Search in sources :

Example 1 with RbacSessionRolesRequest

use of org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequest in project directory-fortress-core by apache.

the class AcceleratorDAO method sessionRoles.

/**
 * SessionRoles returns a list of UserRole's activated for user on impl server.
 * It uses the {@link RbacSessionRolesRequest} and {@link RbacSessionRolesResponse} accelerator APIs.
 *
 * todo: This method does not yet, but will soon populate temporal constraints associated with entities returned.
 *
 * @param session contains a valid sessionId captured from accelerator createSession method.
 * @return List of type UserRole.  May be null if user has no roles activated in session stored - server side.
 * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_SESSION_ROLES_ERR}.
 */
List<UserRole> sessionRoles(Session session) throws SecurityException {
    LdapConnection ld = null;
    List<UserRole> userRoleList = null;
    try {
        ld = getAdminConnection();
        RbacSessionRolesRequest sessionRolesRequest = new RbacSessionRolesRequestImpl();
        sessionRolesRequest.setSessionId(session.getSessionId());
        sessionRolesRequest.setUserIdentity(session.getUserId());
        // Send the request
        RbacSessionRolesResponse sessionRolesResponse = (RbacSessionRolesResponse) ld.extended(sessionRolesRequest);
        LOG.debug("sessionRoles result: {}", sessionRolesResponse.getLdapResult().getResultCode().getResultCode());
        if (CollectionUtils.isNotEmpty(sessionRolesResponse.getRoles())) {
            userRoleList = new ArrayList<UserRole>();
            for (String roleNm : sessionRolesResponse.getRoles()) {
                userRoleList.add(new UserRole(session.getUserId(), roleNm));
            // todo: add temporal constraints here
            }
        }
    } catch (LdapException e) {
        String error = "sessionRoles caught LDAPException=" + " msg=" + e.getMessage();
        throw new SecurityException(GlobalErrIds.ACEL_SESSION_ROLES_ERR, error, e);
    } finally {
        closeAdminConnection(ld);
    }
    return userRoleList;
}
Also used : RbacSessionRolesResponse(org.openldap.accelerator.api.sessionRoles.RbacSessionRolesResponse) UserRole(org.apache.directory.fortress.core.model.UserRole) RbacSessionRolesRequest(org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequest) RbacSessionRolesRequestImpl(org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequestImpl) SecurityException(org.apache.directory.fortress.core.SecurityException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)

Aggregations

LdapException (org.apache.directory.api.ldap.model.exception.LdapException)1 SecurityException (org.apache.directory.fortress.core.SecurityException)1 UserRole (org.apache.directory.fortress.core.model.UserRole)1 LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)1 RbacSessionRolesRequest (org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequest)1 RbacSessionRolesRequestImpl (org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequestImpl)1 RbacSessionRolesResponse (org.openldap.accelerator.api.sessionRoles.RbacSessionRolesResponse)1