Examples with Role org.apache.directory.fortress.core.model.Role used on opensource projects

Example 46 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class CreatePermSample method testGrantPermissionRole.

/**
 * Permissions contain a multi-occurring String attribute that contains the Role name(s) for which it is granted to.
 * The checkAccess method will determine if User has been assigned to a Role that Permission has been granted to.
 */
public static void testGrantPermissionRole() {
    String szLocation = ".testGrantPermissionRole";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Iterate over roles...
        for (int i = 1; i < 11; i++) {
            Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
            for (int j = 1; j < 6; j++) {
                // Permissions contain Object to Operation mapping and once created can then be targeted for assignment to Role entities in ldap:
                Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + j);
                // This API add a 'oamRoles' attribute associated with Role to the 'oamOperation' ldap object class:
                adminMgr.grantPermission(inPerm, inRole);
                LOG.info(szLocation + " permission role [" + inRole.getName() + "] object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
            }
        }
        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
        // Iterate test to ensure that all Roles contain the associated Operation assignments:
        for (int i = 1; i < 11; i++) {
            // Create this Role to interrogate the system to return all assigned Operation entities:
            Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
            // Read the list of permissions that have been granted to test Role:
            List<Permission> assignedPerms = reviewMgr.rolePermissions(inRole);
            assertTrue(szLocation + " list check, expected: 5, actual:" + assignedPerms.size(), assignedPerms.size() == 5);
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 47 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class CreateRoleHierarchySample method testDeleteHierRoles.

/**
 * Remove the simple hierarchical Roles from the directory.  Before removal call the API to move the relationship
 * between the parent and child Roles.  Once the relationship is removed the parent Role can be removed.
 * Role removal will trigger automatic deassignment from all Users or revocation of Permission as well.
 * <p>
 * <img src="./doc-files/HierRoleSimple.png" alt="">
 */
public static void testDeleteHierRoles() {
    String szLocation = ".testDeleteHierRoles";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        for (int i = 1; i < TEST_NUMBER; i++) {
            // The key that must be set to locate any Role is simply the name.
            Role parentRole = new Role(TEST_HIER_ROLE_PREFIX + i);
            Role childRole = new Role(TEST_HIER_ROLE_PREFIX + (i + 1));
            adminMgr.deleteInheritance(parentRole, childRole);
            // Remove the Role from directory along with associated assignments:
            adminMgr.deleteRole(parentRole);
            LOG.info(szLocation + " role [" + parentRole.getName() + "] success");
        }
        // Remove the Role from directory along with associated assignments:
        adminMgr.deleteRole(new Role(TEST_HIER_ROLE_PREFIX + TEST_NUMBER));
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 48 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class CreateRoleHierarchySample method testDeleteAscendantRoles.

/**
 * This example demonstrates tear down of a child to parent represented as one-to-many.  The parents must all
 * be removed from the child before the child can be removed.
 * Role removal will trigger automatic deassignment from all Users or revocation of Permission as well.
 * <p>
 * <img src="./doc-files/HierRoleAscendants.png" alt="">
 */
public static void testDeleteAscendantRoles() {
    String szLocation = ".testDeleteAscendantRoles";
    if (AllSamplesJUnitTest.isFirstRun()) {
        return;
    }
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // This child has many parents:
        Role childRole = new Role(TEST_HIER_ASC_ROLE_PREFIX + 1);
        for (int i = 2; i < TEST_NUMBER + 1; i++) {
            Role parentRole = new Role(TEST_HIER_ASC_ROLE_PREFIX + i);
            adminMgr.deleteInheritance(parentRole, childRole);
            // Remove the Role from directory along with associated assignments:
            adminMgr.deleteRole(parentRole);
            LOG.info(szLocation + " role [" + childRole.getName() + "] success");
        }
        // Remove the Role from directory along with associated assignments:
        adminMgr.deleteRole(childRole);
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 49 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class CreateRoleHierarchySample method testCreateHierRoles.

/**
 * Add a simple Role hierarchy to ldap.  The Roles will named to include a name,'sampleHierRole', appended with the
 * sequence of 1 - 6.  sampleHierRole1 is the root or highest level Role in the structure while sampleHierRole6 is the lowest
 * most child.  Fortress Roles may have multiple parents which is demonstrated in testCreateAscendantRoles sample.
 * <p>
 * <img src="./doc-files/HierRoleSimple.png" alt="">
 */
public static void testCreateHierRoles() {
    String szLocation = ".testCreateHierRoles";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        // Instantiate the Role entity.
        Role baseRole = new Role(TEST_HIER_BASE_ROLE);
        // Add the Role entity to the directory.
        adminMgr.addRole(baseRole);
        // Create roles, sampleHierRole2 - sampleHierRole10
        for (int i = 2; i < TEST_NUMBER + 1; i++) {
            // Instantiate the Role entity.
            Role childRole = new Role(TEST_HIER_ROLE_PREFIX + i);
            // Add the Role entity to the directory.
            adminMgr.addRole(childRole);
            // Now add Role relationship to the directory between parent and child Roles.
            Role parentRole = new Role(TEST_HIER_ROLE_PREFIX + (i - 1));
            adminMgr.addInheritance(parentRole, childRole);
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}

Example 50 with Role

use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.

the class CreateRoleSample method testCreateSimpleRole2.

public static void testCreateSimpleRole2() {
    String szLocation = ".testCreateSimpleRole2";
    try {
        // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
        AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
        for (String roleName : TEST_SIMPLE_ROLE2) {
            // At its simplest a Role contains only a name.
            Role inRole = new Role(roleName);
            // Call the API to actually add the Role to ldap.
            adminMgr.addRole(inRole);
            // Instantiate the ReviewMgr implementation which is used to interrogate RBAC policy information.
            ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
            // now read the newly created Role entity back:
            Role outRole = reviewMgr.readRole(inRole);
            assertTrue(szLocation + " failed read", inRole.equals(outRole));
            LOG.info(szLocation + " [" + outRole.getName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}