Search in sources :

Example 1 with RbacDropRoleResponse

use of org.openldap.accelerator.api.dropRole.RbacDropRoleResponse in project directory-fortress-core by apache.

the class AcceleratorDAO method dropActiveRole.

/**
 * Deactivate user role from impl session
 * This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#dropActiveRole(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.UserRole)}.
 * Success will result in impl session state to be modified inside server-side cache.
 * It uses the {@link RbacDropRoleRequest} and {@link RbacDropRoleResponse} accelerator APIs.
 *
 * @param session contains a valid sessionId captured from accelerator createSession method.
 * @param userRole both the {@link org.apache.directory.fortress.core.model.UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_DROP_ROLE_ERR}.
 */
void dropActiveRole(Session session, UserRole userRole) throws SecurityException {
    LdapConnection ld = null;
    try {
        ld = getAdminConnection();
        RbacDropRoleRequest dropRoleRequest = new RbacDropRoleRequestImpl();
        dropRoleRequest.setSessionId(session.getSessionId());
        dropRoleRequest.setRole(userRole.getName());
        dropRoleRequest.setUserIdentity(userRole.getUserId());
        // Send the request
        RbacDropRoleResponse rbacDropRoleResponse = (RbacDropRoleResponse) ld.extended(dropRoleRequest);
        LOG.debug("dropActiveRole result: {}", rbacDropRoleResponse.getLdapResult().getResultCode());
        if (rbacDropRoleResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
            String info = "dropActiveRole Role [" + userRole.getName() + "] User [" + session.getUserId() + "], not previously activated.";
            throw new SecurityException(GlobalErrIds.URLE_NOT_ACTIVE, info);
        }
    } catch (LdapException e) {
        String error = "dropActiveRole role name [" + userRole.getName() + "] caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_DROP_ROLE_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
}
Also used : RbacDropRoleRequest(org.openldap.accelerator.api.dropRole.RbacDropRoleRequest) RbacDropRoleRequestImpl(org.openldap.accelerator.api.dropRole.RbacDropRoleRequestImpl) SecurityException(org.apache.directory.fortress.core.SecurityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) RbacDropRoleResponse(org.openldap.accelerator.api.dropRole.RbacDropRoleResponse) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Aggregations

LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1 SecurityException (org.apache.directory.fortress.core.SecurityException)1 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)1 RbacDropRoleRequest (org.openldap.accelerator.api.dropRole.RbacDropRoleRequest)1 RbacDropRoleRequestImpl (org.openldap.accelerator.api.dropRole.RbacDropRoleRequestImpl)1 RbacDropRoleResponse (org.openldap.accelerator.api.dropRole.RbacDropRoleResponse)1