use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AccessMgrSample method testSessionRoles.
/**
* The RBAC Session can be interrogated to return the list of all activated Roles within a User's Session. The API
* will cache these Roles in the User's Session object. The Roles will also include temporal data that is used to
* enforce the day, date and time for which a given Role may be placed in the User's Session.
*/
public static void testSessionRoles() {
String szLocation = ".testSessionRoles";
User inUser = new User(CreateUserSample.TEST_USERID);
try {
// Instantiate the AccessMgr implementation.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// utility function will create an Fortress Session. The Session contains the user's activated
// roles along with other related attributes and status information (i.e. password status)
Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
// A null Session would be a bug and should never happen. Fortress will throw a SecurityException if it cannot create.
assertNotNull(session);
// Get the activated Roles from the Session.
List<UserRole> uRoles = accessMgr.sessionRoles(session);
// The list of Roles could be null if User has not been assigned any or if all assigned failed activation checks.
assertNotNull(uRoles);
// Test to see that the list size is same as expected.
assertTrue(szLocation + " list check, expected: 10, actual:" + uRoles.size(), uRoles.size() == 10);
// program this would not be necessary.
for (int i = 1; i < 11; i++) {
UserRole inUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
assertTrue(szLocation + " contains check userId [" + inUserRole.getUserId() + "] role [" + inUserRole.getName() + "]", uRoles.contains(inUserRole));
LOG.info(szLocation + " userId [" + inUserRole.getUserId() + "] activated role [" + inUserRole.getName() + "] found in session");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AccessMgrSample method testAddActiveRoles.
/**
* The addActivateRole API allows only Roles that have been assigned to a given User to be activated in their
* RBAC Session. The API will also ensure that a given Role has passed its constraint tests which include
* Static Separation of Duty (SSD) and RBAC Role temporal constraint validations.
*/
public static void testAddActiveRoles() {
String szLocation = ".testAddActiveRoles";
try {
// Instantiate the AccessMgr implementation.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// authenticate will check the password but will not activated any roles into Session.
Session session = authenticate(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
assertNotNull(session);
// now, activate roles into User's Session one at a time:
for (int i = 1; i < 11; i++) {
UserRole addUserRole = new UserRole(CreateUserSample.TEST_USERID, CreateRoleSample.TEST_ROLE_PREFIX + i);
accessMgr.addActiveRole(session, addUserRole);
LOG.info(szLocation + " userId [" + addUserRole.getUserId() + "] activated role [" + addUserRole.getName() + "] added to session");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AccessMgrSample method testDropActiveRoles.
/**
* RBAC compliant systems allow User Roles to be activated and deactivated from their Session. This facilitates
* the principle of least privilege which prescribes only giving User's as much capability as they need to complete
* their job duties. This means not all Roles that a User may be authorized to activated will necessarily be active
* at any one point in time. This allows for separation of duty restrictions to be enforced.
*/
public static void testDropActiveRoles() {
String szLocation = ".testDropActiveRoles";
User inUser = new User(CreateUserSample.TEST_USERID);
try {
// Instantiate the AccessMgr implementation.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// Calling createSession and not setting any roles on User beforehand will attempt to activate all assigned Roles:
Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
assertNotNull(session);
// now, drop roles from User's Session one at a time:
for (int i = 1; i < 11; i++) {
UserRole dropUserRole = new UserRole(inUser.getUserId(), CreateRoleSample.TEST_ROLE_PREFIX + i);
accessMgr.dropActiveRole(session, dropUserRole);
LOG.info(szLocation + " userId [" + dropUserRole.getUserId() + "] deactivated role [" + dropUserRole.getName() + "] removed from session");
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class AccessMgrSample method testDisplayUserSession.
/**
* This test will display all of the User Session attributes to the System out of test machine. It is intended
* to demonstrate what data is carried within a User's Fortress Session object.
*/
public static void testDisplayUserSession() {
String szLocation = ".testDisplayUserSession";
try {
// Instantiate the AccessMgr implementation.
AccessMgr accessMgr = AccessMgrFactory.createInstance(TestUtils.getContext());
// utility function will create an Fortress Session. The Session contains the user's activated
// roles along with other related attributes and status information (i.e. password status)
Session session = createSession(CreateUserSample.TEST_USERID, CreateUserSample.TEST_PASSWORD, accessMgr);
assertNotNull(session);
User user = accessMgr.getUser(session);
assertNotNull(user);
LOG.info(szLocation);
LOG.info("S UID [" + session.getUserId() + "]:");
LOG.info("S IID [" + session.getInternalUserId() + "]");
LOG.info("S ERR [" + session.getErrorId() + "]");
LOG.info("S WARN [" + session.getWarnings() + "]");
LOG.info("S MSG [" + session.getMsg() + "]");
LOG.info("S EXP [" + session.getExpirationSeconds() + "]");
LOG.info("S GRAC [" + session.getGraceLogins() + "]");
LOG.info("S AUTH [" + session.isAuthenticated() + "]");
LOG.info("S LAST [" + session.getLastAccess() + "]");
LOG.info("S SID [" + session.getSessionId() + "]");
LOG.info("------------------------------------------");
LOG.info("U UID [" + user.getUserId() + "]");
LOG.info("U IID [" + user.getInternalId() + "]");
LOG.info("U CN [" + user.getCn() + "]");
LOG.info("U DESC [" + user.getDescription() + "]");
LOG.info("U OU [" + user.getOu() + "]");
LOG.info("U SN [" + user.getSn() + "]");
LOG.info("U BDTE [" + user.getBeginDate() + "]");
LOG.info("U EDTE [" + user.getEndDate() + "]");
LOG.info("U BLDT [" + user.getBeginLockDate() + "]");
LOG.info("U ELDT [" + user.getEndLockDate() + "]");
LOG.info("U DMSK [" + user.getDayMask() + "]");
LOG.info("U TO [" + user.getTimeout() + "]");
LOG.info("U REST [" + user.isReset() + "]");
if (user.getProperties() != null && user.getProperties().size() > 0) {
int ctr = 0;
for (Enumeration e = user.getProperties().propertyNames(); e.hasMoreElements(); ) {
String key = (String) e.nextElement();
String val = user.getProperty(key);
LOG.info("U PROP[" + ctr++ + "]=" + key + " VAL=" + val);
}
}
List<UserRole> roles = session.getRoles();
if (roles != null) {
for (int i = 0; i < roles.size(); i++) {
UserRole ur = roles.get(i);
LOG.info(" USER ROLE[" + i + "]:");
LOG.info(" role name [" + ur.getName() + "]");
LOG.info(" begin time [" + ur.getBeginTime() + "]");
LOG.info(" end time [" + ur.getEndTime() + "]");
LOG.info(" begin date [" + ur.getBeginDate() + "]");
LOG.info(" end date [" + ur.getEndDate() + "]");
LOG.info(" begin lock [" + ur.getBeginLockDate() + "]");
LOG.info(" end lock [" + ur.getEndLockDate() + "]");
LOG.info(" day mask [" + ur.getDayMask() + "]");
LOG.info(" time out [" + ur.getTimeout() + "]");
}
}
List<UserAdminRole> aRoles = session.getAdminRoles();
if (aRoles != null) {
for (int i = 0; i < aRoles.size(); i++) {
UserAdminRole ur = aRoles.get(i);
LOG.info(" USER ADMIN ROLE[" + i + "]:");
LOG.info(" admin role name [" + ur.getName() + "]");
LOG.info(" OsU [" + ur.getOsUSet() + "]");
LOG.info(" OsP [" + ur.getOsPSet() + "]");
LOG.info(" begin range [" + ur.getBeginRange() + "]");
LOG.info(" end range [" + ur.getEndRange() + "]");
LOG.info(" begin time [" + ur.getBeginTime() + "]");
LOG.info(" end time [" + ur.getEndTime() + "]");
LOG.info(" begin date [" + ur.getBeginDate() + "]");
LOG.info(" end date [" + ur.getEndDate() + "]");
LOG.info(" begin lock [" + ur.getBeginLockDate() + "]");
LOG.info(" end lock [" + ur.getEndLockDate() + "]");
LOG.info(" day mask [" + ur.getDayMask() + "]");
LOG.info(" time out [" + ur.getTimeout() + "]");
}
}
java.util.Properties jProps = System.getProperties();
if (jProps != null && jProps.size() > 0) {
int ctr = 0;
for (Enumeration e = jProps.propertyNames(); e.hasMoreElements(); ) {
String key = (String) e.nextElement();
String val = jProps.getProperty(key);
LOG.info("J PROP[" + ctr++ + "]=" + key + " VAL=" + val);
}
}
} catch (SecurityException ex) {
LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
use of org.apache.directory.fortress.core.model.UserRole in project directory-fortress-core by apache.
the class ReviewMgrImplTest method findUserRoleWithConstraints.
public static void findUserRoleWithConstraints(String msg, String usr, String role, RoleConstraint.RCType rcType, String paSetName) {
LogUtil.logIt(msg);
try {
ReviewMgr reviewMgr = getManagedReviewMgr();
List<UserRole> urs = reviewMgr.assignedUsers(new Role(role), rcType, paSetName);
assertTrue(urs.size() > 0);
assertTrue(urs.get(0).getRoleConstraints().size() > 0);
LOG.debug("findUserRoleWithConstraints paSetName [" + paSetName + "] successful");
} catch (SecurityException ex) {
LOG.error("findUserRoleWithConstraints paSetName [" + paSetName + "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
fail(ex.getMessage());
}
}
Aggregations