Example 56 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class FortressAntLoadTest method checkPermissions.
/**
* @param msg
* @param permissions
*/
private void checkPermissions(String msg, List<UserAnt> users, List<PermAnt> permissions) {
String DATE_FORMAT = "E yyyy.MM.dd 'at' hh:mm:ss a zzz";
SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT);
Date now = new Date();
String szTimestamp = format.format(now);
AccessMgr accessMgr = null;
CSVWriter writer = null;
LogUtil.logIt(msg);
try {
accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
writer = new CSVWriter(new FileWriter(fileName + ".csv"), '\t');
String[] entries = "user#resource#operation#result#assigned roles#activated roles#timestamp#warnings".split("#");
writer.writeNext(entries);
} catch (SecurityException ex) {
LOG.error("checkPermissions caught SecurityException creating AccessMgr rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage() + ex);
// Can't continue without AccessMgr
fail(ex.getMessage());
} catch (IOException ioe) {
String error = "File IO Exception=" + ioe;
LOG.warn(error);
// Can't continue without output file to write the results in
fail(ioe.getMessage());
}
for (UserAnt user : users) {
try {
List<String> warnings = null;
Session session = accessMgr.createSession(user, false);
assertNotNull(session);
if (session.getWarnings() != null) {
warnings = new ArrayList();
for (Warning warning : session.getWarnings()) {
warnings.add(warning.getMsg());
}
}
ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
List<UserRole> assignedRoles = reviewMgr.assignedRoles(user);
for (PermAnt permAnt : permissions) {
Boolean result = accessMgr.checkAccess(session, permAnt);
// TODO: send this message as CSV output file:
LOG.info("User: " + user.getUserId() + " Perm Obj: " + permAnt.getObjName() + " Perm " + "Operation: " + permAnt.getOpName() + " RESULT: " + result);
String[] entries = (user.getUserId() + "#" + permAnt.getObjName() + "#" + permAnt.getOpName() + "#" + result + "#" + assignedRoles + "#" + session.getUser().getRoles() + "#" + szTimestamp + "#" + warnings).split("#");
writer.writeNext(entries);
}
} catch (SecurityException ex) {
// Log but don't fail test so entire permission matrix can be evaluated.
LOG.error("checkPermissions caught SecurityException rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage() + ex);
}
}
try {
writer.close();
} catch (IOException ioe) {
// ignore
}
}
Also used :
Warning(org.apache.directory.fortress.core.model.Warning)
FileWriter(java.io.FileWriter)
ArrayList(java.util.ArrayList)
CSVWriter(au.com.bytecode.opencsv.CSVWriter)
SecurityException(org.apache.directory.fortress.core.SecurityException)
IOException(java.io.IOException)
Date(java.util.Date)
UserAnt(org.apache.directory.fortress.core.ant.UserAnt)
PermAnt(org.apache.directory.fortress.core.ant.PermAnt)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SimpleDateFormat(java.text.SimpleDateFormat)
Session(org.apache.directory.fortress.core.model.Session)
Example 57 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class PswdPolicyMgrImplTest method expireWarning.
/**
* PT5
* 5.2.7 pwdExpireWarning
* <p>
* This attribute specifies the maximum number of seconds before a
* password is due to expire that expiration warning messages will be
* returned to an authenticating user.
* <p>
* If this attribute is not present, or if the value is 0 no warnings
* will be returned. If not 0, the value must be smaller than the value
* of the pwdMaxAge attribute.
*
* @param msg
* @param usr
* @param plcy
*/
public void expireWarning(String msg, String[] usr, String[] plcy) {
LogUtil.logIt(msg);
try {
AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
User user = UserTestData.getUser(usr);
long expireSecs = PolicyTestData.getExpireWarning(plcy);
long maxSecs = PolicyTestData.getMaxAge(plcy);
long elapsedWait = maxSecs - expireSecs;
String newPassword = UserTestData.getPassword(usr) + "a";
user.setPassword(newPassword);
user.setPwPolicy(PolicyTestData.getName(plcy));
// because the password max age is so short, need to set new password, otherwise it will have already expired:
adminMgr.updateUser(user);
// now do the password change to start the clock ticking:
newPassword = UserTestData.getPassword(usr) + "b";
adminMgr.changePassword(user, newPassword);
user.setPassword(newPassword);
Session s1 = accessMgr.createSession(user, false);
assertTrue(CLS_NM + ".expireWarning invalid error message userId [" + UserTestData.getUserId(usr) + "]", s1.getExpirationSeconds() == 0);
TestUtils.sleep(elapsedWait);
// add one second for good measure:
TestUtils.sleep(1);
s1 = accessMgr.createSession(user, false);
assertTrue(CLS_NM + ".expireWarning invalid error message 2 userId [" + UserTestData.getUserId(usr) + "]", (0 < s1.getExpirationSeconds()) && (s1.getExpirationSeconds() < maxSecs));
TestUtils.sleep(elapsedWait);
try {
accessMgr.createSession(user, false);
fail(CLS_NM + ".expireWarning name [" + PolicyTestData.getName(plcy) + "] user [" + UserTestData.getUserId(usr) + "] failed expired pw test");
} catch (SecurityException ex) {
assertTrue(CLS_NM + ".expireWarning invalid error message 3 userId [" + UserTestData.getUserId(usr) + "]", ex.getErrorId() == GlobalErrIds.USER_PW_EXPIRED);
// still good
}
} catch (SecurityException ex) {
LOG.error("expireWarning caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
AdminMgr(org.apache.directory.fortress.core.AdminMgr)
Session(org.apache.directory.fortress.core.model.Session)
Example 58 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class CreateSessionSample method createSession.
/**
* Calls AccessMgr createSession API. Will check to ensure the RBAC Session contains the expected number of Roles
* activated.
*
* @param userId Case insensitive userId.
* @param password Password is case sensitive, clear text but is stored in directory as hashed value.
* @param expectedRoles integer contains the expected number of Roles in the Session.
*/
public static void createSession(String userId, String password, int expectedRoles) {
String szLocation = ".createSession";
try {
// Instantiate the AccessMgr implementation which perform runtime RBAC operations.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// The User entity is used to pass data into the createSession API.
User user = new User(userId, password);
// This API will return a Session object that contains the User's activated Roles and other info.
Session session = accessMgr.createSession(user, false);
// createSession will throw SecurityException if fails thus the Session should never be null.
assertNotNull(session);
// Pull the userId from the Session.
String sessUserId = accessMgr.getUserId(session);
assertTrue(szLocation + " failed compare found userId in session [" + sessUserId + "] valid userId [" + userId + "]", userId.equalsIgnoreCase(sessUserId));
// Get the User's activated Roles.
List<UserRole> uRoles = session.getRoles();
// do some validations
assertNotNull(uRoles);
assertEquals(szLocation + " user role check failed list size user [" + user.getUserId() + "]", expectedRoles, uRoles.size());
// now try negative test case:
try {
// this better fail
User userBad = new User(user.getUserId(), "badpw");
// The API will authenticate the User password, evaluate password policies and perform Role activations.
accessMgr.createSession(userBad, false);
fail(szLocation + " userId [" + userId + "] failed negative test");
} catch (PasswordException pe) {
assertTrue(szLocation + " userId [" + userId + "] excep id check", pe.getErrorId() == GlobalErrIds.USER_PW_INVLD);
// pass
} catch (SecurityException se) {
fail(szLocation + " userId [" + userId + "] failed with unexpected errorId" + se.getErrorId() + " msg=" + se.getMessage());
// pass
}
LOG.info(szLocation + " userId [" + userId + "] successful");
} catch (SecurityException ex) {
LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
PasswordException(org.apache.directory.fortress.core.PasswordException)
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 59 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class FortressCreateSession method runTest.
/**
* Description of the Method
*
* @param samplerContext Description of the Parameter
* @return Description of the Return Value
*/
public SampleResult runTest(JavaSamplerContext samplerContext) {
SampleResult sampleResult = new SampleResult();
try {
sampleResult.sampleStart();
// String message = "FT CreateSession TID: " + getThreadId() + " UID:" + userId + " CTR:" + ctr++;
// LOG.info( message );
// System.out.println( message );
assertNotNull(accessMgr);
Session session;
User user = new User();
// positive test case:
user.setUserId(userId);
user.setPassword("secret");
session = accessMgr.createSession(user, false);
assertNotNull(session);
assertTrue(session.isAuthenticated());
sampleResult.sampleEnd();
sampleResult.setBytes(1);
sampleResult.setResponseMessage("test completed TID: " + getThreadId() + " UID: " + userId);
sampleResult.setSuccessful(true);
} catch (org.apache.directory.fortress.core.SecurityException se) {
System.out.println("ThreadId:" + getThreadId() + "Error running test: " + se);
se.printStackTrace();
sampleResult.setSuccessful(false);
}
return sampleResult;
}
Also used :
org.apache.directory.fortress.core(org.apache.directory.fortress.core)
User(org.apache.directory.fortress.core.model.User)
SampleResult(org.apache.jmeter.samplers.SampleResult)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 60 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class AccessMgrSample method createSession.
/**
* @param userId String contains case insensitive userId field.
* @param password String contains case sensitive, clear text password field.
* @return User RBAC Session that is used for subsequent AccessMgr API calls.
*/
private static Session createSession(String userId, String password, AccessMgr accessMgr) {
String szLocation = ".createSession";
Session session = null;
try {
User user = new User(userId, password);
// These properties will be persisted within User's audit trail in OpenLDAP:
user.addProperty("system.user.name", System.getProperty("user.name"));
// user.addProperty("system.timezone VAL", System.getProperty("user.timezone VAL"));
user.addProperty("system.country", System.getProperty("user.country"));
// utility function will create an Fortress Session. The Session contains the user's activated
// roles along with other related attributes and status information (i.e. password status)
session = accessMgr.createSession(user, false);
LOG.info(szLocation + " successful");
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
return session;
}
Also used :
User(org.apache.directory.fortress.core.model.User)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Aggregations
Session (org.apache.directory.fortress.core.model.Session)70
SecurityException (org.apache.directory.fortress.core.SecurityException)62
User (org.apache.directory.fortress.core.model.User)51
AccessMgr (org.apache.directory.fortress.core.AccessMgr)32
UserRole (org.apache.directory.fortress.core.model.UserRole)28
AccelMgr (org.apache.directory.fortress.core.AccelMgr)12
Permission (org.apache.directory.fortress.core.model.Permission)12
FortRequest (org.apache.directory.fortress.core.model.FortRequest)10
FortResponse (org.apache.directory.fortress.core.model.FortResponse)10
Test (org.junit.Test)6
ArrayList (java.util.ArrayList)5
DelAccessMgr (org.apache.directory.fortress.core.DelAccessMgr)4
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)4
PasswordException (org.apache.directory.fortress.core.PasswordException)3
lombok.val (lombok.val)2
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2
org.apache.directory.fortress.core (org.apache.directory.fortress.core)2
AdminRole (org.apache.directory.fortress.core.model.AdminRole)2
ObjectFactory (org.apache.directory.fortress.core.model.ObjectFactory)2
Role (org.apache.directory.fortress.core.model.Role)2
