Examples with Session org.apache.directory.fortress.core.model.Session used on opensource projects

Example 1 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class AcceleratorDAO method createSession.

/**
 * Authenticate user and return sessionId inside {@link org.apache.directory.fortress.core.model.Session#sessionId}.
 * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#createSession(org.apache.directory.fortress.core.model.User, boolean)}
 * Success will result in impl session state, i.e. {@link org.apache.directory.fortress.core.model.Session}, to be stored on server-side.
 * Result may be stored inside RBAC server-side audit record and retrieved with {@link org.apache.directory.fortress.core.AuditMgr#searchBinds(org.apache.directory.fortress.core.model.UserAudit)}
 *
 * It uses the {@link RbacCreateSessionRequest} and {@link RbacCreateSessionResponse} accelerator APIs.
 *
 * @param user
 * @return session contains a valid sessionId captured from accelerator createSession method.
 *
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_CREATE_SESSION_ERR}.
 */
Session createSession(User user) throws SecurityException {
    Session session = null;
    LdapConnection ld = null;
    try {
        ld = getAdminConnection();
        ld.setTimeOut(0);
        // Create a new RBAC session
        RbacCreateSessionRequest rbacCreateSessionRequest = new RbacCreateSessionRequestImpl();
        // rbacCreateSessionRequest.setTenantId( "jts" );
        rbacCreateSessionRequest.setTenantId(user.getContextId());
        rbacCreateSessionRequest.setUserIdentity(user.getUserId());
        rbacCreateSessionRequest.setPassword(new String(user.getPassword()));
        if (CollectionUtils.isNotEmpty(user.getRoles())) {
            for (UserRole userRole : user.getRoles()) {
                rbacCreateSessionRequest.addRole(userRole.getName());
            }
        }
        // Send the request
        RbacCreateSessionResponse rbacCreateSessionResponse = (RbacCreateSessionResponse) ld.extended(rbacCreateSessionRequest);
        LOG.debug("createSession userId: {}, sessionId: {}, resultCode: {}", user.getUserId(), rbacCreateSessionResponse.getSessionId(), rbacCreateSessionResponse.getLdapResult().getResultCode());
        session = new Session(user, rbacCreateSessionResponse.getSessionId());
        if (rbacCreateSessionResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS) {
            session.setAuthenticated(true);
        } else {
            session.setAuthenticated(false);
            String info = "createSession UserId [" + user.getUserId() + "] failed: " + rbacCreateSessionResponse.getLdapResult() + " , resultCode: " + rbacCreateSessionResponse.getLdapResult().getResultCode().getResultCode();
            throw new SecurityException(GlobalErrIds.USER_PW_INVLD, info);
        }
    } catch (LdapException e) {
        String error = "createSession userId [" + user.getUserId() + "] caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_CREATE_SESSION_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return session;
}

Example 2 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class CommandLineInterpreter method processSystemCommand.

/**
 * @param commands
 * @param options
 */
private void processSystemCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(CREATE_SESSION)) {
            command = CREATE_SESSION;
            LOG.info(READ_USER);
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, false);
            printSession(session);
        } else if (commands.contains(AUTHENTICATE)) {
            command = AUTHENTICATE;
            LOG.info(command);
            User inUser = options.getUser();
            Session session = accessMgr.authenticate(inUser.getUserId(), inUser.getPassword());
            printSession(session);
        } else if (commands.contains(ASSIGNED_ROLES)) {
            command = ASSIGNED_ROLES;
            LOG.info(command);
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, true);
            List<UserRole> uRoles = accessMgr.sessionRoles(session);
            if (uRoles != null) {
                for (UserRole ur : uRoles) {
                    printTemporal("R", ur, "RBACROLE");
                    printSeparator();
                }
            }
        } else if (commands.contains(CHECK_ACCESS)) {
            command = CHECK_ACCESS;
            LOG.info(command);
            Permission inPerm = options.getPermission();
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, true);
            boolean result = accessMgr.checkAccess(session, inPerm);
            printRow("CA", "PERM", "" + result);
        } else {
            LOG.warn("unknown system operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (SecurityException se) {
        String error = "processSystemCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}

Example 3 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class UserP method createSessionTrusted.

/**
 * Trusted session creation method called internal to this class only.  Will do all of the session activations of the public method
 *
 * @param inUser Contains userId that represents rDn of node in ldap directory.
 * @return Session object will contain authentication result code, RBAC and Admin role activations, OpenLDAP pw policy output and more.
 * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
 */
private Session createSessionTrusted(User inUser) throws SecurityException {
    User user = read(inUser, true);
    user.setContextId(inUser.getContextId());
    if (user.isLocked()) {
        String warning = "createSession failed for userId [" + inUser.getUserId() + "] reason user is locked";
        LOG.warn(warning);
        throw new SecurityException(GlobalErrIds.USER_LOCKED_BY_CONST, warning);
    }
    Session session = new ObjectFactory().createSession();
    session.setUserId(inUser.getUserId());
    // Set this flag to false because user's password was not authenticated.
    session.setAuthenticated(false);
    session.setUser(user);
    return session;
}

Example 4 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class UserP method createSession.

/**
 * Called internal to this class only.  Will do all of the session activations of the public method
 * in addition to the password validation.
 *
 * @param inUser   Contains userId that represents rDn of node in ldap directory.
 * @return Session object will contain authentication result code, RBAC and Admin role activations, OpenLDAP pw policy output and more.
 * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
 */
private Session createSession(User inUser) throws SecurityException {
    // read user entity:
    User user = read(inUser, true);
    user.setContextId(inUser.getContextId());
    // authenticate password, check pw policies and validate user temporal constraints:
    Session session = authenticate(inUser);
    // Set the user entity into the session object:
    session.setUser(user);
    return session;
}

Example 5 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class UserP method authenticate.

/**
 * This method performs authentication only.  It does not activate RBAC roles in session.  It will evaluate
 * password policies.
 *
 * @param user  Contains the userid of the user signing on along with password.
 * @return Session object will be returned if authentication successful.  This will not contain user's roles.
 * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
 */
Session authenticate(User user) throws SecurityException {
    Session session;
    session = uDao.checkPassword(user);
    if (!session.isAuthenticated()) {
        String info = "UserP.authenticate failed  for userId [" + user.getUserId() + "] reason code [" + session.getErrorId() + "] msg [" + session.getMsg() + "]";
        throw new PasswordException(session.getErrorId(), info);
    }
    VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.USER, false);
    return session;
}