use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class DelAccessMgrRestImpl method dropActiveRole.
/**
* {@inheritDoc}
*/
@Override
public void dropActiveRole(Session session, UserAdminRole role) throws SecurityException {
String methodName = CLS_NM + ".dropActiveRole";
VUtil.assertNotNull(session, GlobalErrIds.USER_SESS_NULL, methodName);
VUtil.assertNotNull(role, GlobalErrIds.ARLE_NULL, methodName);
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
request.setSession(session);
request.setEntity(role);
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ADMIN_DROP);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0) {
Session outSession = response.getSession();
session.copy(outSession);
} else {
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
}
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class DelAccessMgrRestImpl method canDeassign.
/**
* {@inheritDoc}
*/
@Override
public boolean canDeassign(Session session, User user, Role role) throws SecurityException {
String methodName = CLS_NM + ".canDeassign";
VUtil.assertNotNull(session, GlobalErrIds.USER_SESS_NULL, methodName);
VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, methodName);
VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, methodName);
boolean result;
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
UserRole uRole = new UserRole(user.getUserId(), role.getName());
request.setSession(session);
request.setEntity(uRole);
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ADMIN_DEASSIGN);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0) {
result = response.getAuthorized();
Session outSession = response.getSession();
session.copy(outSession);
} else {
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return result;
}
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class AccelMgrImplTest method createSessions.
/**
* @param msg
* @param uArray
* @param rArray
*/
public static void createSessions(String msg, String[][] uArray, String[][] rArray) {
LogUtil.logIt(msg);
try {
AccelMgr accelMgr = AccelMgrFactory.createInstance(TestUtils.getContext());
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
Session session = accelMgr.createSession(user, false);
assertNotNull(session);
accelMgr.deleteSession(session);
// now try negative test case:
try {
User userBad = new User(user.getUserId(), "badpw");
accelMgr.createSession(userBad, false);
fail(CLS_NM + ".createSessions failed negative test");
} catch (SecurityException se) {
assertTrue(CLS_NM + "createSessions excep id check", se.getErrorId() == GlobalErrIds.USER_PW_INVLD);
// pass
}
}
LOG.debug("createSessions successful");
} catch (SecurityException ex) {
LOG.error("createSessions: failed with SecurityException rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class AccelMgrImplTest method addActiveRoles.
/**
* @param msg
* @param uArray
* @param rPosArray
* @param rNegArray
*/
public static void addActiveRoles(String msg, String[][] uArray, String[][] rPosArray, String[][] rNegArray) {
LogUtil.logIt(msg);
try {
AccelMgr accelMgr = AccelMgrFactory.createInstance(TestUtils.getContext());
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
Session session = accelMgr.createSession(user, false);
assertNotNull(session);
// Attempt to activate roles that aren't assigned to user:
for (String[] badRle : rNegArray) {
try {
// Add Role (this better fail):
accelMgr.addActiveRole(session, new UserRole(user.getUserId(), RoleTestData.getName(badRle)));
String error = "addActiveRoles failed negative test 1 User [" + user.getUserId() + "] Role [" + RoleTestData.getName(badRle) + "]";
LOG.info(error);
fail(error);
} catch (SecurityException se) {
assertTrue(CLS_NM + "addActiveRoles excep id check", se.getErrorId() == GlobalErrIds.URLE_ACTIVATE_FAILED);
// pass
}
}
// remove all roles from the user's session:
int ctr = rPosArray.length;
for (String[] rle : rPosArray) {
// Drop Role:
accelMgr.dropActiveRole(session, new UserRole(user.getUserId(), RoleTestData.getName(rle)));
// session)
try {
// Drop Role3 (this better fail):
accelMgr.dropActiveRole(session, new UserRole(user.getUserId(), RoleTestData.getName(rle)));
String error = "addActiveRoles failed negative test 2 User [" + user.getUserId() + "] Role [" + RoleTestData.getName(rle) + "]";
LOG.info(error);
fail(error);
} catch (SecurityException se) {
assertTrue(CLS_NM + "addActiveRoles excep id check", se.getErrorId() == GlobalErrIds.URLE_NOT_ACTIVE);
}
}
// Now activate the list of assigned roles:
ctr = 0;
for (String[] rle : rPosArray) {
// Activate Role(s):
accelMgr.addActiveRole(session, new UserRole(user.getUserId(), RoleTestData.getName(rle)));
// TODO: this does not work with RAO - fix me.
try {
// Activate Role again (this should throw SecurityException):
accelMgr.addActiveRole(session, new UserRole(user.getUserId(), RoleTestData.getName(rle)));
String error = "addActiveRoles failed test 3 User [" + user.getUserId() + "] Role [" + RoleTestData.getName(rle) + "]";
LOG.info(error);
fail(error);
} catch (SecurityException se) {
assertTrue(CLS_NM + "addActiveRoles excep id check", se.getErrorId() == GlobalErrIds.URLE_ALREADY_ACTIVE);
// this is good
}
}
accelMgr.deleteSession(session);
}
} catch (SecurityException ex) {
LOG.error("addActiveRoles: failed with SecurityException rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class AccessMgrImplTest method addActiveRoles.
/**
* @param msg
* @param uArray
* @param rPosArray
* @param rNegArray
*/
public static void addActiveRoles(String msg, String[][] uArray, String[][] rPosArray, String[][] rNegArray) {
LogUtil.logIt(msg);
try {
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
for (String[] usr : uArray) {
User user = UserTestData.getUser(usr);
Session session = accessMgr.createSession(user, false);
assertNotNull(session);
List<UserRole> uRoles = session.getRoles();
assertNotNull(uRoles);
assertEquals(CLS_NM + ".addActiveRoles failed list size user[" + user.getUserId() + "]", rPosArray.length, uRoles.size());
for (String[] rle : rPosArray) {
assertTrue(CLS_NM + ".addActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" + RoleTestData.getName(rle) + "] should be present", uRoles.contains(RoleTestData.getUserRole(UserTestData.getUserId(usr), rle)));
}
// Attempt to activate roles that aren't assigned to user:
for (String[] badRle : rNegArray) {
try {
// Add Role (this better fail):
accessMgr.addActiveRole(session, new UserRole(RoleTestData.getName(badRle)));
String error = "addActiveRoles failed negative test 1 User [" + user.getUserId() + "] Role [" + RoleTestData.getName(badRle) + "]";
LOG.info(error);
fail(error);
} catch (SecurityException se) {
assertTrue(CLS_NM + "addActiveRoles excep id check", se.getErrorId() == GlobalErrIds.URLE_ACTIVATE_FAILED);
// pass
}
}
// remove all roles from the user's session:
int ctr = rPosArray.length;
for (String[] rle : rPosArray) {
// Drop Role:
accessMgr.dropActiveRole(session, new UserRole(RoleTestData.getName(rle)));
assertEquals(CLS_NM + ".addActiveRoles failed list size user[" + user.getUserId() + "]", (--ctr), session.getRoles().size());
assertTrue(CLS_NM + ".addActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" + RoleTestData.getName(rle) + "] should not contain role", !session.getRoles().contains(RoleTestData.getUserRole(UserTestData.getUserId(usr), rle)));
// Drop Role again: (This better fail because role has already been deactivated from user's session)
try {
// Drop Role3 (this better fail):
accessMgr.dropActiveRole(session, new UserRole(RoleTestData.getName(rle)));
String error = "addActiveRoles failed negative test 2 User [" + user.getUserId() + "] Role [" + RoleTestData.getName(rle) + "]";
LOG.info(error);
fail(error);
} catch (SecurityException se) {
assertTrue(CLS_NM + "addActiveRoles excep id check", se.getErrorId() == GlobalErrIds.URLE_NOT_ACTIVE);
}
}
// Now activate the list of assigned roles:
ctr = 0;
for (String[] rle : rPosArray) {
// Activate Role(s):
accessMgr.addActiveRole(session, new UserRole(RoleTestData.getName(rle)));
uRoles = session.getRoles();
assertEquals(CLS_NM + ".addActiveRoles failed list size user [" + user.getUserId() + "]", ++ctr, uRoles.size());
assertTrue(CLS_NM + ".addActiveRoles failed role search USER [" + user.getUserId() + "] ROLE [" + RoleTestData.getName(rle) + "] should contain role", uRoles.contains(RoleTestData.getUserRole(UserTestData.getUserId(usr), rle)));
try {
// Activate Role again (this should throw SecurityException):
accessMgr.addActiveRole(session, new UserRole(RoleTestData.getName(rle)));
String error = "addActiveRoles failed test 3 User [" + user.getUserId() + "] Role [" + RoleTestData.getName(rle) + "]";
LOG.info(error);
fail(error);
} catch (SecurityException se) {
assertTrue(CLS_NM + "addActiveRoles excep id check", se.getErrorId() == GlobalErrIds.URLE_ALREADY_ACTIVE);
// this is good
}
}
}
} catch (SecurityException ex) {
LOG.error("addActiveRoles: failed with SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Aggregations