directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cp...@apache.org
Subject [4/7] directory-fortress-core git commit: Added ability to perform arbac checks for del access manager
Date Sat, 20 Feb 2016 14:52:04 GMT
Added ability to perform arbac checks for del access manager

Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/9924cac5
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/9924cac5
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/9924cac5

Branch: refs/heads/master
Commit: 9924cac58d7ed1aa2f327ab71d2925909d51afba
Parents: e17a16b
Author: clp207 <clp207@psu.edu>
Authored: Sat Feb 20 09:04:42 2016 -0500
Committer: clp207 <clp207@psu.edu>
Committed: Sat Feb 20 09:04:42 2016 -0500

----------------------------------------------------------------------
 ldap/setup/DelegatedAdminManagerLoad.xml            |  5 +++++
 .../fortress/core/impl/DelAccessMgrImpl.java        | 16 ++++++++++------
 2 files changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9924cac5/ldap/setup/DelegatedAdminManagerLoad.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/DelegatedAdminManagerLoad.xml b/ldap/setup/DelegatedAdminManagerLoad.xml
index 1d117dc..ed6d4e6 100644
--- a/ldap/setup/DelegatedAdminManagerLoad.xml
+++ b/ldap/setup/DelegatedAdminManagerLoad.xml
@@ -168,6 +168,7 @@
                 <permobj objName="org.apache.directory.fortress.core.impl.AuditMgrImpl"
description="RBAC audit review" ou="default" type="ARBAC" admin="true"/>
                 <permobj objName="org.apache.directory.fortress.core.impl.GroupMgrImpl"
description="LDAP Group admin policies" ou="default" type="ARBAC" admin="true"/>
             	<permobj objName="org.apache.directory.fortress.core.impl.AccessMgrImpl"
description="Access Manager Policies" ou="default" type="ARBAC" admin="true"/>
+            	<permobj objName="org.apache.directory.fortress.core.impl.DelAccessMgrImpl"
description="Delegated Access Manager Policies" ou="default" type="ARBAC" admin="true"/>
             </addpermobj>
 
             <addpermop>
@@ -294,6 +295,10 @@
             	<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="sessionPermissions"
admin="true"/>
             	<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="sessionRoles"
admin="true"/>
             	<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="authorizedRoles"
admin="true"/>
+            	
+            	<permop objName="org.apache.directory.fortress.core.impl.DelAccessMgrImpl"
opName="sessionAdminRoles" admin="true"/>
+            	<permop objName="org.apache.directory.fortress.core.impl.DelAccessMgrImpl"
opName="authorizedAdminRoles" admin="true"/>
+            	<permop objName="org.apache.directory.fortress.core.impl.DelAccessMgrImpl"
opName="sessionPermissions" admin="true"/>
             </addpermop>
 
          </FortressAdmin>

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9924cac5/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
index 975d24a..62e7797 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
@@ -19,22 +19,22 @@
  */
 package org.apache.directory.fortress.core.impl;
 
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.directory.fortress.core.DelAccessMgr;
 import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.util.Config;
+import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.model.PermObj;
 import org.apache.directory.fortress.core.model.Permission;
 import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserAdminRole;
+import org.apache.directory.fortress.core.util.Config;
 import org.apache.directory.fortress.core.util.VUtil;
-import org.apache.directory.fortress.core.SecurityException;
-
-import java.util.List;
-import java.util.Set;
-import java.util.TreeSet;
 
 /**
  * This class implements the ARBAC02 DelAccessMgr interface for performing runtime delegated
access control operations on 
@@ -209,7 +209,9 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr
     public List<UserAdminRole> sessionAdminRoles(Session session)
         throws SecurityException
     {
+    	String methodName = "sessionAdminRoles";
         VUtil.assertNotNull(session, GlobalErrIds.USER_SESS_NULL, CLS_NM + ".sessionAdminRoles");
+        setEntitySession(CLS_NM, methodName, session);
         return session.getAdminRoles();
     }
 
@@ -223,6 +225,7 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr
         String methodName = "authorizedAdminRoles";
         assertContext(CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL);
         assertContext( CLS_NM, methodName, session.getUser(), GlobalErrIds.USER_NULL );
+        setEntitySession(CLS_NM, methodName, session);
         return AdminRoleUtil.getInheritedRoles( session.getAdminRoles(), this.contextId );
     }
 
@@ -237,6 +240,7 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr
         assertContext(CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL);
         VUtil.validateConstraints( session, VUtil.ConstraintType.USER, false );
         VUtil.validateConstraints( session, VUtil.ConstraintType.ROLE, false );
+        setEntitySession(CLS_NM, methodName, session);
         return permP.search( session, true );
     }
 


Mime
View raw message