Example 1 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class AdminMgrImpl method addInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addInheritance(Role parentRole, Role childRole) throws SecurityException {
String methodName = "addInheritance";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.PARENT_ROLE_NULL);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.CHILD_ROLE_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
// make sure the parent role is already there:
Role pRole = new Role(parentRole.getName());
pRole.setContextId(this.contextId);
roleP.read(pRole);
// make sure the child role is already there:
Role cRole = new Role(childRole.getName());
cRole.setContextId(this.contextId);
cRole = roleP.read(cRole);
RoleUtil.getInstance().validateRelationship(childRole, parentRole, false);
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
Role cRole2 = new Role(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
roleP.update(cRole2);
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 2 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class AdminMgrImpl method deleteInheritance.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void deleteInheritance(Role parentRole, Role childRole) throws SecurityException {
String methodName = "deleteInheritance";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.PARENT_ROLE_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.CHILD_ROLE_NULL);
RoleUtil.getInstance().validateRelationship(childRole, parentRole, true);
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.REM);
// need to remove the parent from the child role:
Role cRole = new Role(childRole.getName());
cRole.setContextId(this.contextId);
cRole = roleP.read(cRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
Role cRole2 = new Role(childRole.getName());
cRole2.setParents(cRole.getParents());
cRole2.delParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
// are there any parents left?
if (!CollectionUtils.isNotEmpty(cRole2.getParents())) {
// The updates only update non-empty multi-occurring attributes
// so if last parent assigned, so must remove the attribute completely:
roleP.deleteParent(cRole2);
} else {
roleP.update(cRole2);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 3 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class AdminMgrImpl method removeRoleConstraint.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void removeRoleConstraint(UserRole uRole, String roleConstraintId) throws SecurityException {
String methodName = "assignUser";
assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
AdminUtil.canDeassign(uRole.getAdminSession(), new User(uRole.getUserId()), new Role(uRole.getName()), contextId);
// find role constraint that needs removed
boolean found = false;
List<UserRole> userRoles = userP.read(new User(uRole.getUserId()), true).getRoles();
for (UserRole ur : userRoles) {
// find matching name
if (ur.getName().equals(uRole.getName())) {
// find matching constraint
List<RoleConstraint> rcs = ur.getRoleConstraints();
for (RoleConstraint rc : rcs) {
if (rc.getId().equals(roleConstraintId)) {
userP.deassign(uRole, rc);
found = true;
break;
}
}
}
}
if (!found) {
throw new FinderException(GlobalErrIds.RCON_NOT_FOUND, "Role constraint with id " + roleConstraintId + " not found");
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
FinderException(org.apache.directory.fortress.core.FinderException)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
RoleConstraint(org.apache.directory.fortress.core.model.RoleConstraint)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 4 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class AdminMgrImpl method addAscendant.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public void addAscendant(Role childRole, Role parentRole) throws SecurityException {
String methodName = "addAscendant";
assertContext(CLS_NM, methodName, parentRole, GlobalErrIds.PARENT_ROLE_NULL);
setEntitySession(CLS_NM, methodName, parentRole);
assertContext(CLS_NM, methodName, childRole, GlobalErrIds.CHILD_ROLE_NULL);
// make sure the child role is already there:
Role role = new Role(childRole.getName());
role.setContextId(this.contextId);
role = roleP.read(role);
role.setContextId(this.contextId);
RoleUtil.getInstance().validateRelationship(childRole, parentRole, false);
roleP.add(parentRole);
// Use cRole2 to update ONLY the parents attribute on the child role and nothing else:
Role cRole2 = new Role(childRole.getName());
cRole2.setParents(role.getParents());
cRole2.setParent(parentRole.getName());
cRole2.setContextId(this.contextId);
setAdminData(CLS_NM, methodName, cRole2);
roleP.update(cRole2);
RoleUtil.getInstance().updateHier(this.contextId, new Relationship(childRole.getName().toUpperCase(), parentRole.getName().toUpperCase()), Hier.Op.ADD);
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 5 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class CommandLineInterpreter method processAdminCommand.
/**
* @param commands
* @param options
*/
private void processAdminCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(ADD_USER)) {
command = ADD_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.addUser(user);
} else if (commands.contains(UPDATE_USER)) {
command = UPDATE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.updateUser(user);
} else if (commands.contains(DELETE_USER)) {
command = DELETE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.deleteUser(user);
} else if (commands.contains(ADD_ROLE)) {
command = ADD_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.addRole(role);
} else if (commands.contains(UPDATE_ROLE)) {
command = UPDATE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.updateRole(role);
} else if (commands.contains(DELETE_ROLE)) {
command = DELETE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.deleteRole(role);
} else if (commands.contains(ASSIGN_ROLE)) {
command = ASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.assignUser(new UserRole(userId, role));
} else if (commands.contains(DEASSIGN_ROLE)) {
command = DEASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.deassignUser(new UserRole(userId, role));
} else if (commands.contains(ADD_ROLE_INHERITANCE)) {
command = ADD_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.addInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
command = DELETE_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.deleteInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(ADD_POBJ)) {
command = ADD_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.addPermObj(permObj);
} else if (commands.contains(UPDATE_POBJ)) {
command = UPDATE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.updatePermObj(permObj);
} else if (commands.contains(DELETE_POBJ)) {
command = DELETE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.deletePermObj(permObj);
} else if (commands.contains(ADD_PERM)) {
command = ADD_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.addPermission(perm);
} else if (commands.contains(UPDATE_PERM)) {
command = UPDATE_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.updatePermission(perm);
} else if (commands.contains(DELETE_PERM)) {
command = DELETE_PERM;
LOG.info(command);
Permission permObj = options.getPermission();
adminMgr.deletePermission(permObj);
} else if (commands.contains(GRANT)) {
command = GRANT;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.grantPermission(perm, role);
} else if (commands.contains(REVOKE)) {
command = REVOKE;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.revokePermission(perm, role);
} else if (commands.contains(CREATE_SSD_SET)) {
command = CREATE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.createSsdSet(ssd);
} else if (commands.contains(DELETE_SSD_SET)) {
command = DELETE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.deleteSsdSet(ssd);
} else if (commands.contains(CREATE_DSD_SET)) {
command = CREATE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.createDsdSet(ssd);
} else if (commands.contains(DELETE_DSD_SET)) {
command = DELETE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.deleteDsdSet(ssd);
} else if (commands.contains(CHANGE_PASSWORD)) {
command = CHANGE_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.changePassword(user, newPassword);
} else if (commands.contains(RESET_PASSWORD)) {
command = RESET_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.resetPassword(user, newPassword);
} else if (commands.contains(LOCK_USER_ACCOUNT)) {
command = LOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.lockUserAccount(user);
} else if (commands.contains(UNLOCK_USER_ACCOUNT)) {
command = UNLOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.unlockUserAccount(user);
} else {
LOG.warn("unknown admin operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SDSet(org.apache.directory.fortress.core.model.SDSet)
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Aggregations
Role (org.apache.directory.fortress.core.model.Role)117
UserRole (org.apache.directory.fortress.core.model.UserRole)83
SecurityException (org.apache.directory.fortress.core.SecurityException)66
AdminMgr (org.apache.directory.fortress.core.AdminMgr)40
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)30
User (org.apache.directory.fortress.core.model.User)30
AdminRole (org.apache.directory.fortress.core.model.AdminRole)25
Permission (org.apache.directory.fortress.core.model.Permission)24
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)17
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)15
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)15
Relationship (org.apache.directory.fortress.core.model.Relationship)7
SDSet (org.apache.directory.fortress.core.model.SDSet)7
FinderException (org.apache.directory.fortress.core.FinderException)6
PermObj (org.apache.directory.fortress.core.model.PermObj)6
ArrayList (java.util.ArrayList)5
Group (org.apache.directory.fortress.core.model.Group)5
Constraint (org.apache.directory.fortress.core.model.Constraint)4
FortRequest (org.apache.directory.fortress.core.model.FortRequest)4
FortResponse (org.apache.directory.fortress.core.model.FortResponse)4
