Examples with UserRole org.apache.directory.fortress.core.model.UserRole used on opensource projects

Example 1 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class AcceleratorDAO method sessionRoles.

/**
 * SessionRoles returns a list of UserRole's activated for user on impl server.
 * It uses the {@link RbacSessionRolesRequest} and {@link RbacSessionRolesResponse} accelerator APIs.
 *
 * todo: This method does not yet, but will soon populate temporal constraints associated with entities returned.
 *
 * @param session contains a valid sessionId captured from accelerator createSession method.
 * @return List of type UserRole.  May be null if user has no roles activated in session stored - server side.
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_SESSION_ROLES_ERR}.
 */
List<UserRole> sessionRoles(Session session) throws SecurityException {
    LdapConnection ld = null;
    List<UserRole> userRoleList = null;
    try {
        ld = getAdminConnection();
        RbacSessionRolesRequest sessionRolesRequest = new RbacSessionRolesRequestImpl();
        sessionRolesRequest.setSessionId(session.getSessionId());
        sessionRolesRequest.setUserIdentity(session.getUserId());
        // Send the request
        RbacSessionRolesResponse sessionRolesResponse = (RbacSessionRolesResponse) ld.extended(sessionRolesRequest);
        LOG.debug("sessionRoles result: {}", sessionRolesResponse.getLdapResult().getResultCode().getResultCode());
        if (CollectionUtils.isNotEmpty(sessionRolesResponse.getRoles())) {
            userRoleList = new ArrayList<UserRole>();
            for (String roleNm : sessionRolesResponse.getRoles()) {
                userRoleList.add(new UserRole(session.getUserId(), roleNm));
            // todo: add temporal constraints here
            }
        }
    } catch (LdapException e) {
        String error = "sessionRoles caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_SESSION_ROLES_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return userRoleList;
}

Example 2 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class AcceleratorDAO method createSession.

/**
 * Authenticate user and return sessionId inside {@link org.apache.directory.fortress.core.model.Session#sessionId}.
 * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#createSession(org.apache.directory.fortress.core.model.User, boolean)}
 * Success will result in impl session state, i.e. {@link org.apache.directory.fortress.core.model.Session}, to be stored on server-side.
 * Result may be stored inside RBAC server-side audit record and retrieved with {@link org.apache.directory.fortress.core.AuditMgr#searchBinds(org.apache.directory.fortress.core.model.UserAudit)}
 *
 * It uses the {@link RbacCreateSessionRequest} and {@link RbacCreateSessionResponse} accelerator APIs.
 *
 * @param user
 * @return session contains a valid sessionId captured from accelerator createSession method.
 *
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_CREATE_SESSION_ERR}.
 */
Session createSession(User user) throws SecurityException {
    Session session = null;
    LdapConnection ld = null;
    try {
        ld = getAdminConnection();
        ld.setTimeOut(0);
        // Create a new RBAC session
        RbacCreateSessionRequest rbacCreateSessionRequest = new RbacCreateSessionRequestImpl();
        // rbacCreateSessionRequest.setTenantId( "jts" );
        rbacCreateSessionRequest.setTenantId(user.getContextId());
        rbacCreateSessionRequest.setUserIdentity(user.getUserId());
        rbacCreateSessionRequest.setPassword(new String(user.getPassword()));
        if (CollectionUtils.isNotEmpty(user.getRoles())) {
            for (UserRole userRole : user.getRoles()) {
                rbacCreateSessionRequest.addRole(userRole.getName());
            }
        }
        // Send the request
        RbacCreateSessionResponse rbacCreateSessionResponse = (RbacCreateSessionResponse) ld.extended(rbacCreateSessionRequest);
        LOG.debug("createSession userId: {}, sessionId: {}, resultCode: {}", user.getUserId(), rbacCreateSessionResponse.getSessionId(), rbacCreateSessionResponse.getLdapResult().getResultCode());
        session = new Session(user, rbacCreateSessionResponse.getSessionId());
        if (rbacCreateSessionResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS) {
            session.setAuthenticated(true);
        } else {
            session.setAuthenticated(false);
            String info = "createSession UserId [" + user.getUserId() + "] failed: " + rbacCreateSessionResponse.getLdapResult() + " , resultCode: " + rbacCreateSessionResponse.getLdapResult().getResultCode().getResultCode();
            throw new SecurityException(GlobalErrIds.USER_PW_INVLD, info);
        }
    } catch (LdapException e) {
        String error = "createSession userId [" + user.getUserId() + "] caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_CREATE_SESSION_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return session;
}

Example 3 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class AdminMgrImpl method removeRoleConstraint.

/**
 * {@inheritDoc}
 */
@Override
@AdminPermissionOperation
public void removeRoleConstraint(UserRole uRole, String roleConstraintId) throws SecurityException {
    String methodName = "assignUser";
    assertContext(CLS_NM, methodName, uRole, GlobalErrIds.URLE_NULL);
    AdminUtil.canDeassign(uRole.getAdminSession(), new User(uRole.getUserId()), new Role(uRole.getName()), contextId);
    // find role constraint that needs removed
    boolean found = false;
    List<UserRole> userRoles = userP.read(new User(uRole.getUserId()), true).getRoles();
    for (UserRole ur : userRoles) {
        // find matching name
        if (ur.getName().equals(uRole.getName())) {
            // find matching constraint
            List<RoleConstraint> rcs = ur.getRoleConstraints();
            for (RoleConstraint rc : rcs) {
                if (rc.getId().equals(roleConstraintId)) {
                    userP.deassign(uRole, rc);
                    found = true;
                    break;
                }
            }
        }
    }
    if (!found) {
        throw new FinderException(GlobalErrIds.RCON_NOT_FOUND, "Role constraint with id " + roleConstraintId + " not found");
    }
}

Example 4 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class CommandLineInterpreter method processSystemCommand.

/**
 * @param commands
 * @param options
 */
private void processSystemCommand(Set<String> commands, Options options) {
    String command;
    try {
        if (commands.contains(CREATE_SESSION)) {
            command = CREATE_SESSION;
            LOG.info(READ_USER);
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, false);
            printSession(session);
        } else if (commands.contains(AUTHENTICATE)) {
            command = AUTHENTICATE;
            LOG.info(command);
            User inUser = options.getUser();
            Session session = accessMgr.authenticate(inUser.getUserId(), inUser.getPassword());
            printSession(session);
        } else if (commands.contains(ASSIGNED_ROLES)) {
            command = ASSIGNED_ROLES;
            LOG.info(command);
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, true);
            List<UserRole> uRoles = accessMgr.sessionRoles(session);
            if (uRoles != null) {
                for (UserRole ur : uRoles) {
                    printTemporal("R", ur, "RBACROLE");
                    printSeparator();
                }
            }
        } else if (commands.contains(CHECK_ACCESS)) {
            command = CHECK_ACCESS;
            LOG.info(command);
            Permission inPerm = options.getPermission();
            User inUser = options.getUser();
            Session session = accessMgr.createSession(inUser, true);
            boolean result = accessMgr.checkAccess(session, inPerm);
            printRow("CA", "PERM", "" + result);
        } else {
            LOG.warn("unknown system operation detected");
            return;
        }
        LOG.info("command:{} was successful", command);
    } catch (SecurityException se) {
        String error = "processSystemCommand caught SecurityException=" + se + ", return code=" + se.getErrorId();
        LOG.error(error);
    }
}

Example 5 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class CommandLineInterpreter method printUser.

/**
 * @param user
 */
private void printUser(User user) {
    String type = "U";
    if (user != null) {
        printRow(type, "UID ", user.getUserId());
        printRow(type, "IID ", user.getInternalId());
        printRow(type, "CN  ", user.getCn());
        printRow(type, "DESC", user.getDescription());
        printRow(type, "OU  ", user.getOu());
        printRow(type, "SN  ", user.getSn());
        printRow(type, "BDTE", user.getBeginDate());
        printRow(type, "EDTE", user.getEndDate());
        printRow(type, "BLDT", user.getBeginLockDate());
        printRow(type, "ELDT", user.getEndLockDate());
        printRow(type, "DMSK", user.getDayMask());
        printRow(type, "TO  ", "" + user.getTimeout());
        printRow(type, "REST", "" + user.isReset());
        printTemporal(type, user, "USER");
        printAddress(type, user.getAddress(), "ADDR");
        printPhone(type, user.getPhones(), "PHNE");
        printPhone(type, user.getPhones(), "MOBL");
        if (CollectionUtils.isNotEmpty(user.getRoles())) {
            for (UserRole ur : user.getRoles()) {
                printSeparator();
                printTemporal("R", ur, "RBACROLE");
                if (CollectionUtils.isNotEmpty(ur.getParents())) {
                    for (String parentRole : ur.getParents()) {
                        printRow("R", "PRLE", parentRole);
                    }
                }
            }
        }
        if (CollectionUtils.isNotEmpty(user.getAdminRoles())) {
            for (UserAdminRole ur : user.getAdminRoles()) {
                printSeparator();
                printTemporal("A", ur, "ADMINROLE");
                printAdminRole("A", ur);
            }
        }
        if (PropUtil.isNotEmpty(user.getProperties())) {
            printSeparator();
            int ctr = 0;
            for (Enumeration<?> e = user.getProperties().propertyNames(); e.hasMoreElements(); ) {
                String key = (String) e.nextElement();
                String val = user.getProperty(key);
                ++ctr;
                LOG.info("{}   KEY{} [{}]", type, ctr, key);
                LOG.info("{}   VAL{} [{}]", type, ctr, val);
            }
        }
    }
}