directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cp...@apache.org
Subject [10/43] directory-fortress-core git commit: added validation checks on pasetname and unit tests that test bad names being added to perm and roleconstraints
Date Thu, 06 Oct 2016 17:49:27 GMT
added validation checks on pasetname and unit tests that test bad names being added to perm
and roleconstraints


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/074fa2a5
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/074fa2a5
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/074fa2a5

Branch: refs/heads/master
Commit: 074fa2a559a255466a429260e3b385814abf0b76
Parents: 9364604
Author: clp207 <clp207@psu.edu>
Authored: Mon Feb 1 08:51:51 2016 -0500
Committer: clp207 <clp207@psu.edu>
Committed: Wed Mar 30 15:44:22 2016 -0400

----------------------------------------------------------------------
 .../directory/fortress/core/GlobalErrIds.java   |  15 ++-
 .../directory/fortress/core/impl/PermP.java     |   5 +
 .../directory/fortress/core/impl/UserP.java     |  29 +++++-
 .../directory/fortress/core/util/VUtil.java     |  28 ++++-
 .../fortress/core/impl/AdminMgrImplTest.java    | 103 +++++++++++++------
 .../fortress/core/impl/PermTestData.java        |   1 +
 .../fortress/core/impl/URATestData.java         |   7 ++
 7 files changed, 155 insertions(+), 33 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/074fa2a5/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
index 93ecb29..cb56ac5 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalErrIds.java
@@ -1056,7 +1056,20 @@ public final class GlobalErrIds
      */
     public static final int DSD_VALIDATION_FAILED = 5097;
 
-
+    /**
+     * Role Constraint Errors
+     */
+    
+    /**
+     * The validation for Role Constraint type failed.
+     */
+    public static final int ROLE_CONSTRAINT_TYPE_NULL = 5100;
+    /**
+     * The validation for Role Constraint value failed.
+     */
+    public static final int ROLE_CONSTRAINT_VALUE_NULL = 5101;
+    
+    
     /**
      * 6000's - LDAP Suffix and Container Entities
      */

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/074fa2a5/src/main/java/org/apache/directory/fortress/core/impl/PermP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/PermP.java b/src/main/java/org/apache/directory/fortress/core/impl/PermP.java
index 871ffbf..3e5a7c7 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/PermP.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/PermP.java
@@ -687,5 +687,10 @@ final class PermP
                 up.read( user, false );
             }
         }
+        // Validate Perm Attr Set Name
+        if( StringUtils.isNotEmpty( pOp.getPaSetName() ))
+        {
+        	VUtil.permAttrSetName(pOp.getPaSetName());
+        }
     }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/074fa2a5/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/UserP.java b/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
index dfe7b3c..44ce0b4 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/UserP.java
@@ -638,8 +638,8 @@ final class UserP
     
     //TODO: add documentation
     void assign( UserRole uRole, RoleConstraint roleConstraint ) throws SecurityException
-    {
-    	//TODO: validate role constraint points to actual ftAttributeSet?
+    {    	
+    	validate( roleConstraint );
     	
     	uDao.assign( uRole, roleConstraint );
     }
@@ -744,6 +744,31 @@ final class UserP
             throw new ValidationException( GlobalErrIds.ROLE_NM_NULL, CLS_NM + ".validate
name is NULL" );
         }
     }
+    
+    /**
+     * Ensure that the passed in role constraint is valid
+     * 
+     * @param RoleConstaint
+     * @throws ValidationException
+     */
+    private void validate( RoleConstraint rc) throws ValidationException
+    {
+        if( StringUtils.isEmpty( rc.getPaSetName() ))
+        {
+        	throw new ValidationException( GlobalErrIds.PERM_ATTRIBUTE_SET_NM_NULL, CLS_NM +
".validate pa set name is NULL" );
+        }    	
+    	
+        VUtil.permAttrSetName(rc.getPaSetName());
+
+        if ( rc.getConstraintType() == null )
+        {
+            throw new ValidationException( GlobalErrIds.ROLE_CONSTRAINT_TYPE_NULL, CLS_NM
+ ".validate type is NULL" );
+        }
+        if( StringUtils.isEmpty( rc.getValue() ))
+        {
+        	throw new ValidationException( GlobalErrIds.ROLE_CONSTRAINT_VALUE_NULL, CLS_NM +
".validate value is NULL" );
+        }
+    }
 
 
     /**

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/074fa2a5/src/main/java/org/apache/directory/fortress/core/util/VUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/util/VUtil.java b/src/main/java/org/apache/directory/fortress/core/util/VUtil.java
index 6dbcd66..c995f80 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/VUtil.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/VUtil.java
@@ -31,11 +31,17 @@ import java.util.Properties;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang.StringUtils;
-import org.apache.directory.fortress.core.*;
+import org.apache.directory.fortress.core.CfgException;
+import org.apache.directory.fortress.core.GlobalErrIds;
+import org.apache.directory.fortress.core.GlobalIds;
+import org.apache.directory.fortress.core.ReviewMgr;
+import org.apache.directory.fortress.core.ReviewMgrFactory;
 import org.apache.directory.fortress.core.SecurityException;
+import org.apache.directory.fortress.core.ValidationException;
 import org.apache.directory.fortress.core.model.Constraint;
 import org.apache.directory.fortress.core.model.ConstraintValidator;
 import org.apache.directory.fortress.core.model.ObjectFactory;
+import org.apache.directory.fortress.core.model.PermissionAttributeSet;
 import org.apache.directory.fortress.core.model.PropUtil;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.model.UserRole;
@@ -657,4 +663,24 @@ public final class VUtil implements ConstraintValidator
         }
         return validators;
     }
+    
+    /**
+     * Checks the Permission Attribute Set exists
+     * 
+     * @param value Name of the Permission Attribute Set
+     * @throws ValidationException
+     */
+    public static void permAttrSetName( String value ) throws ValidationException
+    {    	    	
+    	try{
+    		ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();      		
+    		PermissionAttributeSet paSet = reviewMgr.readPermAttributeSet(new PermissionAttributeSet(value));
+    	}
+        catch(Exception e){
+            String error = "permissionAttributeSet - not found with name [" + value + "]";
+            throw new ValidationException( GlobalErrIds.PERM_ATTRIBUTE_SET_NOT_FOUND, error
);
+        }
+
+        RegExUtil.safeText( value );
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/074fa2a5/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
index 7ba2186..5a3ae9d 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
@@ -1893,51 +1893,63 @@ public class AdminMgrImplTest extends TestCase
     
     public void testAddPASetToPermission()
     {
-    	addPASetToPermission( "ADD-PASET-TO-POP TOB_1 TOP_1", PermTestData.TPA_SET_1_NAME, "TOB1_1",
PermTestData.OPS_TOP1_UPD[0] );   	
+    	addValidPASetToPermission( "ADD-PASET-TO-POP-VALID TOB_1 TOP_1", PermTestData.TPA_SET_1_NAME,
"TOB1_1", PermTestData.OPS_TOP1_UPD[0] );   	
+    	addInvalidPASetToPermission( "ADD-PASET-TO-POP-INVALID TOB_1 TOP_1", PermTestData.TPA_SET_NOT_EXIST_NAME,
"TOB1_1", PermTestData.OPS_TOP1_UPD[0] );   	
     }
-    
-    public static void addPASetToPermission( String msg, String paSetName, String obj, String[]
op )
-    {
-    	LogUtil.logIt(msg);
-    	try
-    	{
-    		AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );    	

 
-    		Permission pop = PermTestData.getOp( obj, op );
-    		pop.setPaSetName(paSetName);
+    public static void addInvalidPASetToPermission( String msg, String paSetName, String
obj, String[] op )
+    {
+    	try{
+    		addPASetToPermission(msg, paSetName, obj, op);
     		
-    		adminMgr.updatePermission(pop);
-    		LOG.debug( "addPASetToPermission name [" + paSetName + "] successful" );
+    		String message = "addInvalidPASetToPermission name [" + paSetName + "] was successfull,
when should ahve failed.";
+    		LOG.error( message );
+    		fail( message );
     	}
     	catch ( SecurityException ex )
     	{
-    		LOG.error( "addPASetToPermission name [" + paSetName
+    		LOG.info("Caught exception adding invalid tpa set name " + paSetName);
+    	}
+    }
+    
+    public static void addValidPASetToPermission( String msg, String paSetName, String obj,
String[] op )
+    {
+    	try{
+    		addPASetToPermission(msg, paSetName, obj, op);
+    	}
+    	catch ( SecurityException ex )
+    	{
+    		LOG.error( "addValidPASetToPermission name [" + paSetName
     				+ "] caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(),
ex );
     		fail( ex.getMessage() );
     	}
     }
     
+    public static void addPASetToPermission( String msg, String paSetName, String obj, String[]
op ) throws SecurityException
+    {
+    	LogUtil.logIt(msg);
+
+    	AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );    		
+
+    	Permission pop = PermTestData.getOp( obj, op );
+    	pop.setPaSetName(paSetName);
+
+    	adminMgr.updatePermission(pop);
+    	LOG.debug( "addPASetToPermission name [" + paSetName + "] successful" );    	
+    }
+    
     public void testAddUserRoleConstraint() throws SecurityException
     {
-    	assignUserRoleConstraint( "ASGN-URC TU1 TR1", UserTestData.USERS_TU1[0], RoleTestData.ROLES_TR1[1],
URATestData.getRC(URATestData.URC_T1) );
+    	assignValidUserRoleConstraint( "ASGN-URC-VALID TU1 TR1", UserTestData.USERS_TU1[0],
RoleTestData.ROLES_TR1[1], URATestData.getRC(URATestData.URC_T1) );
+    	
+    	assignInvalidUserRoleConstraint( "ASGN-URC-INVALID TU1 TR1", UserTestData.USERS_TU1[0],
RoleTestData.ROLES_TR1[1], URATestData.getRC(URATestData.URC_T1_INVALID) );
     }
     
-    public static void assignUserRoleConstraint( String msg, String[] usr, String[] rle,
RoleConstraint rc )
+    public static void assignValidUserRoleConstraint( String msg, String[] usr, String[]
rle, RoleConstraint rc )
     {
-        LogUtil.logIt( msg );
-        try
-        {
-            AdminMgr adminMgr = getManagedAdminMgr();
-            ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
-            
-            User user = UserTestData.getUser( usr );
-            Role role = RoleTestData.getRole( rle );
-            
-            adminMgr.addRoleConstraint(new UserRole(user.getUserId(), role.getName()), rc);
-           
-            LOG.debug("assignUserRoleConstraint user [" + user.getUserId() + "] role [" +
role.getName() + "] " +
-            				" rcvalue [" + rc.getValue() + "]");
-        }
+    	try{
+    		assignUserRoleConstraint(msg, usr, rle, rc);
+    	}
         catch ( SecurityException ex )
         {
             LOG.error(
@@ -1945,6 +1957,39 @@ public class AdminMgrImplTest extends TestCase
                     + ex.getMessage(), ex );
             fail( ex.getMessage() );
         }
+    
+    }
+    
+    public static void assignInvalidUserRoleConstraint( String msg, String[] usr, String[]
rle, RoleConstraint rc )
+    {
+    	try{
+    		assignUserRoleConstraint(msg, usr, rle, rc);
+    		
+    		String message = "assignInvalidUserRoleConstraint name [" + rc.getPaSetName() + "]
was successfull, when should ahve failed.";
+    		LOG.error( message );
+    		fail( message );
+    	}
+    	catch ( SecurityException ex )
+    	{
+    		LOG.info("Caught exception adding invalid tpa set name " + rc.getPaSetName());
+    	}
+    
+    }
+    
+    public static void assignUserRoleConstraint( String msg, String[] usr, String[] rle,
RoleConstraint rc ) throws SecurityException
+    {
+    	LogUtil.logIt( msg );
+
+    	AdminMgr adminMgr = getManagedAdminMgr();
+    	ReviewMgr reviewMgr = ReviewMgrImplTest.getManagedReviewMgr();
+
+    	User user = UserTestData.getUser( usr );
+    	Role role = RoleTestData.getRole( rle );
+
+    	adminMgr.addRoleConstraint(new UserRole(user.getUserId(), role.getName()), rc);
+
+    	LOG.debug("assignUserRoleConstraint user [" + user.getUserId() + "] role [" + role.getName()
+ "] " +
+    			" rcvalue [" + rc.getValue() + "]");       
     }
     
     

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/074fa2a5/src/test/java/org/apache/directory/fortress/core/impl/PermTestData.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/PermTestData.java b/src/test/java/org/apache/directory/fortress/core/impl/PermTestData.java
index 05f2f18..45718a9 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/PermTestData.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/PermTestData.java
@@ -2772,6 +2772,7 @@ public class PermTestData extends TestCase
      */
     public static final String TPA_SET_1_NAME = "TPASET1";
     public static final String TPA_SET_2_NAME = "TPASET2";
+    public static final String TPA_SET_NOT_EXIST_NAME = "NOTEXISTTPASETNAME";
     
     public static final String[][] PA_TPSASET1 =
     {

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/074fa2a5/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java b/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
index 0f1b729..3ee76c4 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/URATestData.java
@@ -953,6 +953,13 @@ public class URATestData extends TestCase
     	"TPASET1AttributeName1=testattributevalue" //CONSTAIN_VALUE
     };
     
+    public static final String[] URC_T1_INVALID =
+    {
+    	"TPASETNAMENOTEXIST", // CONSTRAINT_PASET_NM
+    	"FILTER", //CONSTAINT_TYPE
+    	"TPASET1AttributeName1=testattributevalue" //CONSTAIN_VALUE
+    };
+    
     /**
     * The Fortress test data for junit uses 2-dimensional arrays.
     */


Mime
View raw message