Example 21 with User
use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.
the class CommandLineInterpreter method processSystemCommand.
/**
* @param commands
* @param options
*/
private void processSystemCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(CREATE_SESSION)) {
command = CREATE_SESSION;
LOG.info(READ_USER);
User inUser = options.getUser();
Session session = accessMgr.createSession(inUser, false);
printSession(session);
} else if (commands.contains(AUTHENTICATE)) {
command = AUTHENTICATE;
LOG.info(command);
User inUser = options.getUser();
Session session = accessMgr.authenticate(inUser.getUserId(), inUser.getPassword());
printSession(session);
} else if (commands.contains(ASSIGNED_ROLES)) {
command = ASSIGNED_ROLES;
LOG.info(command);
User inUser = options.getUser();
Session session = accessMgr.createSession(inUser, true);
List<UserRole> uRoles = accessMgr.sessionRoles(session);
if (uRoles != null) {
for (UserRole ur : uRoles) {
printTemporal("R", ur, "RBACROLE");
printSeparator();
}
}
} else if (commands.contains(CHECK_ACCESS)) {
command = CHECK_ACCESS;
LOG.info(command);
Permission inPerm = options.getPermission();
User inUser = options.getUser();
Session session = accessMgr.createSession(inUser, true);
boolean result = accessMgr.checkAccess(session, inPerm);
printRow("CA", "PERM", "" + result);
} else {
LOG.warn("unknown system operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processSystemCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Session(org.apache.directory.fortress.core.model.Session)
Example 22 with User
use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.
the class CommandLineInterpreter method processAdminCommand.
/**
* @param commands
* @param options
*/
private void processAdminCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(ADD_USER)) {
command = ADD_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.addUser(user);
} else if (commands.contains(UPDATE_USER)) {
command = UPDATE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.updateUser(user);
} else if (commands.contains(DELETE_USER)) {
command = DELETE_USER;
LOG.info(command);
User user = options.getUser();
adminMgr.deleteUser(user);
} else if (commands.contains(ADD_ROLE)) {
command = ADD_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.addRole(role);
} else if (commands.contains(UPDATE_ROLE)) {
command = UPDATE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.updateRole(role);
} else if (commands.contains(DELETE_ROLE)) {
command = DELETE_ROLE;
LOG.info(command);
Role role = options.getRole();
adminMgr.deleteRole(role);
} else if (commands.contains(ASSIGN_ROLE)) {
command = ASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.assignUser(new UserRole(userId, role));
} else if (commands.contains(DEASSIGN_ROLE)) {
command = DEASSIGN_ROLE;
LOG.info(command);
Role role = options.getRole();
String userId = options.getUserId();
adminMgr.deassignUser(new UserRole(userId, role));
} else if (commands.contains(ADD_ROLE_INHERITANCE)) {
command = ADD_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.addInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(DELETE_ROLE_INHERITANCE)) {
command = DELETE_ROLE_INHERITANCE;
LOG.info(command);
Relationship relationship = options.getRelationship();
adminMgr.deleteInheritance(new Role(relationship.getParent()), new Role(relationship.getChild()));
} else if (commands.contains(ADD_POBJ)) {
command = ADD_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.addPermObj(permObj);
} else if (commands.contains(UPDATE_POBJ)) {
command = UPDATE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.updatePermObj(permObj);
} else if (commands.contains(DELETE_POBJ)) {
command = DELETE_POBJ;
LOG.info(command);
PermObj permObj = options.getPermObj();
adminMgr.deletePermObj(permObj);
} else if (commands.contains(ADD_PERM)) {
command = ADD_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.addPermission(perm);
} else if (commands.contains(UPDATE_PERM)) {
command = UPDATE_PERM;
LOG.info(command);
Permission perm = options.getPermission();
adminMgr.updatePermission(perm);
} else if (commands.contains(DELETE_PERM)) {
command = DELETE_PERM;
LOG.info(command);
Permission permObj = options.getPermission();
adminMgr.deletePermission(permObj);
} else if (commands.contains(GRANT)) {
command = GRANT;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.grantPermission(perm, role);
} else if (commands.contains(REVOKE)) {
command = REVOKE;
LOG.info(command);
Permission perm = options.getPermission();
Role role = options.getRole();
role.setName(options.getRoleNm());
adminMgr.revokePermission(perm, role);
} else if (commands.contains(CREATE_SSD_SET)) {
command = CREATE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.createSsdSet(ssd);
} else if (commands.contains(DELETE_SSD_SET)) {
command = DELETE_SSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.STATIC);
adminMgr.deleteSsdSet(ssd);
} else if (commands.contains(CREATE_DSD_SET)) {
command = CREATE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.createDsdSet(ssd);
} else if (commands.contains(DELETE_DSD_SET)) {
command = DELETE_DSD_SET;
LOG.info(command);
SDSet ssd = options.getSdSet();
ssd.setType(SDSet.SDType.DYNAMIC);
adminMgr.deleteDsdSet(ssd);
} else if (commands.contains(CHANGE_PASSWORD)) {
command = CHANGE_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.changePassword(user, newPassword);
} else if (commands.contains(RESET_PASSWORD)) {
command = RESET_PASSWORD;
LOG.info(command);
User user = options.getUser();
String newPassword = options.getNewPassword();
adminMgr.resetPassword(user, newPassword);
} else if (commands.contains(LOCK_USER_ACCOUNT)) {
command = LOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.lockUserAccount(user);
} else if (commands.contains(UNLOCK_USER_ACCOUNT)) {
command = UNLOCK_USER_ACCOUNT;
LOG.info(command);
User user = options.getUser();
adminMgr.unlockUserAccount(user);
} else {
LOG.warn("unknown admin operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processAdminCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
SDSet(org.apache.directory.fortress.core.model.SDSet)
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Relationship(org.apache.directory.fortress.core.model.Relationship)
Permission(org.apache.directory.fortress.core.model.Permission)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Example 23 with User
use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.
the class CommandLineInterpreter method processReviewCommand.
/**
* @param commands
* @param options
*/
private void processReviewCommand(Set<String> commands, Options options) {
String command;
try {
if (commands.contains(READ_USER)) {
command = READ_USER;
LOG.info(READ_USER);
User inUser = options.getUser();
User outUser = reviewMgr.readUser(inUser);
printUser(outUser);
} else if (commands.contains(FIND_USERS)) {
command = FIND_USERS;
LOG.info(command);
User user = options.getUser();
List<User> outUsers = reviewMgr.findUsers(user);
if (CollectionUtils.isNotEmpty(outUsers)) {
int ctr = 0;
for (User outUser : outUsers) {
printRow("U", "CTR ", "" + ctr++);
printUser(outUser);
}
}
} else if (commands.contains(ASSIGNED_USERS)) {
command = ASSIGNED_USERS;
LOG.info(command);
Role inRole = options.getRole();
List<User> outUsers = reviewMgr.assignedUsers(inRole);
if (CollectionUtils.isNotEmpty(outUsers)) {
for (User outUser : outUsers) {
printUser(outUser);
}
}
} else if (commands.contains(READ_ROLE)) {
command = READ_ROLE;
LOG.info(command);
Role inRole = options.getRole();
Role outRole = reviewMgr.readRole(inRole);
printRole(outRole);
} else if (commands.contains(FIND_ROLES)) {
command = FIND_ROLES;
LOG.info(command);
String inRoleNm = options.getName();
List<Role> outRoles = reviewMgr.findRoles(inRoleNm);
if (CollectionUtils.isNotEmpty(outRoles)) {
int ctr = 0;
for (Role outRole : outRoles) {
printSeparator();
printRow("R", "ROLE[" + ++ctr + "]", outRole.getName());
printRole(outRole);
}
}
} else if (commands.contains(ASSIGNED_ROLES)) {
command = ASSIGNED_ROLES;
LOG.info(command);
String userId = options.getUserId();
List<UserRole> uRoles = reviewMgr.assignedRoles(new User(userId));
if (uRoles != null) {
for (UserRole ur : uRoles) {
printTemporal("R", ur, "RBACROLE");
printSeparator();
}
}
} else if (commands.contains(READ_POBJ)) {
command = READ_POBJ;
LOG.info(command);
PermObj inPermObj = options.getPermObj();
PermObj outPermObj = reviewMgr.readPermObj(inPermObj);
printPermObj(outPermObj);
} else if (commands.contains(FIND_POBJS)) {
command = FIND_POBJS;
LOG.info(command);
PermObj inPermObj = options.getPermObj();
List<PermObj> outPermObjs = reviewMgr.findPermObjs(inPermObj);
if (CollectionUtils.isNotEmpty(outPermObjs)) {
int ctr = 0;
for (PermObj outPermObj : outPermObjs) {
printSeparator();
printRow("PO", "POBJ[" + ++ctr + "]", outPermObj.getObjName());
printPermObj(outPermObj);
}
}
} else if (commands.contains(READ_PERM)) {
command = READ_PERM;
LOG.info(command);
Permission inPerm = options.getPermission();
Permission outPerm = reviewMgr.readPermission(inPerm);
printPermission(outPerm);
} else if (commands.contains(FIND_PERMS)) {
command = FIND_PERMS;
LOG.info(command);
Permission inPerm = options.getPermission();
List<Permission> outPerms = reviewMgr.findPermissions(inPerm);
if (CollectionUtils.isNotEmpty(outPerms)) {
int ctr = 0;
for (Permission outPerm : outPerms) {
printSeparator();
printRow("P", "PERM[" + ++ctr + "]", outPerm.getAbstractName());
printPermission(outPerm);
}
}
} else {
LOG.warn("unknown review operation detected");
return;
}
LOG.info("command:{} was successful", command);
} catch (SecurityException se) {
String error = "processReviewCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
LOG.error(error);
}
}
Also used :
AdminRole(org.apache.directory.fortress.core.model.AdminRole)
Role(org.apache.directory.fortress.core.model.Role)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
UserRole(org.apache.directory.fortress.core.model.UserRole)
PermObj(org.apache.directory.fortress.core.model.PermObj)
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Permission(org.apache.directory.fortress.core.model.Permission)
ArrayList(java.util.ArrayList)
List(java.util.List)
SecurityException(org.apache.directory.fortress.core.SecurityException)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Example 24 with User
use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.
the class GroupMgrImpl method assign.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public Group assign(Group group, String member) throws SecurityException {
String methodName = "assign";
assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
checkAccess(CLS_NM, methodName);
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
String dn;
if (group.getType() == Group.Type.ROLE) {
Role inRole = new Role(member);
inRole.setContextId(group.getContextId());
Role role = reviewMgr.readRole(inRole);
dn = role.getDn();
// Validate SSD constraints
SDUtil.getInstance().validateSSD(group, role);
} else {
User inUser = new User(member);
inUser.setContextId(group.getContextId());
User user = reviewMgr.readUser(inUser);
dn = user.getDn();
}
return groupP.assign(group, dn);
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
User(org.apache.directory.fortress.core.model.User)
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Example 25 with User
use of org.apache.directory.fortress.core.model.User in project directory-fortress-core by apache.
the class GroupMgrImpl method deassign.
/**
* {@inheritDoc}
*/
@Override
@AdminPermissionOperation
public Group deassign(Group group, String member) throws SecurityException {
String methodName = "deassign";
assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
checkAccess(CLS_NM, methodName);
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(this.contextId);
String dn;
if (group.getType() == Group.Type.ROLE) {
Role role = reviewMgr.readRole(new Role(member));
dn = role.getDn();
} else {
User user = reviewMgr.readUser(new User(member));
dn = user.getDn();
}
return groupP.deassign(group, dn);
}
Also used :
Role(org.apache.directory.fortress.core.model.Role)
UserRole(org.apache.directory.fortress.core.model.UserRole)
User(org.apache.directory.fortress.core.model.User)
ReviewMgr(org.apache.directory.fortress.core.ReviewMgr)
AdminPermissionOperation(org.apache.directory.fortress.annotation.AdminPermissionOperation)
Aggregations
User (org.apache.directory.fortress.core.model.User)217
SecurityException (org.apache.directory.fortress.core.SecurityException)148
UserRole (org.apache.directory.fortress.core.model.UserRole)78
Session (org.apache.directory.fortress.core.model.Session)57
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)46
AdminMgr (org.apache.directory.fortress.core.AdminMgr)41
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)41
Role (org.apache.directory.fortress.core.model.Role)38
AccessMgr (org.apache.directory.fortress.core.AccessMgr)34
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)31
Permission (org.apache.directory.fortress.core.model.Permission)29
FortResponse (org.apache.directory.fortress.core.model.FortResponse)22
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)18
AdminRole (org.apache.directory.fortress.core.model.AdminRole)18
ArrayList (java.util.ArrayList)13
AccelMgr (org.apache.directory.fortress.core.AccelMgr)12
PwPolicyMgr (org.apache.directory.fortress.core.PwPolicyMgr)10
Constraint (org.apache.directory.fortress.core.model.Constraint)9
FortRequest (org.apache.directory.fortress.core.model.FortRequest)9
Test (org.junit.Test)7
