Search in sources :

Example 56 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class AdminMgrImplTest method assertRoleConstraintSize.

private void assertRoleConstraintSize(String userId, String roleName, int size) throws SecurityException {
    boolean roleFound = false;
    ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
    List<UserRole> userRoles = reviewMgr.readUser(new User(userId)).getRoles();
    for (UserRole ur : userRoles) {
        if (ur.getName().equals(roleName)) {
            assertEquals(size, ur.getRoleConstraints().size());
            roleFound = true;
        }
    }
    if (!roleFound) {
        fail("Role with name " + roleName + " not found");
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) UserRole(org.apache.directory.fortress.core.model.UserRole)

Example 57 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class AdminMgrImplTest method testRemoveUserRoleConstraint.

public void testRemoveUserRoleConstraint() throws SecurityException {
    this.assertRoleConstraintSize(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0], 1);
    RoleConstraint rc1 = assignUserRoleConstraint("ASGN-URC-VALID TU1 TR1", UserTestData.USERS_TU1[0], RoleTestData.ROLES_TR1[1], URATestData.getRC(URATestData.URC_T2));
    RoleConstraint rc2 = assignUserRoleConstraint("ASGN-URC-VALID TU1 TR1", UserTestData.USERS_TU1[0], RoleTestData.ROLES_TR1[1], URATestData.getRC(URATestData.URC_T3));
    this.assertRoleConstraintSize(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0], 3);
    AdminMgr adminMgr = getManagedAdminMgr();
    adminMgr.removeRoleConstraint(new UserRole(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]), rc1);
    this.assertRoleConstraintSize(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0], 2);
    adminMgr.removeRoleConstraint(new UserRole(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]), rc2.getId());
    this.assertRoleConstraintSize(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0], 1);
}
Also used : UserRole(org.apache.directory.fortress.core.model.UserRole) RoleConstraint(org.apache.directory.fortress.core.model.RoleConstraint) AdminMgr(org.apache.directory.fortress.core.AdminMgr)

Example 58 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class FortressAntLoadTest method assignedRoles.

private static void assignedRoles(String msg, List<UserRole> userroles) {
    LogUtil.logIt(msg);
    try {
        ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
        for (UserRole userrole : userroles) {
            List<UserRole> assignedRoles = reviewMgr.assignedRoles(new User(userrole.getUserId()));
            assertNotNull(assignedRoles);
            int indx = assignedRoles.indexOf(userrole);
            assertTrue("Failed userrole name", indx != -1);
            UserRole assignedRole = assignedRoles.get(indx);
            TestUtils.assertTemporal(CLS_NM + ".assertEquals", userrole, assignedRole);
        }
    } catch (SecurityException ex) {
        LOG.error("assignedRoles caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}
Also used : User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) SecurityException(org.apache.directory.fortress.core.SecurityException)

Example 59 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class FortressAntLoadTest method checkPermissions.

/**
 * @param msg
 * @param permissions
 */
private void checkPermissions(String msg, List<UserAnt> users, List<PermAnt> permissions) {
    String DATE_FORMAT = "E yyyy.MM.dd 'at' hh:mm:ss a zzz";
    SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT);
    Date now = new Date();
    String szTimestamp = format.format(now);
    AccessMgr accessMgr = null;
    CSVWriter writer = null;
    LogUtil.logIt(msg);
    try {
        accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
        writer = new CSVWriter(new FileWriter(fileName + ".csv"), '\t');
        String[] entries = "user#resource#operation#result#assigned roles#activated roles#timestamp#warnings".split("#");
        writer.writeNext(entries);
    } catch (SecurityException ex) {
        LOG.error("checkPermissions caught SecurityException creating AccessMgr rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage() + ex);
        // Can't continue without AccessMgr
        fail(ex.getMessage());
    } catch (IOException ioe) {
        String error = "File IO Exception=" + ioe;
        LOG.warn(error);
        // Can't continue without output file to write the results in
        fail(ioe.getMessage());
    }
    for (UserAnt user : users) {
        try {
            List<String> warnings = null;
            Session session = accessMgr.createSession(user, false);
            assertNotNull(session);
            if (session.getWarnings() != null) {
                warnings = new ArrayList();
                for (Warning warning : session.getWarnings()) {
                    warnings.add(warning.getMsg());
                }
            }
            ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
            List<UserRole> assignedRoles = reviewMgr.assignedRoles(user);
            for (PermAnt permAnt : permissions) {
                Boolean result = accessMgr.checkAccess(session, permAnt);
                // TODO: send this message as CSV output file:
                LOG.info("User: " + user.getUserId() + " Perm Obj: " + permAnt.getObjName() + " Perm " + "Operation: " + permAnt.getOpName() + " RESULT: " + result);
                String[] entries = (user.getUserId() + "#" + permAnt.getObjName() + "#" + permAnt.getOpName() + "#" + result + "#" + assignedRoles + "#" + session.getUser().getRoles() + "#" + szTimestamp + "#" + warnings).split("#");
                writer.writeNext(entries);
            }
        } catch (SecurityException ex) {
            // Log but don't fail test so entire permission matrix can be evaluated.
            LOG.error("checkPermissions caught SecurityException rc=" + ex.getErrorId() + ", " + "msg=" + ex.getMessage() + ex);
        }
    }
    try {
        writer.close();
    } catch (IOException ioe) {
    // ignore
    }
}
Also used : Warning(org.apache.directory.fortress.core.model.Warning) FileWriter(java.io.FileWriter) ArrayList(java.util.ArrayList) CSVWriter(au.com.bytecode.opencsv.CSVWriter) SecurityException(org.apache.directory.fortress.core.SecurityException) IOException(java.io.IOException) Date(java.util.Date) UserAnt(org.apache.directory.fortress.core.ant.UserAnt) PermAnt(org.apache.directory.fortress.core.ant.PermAnt) AccessMgr(org.apache.directory.fortress.core.AccessMgr) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) SimpleDateFormat(java.text.SimpleDateFormat) Session(org.apache.directory.fortress.core.model.Session)

Example 60 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class ReviewMgrImplTest method testDeassignRoleWithRoleConstraint.

public void testDeassignRoleWithRoleConstraint() throws SecurityException {
    AdminMgr adminMgr = AdminMgrImplTest.getManagedAdminMgr();
    adminMgr.deassignUser(new UserRole(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]));
    ReviewMgr reviewMgr = getManagedReviewMgr();
    reviewMgr.assignedRoles(new User(UserTestData.USERS_TU1[0][0]));
    adminMgr.assignUser(new UserRole(UserTestData.USERS_TU1[0][0], RoleTestData.ROLES_TR1[1][0]));
}
Also used : User(org.apache.directory.fortress.core.model.User) ReviewMgr(org.apache.directory.fortress.core.ReviewMgr) UserRole(org.apache.directory.fortress.core.model.UserRole) AdminMgr(org.apache.directory.fortress.core.AdminMgr)

Aggregations

UserRole (org.apache.directory.fortress.core.model.UserRole)89 User (org.apache.directory.fortress.core.model.User)55 SecurityException (org.apache.directory.fortress.core.SecurityException)48 Session (org.apache.directory.fortress.core.model.Session)28 AccessMgr (org.apache.directory.fortress.core.AccessMgr)17 ArrayList (java.util.ArrayList)16 Role (org.apache.directory.fortress.core.model.Role)16 RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)16 AdminMgr (org.apache.directory.fortress.core.AdminMgr)14 ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)12 UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)11 Constraint (org.apache.directory.fortress.core.model.Constraint)10 AdminRole (org.apache.directory.fortress.core.model.AdminRole)9 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)7 AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)7 AccelMgr (org.apache.directory.fortress.core.AccelMgr)6 FinderException (org.apache.directory.fortress.core.FinderException)6 SDSet (org.apache.directory.fortress.core.model.SDSet)6 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)6 Enumeration (java.util.Enumeration)5