Example 26 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class CreateSessionSample method createSessionTrusted.
/**
* Create trusted RBAC Session. This API will attempt to activate all of the User's assigned Roles.
*
* @param userId Case insensitive userId.
*/
public static void createSessionTrusted(String userId) {
String szLocation = ".createSessionTrusted";
try {
// Instantiate the AccessMgr implementation which perform runtime RBAC operations.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// The User entity is used to pass data into the createSession API.
User user = new User(userId);
// The API will verify User is good and perform Role activations. Request will fail if User is locked out of ldap for any reason.
Session session = accessMgr.createSession(user, true);
// createSession will throw SecurityException if fails thus the Session should never be null.
assertNotNull(session);
LOG.info(szLocation + " userId [" + userId + "] successful");
} catch (SecurityException ex) {
LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 27 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class CreateSessionSample method createSessionsWithRole.
/**
* Call the AccessMgr createSession API passing a single Role for activation. Successful RBAC Session should
* contains same Role activated.
*
* @param userId Case insensitive userId.
* @param password Password is case sensitive, clear text but is stored in directory as hashed value.
* @param role contains role name of Role targeted for Activation.
*/
public static void createSessionsWithRole(String userId, String password, String role) {
String szLocation = ".createSessionsWithRole";
try {
// Instantiate the AccessMgr implementation which perform runtime RBAC operations.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// The User entity is used to pass data into the createSession API.
User user = new User(userId, password, role);
// The API will authenticate the User password, evaluate password policies and perform Role activations.
Session session = accessMgr.createSession(user, false);
// createSession will throw SecurityException if fails thus the Session should never be null.
assertNotNull(session);
// do some validations
// Get the User's activated Roles.
List<UserRole> sessRoles = session.getRoles();
assertTrue(szLocation + " userId [" + userId + "] with roles failed role check", sessRoles.contains(new UserRole(role)));
LOG.info(szLocation + " userId [" + userId + "] successful");
} catch (SecurityException ex) {
LOG.error(szLocation + " userId [" + userId + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 28 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class AccessMgrSample method authenticate.
/**
* The authenticate API is used for use cases where RBAC authorization is not required. This API will authenticate
* the User's password and will check password policies but will not activate User's Roles into the return Session.
*
* @param userId String contains case insensitive userId field.
* @param password String contains case sensitive, clear text password field.
* @return User Session that has no Roles activated thus will fail checkAccess and sessionPermission calls.
*/
private static Session authenticate(String userId, String password, AccessMgr accessMgr) {
String szLocation = ".authenticate";
Session session = null;
try {
// authenticate will check the password but will not activated any roles into Session.
session = accessMgr.authenticate(userId, password);
LOG.info(szLocation + " successful");
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
return session;
}
Also used :
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 29 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class AccessMgrSample method testSessionRoles.
/**
* The RBAC Session can be interrogated to return the list of all activated Roles within a User's Session. The API
* will cache these Roles in the User's Session object. The Roles will also include temporal data that is used to
* enforce the day, date and time for which a given Role may be placed in the User's Session.
*/
public static void testSessionRoles() {
String szLocation = ".testSessionRoles";
User inUser = new User(CreateUserSample.TEST_USERID);
try {
// Instantiate the AccessMgr implementation.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// utility function will create an Fortress Session. The Session contains the user's activated
// roles along with other related attributes and status information (i.e. password status)
Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
// A null Session would be a bug and should never happen. Fortress will throw a SecurityException if it cannot create.
assertNotNull(session);
// Get the activated Roles from the Session.
List<UserRole> uRoles = accessMgr.sessionRoles(session);
// The list of Roles could be null if User has not been assigned any or if all assigned failed activation checks.
assertNotNull(uRoles);
// Test to see that the list size is same as expected.
assertTrue(szLocation + " list check, expected: 10, actual:" + uRoles.size(), uRoles.size() == 10);
// program this would not be necessary.
for (int i = 1; i < 11; i++) {
UserRole inUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
assertTrue(szLocation + " contains check userId [" + inUserRole.getUserId() + "] role [" + inUserRole.getName() + "]", uRoles.contains(inUserRole));
LOG.info(szLocation + " userId [" + inUserRole.getUserId() + "] activated role [" + inUserRole.getName() + "] found in session");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
AccessMgr(org.apache.directory.fortress.core.AccessMgr)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 30 with Session
use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.
the class AccessMgrSample method createSession.
/**
* Test Utility wraps OpenAcccessManager createSession API.
*
* @param userId String contains case insensitive userId field.
* @param password String contains case sensitive, clear text password field.
* @param activationRoles array of Role names targeted for activation into User's RBAC Session.
* @return User RBAC Session that is used for subsequent AccessMgr API calls.
*/
private static Session createSession(String userId, String password, String[] activationRoles, AccessMgr accessMgr) {
String szLocation = ".createSession";
Session session = null;
try {
User user = new User(userId, password, activationRoles);
user.addProperty("system.user.name", System.getProperty("user.name"));
// user.addProperty("system.timezone VAL", System.getProperty("user.timezone VAL"));
user.addProperty("system.country", System.getProperty("user.country"));
// Create an Fortress Session. The Session contains the user's activated
// roles along with other related attributes and status information (i.e. password status)
session = accessMgr.createSession(user, false);
LOG.info(szLocation + " with roles successful");
} catch (SecurityException ex) {
LOG.error(szLocation + " with roles caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
return session;
}
Also used :
User(org.apache.directory.fortress.core.model.User)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Aggregations
Session (org.apache.directory.fortress.core.model.Session)70
SecurityException (org.apache.directory.fortress.core.SecurityException)62
User (org.apache.directory.fortress.core.model.User)51
AccessMgr (org.apache.directory.fortress.core.AccessMgr)32
UserRole (org.apache.directory.fortress.core.model.UserRole)28
AccelMgr (org.apache.directory.fortress.core.AccelMgr)12
Permission (org.apache.directory.fortress.core.model.Permission)12
FortRequest (org.apache.directory.fortress.core.model.FortRequest)10
FortResponse (org.apache.directory.fortress.core.model.FortResponse)10
Test (org.junit.Test)6
ArrayList (java.util.ArrayList)5
DelAccessMgr (org.apache.directory.fortress.core.DelAccessMgr)4
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)4
PasswordException (org.apache.directory.fortress.core.PasswordException)3
lombok.val (lombok.val)2
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2
org.apache.directory.fortress.core (org.apache.directory.fortress.core)2
AdminRole (org.apache.directory.fortress.core.model.AdminRole)2
ObjectFactory (org.apache.directory.fortress.core.model.ObjectFactory)2
Role (org.apache.directory.fortress.core.model.Role)2
