Examples with User org.apache.directory.fortress.core.model.User used on opensource projects

Search in sources :

Example 6 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class UserP method createSession.

/**
 * Called internal to this class only.  Will do all of the session activations of the public method
 * in addition to the password validation.
 *
 * @param inUser   Contains userId that represents rDn of node in ldap directory.
 * @return Session object will contain authentication result code, RBAC and Admin role activations, OpenLDAP pw policy output and more.
 * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
 */
private Session createSession(User inUser) throws SecurityException {
    // read user entity:
    User user = read(inUser, true);
    user.setContextId(inUser.getContextId());
    // authenticate password, check pw policies and validate user temporal constraints:
    Session session = authenticate(inUser);
    // Set the user entity into the session object:
    session.setUser(user);
    return session;
}
Also used : User(org.apache.directory.fortress.core.model.User) Session(org.apache.directory.fortress.core.model.Session)

Example 7 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class DelAccessMgrImpl method addActiveRole.

/**
 * {@inheritDoc}
 */
@Override
public void addActiveRole(Session session, UserAdminRole role) throws SecurityException {
    String methodName = "addActiveRole";
    assertContext(CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL);
    assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
    role.setUserId(session.getUserId());
    List<UserAdminRole> sRoles = session.getAdminRoles();
    // If session already has admin role activated log an error and throw an exception:
    if (sRoles != null && sRoles.contains(role)) {
        String info = getFullMethodName(CLS_NM, methodName) + " User [" + session.getUserId() + "] Role [" + role.getName() + "] role already activated.";
        throw new SecurityException(GlobalErrIds.ARLE_ALREADY_ACTIVE, info);
    }
    User ue = userP.read(session.getUser(), true);
    List<UserAdminRole> uRoles = ue.getAdminRoles();
    int indx;
    // Is the admin role activation target valid for this user?
    if (!CollectionUtils.isNotEmpty(uRoles) || ((indx = uRoles.indexOf(role)) == -1)) {
        String info = getFullMethodName(CLS_NM, methodName) + " Admin Role [" + role.getName() + "] User [" + session.getUserId() + "] adminRole not authorized for user.";
        throw new SecurityException(GlobalErrIds.ARLE_ACTIVATE_FAILED, info);
    }
    SDUtil.getInstance().validateDSD(session, role);
    // now activate the role to the session:
    session.setRole(uRoles.get(indx));
}
Also used : User(org.apache.directory.fortress.core.model.User) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) SecurityException(org.apache.directory.fortress.core.SecurityException)

Example 8 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class DelAccessMgrImpl method checkUserRole.

/**
 * This helper function processes ARBAC URA "can assign".
 * @param session
 * @param user
 * @param role
 * @return boolean
 * @throws SecurityException
 */
private boolean checkUserRole(Session session, User user, Role role) throws SecurityException {
    boolean result = false;
    List<UserAdminRole> uaRoles = session.getAdminRoles();
    if (CollectionUtils.isNotEmpty(uaRoles)) {
        // validate user and retrieve user' ou:
        User ue = userP.read(user, false);
        for (UserAdminRole uaRole : uaRoles) {
            if (uaRole.getName().equalsIgnoreCase(SUPER_ADMIN)) {
                result = true;
                break;
            }
            Set<String> osUs = uaRole.getOsUSet();
            if (CollectionUtils.isNotEmpty(osUs)) {
                // create Set with case insensitive comparator:
                Set<String> osUsFinal = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
                for (String osU : osUs) {
                    // Add osU children to the set:
                    osUsFinal.add(osU);
                    Set<String> children = UsoUtil.getInstance().getDescendants(osU, this.contextId);
                    osUsFinal.addAll(children);
                }
                // does the admin role have authority over the user object?
                if (osUsFinal.contains(ue.getOu())) {
                    // Get the Role range for admin role:
                    Set<String> range;
                    if (uaRole.getName().equalsIgnoreCase(REST_ADMIN)) {
                        result = true;
                        break;
                    } else if (uaRole.getBeginRange() != null && uaRole.getEndRange() != null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange())) {
                        range = RoleUtil.getInstance().getAscendants(uaRole.getBeginRange(), uaRole.getEndRange(), uaRole.isEndInclusive(), this.contextId);
                        if (uaRole.isBeginInclusive()) {
                            range.add(uaRole.getBeginRange());
                        }
                        if (CollectionUtils.isNotEmpty(range)) {
                            // Does admin role have authority over a role contained with the allowable role range?
                            if (range.contains(role.getName())) {
                                result = true;
                                break;
                            }
                        }
                    } else // Does admin role have authority over the role?
                    if (uaRole.getBeginRange() != null && uaRole.getBeginRange().equalsIgnoreCase(role.getName())) {
                        result = true;
                        break;
                    }
                }
            }
        }
    }
    return result;
}
Also used : User(org.apache.directory.fortress.core.model.User) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) TreeSet(java.util.TreeSet)

Example 9 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class DelAccessMgrImpl method checkUser.

/**
 * This helper function processes "can do".
 * @param session
 * @param user
 * @return boolean
 * @throws SecurityException
 */
private boolean checkUser(Session session, User user, boolean isAdd) throws SecurityException {
    boolean result = false;
    List<UserAdminRole> uaRoles = session.getAdminRoles();
    if (CollectionUtils.isNotEmpty(uaRoles)) {
        // validate user and retrieve user' ou:
        User ue;
        if (!isAdd) {
            ue = userP.read(user, false);
        } else {
            ue = user;
        }
        for (UserAdminRole uaRole : uaRoles) {
            if (uaRole.getName().equalsIgnoreCase(SUPER_ADMIN)) {
                result = true;
                break;
            }
            Set<String> osUs = uaRole.getOsUSet();
            if (CollectionUtils.isNotEmpty(osUs)) {
                // create Set with case insensitive comparator:
                Set<String> osUsFinal = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
                for (String osU : osUs) {
                    // Add osU children to the set:
                    osUsFinal.add(osU);
                    Set<String> children = UsoUtil.getInstance().getDescendants(osU, this.contextId);
                    osUsFinal.addAll(children);
                }
                // does the admin role have authority over the user object?
                if (osUsFinal.contains(ue.getOu())) {
                    result = true;
                    break;
                }
            }
        }
    }
    return result;
}
Also used : User(org.apache.directory.fortress.core.model.User) UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole) TreeSet(java.util.TreeSet)

Example 10 with User

use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.

the class GroupMgrImpl method deassign.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public Group deassign(Group group, String member) throws SecurityException {
    String methodName = "deassign";
    assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
    checkAccess(CLS_NM, methodName);
    ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
    String dn;
    if (group.getType() == Group.Type.ROLE) {
        Role role = reviewMgr.readRole(new Role(member));
        dn = role.getDn();
    } else {
        User user = reviewMgr.readUser(new User(member));
        dn = user.getDn();
    }
    return groupP.deassign(group, dn);
}
Also used : Role(org.apache.directory.fortress.core.model.Role) UserRole(org.apache.directory.fortress.core.model.UserRole) User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)

Aggregations

User (org.apache.directory.fortress.core.model.User)203 SecurityException (org.apache.directory.fortress.core.SecurityException)135 UserRole (org.apache.directory.fortress.core.model.UserRole)72 Session (org.apache.directory.fortress.core.model.Session)55 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)44 AdminMgr (org.apache.directory.fortress.core.AdminMgr)41 AccessMgr (org.apache.directory.fortress.core.AccessMgr)34 Role (org.apache.directory.fortress.core.model.Role)33 ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)32 Permission (org.apache.directory.fortress.core.model.Permission)27 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)27 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)18 AdminRole (org.apache.directory.fortress.core.model.AdminRole)17 ArrayList (java.util.ArrayList)13 AccelMgr (org.apache.directory.fortress.core.AccelMgr)12 PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)10 Constraint (org.apache.directory.fortress.core.model.Constraint)9 FortRequest (org.apache.directory.fortress.core.model.FortRequest)9 FortResponse (org.apache.directory.fortress.core.model.FortResponse)9 Enumeration (java.util.Enumeration)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial