Examples with UserRole org.apache.directory.fortress.core.model.UserRole used on opensource projects
Example 26 with UserRole
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class ReviewMgrRestImpl method assignedRoles.
/**
* {@inheritDoc}
*/
@Override
public List<UserRole> assignedRoles(User user) throws SecurityException {
VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".assignedRoles");
List<UserRole> retUserRoles;
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
request.setEntity(user);
if (this.adminSess != null) {
request.setSession(adminSess);
}
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ROLE_ASGNED);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0) {
retUserRoles = response.getEntities();
} else {
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return retUserRoles;
}
Also used :
UserRole(org.apache.directory.fortress.core.model.UserRole)
FortResponse(org.apache.directory.fortress.core.model.FortResponse)
SecurityException(org.apache.directory.fortress.core.SecurityException)
FortRequest(org.apache.directory.fortress.core.model.FortRequest)
Example 27 with UserRole
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AdminMgrConsole method assignUser.
void assignUser() {
try {
ReaderUtil.clearScreen();
System.out.println("Enter userId");
String userId = ReaderUtil.readLn();
UserRole uRole = new UserRole();
uRole.setUserId(userId);
System.out.println("Enter role name");
String roleNm = ReaderUtil.readLn();
uRole.setName(roleNm);
am.assignUser(uRole);
System.out.println("userId [" + userId + "] name [" + roleNm + "]");
System.out.println("has been assigned");
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("assignUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}
Also used :
UserRole(org.apache.directory.fortress.core.model.UserRole)
Example 28 with UserRole
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AdminMgrConsole method addUser.
/**
* Adds a feature to the User attribute of the AdminMgrConsole object
*/
void addUser() {
User ue = new User();
try {
ReaderUtil.clearScreen();
System.out.println("Enter userId:");
ue.setUserId(ReaderUtil.readLn());
System.out.println("Enter user's common name (cn):");
String cn = ReaderUtil.readLn();
System.out.println("Enter user's surname (sn):");
String sn = ReaderUtil.readLn();
ue.setSn(sn);
ue.setCn(cn);
System.out.println("Enter pw");
ue.setPassword(ReaderUtil.readLn());
System.out.println("Enter User's description field");
ue.setDescription(ReaderUtil.readLn());
System.out.println("Enter organization unit, blank for default");
ue.setOu(ReaderUtil.readLn());
System.out.println("Do you want to set temporal constraints on User - Y or N");
String choice = ReaderUtil.readLn();
if (choice != null && choice.equalsIgnoreCase("Y")) {
enterTemporal(ue);
}
System.out.println("Do you want to set posix account attributes on User - Y or N");
choice = ReaderUtil.readLn();
if (choice != null && choice.equalsIgnoreCase("Y")) {
enterPosixAccount(ue);
}
System.out.println("Enter Role name (or NULL to skip):");
String val = ReaderUtil.readLn();
for (int i = 0; val != null && val.length() > 0; i++) {
UserRole userRole = new UserRole();
userRole.setName(val);
userRole.setUserId(ue.getUserId());
ue.setRole(userRole);
System.out.println("Do you want to set temporal constraints on User - Y or N");
choice = ReaderUtil.readLn();
if (choice != null && choice.equalsIgnoreCase("Y")) {
enterTemporal(userRole);
}
System.out.println("Enter next name (or NULL if done entering roles):");
val = ReaderUtil.readLn();
}
System.out.println("Enter prop key (or NULL to skip):");
String key = ReaderUtil.readLn();
for (int i = 0; key != null && key.length() > 0; i++) {
System.out.println("Enter prop val:");
val = ReaderUtil.readLn();
ue.addProperty(key, val);
System.out.println("Enter next prop key (or NULL if done entering properties)");
key = ReaderUtil.readLn();
}
System.out.println("Enter password policy (or NULL to skip):");
String policy = ReaderUtil.readLn();
if (StringUtils.isNotEmpty(policy)) {
ue.setPwPolicy(policy);
}
/*
ue.setAddress(new Address());
ue.getAddress().setAddress("123 Test Ln");
ue.getAddress().setAddress("Suite 1");
ue.getAddress().setAddress("c/o resident");
ue.getAddress().setCity("TestCity");
ue.getAddress().setCountry("US");
ue.getAddress().setPostalCode("72113");
ue.getAddress().setState("AR");
ue.setPhone("111-222-3333");
ue.setPhone("222-222-3333");
ue.setMobile("333-222-3333");
ue.setMobile("444-222-3333");
*/
User ue2 = am.addUser(ue);
if (CollectionUtils.isNotEmpty(ue.getRoles())) {
for (UserRole uRole : ue.getRoles()) {
am.assignUser(uRole);
}
}
System.out.println("userId [" + ue2.getUserId() + "]");
System.out.println("internalId [" + ue2.getInternalId() + "]");
System.out.println("user description [" + ue2.getDescription() + "]");
System.out.println("user common name [" + ue2.getCn() + "]");
System.out.println("user surname [" + ue2.getSn() + "]");
System.out.println("organizational unit [" + ue2.getOu() + "]");
System.out.println("has been added");
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("addUser caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
} catch (Exception e) {
LOG.error("addUser caught Exception=" + e);
e.printStackTrace();
}
ReaderUtil.readChar();
}
Also used :
User(org.apache.directory.fortress.core.model.User)
UserRole(org.apache.directory.fortress.core.model.UserRole)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Example 29 with UserRole
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class VUtil method validateConstraints.
/**
* This utility iterates over all of the Validators initialized for runtime and calls them passing the {@link org.apache.directory.fortress.core.model.Constraint} contained within the
* targeted entity. If a particular {@link org.apache.directory.fortress.core.model.UserRole} violates constraint it will not be activated. If {@link org.apache.directory.fortress.core.model.User} validation fails a ValidationException will be thrown thus preventing User logon.
*
* @param session contains {@link org.apache.directory.fortress.core.model.User} and {@link org.apache.directory.fortress.core.model.UserRole} constraints {@link org.apache.directory.fortress.core.model.Constraint} to be checked.
* @param type specifies User {@link ConstraintType#USER} or rOLE {@link ConstraintType#ROLE}.
* @param checkDsd will check DSD constraints if true
* @throws org.apache.directory.fortress.core.SecurityException in the event validation fails for User or system error occurs.
*/
public void validateConstraints(Session session, ConstraintType type, boolean checkDsd) throws SecurityException {
String location = "validateConstraints";
String entityId = session.isGroupSession() ? session.getGroupName() : session.getUserId();
String entityType = session.isGroupSession() ? "groupName" : "userId";
int rc;
if (validators == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("{} " + entityType + " [{}] has no constraints enabled", location, entityId);
}
return;
} else // no need to continue if the role list is empty and we're trying to check role constraints:
if (type == ConstraintType.ROLE && CollectionUtils.isEmpty(session.getRoles()) && CollectionUtils.isEmpty(session.getAdminRoles())) {
if (LOG.isDebugEnabled()) {
LOG.debug("{} " + entityType + " [{}] has no roles assigned", location, entityId);
}
return;
}
for (Validator val : validators) {
Time currTime = TUtil.getCurrentTime();
// first check the constraint on the user:
if (type == ConstraintType.USER && !session.isGroupSession()) {
rc = val.validate(session, session.getUser(), currTime, type);
if (rc > 0) {
String info = location + " user [" + entityId + "] was deactivated reason code [" + rc + "]";
throw new ValidationException(rc, info);
}
} else // Check the constraints for each activated role:
{
if (CollectionUtils.isNotEmpty(session.getRoles())) {
// now check the constraint on every role activation candidate contained within session object:
List<UserRole> rolesToRemove = new ArrayList<>();
for (UserRole role : session.getRoles()) {
rc = val.validate(session, role, currTime, type);
if (rc > 0) {
rolesToRemove.add(role);
String msg = location + " role [" + role.getName() + "] for " + entityType + "[" + entityId + "]" + " was deactivated reason code [" + rc + "]";
LOG.info(msg);
session.setWarning(new ObjectFactory().createWarning(rc, msg, Warning.Type.ROLE, role.getName()));
}
}
// remove all roles not passing validation
session.getRoles().removeAll(rolesToRemove);
}
if (CollectionUtils.isNotEmpty(session.getAdminRoles())) {
// now check the constraint on every arbac role activation candidate contained within session object:
List<UserRole> rolesToRemove = new ArrayList<>();
for (UserRole role : session.getAdminRoles()) {
rc = val.validate(session, role, currTime, type);
if (rc > 0) {
rolesToRemove.add(role);
String msg = location + " admin role [" + role.getName() + "] for " + entityType + "[" + entityId + "]" + " was deactivated reason code [" + rc + "]";
LOG.info(msg);
session.setWarning(new ObjectFactory().createWarning(rc, msg, Warning.Type.ROLE, role.getName()));
}
}
// remove all roles not passing validation
session.getAdminRoles().removeAll(rolesToRemove);
}
}
}
// now perform DSD validation on session's impl roles:
if (checkDsd && DSDVALIDATOR != null && DSDVALIDATOR.length() > 0 && type == ConstraintType.ROLE && CollectionUtils.isNotEmpty(session.getRoles())) {
Validator dsdVal = (Validator) ClassUtil.createInstance(DSDVALIDATOR);
if (session.isGroupSession()) {
// pass session's group wrapped into constraint interface
dsdVal.validate(session, new ConstraintedGroup(session.getGroup()), null, null);
} else {
dsdVal.validate(session, session.getUser(), null, null);
}
}
// reset the user's last access timestamp:
session.setLastAccess();
}
Also used :
ValidationException(org.apache.directory.fortress.core.ValidationException)
ObjectFactory(org.apache.directory.fortress.core.model.ObjectFactory)
UserRole(org.apache.directory.fortress.core.model.UserRole)
ArrayList(java.util.ArrayList)
Time(org.apache.directory.fortress.core.util.time.Time)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Validator(org.apache.directory.fortress.core.util.time.Validator)
Example 30 with UserRole
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class ReviewMgrConsole method findUsers.
/**
* Description of the Method
*/
void findUsers() {
String userVal;
ReaderUtil.clearScreen();
try {
System.out.println("Enter User Search Value");
userVal = ReaderUtil.readLn();
User ue = new User();
ue.setUserId(userVal);
ArrayList list = (ArrayList) rm.findUsers(ue);
int size = list.size();
for (int i = 0; i < size; i++) {
ue = (User) list.get(i);
System.out.println("USER[" + i + "]");
System.out.println(" userId [" + ue.getUserId() + "]");
System.out.println(" internalId [" + ue.getInternalId() + "]");
System.out.println(" description [" + ue.getDescription() + "]");
System.out.println(" common name [" + ue.getCn() + "]");
System.out.println(" surname [" + ue.getSn() + "]");
System.out.println(" orgUnitId [" + ue.getOu() + "]");
System.out.println(" pwpolicy [" + ue.getPwPolicy() + "]");
System.out.println(" seqId [" + ue.getSequenceId() + "]");
printTemporal(ue, "USER");
printPosixAccount(ue, "POSIX");
printAddress(ue.getAddress(), "ADDRESS");
printPhone(ue.getPhones(), "PHONES");
printPhone(ue.getMobiles(), "MOBILES");
if (ue.getRoles() != null) {
for (UserRole ur : ue.getRoles()) {
printTemporal(ur, "RBACROLE");
}
}
if (ue.getAdminRoles() != null) {
for (UserAdminRole ur : ue.getAdminRoles()) {
printAdminRole(ur);
printTemporal(ur, "ADMINROLE");
}
}
if (ue.getProperties() != null && ue.getProperties().size() > 0) {
int ctr = 0;
for (Enumeration e = ue.getProperties().propertyNames(); e.hasMoreElements(); ) {
String key = (String) e.nextElement();
String val = ue.getProperty(key);
System.out.println("prop key[" + ctr + "]=" + key);
System.out.println("prop value[" + ctr++ + "]=" + val);
}
}
System.out.println();
}
System.out.println("ENTER to continue");
} catch (SecurityException e) {
LOG.error("findUsers caught SecurityException rc=" + e.getErrorId() + ", msg=" + e.getMessage(), e);
}
ReaderUtil.readChar();
}
Also used :
User(org.apache.directory.fortress.core.model.User)
Enumeration(java.util.Enumeration)
UserRole(org.apache.directory.fortress.core.model.UserRole)
UserAdminRole(org.apache.directory.fortress.core.model.UserAdminRole)
ArrayList(java.util.ArrayList)
Constraint(org.apache.directory.fortress.core.model.Constraint)
Aggregations
UserRole (org.apache.directory.fortress.core.model.UserRole)89
User (org.apache.directory.fortress.core.model.User)55
SecurityException (org.apache.directory.fortress.core.SecurityException)48
Session (org.apache.directory.fortress.core.model.Session)28
AccessMgr (org.apache.directory.fortress.core.AccessMgr)17
ArrayList (java.util.ArrayList)16
Role (org.apache.directory.fortress.core.model.Role)16
RoleConstraint (org.apache.directory.fortress.core.model.RoleConstraint)16
AdminMgr (org.apache.directory.fortress.core.AdminMgr)14
ReviewMgr (org.apache.directory.fortress.core.ReviewMgr)12
UserAdminRole (org.apache.directory.fortress.core.model.UserAdminRole)11
Constraint (org.apache.directory.fortress.core.model.Constraint)10
AdminRole (org.apache.directory.fortress.core.model.AdminRole)9
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)7
AdminPermissionOperation (org.apache.directory.fortress.annotation.AdminPermissionOperation)7
AccelMgr (org.apache.directory.fortress.core.AccelMgr)6
FinderException (org.apache.directory.fortress.core.FinderException)6
SDSet (org.apache.directory.fortress.core.model.SDSet)6
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)6
Enumeration (java.util.Enumeration)5
