directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cp...@apache.org
Subject [1/7] directory-fortress-core git commit: added admin permissions and checks into some of the access manager impls
Date Sat, 20 Feb 2016 14:52:01 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master 86c8ee4ea -> c4e00f2cc


added admin permissions and checks into some of the access manager impls


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/f0b158b6
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/f0b158b6
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/f0b158b6

Branch: refs/heads/master
Commit: f0b158b6916ad8276fdcc2b7b2f6e9733960b2d7
Parents: 86c8ee4
Author: clp207 <clp207@psu.edu>
Authored: Fri Feb 19 12:59:54 2016 -0500
Committer: clp207 <clp207@psu.edu>
Committed: Fri Feb 19 12:59:54 2016 -0500

----------------------------------------------------------------------
 ldap/setup/DelegatedAdminManagerLoad.xml                     | 8 ++++++++
 .../apache/directory/fortress/core/impl/AccessMgrImpl.java   | 4 ++++
 2 files changed, 12 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f0b158b6/ldap/setup/DelegatedAdminManagerLoad.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/DelegatedAdminManagerLoad.xml b/ldap/setup/DelegatedAdminManagerLoad.xml
index f409343..fc414b2 100644
--- a/ldap/setup/DelegatedAdminManagerLoad.xml
+++ b/ldap/setup/DelegatedAdminManagerLoad.xml
@@ -154,6 +154,9 @@
                 <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl"
opName="find" roleNm="fortress-core-super-admin" admin="true"/>
                 <permgrant objName="org.apache.directory.fortress.core.impl.GroupMgrImpl"
opName="findWithUsers" roleNm="fortress-core-super-admin" admin="true"/>
 
+                <permgrant objName="org.apache.directory.fortress.core.impl.AccessMgrImpl"
opName="sessionPermissions" roleNm="fortress-core-super-admin" admin="true"/>
+            	<permgrant objName="org.apache.directory.fortress.core.impl.AccessMgrImpl"
opName="sessionRoles" roleNm="fortress-core-super-admin" admin="true"/>
+            	<permgrant objName="org.apache.directory.fortress.core.impl.AccessMgrImpl"
opName="authorizedRoles" roleNm="fortress-core-super-admin" admin="true"/>
             </addpermgrant>
 
             <addpermobj>
@@ -164,6 +167,7 @@
                 <permobj objName="org.apache.directory.fortress.core.impl.ReviewMgrImpl"
description="RBAC review policies" ou="default" type="ARBAC" admin="true"/>
                 <permobj objName="org.apache.directory.fortress.core.impl.AuditMgrImpl"
description="RBAC audit review" ou="default" type="ARBAC" admin="true"/>
                 <permobj objName="org.apache.directory.fortress.core.impl.GroupMgrImpl"
description="LDAP Group admin policies" ou="default" type="ARBAC" admin="true"/>
+            	<permobj objName="org.apache.directory.fortress.core.impl.AccessMgrImpl"
description="LDAP Group admin policies" ou="default" type="ARBAC" admin="true"/>
             </addpermobj>
 
             <addpermop>
@@ -285,6 +289,10 @@
                 <permop objName="org.apache.directory.fortress.core.impl.GroupMgrImpl"
opName="findWithUsers" admin="true"/>
                 <permop objName="org.apache.directory.fortress.core.impl.GroupMgrImpl"
opName="assign" admin="true"/>
                 <permop objName="org.apache.directory.fortress.core.impl.GroupMgrImpl"
opName="deassign" admin="true"/>
+            	
+            	<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="sessionPermissions"
admin="true"/>
+            	<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="sessionRoles"
admin="true"/>
+            	<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="authorizedRoles"
admin="true"/>
             </addpermop>
 
          </FortressAdmin>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f0b158b6/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java
index b07f77a..e4d250b 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java
@@ -128,6 +128,7 @@ public class AccessMgrImpl extends Manageable implements AccessMgr
         String methodName = "checkAccess";
         assertContext( CLS_NM, methodName, perm, GlobalErrIds.PERM_NULL );
         assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
+        
         VUtil.assertNotNullOrEmpty( perm.getOpName(), GlobalErrIds.PERM_OPERATION_NULL,
             getFullMethodName( CLS_NM, methodName ) );
         VUtil.assertNotNullOrEmpty( perm.getObjName(), GlobalErrIds.PERM_OBJECT_NULL,
@@ -149,6 +150,7 @@ public class AccessMgrImpl extends Manageable implements AccessMgr
         assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
         VUtil.validateConstraints( session, VUtil.ConstraintType.USER, false );
         VUtil.validateConstraints( session, VUtil.ConstraintType.ROLE, false );
+        setEntitySession(CLS_NM, methodName, session);
         return permP.search( session );
     }
 
@@ -164,6 +166,7 @@ public class AccessMgrImpl extends Manageable implements AccessMgr
         assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
         VUtil.validateConstraints( session, VUtil.ConstraintType.USER, false );
         VUtil.validateConstraints( session, VUtil.ConstraintType.ROLE, false );
+        setEntitySession(CLS_NM, methodName, session);
         return session.getRoles();
     }
 
@@ -180,6 +183,7 @@ public class AccessMgrImpl extends Manageable implements AccessMgr
         VUtil.assertNotNull( session.getUser(), GlobalErrIds.USER_NULL, CLS_NM + ".authorizedRoles"
);
         VUtil.validateConstraints( session, VUtil.ConstraintType.USER, false );
         VUtil.validateConstraints( session, VUtil.ConstraintType.ROLE, false );
+        setEntitySession(CLS_NM, methodName, session);
         return RoleUtil.getInheritedRoles( session.getRoles(), this.contextId );
     }
 


Mime
View raw message