Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E295917933 for ; Mon, 20 Oct 2014 23:06:20 +0000 (UTC) Received: (qmail 6354 invoked by uid 500); 20 Oct 2014 23:06:20 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 6160 invoked by uid 500); 20 Oct 2014 23:06:20 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 5322 invoked by uid 99); 20 Oct 2014 23:06:20 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Oct 2014 23:06:20 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 2376D9D3C11; Mon, 20 Oct 2014 23:06:20 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: elecharny@apache.org To: commits@directory.apache.org Date: Mon, 20 Oct 2014 23:07:05 -0000 Message-Id: <0a14d3670b14482a89906b74249337b3@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [48/50] git commit: FC-151 - UnboundID SDK removal preparations FC-151 - UnboundID SDK removal preparations Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/6bf332f7 Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/6bf332f7 Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/6bf332f7 Branch: refs/heads/master Commit: 6bf332f7448f8b7b2f6f329bd43fba34afaef882 Parents: 9d516b8 Author: Shawn McKinney Authored: Sun Oct 19 11:28:38 2014 -0500 Committer: Shawn McKinney Committed: Sun Oct 19 11:28:38 2014 -0500 ---------------------------------------------------------------------- build.xml | 4 ++-- ivy.xml | 4 ++-- .../org/openldap/fortress/GlobalErrIds.java | 4 ++++ .../openldap/fortress/SecurityException.java | 17 ++++++++------- .../fortress/ldap/ApacheDsDataProvider.java | 16 ++++++++++++++ .../fortress/rbac/dao/apache/PermDAO.java | 8 ++++++- .../fortress/rbac/dao/apache/UserDAO.java | 5 +++++ .../fortress/rbac/dao/unboundid/PermDAO.java | 9 +++++++- .../fortress/rbac/AccessMgrImplTest.java | 22 ++++++++++++++------ .../fortress/rbac/DelegatedMgrImplTest.java | 22 ++++++++++++++------ 10 files changed, 85 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/build.xml ---------------------------------------------------------------------- diff --git a/build.xml b/build.xml index 6a6f615..cc46a94 100644 --- a/build.xml +++ b/build.xml @@ -168,8 +168,8 @@ - - + + http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/ivy.xml ---------------------------------------------------------------------- diff --git a/ivy.xml b/ivy.xml index 888149c..1713d75 100755 --- a/ivy.xml +++ b/ivy.xml @@ -44,8 +44,8 @@ - - + + http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/GlobalErrIds.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/openldap/fortress/GlobalErrIds.java b/src/main/java/org/openldap/fortress/GlobalErrIds.java index 4454d44..03d3055 100755 --- a/src/main/java/org/openldap/fortress/GlobalErrIds.java +++ b/src/main/java/org/openldap/fortress/GlobalErrIds.java @@ -614,6 +614,10 @@ public class GlobalErrIds * The supplied Permission operation could not be read due to server failure. */ public final static int PERM_COMPARE_OP_FAILED = 3028; + /** + * The supplied Permission does not exist in LDAP DIT. + */ + public final static int PERM_NOT_EXIST = 3029; /** * 4000's - Password Policy Entity http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/SecurityException.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/openldap/fortress/SecurityException.java b/src/main/java/org/openldap/fortress/SecurityException.java index e9338a4..80c467a 100755 --- a/src/main/java/org/openldap/fortress/SecurityException.java +++ b/src/main/java/org/openldap/fortress/SecurityException.java @@ -181,6 +181,7 @@ package org.openldap.fortress; *

{@link GlobalErrIds#PERM_OPERATION_NM_NULL} = 3026; *

{@link GlobalErrIds#PERM_OBJECT_NM_NULL} = 3027; *

{@link GlobalErrIds#PERM_COMPARE_OP_FAILED} = 3028; + *

{@link GlobalErrIds#PERM_NOT_EXIST} = 3029; * *

*
4000's - Password Policy Entity @@ -416,26 +417,26 @@ package org.openldap.fortress; *
`{@link GlobalErrIds#ACEL_DELETE_SESSION_ERR} = 10202;` *
`{@link GlobalErrIds#ACEL_CHECK_ACCESS_ERR} = 10203;` *
`{@link GlobalErrIds#ACEL_ADD_ROLE_ERR} = 10204;` - *
`{@link GlobalErrIds#ACEL_DROP_ROLE_ERR} = 10205;`* + *
`{@link GlobalErrIds#ACEL_DROP_ROLE_ERR} = 10205;` * *
*
10300's - LDAP Group operation Error Ids *
*
*
`{@link GlobalErrIds#GROUP_SEARCH_FAILED} = 10300;` - *
`{@link GlobalErrIds#GROUP_READ_FAILED} = 10301;` * + *
`{@link GlobalErrIds#GROUP_READ_FAILED} = 10301;` *
`{@link GlobalErrIds#GROUP_ADD_FAILED} = 10302;` - *
`{@link GlobalErrIds#GROUP_UPDATE_FAILED} = 10303;` * + *
`{@link GlobalErrIds#GROUP_UPDATE_FAILED} = 10303;` *
`{@link GlobalErrIds#GROUP_DELETE_FAILED} = 10304;` - *
`{@link GlobalErrIds#GROUP_ADD_PROPERTY_FAILED} = 10305;` * + *
`{@link GlobalErrIds#GROUP_ADD_PROPERTY_FAILED} = 10305;` *
`{@link GlobalErrIds#GROUP_DELETE_PROPERTY_FAILED} = 10306;` - *
`{@link GlobalErrIds#GROUP_NOT_FOUND} = 10307;` * + *
`{@link GlobalErrIds#GROUP_NOT_FOUND} = 10307;` *
`{@link GlobalErrIds#GROUP_NULL} = 10308;` - *
`{@link GlobalErrIds#GROUP_USER_ASSIGN_FAILED} = 10309;` * + *
`{@link GlobalErrIds#GROUP_USER_ASSIGN_FAILED} = 10309;` *
`{@link GlobalErrIds#GROUP_USER_DEASSIGN_FAILED} = 10310;` - *
`{@link GlobalErrIds#GROUP_NAME_NULL} = 10311;` * + *
`{@link GlobalErrIds#GROUP_NAME_NULL} = 10311;` *
`{@link GlobalErrIds#GROUP_NAME_INVLD} = 10312;` - *
`{@link GlobalErrIds#GROUP_PROTOCOL_INVLD} = 10313;` * + *
`{@link GlobalErrIds#GROUP_PROTOCOL_INVLD} = 10313;` *
*
* http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java index 8594f69..1400370 100644 --- a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java +++ b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java @@ -911,6 +911,22 @@ public abstract class ApacheDsDataProvider /** + * Given an ldap attribute name and a list of attribute values, construct an ldap attribute set to be added to directory. + * + * @param list list of type string containing attribute values to load into attribute set. + * @param entry contains ldap attribute set targeted for adding. + * @param attrName name of ldap attribute being added. + */ + protected void loadAttrs( List list, Entry entry, String attrName ) throws LdapException + { + if ( list != null && list.size() > 0 ) + { + entry.add( attrName, list.toArray( new String[] {} ) ); + } + } + + + /** * Given an ldap attribute name and a list of attribute values, construct an ldap modification set to be updated * in directory. * http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java index a2a1261..3396cff 100755 --- a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java +++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java @@ -816,7 +816,7 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap. * record storage on ldap server but can be disabled. * * @param session contains {@link Session#getUserId()}, for rbac check {@link org.openldap.fortress.rbac.Session#getRoles()}, for arbac check: {@link org.openldap.fortress.rbac.Session#getAdminRoles()}. - * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objectId} is optional. + * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objId} is optional. * @return boolean containing result of check. * @throws org.openldap.fortress.FinderException * In the event system error occurs looking up data on ldap server. @@ -836,6 +836,12 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap. // LDAP Operation #1: Read the targeted permission from ldap server //LDAPEntry entry = read(ld, dn, PERMISSION_OP_ATRS, session.getUser().getDn()); Entry entry = read( ld, dn, PERMISSION_OP_ATRS ); + if(entry == null) + { + // if permission not found, cannot continue. + String error = "checkPermission DOES NOT EXIST : obj name [" + inPerm.getObjName() + "], obj id [" + inPerm.getObjId() + "], op name [" + inPerm.getOpName() + "], idAdmin [" + inPerm.isAdmin() + "]"; + throw new FinderException( GlobalErrIds.PERM_NOT_EXIST, error ); + } // load the permission entity with data retrieved from the permission node: Permission outPerm = unloadPopLdapEntry( entry, 0, inPerm.isAdmin() ); http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java index bc892fa..cf6e233 100755 --- a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java +++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java @@ -383,12 +383,17 @@ public final class UserDAO extends ApacheDsDataProvider implements org.openldap. // These are multi-valued attributes, use the util function to load: // These items are optional. The utility function will return quietly if no items are loaded into collection: + loadAttrs( entity.getPhones(), myEntry, TELEPHONE_NUMBER ); + loadAttrs( entity.getMobiles(), myEntry, MOBILE ); + loadAttrs( entity.getEmails(), myEntry, MAIL ); +/* myEntry.add( TELEPHONE_NUMBER, entity.getPhones().toArray( new String[] {} ) ); myEntry.add( MOBILE, entity.getMobiles().toArray( new String[] {} ) ); myEntry.add( MAIL, entity.getEmails().toArray( new String[] {} ) ); +/ // The following attributes are optional: if ( VUtil.isNotNullOrEmpty( entity.isSystem() ) ) http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java index 2395d10..e39ac4f 100755 --- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java +++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java @@ -782,7 +782,7 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap record storage on ldap server but can be disabled. * * @param session contains {@link Session#getUserId()}, for rbac check {@link org.openldap.fortress.rbac.Session#getRoles()}, for arbac check: {@link org.openldap.fortress.rbac.Session#getAdminRoles()}. - * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objectId} is optional. + * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objId} is optional. * @return boolean containing result of check. * @throws org.openldap.fortress.FinderException * In the event system error occurs looking up data on ldap server. @@ -800,6 +800,13 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap ld = getAdminConnection(); // LDAP Operation #1: Read the targeted permission from ldap server LDAPEntry entry = read( ld, dn, PERMISSION_OP_ATRS ); + if(entry == null) + { + // if permission not found, cannot continue. + String error = "checkPermission DOES NOT EXIST : obj name [" + inPerm.getObjName() + "], obj id [" + inPerm.getObjId() + "], op name [" + inPerm.getOpName() + "], idAdmin [" + inPerm.isAdmin() + "]"; + throw new FinderException( GlobalErrIds.PERM_NOT_EXIST, error ); + } + // load the permission entity with data retrieved from the permission node: Permission outPerm = unloadPopLdapEntry( entry, 0, inPerm.isAdmin() ); // The admin flag will be set to 'true' if this is an administrative permission: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java b/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java index cbddd3f..721ae08 100755 --- a/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java +++ b/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java @@ -744,13 +744,23 @@ public class AccessMgrImplTest extends TestCase .getObjId( opArray[j] ) ) ) ); // Call checkAccess method (this should fail): - assertTrue( - CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + try + { + boolean result = accessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ), + PermTestData.getName( opArrayBad[j] ), PermTestData.getObjId( opArrayBad[j] ) ) ); + assertTrue( + CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + + PermTestData.getName( oArrayBad[i] ) + "] operationName [" + + PermTestData.getName( opArrayBad[j] ) + "]", + !result ); + } + catch (SecurityException se) + { + // The expected condition is security exception perm not exist: + assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + PermTestData.getName( oArrayBad[i] ) + "] operationName [" - + PermTestData.getName( opArrayBad[j] ) + "]", - !accessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ), - PermTestData.getName( opArrayBad[j] ), PermTestData.getObjId( opArrayBad[j] ) ) ) ); - + + PermTestData.getName( opArrayBad[j] ) + "], negative use case, incorrect exception id=" + se.getErrorId(), se.getErrorId() == GlobalErrIds.PERM_NOT_EXIST ); + } j++; } i++; http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java b/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java index 6e360aa..e72dfdb 100755 --- a/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java +++ b/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java @@ -548,13 +548,23 @@ public class DelegatedMgrImplTest extends TestCase for ( String[] op : opArrayBad ) { // Call checkAccess method (this should fail): - assertTrue( - CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + try + { + boolean result = dAccessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ), + PermTestData.getName( opArrayBad[j] ) ) ); + assertTrue( + CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + + PermTestData.getName( oArrayBad[i] ) + "] operationName [" + + PermTestData.getName( opArrayBad[j] ) + "]", + !result ); + } + catch (SecurityException se) + { + // The expected condition is security exception perm not exist: + assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" + PermTestData.getName( oArrayBad[i] ) + "] operationName [" - + PermTestData.getName( opArrayBad[j] ) + "]", - !dAccessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ), - PermTestData.getName( opArrayBad[j] ) ) ) ); - + + PermTestData.getName( opArrayBad[j] ) + "], negative use case, incorrect exception id=" + se.getErrorId(), se.getErrorId() == GlobalErrIds.PERM_NOT_EXIST ); + } j++; } i++;

* 10300's - LDAP Group operation Error Ids *

*
10300's - LDAP Group operation Error Ids *