Examples with UserRole org.apache.directory.fortress.core.model.UserRole used on opensource projects

Example 76 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class ReviewMgrConsole method getUser.

void getUser() {
    String userVal;
    ReaderUtil.clearScreen();
    try {
        System.out.println("Enter Internal id for user:");
        userVal = ReaderUtil.readLn();
        User ue = new User();
        ue.setInternalId(userVal);
        ArrayList list = (ArrayList) rm.findUsers(ue);
        int size = list.size();
        for (int i = 0; i < size; i++) {
            ue = (User) list.get(i);
            System.out.println("USER[" + i + "]");
            System.out.println("    userId      [" + ue.getUserId() + "]");
            System.out.println("    internalId  [" + ue.getInternalId() + "]");
            System.out.println("    description [" + ue.getDescription() + "]");
            System.out.println("    common name [" + ue.getCn() + "]");
            System.out.println("    surname     [" + ue.getSn() + "]");
            System.out.println("    orgUnitId   [" + ue.getOu() + "]");
            System.out.println("    pwpolicy    [" + ue.getPwPolicy() + "]");
            printTemporal(ue, "USER");
            printPosixAccount(ue, "POSIX");
            printAddress(ue.getAddress(), "ADDRESS");
            printPhone(ue.getPhones(), "PHONES");
            printPhone(ue.getMobiles(), "MOBILES");
            if (ue.getRoles() != null) {
                for (UserRole ur : ue.getRoles()) {
                    printTemporal(ur, "RBACROLE");
                }
            }
            if (ue.getAdminRoles() != null) {
                for (UserAdminRole ur : ue.getAdminRoles()) {
                    printAdminRole(ur);
                    printTemporal(ur, "ADMINROLE");
                }
            }
            if (ue.getProperties() != null && ue.getProperties().size() > 0) {
                int ctr = 0;
                for (Enumeration e = ue.getProperties().propertyNames(); e.hasMoreElements(); ) {
                    String key = (String) e.nextElement();
                    String val = ue.getProperty(key);
                    System.out.println("prop key[" + ctr + "]=" + key);
                    System.out.println("prop value[" + ctr++ + "]=" + val);
                }
            }
            System.out.println();
        }
        System.out.println("ENTER to continue");
    } catch (SecurityException e) {
        LOG.error("getUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
    }
    ReaderUtil.readChar();
}

Example 77 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class UserDAO method loadUserRoles.

/**
 * Given a collection of RBAC roles, {@link UserRole}, convert to raw data format and load into ldap attribute
 * set in preparation for ldap add.
 *
 * @param list  contains List of type {@link UserRole} targeted for adding to ldap.
 * @param entry ldap entry containing attributes mapping to RBAC role assignments in raw ldap format.
 * @throws LdapException
 */
private void loadUserRoles(List<UserRole> list, Entry entry) throws LdapException {
    if (list != null) {
        Attribute userRoleData = new DefaultAttribute(GlobalIds.USER_ROLE_DATA);
        Attribute userRoleAssign = new DefaultAttribute(GlobalIds.USER_ROLE_ASSIGN);
        for (UserRole userRole : list) {
            userRoleData.add(userRole.getRawData());
            userRoleAssign.add(userRole.getName());
        }
        if (userRoleData.size() != 0) {
            entry.add(userRoleData, userRoleAssign);
        }
    }
}

Example 78 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class UserDAO method unloadUserRoles.

/**
 * Given an ldap entry containing RBAC roles assigned to user, retrieve the raw data and convert to a collection
 * of {@link UserRole}
 * including {@link org.apache.directory.fortress.core.model.Constraint}.
 *
 * @param entry     contains ldap entry to retrieve roles from.
 * @param userId    attribute maps to {@link UserRole#userId}.
 * @param contextId
 * @param roleNameFilter optional filter to only unload specified roles
 * @return List of type {@link UserRole} containing RBAC roles assigned to a particular user.
 */
private List<UserRole> unloadUserRoles(Entry entry, String userId, String contextId, String roleNameFilter) {
    Map<String, UserRole> uRoles = new HashMap<String, UserRole>();
    List<String> roles = getAttributes(entry, GlobalIds.USER_ROLE_DATA);
    if (roles != null) {
        long sequence = 0;
        for (String raw : roles) {
            // get role name
            String roleName = raw.substring(0, raw.indexOf(Config.getInstance().getDelimiter())).toUpperCase();
            // if role name filter provided, only unload role if it has that name
            if (roleNameFilter == null || roleNameFilter.toUpperCase().equals(roleName)) {
                // if already found, add to user role
                if (uRoles.containsKey(roleName)) {
                    UserRole ure = uRoles.get(roleName);
                    ure.load(raw, contextId, RoleUtil.getInstance());
                } else // else create new
                {
                    UserRole ure = new ObjectFactory().createUserRole();
                    ure.load(raw, contextId, RoleUtil.getInstance());
                    ure.setUserId(userId);
                    ure.setSequenceId(sequence++);
                    uRoles.put(roleName, ure);
                }
            }
        }
    }
    return new ArrayList<UserRole>(uRoles.values());
}

Example 79 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class UserDAO method getUserRoles.

List<UserRole> getUserRoles(Role role, RCType rcType, String paSetName) throws FinderException {
    List<UserRole> userRoleList = new ArrayList<>();
    LdapConnection ld = null;
    String userRoot = getRootDn(role.getContextId(), GlobalIds.USER_ROOT);
    try {
        String roleVal = encodeSafeText(role.getName(), GlobalIds.ROLE_LEN);
        StringBuilder filterbuf = new StringBuilder();
        filterbuf.append(GlobalIds.FILTER_PREFIX);
        filterbuf.append(USERS_AUX_OBJECT_CLASS_NAME);
        filterbuf.append(")(");
        filterbuf.append(GlobalIds.USER_ROLE_ASSIGN);
        filterbuf.append("=");
        filterbuf.append(roleVal);
        filterbuf.append(")");
        filterbuf.append("(");
        filterbuf.append(GlobalIds.USER_ROLE_DATA);
        filterbuf.append("=");
        filterbuf.append(this.getFilterForRoleConstraint(role.getName(), rcType, paSetName));
        filterbuf.append(")");
        filterbuf.append(")");
        ld = getAdminConnection();
        SearchCursor searchResults = search(ld, userRoot, SearchScope.ONELEVEL, filterbuf.toString(), defaultAtrs, false, GlobalIds.BATCH_SIZE);
        while (searchResults.next()) {
            userRoleList.addAll(this.unloadUserRoles(searchResults.getEntry(), getAttribute(searchResults.getEntry(), SchemaConstants.UID_AT), role.getContextId(), role.getName()));
        }
    } catch (LdapException e) {
        String warning = "getAssignedUsers role name [" + role.getName() + "] caught LDAPException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.URLE_SEARCH_FAILED, warning, e);
    } catch (CursorException e) {
        String warning = "getAssignedUsers role name [" + role.getName() + "] caught LDAPException=" + e.getMessage();
        throw new FinderException(GlobalErrIds.URLE_SEARCH_FAILED, warning, e);
    } finally {
        closeAdminConnection(ld);
    }
    return userRoleList;
}

Example 80 with UserRole

use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.

the class UserP method createSession.

/**
 * CreateSession
 * <p>
 * This method is called by AccessMgr and is not intended for use outside Fortress core.  The successful
 * result is Session object that contains target user's RBAC and Admin role activations.  In addition to checking
 * user password validity it will apply configured password policy checks.  Method may also store parms passed in for
 * audit trail..
 * <ul>
 * <li> authenticate user password
 * <li> password policy evaluation with OpenLDAP PwPolicy
 * <li> evaluate temporal constraints on User and UserRole entities.
 * <li> allow selective role activations into User RBAC Session.
 * <li> require valid password if trusted == false.
 * <li> will disallow any user who is locked out due to OpenLDAP pw policy, regardless of trusted flag being set as parm on API.
 * <li> return User's RBAC Session containing User and UserRole attributes.
 * <li> throw a SecurityException for authentication failures, other policy violations, data validation errors or system failure.
 * </ul>
 * <p>
 * <p>
 * The function is valid if and only if:
 * <ul>
 * <li> the user is a member of the USERS data set
 * <li> the password is supplied (unless trusted).
 * <li> the (optional) active role set is a subset of the roles authorized for that user.
 * </ul>
 * <p>
 * <p>
 * The User parm contains the following (* indicates required)
 * <ul>
 * <li> String userId*
 * <li> char[] password
 * <li> List<UserRole> userRoles contains a list of RBAC role names authorized for user and targeted for activation within this session.
 * <li> List<UserAdminRole> userAdminRoles contains a list of Admin role names authorized for user and targeted for activation.
 * <li> Properties logonProps collection of auditable name/value pairs to store.  For example hostname:myservername or ip:192.168.1.99
 * </ul>
 * <p>
 * <p>
 * Notes:
 * <ul>
 * <li> roles that violate Dynamic Separation of Duty Relationships will not be activated into session.
 * <li> role activations will proceed in same order as supplied to User entity setter.
 * </ul>
 * <p>
 *
 * @param user    Contains userId, password (optional if "trusted"), optional User RBAC Roles: List<UserRole> rolesToBeActivated., optional User Admin Roles: List<UserAdminRole> adminRolesToBeActivated.
 * @param trusted if true password is not required.
 * @return Session object will contain authentication result code, RBAC and Admin role activations, OpenLDAP pw policy output and more.
 * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
 */
Session createSession(User user, boolean trusted) throws SecurityException {
    Session session;
    if (trusted) {
        // Create the impl session without authentication of password.
        session = createSessionTrusted(user);
        // Check user temporal constraints.  This op usually performed during authentication.
        VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.USER, false);
    } else {
        // Create the impl session if the user authentication succeeds:
        VUtil.assertNotNullOrEmpty(user.getPassword(), GlobalErrIds.USER_PW_NULL, CLS_NM + ".createSession");
        session = createSession(user);
    }
    // Did the caller pass in a set of roles for selective activation?
    if (CollectionUtils.isNotEmpty(user.getRoles())) {
        // Process selective activation of user's RBAC roles into session:
        List<UserRole> rlsActual = session.getRoles();
        List<UserRole> rlsFinal = new ArrayList<>();
        session.setRoles(rlsFinal);
        // Activate only the intersection between assigned and roles passed into this method:
        for (UserRole role : user.getRoles()) {
            int indx = rlsActual.indexOf(role);
            if (indx != -1) {
                UserRole candidateRole = rlsActual.get(indx);
                rlsFinal.add(candidateRole);
            }
        }
    }
    // Check role temporal constraints + activate roles:
    VUtil.getInstance().validateConstraints(session, VUtil.ConstraintType.ROLE, true);
    return session;
}