Search in sources :

Example 31 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class AccessMgrSample method testAddActiveRoles.

/**
 * The addActivateRole API allows only Roles that have been assigned to a given User to be activated in their
 * RBAC Session.  The API will also ensure that a given Role has passed its constraint tests which include
 * Static Separation of Duty (SSD) and RBAC Role temporal constraint validations.
 */
public static void testAddActiveRoles() {
    String szLocation = ".testAddActiveRoles";
    try {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // authenticate will check the password but will not activated any roles into Session.
        Session session = authenticate(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
        assertNotNull(session);
        // now, activate roles into User's Session one at a time:
        for (int i = 1; i < 11; i++) {
            UserRole addUserRole = new UserRole(CreateUserSample.TEST_USERID, CreateRoleSample.TEST_ROLE_PREFIX + i);
            accessMgr.addActiveRole(session, addUserRole);
            LOG.info(szLocation + " userId [" + addUserRole.getUserId() + "] activated role [" + addUserRole.getName() + "] added to session");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : AccessMgr(org.apache.directory.fortress.core.AccessMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session)

Example 32 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class AccessMgrSample method testCheckAccess.

/**
 * The checkAccess API is used to perform authorization on User.  It will return a 'true' if User is authorized to
 * perform operation or a 'false' if User is not.  This API is useful for performing method or service level authorization
 * within Server side programs.  It is expected that this API will be wrapped by other application Security frameworks
 * i.e. Spring or Java EE to provide fine-grained permission check authorization capabilities to business applications
 * running in the datacenter.
 */
public static void testCheckAccess() {
    String szLocation = ".testCheckAccess";
    try {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // utility function will create an Fortress Session.  The Session contains the user's activated
        // roles along with other related attributes and status information (i.e. password status)
        Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
        assertNotNull(session);
        for (int i = 1; i < 6; i++) {
            // Fortress Permissions have an Object name and Operation name.  There is a one to many relationship between
            // objects and operations.  An example is object name "MyDataBaseTable" operations "READ", "WRITE", "DELETE". or object "MyFile" operations "R", "W", "C" or "MyClassName" "methodA", "methodB", "methodC", or "MyPageName.ControlName" "checkOut", "applyDiscount".
            Permission inPerm = new Permission(CreatePermSample.TEST_PERM_OBJECT, CreatePermSample.TEST_PERM_OPERATION_PREFIX + i);
            // method will return a 'true' if authorized or 'false' if not.
            boolean result = accessMgr.checkAccess(session, inPerm);
            assertTrue(szLocation, result);
            LOG.info(szLocation + " user [" + session.getUserId() + "] permission object [" + inPerm.getObjName() + "] operation name [" + inPerm.getOpName() + "] success");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : AccessMgr(org.apache.directory.fortress.core.AccessMgr) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session)

Example 33 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class AccessMgrSample method testDropActiveRoles.

/**
 * RBAC compliant systems allow User Roles to be activated and deactivated from their Session.  This facilitates
 * the principle of least privilege which prescribes only giving User's as much capability as they need to complete
 * their job duties.  This means not all Roles that a User may be authorized to activated will necessarily be active
 * at any one point in time.  This allows for separation of duty restrictions to be enforced.
 */
public static void testDropActiveRoles() {
    String szLocation = ".testDropActiveRoles";
    User inUser = new User(CreateUserSample.TEST_USERID);
    try {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // Calling createSession and not setting any roles on User beforehand will attempt to activate all assigned Roles:
        Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
        assertNotNull(session);
        // now, drop roles from User's Session one at a time:
        for (int i = 1; i < 11; i++) {
            UserRole dropUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
            accessMgr.dropActiveRole(session, dropUserRole);
            LOG.info(szLocation + " userId [" + dropUserRole.getUserId() + "] deactivated role [" + dropUserRole.getName() + "] removed from session");
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) AccessMgr(org.apache.directory.fortress.core.AccessMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session)

Example 34 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class AccessMgrSample method testDisplayUserSession.

/**
 * This test will display all of the User Session attributes to the System out of test machine.  It is intended
 * to demonstrate what data is carried within a User's Fortress Session object.
 */
public static void testDisplayUserSession() {
    String szLocation = ".testDisplayUserSession";
    try {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        // utility function will create an Fortress Session.  The Session contains the user's activated
        // roles along with other related attributes and status information (i.e. password status)
        Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
        assertNotNull(session);
        User user = accessMgr.getUser(session);
        assertNotNull(user);
        LOG.info(szLocation);
        LOG.info("S   UID  [" + session.getUserId() + "]:");
        LOG.info("S   IID  [" + session.getInternalUserId() + "]");
        LOG.info("S   ERR  [" + session.getErrorId() + "]");
        LOG.info("S   WARN [" + session.getWarnings() + "]");
        LOG.info("S   MSG  [" + session.getMsg() + "]");
        LOG.info("S   EXP  [" + session.getExpirationSeconds() + "]");
        LOG.info("S   GRAC [" + session.getGraceLogins() + "]");
        LOG.info("S   AUTH [" + session.isAuthenticated() + "]");
        LOG.info("S   LAST [" + session.getLastAccess() + "]");
        LOG.info("S   SID  [" + session.getSessionId() + "]");
        LOG.info("------------------------------------------");
        LOG.info("U   UID  [" + user.getUserId() + "]");
        LOG.info("U   IID  [" + user.getInternalId() + "]");
        LOG.info("U   CN   [" + user.getCn() + "]");
        LOG.info("U   DESC [" + user.getDescription() + "]");
        LOG.info("U   OU   [" + user.getOu() + "]");
        LOG.info("U   SN   [" + user.getSn() + "]");
        LOG.info("U   BDTE [" + user.getBeginDate() + "]");
        LOG.info("U   EDTE [" + user.getEndDate() + "]");
        LOG.info("U   BLDT [" + user.getBeginLockDate() + "]");
        LOG.info("U   ELDT [" + user.getEndLockDate() + "]");
        LOG.info("U   DMSK [" + user.getDayMask() + "]");
        LOG.info("U   TO   [" + user.getTimeout() + "]");
        LOG.info("U   REST [" + user.isReset() + "]");
        if (user.getProperties() != null && user.getProperties().size() > 0) {
            int ctr = 0;
            for (Enumeration e = user.getProperties().propertyNames(); e.hasMoreElements(); ) {
                String key = (String) e.nextElement();
                String val = user.getProperty(key);
                LOG.info("U   PROP[" + ctr++ + "]=" + key + " VAL=" + val);
            }
        }
        List<UserRole> roles = session.getRoles();
        if (roles != null) {
            for (int i = 0; i < roles.size(); i++) {
                UserRole ur = roles.get(i);
                LOG.info("    USER ROLE[" + i + "]:");
                LOG.info("        role name [" + ur.getName() + "]");
                LOG.info("        begin time [" + ur.getBeginTime() + "]");
                LOG.info("        end time [" + ur.getEndTime() + "]");
                LOG.info("        begin date [" + ur.getBeginDate() + "]");
                LOG.info("        end date [" + ur.getEndDate() + "]");
                LOG.info("        begin lock [" + ur.getBeginLockDate() + "]");
                LOG.info("        end lock [" + ur.getEndLockDate() + "]");
                LOG.info("        day mask [" + ur.getDayMask() + "]");
                LOG.info("        time out [" + ur.getTimeout() + "]");
            }
        }
        List<UserAdminRole> aRoles = session.getAdminRoles();
        if (aRoles != null) {
            for (int i = 0; i < aRoles.size(); i++) {
                UserAdminRole ur = aRoles.get(i);
                LOG.info("    USER ADMIN ROLE[" + i + "]:");
                LOG.info("        admin role name [" + ur.getName() + "]");
                LOG.info("        OsU [" + ur.getOsUSet() + "]");
                LOG.info("        OsP [" + ur.getOsPSet() + "]");
                LOG.info("        begin range [" + ur.getBeginRange() + "]");
                LOG.info("        end range [" + ur.getEndRange() + "]");
                LOG.info("        begin time [" + ur.getBeginTime() + "]");
                LOG.info("        end time [" + ur.getEndTime() + "]");
                LOG.info("        begin date [" + ur.getBeginDate() + "]");
                LOG.info("        end date [" + ur.getEndDate() + "]");
                LOG.info("        begin lock [" + ur.getBeginLockDate() + "]");
                LOG.info("        end lock [" + ur.getEndLockDate() + "]");
                LOG.info("        day mask [" + ur.getDayMask() + "]");
                LOG.info("        time out [" + ur.getTimeout() + "]");
            }
        }
        java.util.Properties jProps = System.getProperties();
        if (jProps != null && jProps.size() > 0) {
            int ctr = 0;
            for (Enumeration e = jProps.propertyNames(); e.hasMoreElements(); ) {
                String key = (String) e.nextElement();
                String val = jProps.getProperty(key);
                LOG.info("J   PROP[" + ctr++ + "]=" + key + " VAL=" + val);
            }
        }
    } catch (SecurityException ex) {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) Enumeration(java.util.Enumeration) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) SecurityException(org.apache.directory.fortress.core.SecurityException) AccessMgr(org.apache.directory.fortress.core.AccessMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) Session(org.apache.directory.fortress.core.model.Session)

Example 35 with Session

use of org.apache.directory.fortress.core.model.Session in project directory-fortress-core by apache.

the class TestAccelerator method testCheckAccess.

@Test
public void testCheckAccess() {
    AccelMgr accelMgr = null;
    LOG.info("testCheckAccess...");
    User user = new User();
    user.setUserId("rbacuser1");
    user.setPassword("secret");
    // user.setRole( "rbacrole1" );
    // user.setRole( "rbacrole2" );
    Session session = null;
    try {
        accelMgr = AccelMgrFactory.createInstance(TestUtils.getContext());
        session = accelMgr.createSession(user, false);
        assertNotNull(session);
    } catch (SecurityException se) {
        se.printStackTrace();
        fail();
    }
    try {
        // positive test case:
        Permission perm = new Permission();
        perm.setObjName("/impl/cal2.jsp");
        // perm.setObjId( "123456" );
        perm.setOpName("8am");
        boolean result = accelMgr.checkAccess(session, perm);
        assertTrue(result);
        // negative test case:
        perm.setOpName("9am");
        result = accelMgr.checkAccess(session, perm);
        assertTrue(!result);
    } catch (SecurityException se) {
        se.printStackTrace();
        fail();
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) AccelMgr(org.apache.directory.fortress.core.AccelMgr) Permission(org.apache.directory.fortress.core.model.Permission) SecurityException(org.apache.directory.fortress.core.SecurityException) Session(org.apache.directory.fortress.core.model.Session) Test(org.junit.Test)

Aggregations

Session (org.apache.directory.fortress.core.model.Session)70 SecurityException (org.apache.directory.fortress.core.SecurityException)62 User (org.apache.directory.fortress.core.model.User)51 AccessMgr (org.apache.directory.fortress.core.AccessMgr)32 UserRole (org.apache.directory.fortress.core.model.UserRole)28 AccelMgr (org.apache.directory.fortress.core.AccelMgr)12 Permission (org.apache.directory.fortress.core.model.Permission)12 FortRequest (org.apache.directory.fortress.core.model.FortRequest)10 FortResponse (org.apache.directory.fortress.core.model.FortResponse)10 Test (org.junit.Test)6 ArrayList (java.util.ArrayList)5 DelAccessMgr (org.apache.directory.fortress.core.DelAccessMgr)4 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)4 PasswordException (org.apache.directory.fortress.core.PasswordException)3 lombok.val (lombok.val)2 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2 org.apache.directory.fortress.core (org.apache.directory.fortress.core)2 AdminRole (org.apache.directory.fortress.core.model.AdminRole)2 ObjectFactory (org.apache.directory.fortress.core.model.ObjectFactory)2 Role (org.apache.directory.fortress.core.model.Role)2