directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject directory-fortress-core git commit: FC-249 - New API isUserInRole in AccessMgr
Date Wed, 24 Oct 2018 13:26:05 GMT
Repository: directory-fortress-core
Updated Branches:
  refs/heads/master c105b8287 -> fdc0662b6


FC-249 - New API isUserInRole in AccessMgr


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/fdc0662b
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/fdc0662b
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/fdc0662b

Branch: refs/heads/master
Commit: fdc0662b646db535e7b1b5c8ec4573a9a0f6a5c6
Parents: c105b82
Author: Shawn McKinney <smckinney@apache.org>
Authored: Tue Oct 23 11:13:30 2018 -0500
Committer: Shawn McKinney <smckinney@apache.org>
Committed: Tue Oct 23 11:13:30 2018 -0500

----------------------------------------------------------------------
 .../directory/fortress/core/AccessMgr.java      | 15 ++++++
 .../fortress/core/impl/AccessMgrImpl.java       | 23 ++++++++++
 .../fortress/core/rest/AccessMgrRestImpl.java   | 30 +++++++++++-
 .../directory/fortress/core/rest/HttpIds.java   |  1 +
 .../fortress/core/AccessMgrConsole.java         | 48 ++++++++++++++++++--
 .../fortress/core/ProcessMenuCommand.java       | 27 ++++++-----
 6 files changed, 127 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fdc0662b/src/main/java/org/apache/directory/fortress/core/AccessMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/AccessMgr.java b/src/main/java/org/apache/directory/fortress/core/AccessMgr.java
index c21c528..020259b 100755
--- a/src/main/java/org/apache/directory/fortress/core/AccessMgr.java
+++ b/src/main/java/org/apache/directory/fortress/core/AccessMgr.java
@@ -314,6 +314,21 @@ public interface AccessMgr extends Manageable
         throws SecurityException;
 
     /**
+     * Combine createSession and a role check into a single method.
+     * This function returns a Boolean value meaning whether the User has a particular role.
+     * The function is valid if and only if the user is a valid Fortress user and the role
is a member of the ROLES data set.
+     *
+     * @param user      Contains {@link User#userId}, {@link org.apache.directory.fortress.core.model.User#password}
+     * (optional if {@code isTrusted} is 'true'), optional {@link User#roles}}
+     * @param role    object contains the role name, {@link Role#name}, to be checked.
+     * @return True if user has role, false otherwise.
+     * @throws SecurityException
+     *          in the event of data validation failure, security policy violation or DAO
error.
+     */
+    public boolean isUserInRole( User user, Role role, boolean isTrusted )
+        throws SecurityException;
+
+    /**
      * This function returns the permissions of the session, i.e., the permissions assigned
      * to its authorized roles. The function is valid if and only if the session is a valid
Fortress session.
      *

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fdc0662b/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java
index c001245..0d79785 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/AccessMgrImpl.java
@@ -180,6 +180,29 @@ public class AccessMgrImpl extends Manageable implements AccessMgr, Serializable
     /**
      * {@inheritDoc}
      */
+    public boolean isUserInRole( User user, Role role, boolean isTrusted )
+        throws SecurityException
+    {
+        String methodName = "isUserInRole";
+        assertContext( CLS_NM, methodName, role, GlobalErrIds.ROLE_NULL );
+        VUtil.getInstance().assertNotNullOrEmpty( role.getName(), GlobalErrIds.ROLE_NM_NULL,
+            getFullMethodName( CLS_NM, methodName ) );
+        boolean result = false;
+        Session session = createSession( user, isTrusted );
+        List<UserRole> sRoles = session.getRoles();
+        UserRole uRole = new UserRole( user.getUserId(), role.getName() );
+        // If session has role activated:
+        if ( sRoles != null && sRoles.contains( uRole ) )
+        {
+            result = true;
+        }
+        return result;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
     @Override
     @AdminPermissionOperation
     public List<Permission> sessionPermissions( Session session )

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fdc0662b/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
b/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
index cf9c331..70921f5 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/AccessMgrRestImpl.java
@@ -210,7 +210,7 @@ public class AccessMgrRestImpl extends Manageable implements AccessMgr
         boolean result;
         FortRequest request = RestUtils.getRequest( this.contextId );
         request.setEntity2(user);
-        request.setEntity(perm);
+        request.setEntity( perm );
         request.setIsFlag( isTrusted );
         String szRequest = RestUtils.marshal(request);
         String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.RBAC_CHECK);
@@ -230,6 +230,34 @@ public class AccessMgrRestImpl extends Manageable implements AccessMgr
      * {@inheritDoc}
      */
     @Override
+    public boolean isUserInRole( User user, Role role, boolean isTrusted )
+        throws SecurityException
+    {
+        VUtil.assertNotNull(role, GlobalErrIds.ROLE_NULL, CLS_NM + ".isUserInRole");
+        VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".isUserInRole");
+        boolean result;
+        FortRequest request = RestUtils.getRequest( this.contextId );
+        request.setEntity2(user);
+        request.setEntity(role);
+        request.setIsFlag( isTrusted );
+        String szRequest = RestUtils.marshal(request);
+        String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.RBAC_CHECK_ROLE);
+        FortResponse response = RestUtils.unmarshall(szResponse);
+        if (response.getErrorCode() == 0)
+        {
+            result = response.getAuthorized();
+        }
+        else
+        {
+            throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
+        }
+        return result;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
     public List<Permission> sessionPermissions(Session session)
         throws SecurityException
     {

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fdc0662b/src/main/java/org/apache/directory/fortress/core/rest/HttpIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/HttpIds.java b/src/main/java/org/apache/directory/fortress/core/rest/HttpIds.java
index aa1dc15..1e72682 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/HttpIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/HttpIds.java
@@ -29,6 +29,7 @@ public class HttpIds
     public static final String RBAC_AUTHN = "rbacAuthN";
     public static final String RBAC_CREATE = "rbacCreate";
     public static final String RBAC_CHECK = "rbacCheck";
+    public static final String RBAC_CHECK_ROLE = "rbacCheckRole";
     public static final String RBAC_CREATE_TRUSTED = "rbacCreateT";
     public static final String RBAC_AUTHZ = "rbacAuthZ";
     public static final String RBAC_PERMS = "rbacPerms";

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fdc0662b/src/test/java/org/apache/directory/fortress/core/AccessMgrConsole.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/AccessMgrConsole.java b/src/test/java/org/apache/directory/fortress/core/AccessMgrConsole.java
index 7c9dc7d..5da1a55 100755
--- a/src/test/java/org/apache/directory/fortress/core/AccessMgrConsole.java
+++ b/src/test/java/org/apache/directory/fortress/core/AccessMgrConsole.java
@@ -27,6 +27,7 @@ import java.util.List;
 import java.util.Properties;
 
 import org.apache.directory.fortress.core.model.Permission;
+import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.RoleConstraint;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.model.User;
@@ -352,7 +353,7 @@ class AccessMgrConsole
         try
         {
             Permission perm = new Permission();
-            System.out.println("Enter object name:");
+            System.out.println( "Enter object name:" );
             perm.setObjName( ReaderUtil.readLn() );
             System.out.println("Enter operation name:");
             perm.setOpName( ReaderUtil.readLn() );
@@ -366,10 +367,7 @@ class AccessMgrConsole
             System.out.println("Enter userId:");
             String userId = ReaderUtil.readLn();
             User inUser = new User(userId);
-
-            Properties props = new Properties(  );
-            props.setProperty( "locale", "east" );
-            inUser.addProperties( props );
+            inUser.addProperties( getRuntimeProps() );
             boolean result = am.checkAccess( inUser, perm, true );
             System.out.println("createSessionCheckAccess return [" + result + "] for user
[" + userId + "], objName [" + perm.getObjName() + "], operationName [" + perm.getOpName()
+ "]" +
                 ", objId [" + perm.getObjId() + "]");
@@ -382,6 +380,46 @@ class AccessMgrConsole
         ReaderUtil.readChar();
     }
 
+    void isUserInRole()
+    {
+        //Session session = null;
+        try
+        {
+            Role role = new Role();
+            System.out.println("Enter role name:");
+            role.setName( ReaderUtil.readLn() );
+
+            System.out.println("Enter userId:");
+            String userId = ReaderUtil.readLn();
+            User inUser = new User(userId);
+            inUser.addProperties( getRuntimeProps() );
+            boolean result = am.isUserInRole( inUser, role, true );
+            System.out.println("isUserInRole return [" + result + "] for user [" + userId
+ "], role [" + role.getName() + "]");
+            System.out.println("ENTER to continue");
+        }
+        catch (SecurityException e)
+        {
+            LOG.error("isUserInRole caught SecurityException rc=" + e.getErrorId() + ", msg="
+ e.getMessage(), e);
+        }
+        ReaderUtil.readChar();
+    }
+
+    private Properties getRuntimeProps()
+    {
+        Properties props = new Properties(  );
+        System.out.println("Do you want to set a runtime constrait on user role activation?
- Y or NULL to skip");
+        String choice = ReaderUtil.readLn();
+        if (choice != null && choice.equalsIgnoreCase("Y"))
+        {
+            System.out.println("Enter constraint type):");
+            String key = ReaderUtil.readLn();
+            System.out.println( "Enter constraint value):" );
+            String value = ReaderUtil.readLn();
+            props.setProperty( key, value );
+        }
+        return props;
+    }
+
     void sessionRoles()
     {
         try

http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fdc0662b/src/test/java/org/apache/directory/fortress/core/ProcessMenuCommand.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/directory/fortress/core/ProcessMenuCommand.java b/src/test/java/org/apache/directory/fortress/core/ProcessMenuCommand.java
index 1ab2914..c2698ba 100755
--- a/src/test/java/org/apache/directory/fortress/core/ProcessMenuCommand.java
+++ b/src/test/java/org/apache/directory/fortress/core/ProcessMenuCommand.java
@@ -707,12 +707,13 @@ class ProcessMenuCommand
         System.out.println( "5. Create Session with Props" );
         System.out.println( "6. Check Access - RBAC" );
         System.out.println( "7. Create Session & Check Access" );
-        System.out.println( "8. Session Roles" );
-        System.out.println( "9. Add Active Role to Session" );
-        System.out.println( "0. Drop Active Role from Session" );
-        System.out.println( "A. Show User Data in Session" );
-        System.out.println( "B. Show UserId in Session" );
-        System.out.println( "C. Session Permissions" );
+        System.out.println( "8. Is User In Role" );
+        System.out.println( "9. Session Roles" );
+        System.out.println( "0. Add Active Role to Session" );
+        System.out.println( "A. Drop Active Role from Session" );
+        System.out.println( "B. Show User Data in Session" );
+        System.out.println( "C. Show UserId in Session" );
+        System.out.println( "D. Session Permissions" );
         System.out.println( "Enter q or Q to return to previous menu" );
     }
 
@@ -757,24 +758,28 @@ class ProcessMenuCommand
                         accessConsole.createSessionCheckAccess();
                         break;
                     case '8':
-                        accessConsole.sessionRoles();
+                        accessConsole.isUserInRole();
                         break;
                     case '9':
-                        accessConsole.addActiveRole();
+                        accessConsole.sessionRoles();
                         break;
                     case '0':
-                        accessConsole.dropActiveRole();
+                        accessConsole.addActiveRole();
                         break;
                     case 'a':
                     case 'A':
-                        accessConsole.getUser();
+                        accessConsole.dropActiveRole();
                         break;
                     case 'b':
                     case 'B':
-                        accessConsole.getUserId();
+                        accessConsole.getUser();
                         break;
                     case 'c':
                     case 'C':
+                        accessConsole.getUserId();
+                        break;
+                    case 'd':
+                    case 'D':
                         accessConsole.sessionPermissions();
                         break;
                     case 'q':


Mime
View raw message