directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject [14/50] git commit: FC-136 - Add sessionRoles to AccelMgr
Date Mon, 20 Oct 2014 23:06:31 GMT
FC-136 - Add sessionRoles to AccelMgr


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/01ef8075
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/01ef8075
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/01ef8075

Branch: refs/heads/master
Commit: 01ef8075dfe5f4766a433daf862c9b47625c8a8b
Parents: 9e3c800
Author: Shawn McKinney <shawn.mckinney@jts.us>
Authored: Sun Jun 29 00:57:08 2014 -0500
Committer: Shawn McKinney <shawn.mckinney@jts.us>
Committed: Sun Jun 29 00:57:08 2014 -0500

----------------------------------------------------------------------
 ldap/setup/FortressDemoUsers.xml                |  2 +-
 .../java/org/openldap/fortress/AccelMgr.java    | 19 +++++++++
 .../org/openldap/fortress/GlobalErrIds.java     |  4 ++
 .../fortress/ldap/ApacheDsDataProvider.java     |  4 +-
 .../openldap/fortress/rbac/AccelMgrImpl.java    | 17 ++++++++
 .../fortress/rbac/dao/AcceleratorDAO.java       |  3 ++
 .../rbac/dao/apache/AcceleratorDAO.java         | 44 ++++++++++++++++++++
 .../rbac/accelerator/TestAccelerator.java       | 32 +++++++++++---
 8 files changed, 118 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/ldap/setup/FortressDemoUsers.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/FortressDemoUsers.xml b/ldap/setup/FortressDemoUsers.xml
index 8363bc4..40ca567 100755
--- a/ldap/setup/FortressDemoUsers.xml
+++ b/ldap/setup/FortressDemoUsers.xml
@@ -189,7 +189,7 @@
                 <!-- safe modify must be false iff user can chg pw after reset -->
                 <policy name="Test1"
                     minAge="0"
-                    maxAge="2000000"
+                    maxAge="525600"
                     inHistory="5"
                     checkQuality="2"
                     minLength="4"

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/AccelMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/AccelMgr.java b/src/main/java/org/openldap/fortress/AccelMgr.java
index 869f666..9a2da51 100644
--- a/src/main/java/org/openldap/fortress/AccelMgr.java
+++ b/src/main/java/org/openldap/fortress/AccelMgr.java
@@ -119,10 +119,29 @@ public interface AccelMgr extends Manageable
         throws SecurityException;
 
 
+    /**
+     * This function deletes a fortress session from the RBAC Policy Decision Point inside
OpenLDAP RBAC Accelerator.  The function is valid if
+     * and only if the session is a valid Fortress session.
+     *
+     * @param session object contains the user's returned RBAC session from the createSession
method.
+     * @throws SecurityException is thrown if session invalid or system. error.
+     */
     public void deleteSession(Session session)
         throws SecurityException;
 
     /**
+     * This function returns the active roles associated with a session. The function is
valid if
+     * and only if the session is a valid Fortress session.
+     *
+     * @param session object contains the user's returned RBAC session from the createSession
method.
+     * @return List<UserRole> containing all roles active in user's session.  This
will NOT contain inherited roles.
+     * @throws SecurityException is thrown if session invalid or system. error.
+     */
+    public List<UserRole> sessionRoles(Session session)
+        throws SecurityException;
+
+
+    /**
      * Perform user RBAC authorization.  This function returns a Boolean value meaning whether
the subject of a given session is
      * allowed or not to perform a given operation on a given object. The function is valid
if and
      * only if the session is a valid Fortress session, the object is a member of the OBJS
data set,

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/GlobalErrIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/GlobalErrIds.java b/src/main/java/org/openldap/fortress/GlobalErrIds.java
index 6bbdc2a..4454d44 100755
--- a/src/main/java/org/openldap/fortress/GlobalErrIds.java
+++ b/src/main/java/org/openldap/fortress/GlobalErrIds.java
@@ -1548,6 +1548,10 @@ public class GlobalErrIds
     public final static int ACEL_DROP_ROLE_ERR = 10205;
 
     /**
+     * The RBAC Accelerator function failed because SessionRoles LDAP extended operation
error.
+     */
+    public final static int ACEL_SESSION_ROLES_ERR = 10206;
+    /**
      * 10300's - Group Error Ids
      */
     /**

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
index 50a91e9..8594f69 100644
--- a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
@@ -139,7 +139,9 @@ public abstract class ApacheDsDataProvider
               + "org.openldap.accelerator.impl.checkAccess.RbacCheckAccessFactory,"
               + "org.openldap.accelerator.impl.addRole.RbacAddRoleFactory,"
               + "org.openldap.accelerator.impl.dropRole.RbacDropRoleFactory,"
-              + "org.openldap.accelerator.impl.deleteSession.RbacDeleteSessionFactory");
+              + "org.openldap.accelerator.impl.deleteSession.RbacDeleteSessionFactory,"
+              + "org.openldap.accelerator.impl.sessionRoles.RbacSessionRolesFactory"
+                );
 
             LdapApiService ldapApiService = new StandaloneLdapApiService();
             if ( LdapApiServiceFactory.isInitialized() == false )

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java b/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java
index a929b09..023ba3d 100644
--- a/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java
+++ b/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java
@@ -158,6 +158,23 @@ public class AccelMgrImpl extends Manageable implements AccelMgr
 
 
     /**
+     * This function returns the active roles associated with a session. The function is
valid if
+     * and only if the session is a valid Fortress session.
+     *
+     * @param session object contains the user's returned RBAC session from the createSession
method.
+     * @return List<UserRole> containing all roles active in user's session.  This
will NOT contain inherited roles.
+     * @throws SecurityException is thrown if session invalid or system. error.
+     */
+    public List<UserRole> sessionRoles(Session session)
+        throws SecurityException
+    {
+        String methodName = "sessionRoles";
+        assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
+        return aDao.sessionRoles( session );
+    }
+
+
+    /**
      * Perform user rbac authorization.  This function returns a Boolean value meaning whether
the subject of a given session is
      * allowed or not to perform a given operation on a given object. The function is valid
if and
      * only if the session is a valid Fortress session, the object is a member of the OBJS
data set,

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java
index 0b88268..7361a39 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java
@@ -21,11 +21,14 @@ import org.openldap.fortress.rbac.Session;
 import org.openldap.fortress.rbac.User;
 import org.openldap.fortress.rbac.UserRole;
 
+import java.util.List;
+
 
 public interface AcceleratorDAO
 {
     public Session createSession( User user ) throws SecurityException;
     public void deleteSession( Session session ) throws SecurityException;
+    public List<UserRole> sessionRoles( Session session ) throws SecurityException;
     public boolean checkAccess( Session session, Permission perm ) throws SecurityException;
     public void dropActiveRole( Session session, UserRole userRole ) throws SecurityException;
     public void addActiveRole( Session session, UserRole userRole ) throws SecurityException;

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
index 2747101..9a0346d 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
@@ -34,6 +34,9 @@ import org.openldap.accelerator.api.dropRole.RbacDropRoleResponse;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.ldap.client.api.LdapConnection;
 
+import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequest;
+import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequestImpl;
+import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.openldap.fortress.*;
@@ -45,6 +48,9 @@ import org.openldap.fortress.rbac.User;
 import org.openldap.fortress.rbac.UserRole;
 import org.openldap.fortress.util.attr.VUtil;
 
+import java.util.ArrayList;
+import java.util.List;
+
 
 public final class AcceleratorDAO extends ApacheDsDataProvider implements org.openldap.fortress.rbac.dao.AcceleratorDAO
 
@@ -275,4 +281,42 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements
org.op
             closeAdminConnection( ld );
         }
     }
+
+
+    public List<UserRole> sessionRoles( Session session ) throws SecurityException
+    {
+        LdapConnection ld = null;
+        List<UserRole> userRoleList = null;
+        try
+        {
+            ld = getAdminConnection();
+            RbacSessionRolesRequest sessionRolesRequest = new RbacSessionRolesRequestImpl();
+            sessionRolesRequest.setSessionId( session.getSessionId() );
+            sessionRolesRequest.setUserIdentity( session.getUserId() );
+            // Send the request
+            RbacSessionRolesResponse sessionRolesResponse = ( RbacSessionRolesResponse )
ld.extended(
+                sessionRolesRequest );
+            LOG.debug( "sessionRoles result: {}", sessionRolesResponse.getLdapResult().getResultCode().getResultCode());
+            if(VUtil.isNotNullOrEmpty( sessionRolesResponse.getRoles() ) )
+            {
+                userRoleList = new ArrayList<>(  );
+                for( String roleNm : sessionRolesResponse.getRoles() )
+                {
+                    UserRole userRole = new UserRole( session.getUserId(), roleNm );
+                    userRoleList.add( userRole );
+                }
+            }
+        }
+        catch ( LdapException e )
+        {
+            String error = "sessionRoles caught LDAPException=" + " msg=" + e
+                .getMessage();
+            throw new org.openldap.fortress.SecurityException( GlobalErrIds.ACEL_SESSION_ROLES_ERR,
error, e );
+        }
+        finally
+        {
+            closeAdminConnection( ld );
+        }
+        return userRoleList;
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java b/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
index 34cde17..828e0e6 100644
--- a/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
+++ b/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
@@ -46,6 +46,27 @@ public class TestAccelerator
     }
 
     @Test
+    public void testSessionRoles()
+    {
+        LOG.info( "testSessionRoles..." );
+        User user = new User();
+        user.setUserId( "rbacuser1" );
+        user.setPassword( "secret".toCharArray() );
+        try
+        {
+            AccelMgr accelMgr = AccelMgrFactory.createInstance( TestUtils.getContext() );
+            Session session;
+            session = accelMgr.createSession( user, false );
+            assertNotNull( session );
+            accelMgr.sessionRoles( session );
+        }
+        catch( org.openldap.fortress.SecurityException se)
+        {
+            se.printStackTrace();
+        }
+    }
+
+    //@Test
     public void testCreateSession()
     {
         LOG.info( "testCreateSession..." );
@@ -86,7 +107,7 @@ public class TestAccelerator
         }
     }
 
-    @Test
+    //@Test
     public void testCheckAccess()
     {
         AccelMgr accelMgr = null;
@@ -113,6 +134,7 @@ public class TestAccelerator
             // positive test case:
             Permission perm = new Permission();
             perm.setObjName( "/rbac/cal2.jsp" );
+            //perm.setObjId( "123456" );
             perm.setOpName( "8am" );
             boolean result = accelMgr.checkAccess( session, perm );
             assertTrue( result );
@@ -128,7 +150,7 @@ public class TestAccelerator
         }
     }
 
-    @Test
+    //@Test
     public void testDeleteSession()
     {
         LOG.info( "testDeleteSession..." );
@@ -149,7 +171,7 @@ public class TestAccelerator
         }
     }
 
-    @Test
+    //@Test
     public void testAddActiveRole()
     {
         LOG.info( "testAddActiveRole..." );
@@ -176,7 +198,7 @@ public class TestAccelerator
         }
     }
 
-    @Test
+    //@Test
     public void testDropActiveRole()
     {
         LOG.info( "testDropActiveRole..." );
@@ -205,7 +227,7 @@ public class TestAccelerator
     }
 
 
-    @Test
+    //@Test
     public void testCombinedCalls()
     {
         LOG.info( "testCombinedCalls..." );


Mime
View raw message