directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-commander git commit: FC-79 - add common utils to web component
Date Wed, 11 Mar 2015 15:11:38 GMT
Repository: directory-fortress-commander
Updated Branches:
  refs/heads/master 574d31c0f -> 36a7c118f


FC-79 - add common utils to web component


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/commit/36a7c118
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/tree/36a7c118
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/diff/36a7c118

Branch: refs/heads/master
Commit: 36a7c118f912535e51eafefb5c7dcab74a8db9ad
Parents: 574d31c
Author: Shawn McKinney <smckinney@apache.org>
Authored: Wed Mar 11 10:11:25 2015 -0500
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Wed Mar 11 10:11:25 2015 -0500

----------------------------------------------------------------------
 .../apache/directory/fortress/web/SecUtils.java | 98 ++++++++++++++++++++
 1 file changed, 98 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-commander/blob/36a7c118/src/main/java/org/apache/directory/fortress/web/SecUtils.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/web/SecUtils.java b/src/main/java/org/apache/directory/fortress/web/SecUtils.java
index cbe5617..1e266fd 100644
--- a/src/main/java/org/apache/directory/fortress/web/SecUtils.java
+++ b/src/main/java/org/apache/directory/fortress/web/SecUtils.java
@@ -22,6 +22,8 @@ package org.apache.directory.fortress.web;
 import org.apache.directory.fortress.core.*;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.cfg.Config;
+import org.apache.directory.fortress.core.rbac.UserRole;
+import org.apache.directory.fortress.core.rbac.Warning;
 import org.apache.directory.fortress.realm.J2eePolicyMgr;
 import org.apache.log4j.Logger;
 import org.apache.wicket.Component;
@@ -29,6 +31,7 @@ import org.apache.directory.fortress.core.rbac.Permission;
 import org.apache.directory.fortress.core.rbac.Session;
 import org.apache.directory.fortress.core.rbac.User;
 import org.apache.directory.fortress.core.util.attr.VUtil;
+import org.apache.wicket.ajax.AjaxRequestTarget;
 
 import javax.servlet.http.HttpServletRequest;
 import java.util.List;
@@ -222,4 +225,99 @@ public class SecUtils
             }
         }
     }
+
+    /**
+     * Call RBAC addActiveRole to active role into session.
+     *
+     * @param target
+     * @param roleName
+     * @return
+     */
+    public static boolean addActiveRole( Component component, AjaxRequestTarget target, AccessMgr
accessMgr, String roleName )
+    {
+        boolean isSuccessful = false;
+        try
+        {
+            WicketSession session = ( WicketSession ) component.getSession();
+            session.getSession().setWarnings( null );
+            accessMgr.addActiveRole( session.getSession(), new UserRole( roleName ) );
+            List<Warning> warnings = session.getSession().getWarnings();
+            if ( VUtil.isNotNullOrEmpty( warnings ) )
+            {
+                for ( Warning warning : warnings )
+                {
+                    LOG.info( "Warning: " + warning.getMsg() + " errCode: " + warning.getId()
+ " name: " + warning
+                        .getName() + " type: " + warning.getType().toString() );
+                    if ( warning.getType() == Warning.Type.ROLE && warning.getName().equalsIgnoreCase(
roleName ) )
+                    {
+                        String error = warning.getMsg() + " code: " + warning.getId();
+                        LOG.error( error );
+                        target.appendJavaScript( ";alert('" + error + "');" );
+                        return false;
+                    }
+                }
+            }
+
+            // User's active role set changed so refresh their permissions:
+            SecUtils.getPermissions( component, accessMgr );
+            isSuccessful = true;
+            String message = "Activate role name: " + roleName + " successful";
+            LOG.info( message );
+        }
+        catch ( org.apache.directory.fortress.core.SecurityException se )
+        {
+            String msg = "Role selection " + roleName + " activation failed because of ";
+            if ( se.getErrorId() == GlobalErrIds.DSD_VALIDATION_FAILED )
+            {
+                msg += "Dynamic SoD rule violation";
+            }
+            else if ( se.getErrorId() == GlobalErrIds.URLE_ALREADY_ACTIVE )
+            {
+                msg += "Role already active in Session";
+            }
+            else
+            {
+                msg += "System error: " + se + ", " + "errId=" + se.getErrorId();
+            }
+            LOG.error( msg );
+            target.appendJavaScript( ";alert('" + msg + "');" );
+        }
+        return isSuccessful;
+    }
+
+    /**
+     * Call RBAC dropActiveRole to deactivate role from session.
+     *
+     * @param target
+     * @param roleName
+     * @return
+     */
+    public static boolean dropActiveRole( Component component, AjaxRequestTarget target,
AccessMgr accessMgr, String roleName )
+    {
+        boolean isSuccessful = false;
+        try
+        {
+            WicketSession session = ( WicketSession ) component.getSession();
+            accessMgr.dropActiveRole( session.getSession(), new UserRole( roleName ) );
+            // User's active role set changed so refresh their permissions:
+            SecUtils.getPermissions( component, accessMgr );
+            isSuccessful = true;
+            LOG.info( "Fortress dropActiveRole roleName: " + roleName + " was successful"
);
+        }
+        catch ( SecurityException se )
+        {
+            String msg = "Role selection " + roleName + " deactivation failed because of
";
+            if ( se.getErrorId() == GlobalErrIds.URLE_NOT_ACTIVE )
+            {
+                msg += "Role not active in session";
+            }
+            else
+            {
+                msg += "System error: " + se + ", " + "errId=" + se.getErrorId();
+            }
+            LOG.error( msg );
+            target.appendJavaScript( ";alert('" + msg + "');" );
+        }
+        return isSuccessful;
+    }
 }


Mime
View raw message