderException (org.apache.directory.fortress.core.FinderException)10
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)9
AdminRole (org.apache.directory.fortress.core.model.AdminRole)9
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)9
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)9
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)7
SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)7
AccessMgr (org.apache.directory.fortress.core.AccessMgr)7
