Examples with PwPolicy org.apache.directory.fortress.core.model.PwPolicy used on opensource projects
Example 1 with PwPolicy
use of org.apache.directory.fortress.core.model.PwPolicy in project directory-fortress-core by apache.
the class PolicyDAO method getPolicy.
/**
* @param policy
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
PwPolicy getPolicy(PwPolicy policy) throws FinderException {
PwPolicy entity = null;
LdapConnection ld = null;
String dn = getDn(policy);
try {
ld = getAdminConnection();
Entry findEntry = read(ld, dn, PASSWORD_POLICY_ATRS);
entity = unloadLdapEntry(findEntry, 0);
} catch (LdapNoSuchObjectException e) {
String warning = "getPolicy Obj COULD NOT FIND ENTRY for dn [" + dn + "]";
throw new FinderException(GlobalErrIds.PSWD_NOT_FOUND, warning);
} catch (LdapException e) {
String error = "getPolicy name [" + policy.getName() + "] caught LdapException=" + e.getMessage();
throw new FinderException(GlobalErrIds.PSWD_READ_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return entity;
}
Also used :
LdapNoSuchObjectException(org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)
FinderException(org.apache.directory.fortress.core.FinderException)
DefaultEntry(org.apache.directory.api.ldap.model.entry.DefaultEntry)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
PwPolicy(org.apache.directory.fortress.core.model.PwPolicy)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 2 with PwPolicy
use of org.apache.directory.fortress.core.model.PwPolicy in project directory-fortress-core by apache.
the class PolicyDAO method unloadLdapEntry.
/**
* @param le
* @param sequence
* @return
* @throws LdapInvalidAttributeValueException
* @throws LdapException
*/
private PwPolicy unloadLdapEntry(Entry le, long sequence) throws LdapInvalidAttributeValueException {
PwPolicy entity = new ObjectFactory().createPswdPolicy();
entity.setSequenceId(sequence);
entity.setName(getAttribute(le, PW_PWD_ID));
String val;
val = getAttribute(le, PW_MIN_AGE);
if (StringUtils.isNotEmpty(val)) {
entity.setMinAge(Integer.valueOf(val));
}
val = getAttribute(le, PW_MAX_AGE);
if (StringUtils.isNotEmpty(val)) {
entity.setMaxAge(Long.valueOf(val));
}
val = getAttribute(le, PW_IN_HISTORY);
if (StringUtils.isNotEmpty(val)) {
entity.setInHistory(Short.valueOf(val));
}
val = getAttribute(le, PW_CHECK_QUALITY);
if (StringUtils.isNotEmpty(val)) {
entity.setCheckQuality(Short.valueOf(val));
}
val = getAttribute(le, PW_MIN_LENGTH);
if (StringUtils.isNotEmpty(val)) {
entity.setMinLength(Short.valueOf(val));
}
val = getAttribute(le, PW_EXPIRE_WARNING);
if (StringUtils.isNotEmpty(val)) {
entity.setExpireWarning(Long.valueOf(val));
}
val = getAttribute(le, PW_GRACE_LOGIN_LIMIT);
if (StringUtils.isNotEmpty(val)) {
entity.setGraceLoginLimit(Short.valueOf(val));
}
val = getAttribute(le, PW_LOCKOUT);
if (StringUtils.isNotEmpty(val)) {
entity.setLockout(Boolean.valueOf(val));
}
val = getAttribute(le, PW_LOCKOUT_DURATION);
if (StringUtils.isNotEmpty(val)) {
entity.setLockoutDuration(Integer.valueOf(val));
}
val = getAttribute(le, PW_MAX_FAILURE);
if (StringUtils.isNotEmpty(val)) {
entity.setMaxFailure(Short.valueOf(val));
}
val = getAttribute(le, PW_FAILURE_COUNT_INTERVAL);
if (StringUtils.isNotEmpty(val)) {
entity.setFailureCountInterval(Short.valueOf(val));
}
val = getAttribute(le, PW_MUST_CHANGE);
if (StringUtils.isNotEmpty(val)) {
// noinspection BooleanConstructorCall
entity.setMustChange(Boolean.valueOf(val));
}
val = getAttribute(le, PW_ALLOW_USER_CHANGE);
if (StringUtils.isNotEmpty(val)) {
entity.setAllowUserChange(Boolean.valueOf(val));
}
val = getAttribute(le, PW_SAFE_MODIFY);
if (StringUtils.isNotEmpty(val)) {
entity.setSafeModify(Boolean.valueOf(val));
}
return entity;
}
Also used :
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
PwPolicy(org.apache.directory.fortress.core.model.PwPolicy)
Example 3 with PwPolicy
use of org.apache.directory.fortress.core.model.PwPolicy in project directory-fortress-core by apache.
the class UserP method validate.
/**
* Method will perform various validations to ensure the integrity of the User entity targeted for insertion
* or updating in directory. For example the ou attribute will be "read" from the OrgUnit dataset to ensure
* that it is valid. Data reasonability checks will be performed on all non-null attributes.
* This method will also copy the source constraints to target entity iff the target input entity does not have set
* prior to calling.
*
* @param entity User entity contains data targeted for insertion or update. The input role constraints will be accepted.
* @param isUpdate if true update operation is being performed which specifies a different set of targeted attributes.
* @throws SecurityException in the event of data validation error or DAO error on Org validation.
*/
private void validate(User entity, boolean isUpdate) throws SecurityException {
if (!isUpdate) {
// the UserId attribute is required on User:
VUtil.userId(entity.getUserId());
// the cn attribute is optional as input. entity will default to userId if cn not set by caller on add:
if (StringUtils.isNotEmpty(entity.getCn())) {
VUtil.safeText(entity.getCn(), GlobalIds.CN_LEN);
}
// the sn attribute is optional as input. entity will default to userId if sn not set by caller on add:
if (StringUtils.isNotEmpty(entity.getSn())) {
VUtil.safeText(entity.getSn(), GlobalIds.SN_LEN);
}
// password is not required on user object but user cannot execute AccessMgr or DelAccessMgr methods w/out pw.
if (StringUtils.isNotEmpty(entity.getPassword())) {
VUtil.safeText(entity.getPassword(), GlobalIds.PASSWORD_LEN);
}
// the OU attribute is required:
if (StringUtils.isEmpty(entity.getOu())) {
String error = "OU validation failed, null or empty value";
throw new ValidationException(GlobalErrIds.ORG_NULL_USER, error);
}
VUtil.orgUnit(entity.getOu());
// ensure ou exists in the OS-U pool:
OrgUnit ou = new OrgUnit(entity.getOu(), OrgUnit.Type.USER);
ou.setContextId(entity.getContextId());
if (!orgUnitP.isValid(ou)) {
String error = "validate detected invalid orgUnit name [" + entity.getOu() + "] adding user with userId [" + entity.getUserId() + "]";
throw new ValidationException(GlobalErrIds.USER_OU_INVALID, error);
}
// description attribute is optional:
if (StringUtils.isNotEmpty(entity.getDescription())) {
VUtil.description(entity.getDescription());
}
} else {
// on User update, all attributes are optional:
if (StringUtils.isNotEmpty(entity.getCn())) {
VUtil.safeText(entity.getCn(), GlobalIds.CN_LEN);
}
if (StringUtils.isNotEmpty(entity.getSn())) {
VUtil.safeText(entity.getSn(), GlobalIds.SN_LEN);
}
if (StringUtils.isNotEmpty(entity.getPassword())) {
VUtil.safeText(entity.getPassword(), GlobalIds.PASSWORD_LEN);
}
if (StringUtils.isNotEmpty(entity.getOu())) {
VUtil.orgUnit(entity.getOu());
// ensure ou exists in the OS-U pool:
OrgUnit ou = new OrgUnit(entity.getOu(), OrgUnit.Type.USER);
ou.setContextId(entity.getContextId());
if (!orgUnitP.isValid(ou)) {
String error = "validate detected invalid orgUnit name [" + entity.getOu() + "] updating user wth userId [" + entity.getUserId() + "]";
throw new ValidationException(GlobalErrIds.USER_OU_INVALID, error);
}
}
if (StringUtils.isNotEmpty(entity.getDescription())) {
VUtil.description(entity.getDescription());
}
}
// 1 OpenLDAP password policy name must be valid if set:
if (StringUtils.isNotEmpty(entity.getPwPolicy())) {
PwPolicy policy = new PwPolicy(entity.getPwPolicy());
policy.setContextId(entity.getContextId());
if (!policyP.isValid(policy)) {
String error = "validate detected invalid OpenLDAP policy name [" + entity.getPwPolicy() + "] for userId [" + entity.getUserId() + "]. Assignment is optional for User but must be valid if specified.";
throw new ValidationException(GlobalErrIds.USER_PW_PLCY_INVALID, error);
}
}
// 2 Validate constraints on User object:
ConstraintUtil.validate(entity);
// 3 Validate or copy constraints on RBAC roles:
if (CollectionUtils.isNotEmpty(entity.getRoles())) {
RoleP rp = new RoleP();
List<UserRole> roles = entity.getRoles();
for (UserRole ure : roles) {
Role inRole = new Role(ure.getName());
inRole.setContextId(entity.getContextId());
Role role = rp.read(inRole);
ConstraintUtil.validateOrCopy(role, ure);
}
}
// 4 Validate and copy constraints on Administrative roles:
if (CollectionUtils.isNotEmpty(entity.getAdminRoles())) {
List<UserAdminRole> uRoles = entity.getAdminRoles();
for (UserAdminRole uare : uRoles) {
AdminRole inRole = new AdminRole(uare.getName());
inRole.setContextId(entity.getContextId());
AdminRole outRole = admRoleP.read(inRole);
ConstraintUtil.validateOrCopy(outRole, uare);
// copy the ARBAC AdminRole attributes to UserAdminRole:
copyAdminAttrs(outRole, uare);
}
}
}
Also used :
OrgUnit(org.apache.directory.fortress.core.model.OrgUnit)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
ValidationException(org.apache.directory.fortress.core.ValidationException)
UserRole(org.apache.directory.fortress.core.model.UserRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
PwPolicy(org.apache.directory.fortress.core.model.PwPolicy)
Example 4 with PwPolicy
use of org.apache.directory.fortress.core.model.PwPolicy in project directory-fortress-core by apache.
the class PwPolicyMgrRestImpl method updateUserPolicy.
/**
* {@inheritDoc}
*/
@Override
public void updateUserPolicy(String userId, String name) throws SecurityException {
String methodName = "updateUserPolicy";
VUtil.assertNotNullOrEmpty(userId, GlobalErrIds.USER_NULL, CLS_NM + "." + methodName);
VUtil.assertNotNullOrEmpty(name, GlobalErrIds.PSWD_NAME_NULL, CLS_NM + "." + methodName);
FortRequest request = RestUtils.getRequest(this.contextId);
request.setEntity(new PwPolicy(name));
request.setValue(userId);
if (this.adminSess != null) {
request.setSession(adminSess);
}
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.PSWD_USER_ADD);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() != 0) {
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
}
Also used :
FortResponse(org.apache.directory.fortress.core.model.FortResponse)
SecurityException(org.apache.directory.fortress.core.SecurityException)
FortRequest(org.apache.directory.fortress.core.model.FortRequest)
PwPolicy(org.apache.directory.fortress.core.model.PwPolicy)
Example 5 with PwPolicy
use of org.apache.directory.fortress.core.model.PwPolicy in project directory-fortress-core by apache.
the class PwPolicyMgrRestImpl method search.
/**
* {@inheritDoc}
*/
@Override
public List<PwPolicy> search(String searchVal) throws SecurityException {
VUtil.assertNotNull(searchVal, GlobalErrIds.PSWD_NAME_NULL, CLS_NM + ".search");
List<PwPolicy> retPolicies;
FortRequest request = RestUtils.getRequest(this.contextId);
request.setEntity(new PwPolicy(searchVal));
if (this.adminSess != null) {
request.setSession(adminSess);
}
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.PSWD_SEARCH);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0) {
retPolicies = response.getEntities();
} else {
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return retPolicies;
}
Also used :
FortResponse(org.apache.directory.fortress.core.model.FortResponse)
SecurityException(org.apache.directory.fortress.core.SecurityException)
FortRequest(org.apache.directory.fortress.core.model.FortRequest)
PwPolicy(org.apache.directory.fortress.core.model.PwPolicy)
Aggregations
PwPolicy (org.apache.directory.fortress.core.model.PwPolicy)17
SecurityException (org.apache.directory.fortress.core.SecurityException)9
PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)6
FortRequest (org.apache.directory.fortress.core.model.FortRequest)3
FortResponse (org.apache.directory.fortress.core.model.FortResponse)3
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)2
FinderException (org.apache.directory.fortress.core.FinderException)2
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)2
ArrayList (java.util.ArrayList)1
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)1
SearchCursor (org.apache.directory.api.ldap.model.cursor.SearchCursor)1
DefaultEntry (org.apache.directory.api.ldap.model.entry.DefaultEntry)1
Entry (org.apache.directory.api.ldap.model.entry.Entry)1
LdapNoSuchObjectException (org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException)1
ValidationException (org.apache.directory.fortress.core.ValidationException)1
AdminRole (org.apache.directory.fortress.core.model.AdminRole)1
ObjectFactory (org.apache.directory.fortress.core.model.ObjectFactory)1
OrgUnit (org.apache.directory.fortress.core.model.OrgUnit)1
Role (org.apache.directory.fortress.core.model.Role)1
