This is an automated email from the ASF dual-hosted git repository.
smckinney pushed a commit to branch FC-265
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git
The following commit(s) were added to refs/heads/FC-265 by this push:
new c2769c0 + special role to disable range checks, junit tests run clean
c2769c0 is described below
commit c2769c0a70a553c2566fb2ce60ecef0631ee0aa5
Author: Shawn McKinney <smckinney@apache.org>
AuthorDate: Thu Mar 14 17:09:55 2019 -0500
+ special role to disable range checks, junit tests run clean
---
.../apache/directory/fortress/core/GlobalIds.java | 15 ++++-
.../directory/fortress/core/impl/ConfigDAO.java | 1 +
.../fortress/core/impl/DelAccessMgrImpl.java | 17 +++++-
.../directory/fortress/core/rest/RestUtils.java | 5 +-
.../fortress/core/impl/AdminMgrImplTest.java | 16 +++---
.../fortress/core/impl/AuditMgrImplTest.java | 65 +++++++++++-----------
.../fortress/core/impl/DelegatedMgrImplTest.java | 30 +++++-----
7 files changed, 91 insertions(+), 58 deletions(-)
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
index eab7437..88b9f6f 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
@@ -600,5 +600,18 @@ public final class GlobalIds
* Attribute name for storing Fortress permission attribute valid vals name.
*/
public static final String FT_PERMISSION_ATTRIBUTE_VALID_VALUES = "ftPAValidVals";
-
+
+ /**
+ * Attribute name for property containing HTTP service account userId.
+ */
+ public static final String HTTP_UID_PROP = "http.user";
+
+ /**
+ * Attribute name for property containing HTTP service account password.
+ */
+ public static final String HTTP_PW_PROP = "http.pw";
+
+
+
+
}
\ No newline at end of file
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
index cc1dd2f..6edaf5f 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
@@ -176,6 +176,7 @@ final class ConfigDAO extends LdapDataProvider
if ( mods.size() > 0 )
{
ld = getAdminConnection();
+ // TODO: change to use modify that leaves audit trail:
modify( ld, dn, mods );
}
}
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
index 19ecb41..87f6d10 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
@@ -381,7 +381,14 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr,
Ser
{
// Get the Role range for admin role:
Set<String> range;
- if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
+ //if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
+ // TODO: This should not be hardcoded!:
+ if(uaRole.getName().equalsIgnoreCase("fortress-rest-admin-user"))
+ {
+ result = true;
+ break;
+ }
+ else if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
{
range = RoleUtil.getInstance().getAscendants( uaRole.getBeginRange(),
uaRole.getEndRange(),
uaRole.isEndInclusive(), this.contextId );
@@ -455,7 +462,13 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr,
Ser
{
// Get the Role range for admin role:
Set<String> range;
- if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
+ // TODO: This should not be hardcoded!:
+ if(uaRole.getName().equalsIgnoreCase("fortress-rest-admin-user"))
+ {
+ result = true;
+ break;
+ }
+ else if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
{
range = RoleUtil.getInstance().getAscendants(uaRole.getBeginRange(),
uaRole.getEndRange(), uaRole.isEndInclusive(), this.contextId);
if(uaRole.isBeginInclusive())
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java b/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
index e77c0e8..5890078 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
@@ -62,6 +62,8 @@ import org.apache.http.impl.client.HttpClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static org.apache.directory.fortress.core.GlobalIds.*;
+
/**
* This utility class provides methods that wrap Apache's HTTP Client APIs. This class is
thread safe.
@@ -72,7 +74,6 @@ public final class RestUtils
{
private static final String CLS_NM = RestUtils.class.getName();
private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
- private static final String HTTP_PW_PROP = "http.pw";
private static final int HTTP_OK = 200;
private static final int HTTP_400_VALIDATION_EXCEPTION = 400;
private static final int HTTP_401_UNAUTHORIZED = 401;
@@ -123,7 +124,7 @@ public final class RestUtils
private void init()
{
- httpUid = Config.getInstance().getProperty( "http.user" );
+ httpUid = Config.getInstance().getProperty( HTTP_UID_PROP );
httpPw = ( ( EncryptUtil.isEnabled() ) ? EncryptUtil.getInstance().decrypt( Config
.getInstance().getProperty( HTTP_PW_PROP ) ) : Config.getInstance().getProperty(
HTTP_PW_PROP ) );
httpHost = Config.getInstance().getProperty( "http.host" );
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
index 4848aef..fc42245 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
@@ -2025,8 +2025,8 @@ public class AdminMgrImplTest extends TestCase
try
{
paSet.setAttributes(permAttr);
- AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
-
+ //AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
+ AdminMgr adminMgr = getManagedAdminMgr();
adminMgr.addPermissionAttributeSet(paSet);
LOG.debug( "addPermissionAttributeSet name [" + paSet.getName() + "] successful" );
}
@@ -2053,8 +2053,8 @@ public class AdminMgrImplTest extends TestCase
PermissionAttributeSet paSet = new PermissionAttributeSet(name);
try
{
- AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
-
+ //AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
+ AdminMgr adminMgr = getManagedAdminMgr();
adminMgr.addPermissionAttributeToSet(permAttr, name);
LOG.debug( "addPermissionAttributeToSet name [" + paSet.getName() + "] successful"
);
}
@@ -2078,8 +2078,8 @@ public class AdminMgrImplTest extends TestCase
PermissionAttributeSet paSet = new PermissionAttributeSet(name);
try
{
- AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
-
+ //AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
+ AdminMgr adminMgr = getManagedAdminMgr();
adminMgr.deletePermissionAttributeSet(paSet);
LOG.debug( "delPermAttrSet name [" + paSet.getName() + "] successful" );
}
@@ -2129,8 +2129,8 @@ public class AdminMgrImplTest extends TestCase
{
LogUtil.logIt(msg);
- AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
-
+ //AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
+ AdminMgr adminMgr = getManagedAdminMgr();
Permission pop = PermTestData.getOp( obj, op );
pop.setPaSetName(paSetName);
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AuditMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AuditMgrImplTest.java
index db7f847..dc1d283 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AuditMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AuditMgrImplTest.java
@@ -92,12 +92,20 @@ public class AuditMgrImplTest extends TestCase
*/
public void testSearchAdminMods()
{
+ searchAdminMods( "SESS-USRS RBAC TU0", PermTestData.ADMINMGR_OBJ,
+ PermTestData.ADMINMGR_OPS );
+ searchAdminMods( "SESS-USRS ARBAC TU0", PermTestData.DELEGATEDMGR_OBJ,
+ PermTestData.DELEGATEDMGR_OPS );
+ searchAdminMods( "SESS-USRS PWPOLICY TU0", PermTestData.PSWDMGR_OBJ,
+ PermTestData.PSWDMGR_OPS );
+/*
searchAdminMods( "SESS-USRS RBAC TU0", UserTestData.USERS_TU0, PermTestData.ADMINMGR_OBJ,
PermTestData.ADMINMGR_OPS );
searchAdminMods( "SESS-USRS ARBAC TU0", UserTestData.USERS_TU0, PermTestData.DELEGATEDMGR_OBJ,
PermTestData.DELEGATEDMGR_OPS );
searchAdminMods( "SESS-USRS PWPOLICY TU0", UserTestData.USERS_TU0, PermTestData.PSWDMGR_OBJ,
PermTestData.PSWDMGR_OPS );
+*/
}
private static Map disabled = loadAuditMap();
@@ -108,11 +116,12 @@ public class AuditMgrImplTest extends TestCase
disabled = new HashMap();
disabled.put("AdminMgrImpl.updateSsdSet", null);
disabled.put("AdminMgrImpl.updateDsdSet", null);
+ // TODO: this should not be disabled, must place audit context into entry before
it is auditable:
disabled.put("AdminMgrImpl.enableRoleConstraint", null);
disabled.put("AdminMgrImpl.disableRoleConstraint", null);
- disabled.put("AdminMgrImpl.addPermissionAttributeToSet", null);
- disabled.put("AdminMgrImpl.addPermissionAttributeSet", null);
- disabled.put("AdminMgrImpl.deletePermissionAttributeSet", null);
+ //disabled.put("AdminMgrImpl.addPermissionAttributeSet", null);
+ //disabled.put("AdminMgrImpl.addPermissionAttributeToSet", null);
+ //disabled.put("AdminMgrImpl.deletePermissionAttributeSet", null);
disabled.put("PwPolicyMgrImpl.search", null);
disabled.put("PwPolicyMgrImpl.read", null);
LOG.info( "loadAuditMap isFirstRun [" + FortressJUnitTest.isFirstRun() + "]" );
@@ -133,13 +142,11 @@ public class AuditMgrImplTest extends TestCase
disabled.put( "AdminMgrImpl.disableUser", null );
disabled.put( "AdminMgrImpl.deletePermissionAttributeSet", null );
disabled.put( "AdminMgrImpl.removePermissionAttributeFromSet", null );
-
disabled.put( "DelAdminMgrImpl.deleteRole", null );
disabled.put( "DelAdminMgrImpl.deassignUser", null );
disabled.put( "DelAdminMgrImpl.deleteOU", null );
disabled.put( "DelAdminMgrImpl.deleteInheritanceOU", null );
disabled.put( "DelAdminMgrImpl.deleteInheritanceRole", null );
-
disabled.put( "PwPolicyMgrImpl.deletePasswordPolicy", null );
disabled.put( "PwPolicyMgrImpl.delete", null );
}
@@ -174,40 +181,36 @@ public class AuditMgrImplTest extends TestCase
/**
*
* @param msg
- * @param uArray
*/
- private static void searchAdminMods( String msg, String[][] uArray, String[][] oArray,
String[][] opArray )
+ private static void searchAdminMods( String msg, String[][] oArray, String[][] opArray
)
{
LogUtil.logIt( msg );
try
{
AuditMgr auditMgr = getManagedAuditMgr();
- for ( String[] usr : uArray )
+ User user = adminSess.getUser();
+ // now search for successful session creation events:
+ UserAudit uAudit = new UserAudit();
+ uAudit.setUserId( user.getUserId() );
+ for ( String[] obj : oArray )
{
- User user = UserTestData.getUser( usr );
- // now search for successful session creation events:
- UserAudit uAudit = new UserAudit();
- uAudit.setUserId( user.getUserId() );
- for ( String[] obj : oArray )
+ String objName = AdminUtil.getObjName( PermTestData.getName( obj ) );
+ uAudit.setObjName( objName );
+ for ( String[] op : opArray )
{
- String objName = AdminUtil.getObjName( PermTestData.getName( obj ) );
- uAudit.setObjName( objName );
- for ( String[] op : opArray )
- {
- uAudit.setOpName( PermTestData.getName( op ) );
- List<Mod> mods = auditMgr.searchAdminMods( uAudit );
- assertNotNull( mods );
-
- assertTrue(
- CLS_NM + "searchAdminMods failed search for successful authentication
user ["
- + user.getUserId() + "] object [" + objName + "] operation
["
- + PermTestData.getName( op ) + "]",
- mods.size() > 0 || !isAudit( objName, PermTestData.getName(
op ) ) );
- boolean result = mods.size() > 0 || !isAudit( objName, PermTestData.getName(
op ) );
- LOG.debug( "searchAdminMods search user [" + user.getUserId() + "]
object ["
- + objName + "] operation [" + PermTestData.getName( op ) + "]
result: " + result );
- //System.out.println("searchAdminMods search user [" + user.getUserId()
+ "] object [" + objName + "] operation [" + PermTestData.getName(op) + "] result: " + result);
- }
+ uAudit.setOpName( PermTestData.getName( op ) );
+ List<Mod> mods = auditMgr.searchAdminMods( uAudit );
+ assertNotNull( mods );
+
+ assertTrue(
+ CLS_NM + "searchAdminMods failed search for successful authentication
user ["
+ + user.getUserId() + "] object [" + objName + "] operation ["
+ + PermTestData.getName( op ) + "]",
+ mods.size() > 0 || !isAudit( objName, PermTestData.getName( op
) ) );
+ boolean result = mods.size() > 0 || !isAudit( objName, PermTestData.getName(
op ) );
+ LOG.debug( "searchAdminMods search user [" + user.getUserId() + "] object
["
+ + objName + "] operation [" + PermTestData.getName( op ) + "] result:
" + result );
+ //System.out.println("searchAdminMods search user [" + user.getUserId()
+ "] object [" + objName + "] operation [" + PermTestData.getName(op) + "] result: " + result);
}
}
LOG.debug( "searchAdminMods successful" );
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
b/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
index c272d89..275929e 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
@@ -30,6 +30,8 @@ import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
+import org.apache.directory.fortress.core.*;
+import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.AdminRole;
import org.apache.directory.fortress.core.model.OrgUnit;
import org.apache.directory.fortress.core.model.PermObj;
@@ -38,21 +40,11 @@ import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.User;
import org.apache.directory.fortress.core.model.UserAdminRole;
+import org.apache.directory.fortress.core.util.Config;
+import org.apache.directory.fortress.core.util.EncryptUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.directory.fortress.core.AccessMgr;
-import org.apache.directory.fortress.core.AccessMgrFactory;
-import org.apache.directory.fortress.core.DelAccessMgr;
-import org.apache.directory.fortress.core.DelAccessMgrFactory;
-import org.apache.directory.fortress.core.DelAdminMgr;
-import org.apache.directory.fortress.core.DelAdminMgrFactory;
-import org.apache.directory.fortress.core.DelReviewMgr;
-import org.apache.directory.fortress.core.DelReviewMgrFactory;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.ReviewMgr;
-import org.apache.directory.fortress.core.ReviewMgrFactory;
-import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.util.LogUtil;
@@ -121,7 +113,7 @@ public class DelegatedMgrImplTest extends TestCase
public static Test suite()
{
TestSuite suite = new TestSuite();
- suite.addTest( new DelegatedMgrImplTest( "testAddAdminUser" ) );
+ suite.addTest( new DelegatedMgrImplTest( "testCanAssignUser" ) );
return suite;
}
@@ -786,6 +778,7 @@ public class DelegatedMgrImplTest extends TestCase
User aUser = UserTestData.getUser( aUsr );
Session session = accessMgr.createSession( aUser, false );
assertNotNull( session );
+ delAccessMgr.setAdmin( session );
for ( String[] usr : uArray )
{
User user = UserTestData.getUser( usr );
@@ -2079,7 +2072,16 @@ public class DelegatedMgrImplTest extends TestCase
try
{
AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext()
);
- User admin = UserTestData.getUser( UserTestData.USERS_TU0[0] );
+ User admin;
+ // If these tests are invoked via REST, the admin creds will configured as fortress.properties,
otherwise part of the test data.
+ if(Config.getInstance().isRestEnabled())
+ {
+ admin = new User(Config.getInstance().getProperty( GlobalIds.HTTP_UID_PROP
), Config.getInstance().getProperty( GlobalIds.HTTP_PW_PROP ));
+ }
+ else
+ {
+ admin = UserTestData.getUser( UserTestData.USERS_TU0[0] );
+ }
adminSess = accessMgr.createSession( admin, false );
}
catch ( SecurityException ex )
|