Example 91 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class CreatePermSample method testRevokePermissionRole.
/**
* This test will remove the RBAC Role name associated with a particular Permission Operation node in ldap.
*/
public static void testRevokePermissionRole() {
String szLocation = ".testRevokePermissionRole";
if (AllSamplesJUnitTest.isFirstRun()) {
return;
}
try {
// Instantiate the AdminMgr implementation which is used to provision RBAC policies.
AdminMgr adminMgr = AdminMgrFactory.createInstance(TestUtils.getContext());
// Instantiate the ReviewMgr implementation which is used to interrogate policy information.
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
// Iterate over roles...
for (int i = 1; i < 11; i++) {
Role inRole = new Role(CreateRoleSample.TEST_ROLE_PREFIX + i);
List<Permission> perms = reviewMgr.rolePermissions(inRole);
for (Permission perm : perms) {
// This API removes the 'oamRoles' attribute associated with Role from the 'oamOperation' ldap object class:
adminMgr.revokePermission(perm, inRole);
}
}
// Iterate to ensure all Operation entities no longer contain Role assignments (for test purposes only):
for (int j = 1; j < 6; j++) {
// Permissions contain Object to Operation mapping and once created can then be targeted for assignment to Role entities in ldap:
Permission inPerm = new Permission(TEST_PERM_OBJECT, TEST_PERM_OPERATION_PREFIX + j);
// now retrieve the list of Roles that are still assigned to perm. This should be a null list because of revocation performed above:
List<String> assignedRoles = reviewMgr.permissionRoles(inPerm);
assertTrue(assignedRoles.size() == 0);
LOG.info(szLocation + " permission roles revocation check for object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] revocation success");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Example 92 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class AdminMgrConsole method addRoleInheritance.
/**
*/
void addRoleInheritance() {
try {
Role cre = new Role();
Role pre = new Role();
ReaderUtil.clearScreen();
System.out.println("Enter child role name:");
cre.setName(ReaderUtil.readLn());
System.out.println("Enter parent role name:");
pre.setName(ReaderUtil.readLn());
am.addInheritance(pre, cre);
System.out.println("child role [" + cre.getName() + "]");
System.out.println("parent role [" + pre.getName() + "]");
System.out.println("inheritance relationship has been added");
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("addRoleInheritance caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}Example 93 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class AdminMgrConsole method grantPermission.
void grantPermission(boolean isRole) {
try {
ReaderUtil.clearScreen();
System.out.println("Enter perm object");
String object = ReaderUtil.readLn();
System.out.println("Enter perm operation");
String operation = ReaderUtil.readLn();
Permission pOp = new Permission(object, operation);
String name;
if (isRole) {
System.out.println("Enter role name");
name = ReaderUtil.readLn();
am.grantPermission(pOp, new Role(name));
} else {
System.out.println("Enter userId");
name = ReaderUtil.readLn();
am.grantPermission(pOp, new User(name));
}
System.out.println("perm object [" + object + "] operation [" + operation + "] has been granted to [" + name + "]");
System.out.println("has been granted");
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("grantPermission caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
User(org.apache.directory.fortress.core.model.User)
Permission(org.apache.directory.fortress.core.model.Permission)
Example 94 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class AdminMgrConsole method deleteRole.
void deleteRole() {
Role re = new Role();
try {
ReaderUtil.clearScreen();
System.out.println("Enter role name:");
re.setName(ReaderUtil.readLn());
am.deleteRole(re);
System.out.println("name [" + re.getName() + "]");
System.out.println("has been deleted");
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("deleteRole caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}Example 95 with Role
use of org.apache.directory.fortress.core.model.Role in project directory-fortress-core by apache.
the class AdminMgrConsole method addRoleDescendant.
/**
*/
void addRoleDescendant() {
try {
Role cre = new Role();
Role pre = new Role();
ReaderUtil.clearScreen();
System.out.println("Enter child role name to add to repo:");
cre.setName(ReaderUtil.readLn());
System.out.println("Enter child role description:");
cre.setDescription(ReaderUtil.readLn());
System.out.println("Enter parent role name:");
pre.setName(ReaderUtil.readLn());
am.addDescendant(pre, cre);
System.out.println("child role [" + cre.getName() + "]");
System.out.println("parent role [" + pre.getName() + "]");
System.out.println("child role and inheritance relationship has been added");
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("addRoleDescendant caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}Aggregations
Role (org.apache.directory.fortress.core.model.Role)117
UserRole (org.apache.directory.fortress.core.model.UserRole)83
SecurityException (org.apache.directory.fortress.core.SecurityException)66
AdminMgr (org.apache.directory.fortress.core.AdminMgr)40
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)30
User (org.apache.directory.fortress.core.model.User)30
AdminRole (org.apache.directory.fortress.core.model.AdminRole)25
Permission (org.apache.directory.fortress.core.model.Permission)24
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)17
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)15
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)15
Relationship (org.apache.directory.fortress.core.model.Relationship)7
SDSet (org.apache.directory.fortress.core.model.SDSet)7
FinderException (org.apache.directory.fortress.core.FinderException)6
PermObj (org.apache.directory.fortress.core.model.PermObj)6
ArrayList (java.util.ArrayList)5
Group (org.apache.directory.fortress.core.model.Group)5
Constraint (org.apache.directory.fortress.core.model.Constraint)4
FortRequest (org.apache.directory.fortress.core.model.FortRequest)4
FortResponse (org.apache.directory.fortress.core.model.FortResponse)4
