directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [directory-fortress-core] branch FC-265 updated: + special role to disable range checks, junit tests run clean
Date Thu, 14 Mar 2019 22:10:12 GMT
This is an automated email from the ASF dual-hosted git repository.

smckinney pushed a commit to branch FC-265
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git


The following commit(s) were added to refs/heads/FC-265 by this push:
     new c2769c0  + special role to disable range checks, junit tests run clean
c2769c0 is described below

commit c2769c0a70a553c2566fb2ce60ecef0631ee0aa5
Author: Shawn McKinney <smckinney@apache.org>
AuthorDate: Thu Mar 14 17:09:55 2019 -0500

    + special role to disable range checks, junit tests run clean
---
 .../apache/directory/fortress/core/GlobalIds.java  | 15 ++++-
 .../directory/fortress/core/impl/ConfigDAO.java    |  1 +
 .../fortress/core/impl/DelAccessMgrImpl.java       | 17 +++++-
 .../directory/fortress/core/rest/RestUtils.java    |  5 +-
 .../fortress/core/impl/AdminMgrImplTest.java       | 16 +++---
 .../fortress/core/impl/AuditMgrImplTest.java       | 65 +++++++++++-----------
 .../fortress/core/impl/DelegatedMgrImplTest.java   | 30 +++++-----
 7 files changed, 91 insertions(+), 58 deletions(-)

diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
index eab7437..88b9f6f 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
@@ -600,5 +600,18 @@ public final class GlobalIds
      * Attribute name for storing Fortress permission attribute valid vals name.
      */
     public static final String FT_PERMISSION_ATTRIBUTE_VALID_VALUES = "ftPAValidVals";
-    		
+
+    /**
+     * Attribute name for property containing HTTP service account userId.
+     */
+    public static final String HTTP_UID_PROP = "http.user";
+
+    /**
+     * Attribute name for property containing HTTP service account password.
+     */
+    public static final String HTTP_PW_PROP = "http.pw";
+
+
+
+
 }
\ No newline at end of file
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
index cc1dd2f..6edaf5f 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
@@ -176,6 +176,7 @@ final class ConfigDAO extends LdapDataProvider
             if ( mods.size() > 0 )
             {
                 ld = getAdminConnection();
+                // TODO: change to use modify that leaves audit trail:
                 modify( ld, dn, mods );
             }
         }
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
index 19ecb41..87f6d10 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
@@ -381,7 +381,14 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr,
Ser
                     {
                         // Get the Role range for admin role:
                         Set<String> range;
-                        if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
+                        //if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
+                        // TODO: This should not be hardcoded!:
+                        if(uaRole.getName().equalsIgnoreCase("fortress-rest-admin-user"))
+                        {
+                            result = true;
+                            break;
+                        }
+                        else if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
                         {
                             range = RoleUtil.getInstance().getAscendants( uaRole.getBeginRange(),
uaRole.getEndRange(),
                                 uaRole.isEndInclusive(), this.contextId );
@@ -455,7 +462,13 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr,
Ser
                     {
                         // Get the Role range for admin role:
                         Set<String> range;
-                        if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
+                        // TODO: This should not be hardcoded!:
+                        if(uaRole.getName().equalsIgnoreCase("fortress-rest-admin-user"))
+                        {
+                            result = true;
+                            break;
+                        }
+                        else if(uaRole.getBeginRange() != null && uaRole.getEndRange()
!= null && !uaRole.getBeginRange().equalsIgnoreCase(uaRole.getEndRange()))
                         {
                             range = RoleUtil.getInstance().getAscendants(uaRole.getBeginRange(),
uaRole.getEndRange(), uaRole.isEndInclusive(), this.contextId);
                             if(uaRole.isBeginInclusive())
diff --git a/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java b/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
index e77c0e8..5890078 100644
--- a/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
+++ b/src/main/java/org/apache/directory/fortress/core/rest/RestUtils.java
@@ -62,6 +62,8 @@ import org.apache.http.impl.client.HttpClientBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static org.apache.directory.fortress.core.GlobalIds.*;
+
 
 /**
  * This utility class provides methods that wrap Apache's HTTP Client APIs.  This class is
thread safe.
@@ -72,7 +74,6 @@ public final class RestUtils
 {
     private static final String CLS_NM = RestUtils.class.getName();
     private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-    private static final String HTTP_PW_PROP = "http.pw";
     private static final int HTTP_OK = 200;
     private static final int HTTP_400_VALIDATION_EXCEPTION = 400;
     private static final int HTTP_401_UNAUTHORIZED = 401;
@@ -123,7 +124,7 @@ public final class RestUtils
 
     private void init()
     {
-        httpUid = Config.getInstance().getProperty( "http.user" );
+        httpUid = Config.getInstance().getProperty( HTTP_UID_PROP );
         httpPw = ( ( EncryptUtil.isEnabled() ) ? EncryptUtil.getInstance().decrypt( Config
             .getInstance().getProperty( HTTP_PW_PROP ) ) : Config.getInstance().getProperty(
HTTP_PW_PROP ) );
         httpHost = Config.getInstance().getProperty( "http.host" );
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
index 4848aef..fc42245 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AdminMgrImplTest.java
@@ -2025,8 +2025,8 @@ public class AdminMgrImplTest extends TestCase
     	try
     	{
     		paSet.setAttributes(permAttr);
-    		AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );    	

-
+    		//AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
+            AdminMgr adminMgr = getManagedAdminMgr();
     		adminMgr.addPermissionAttributeSet(paSet);
     		LOG.debug( "addPermissionAttributeSet name [" + paSet.getName() + "] successful" );
     	}
@@ -2053,8 +2053,8 @@ public class AdminMgrImplTest extends TestCase
     	PermissionAttributeSet paSet = new PermissionAttributeSet(name);  
     	try
     	{
-    		AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );    	

-
+    		//AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
+            AdminMgr adminMgr = getManagedAdminMgr();
     		adminMgr.addPermissionAttributeToSet(permAttr, name);
     		LOG.debug( "addPermissionAttributeToSet name [" + paSet.getName() + "] successful"
);
     	}
@@ -2078,8 +2078,8 @@ public class AdminMgrImplTest extends TestCase
     	PermissionAttributeSet paSet = new PermissionAttributeSet(name);  
     	try
     	{
-    		AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );    	

-
+    		//AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
+            AdminMgr adminMgr = getManagedAdminMgr();
     		adminMgr.deletePermissionAttributeSet(paSet);
     		LOG.debug( "delPermAttrSet name [" + paSet.getName() + "] successful" );
     	}
@@ -2129,8 +2129,8 @@ public class AdminMgrImplTest extends TestCase
     {
     	LogUtil.logIt(msg);
 
-    	AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );    		
-
+    	//AdminMgr adminMgr = AdminMgrFactory.createInstance( TestUtils.getContext() );
+        AdminMgr adminMgr = getManagedAdminMgr();
     	Permission pop = PermTestData.getOp( obj, op );
     	pop.setPaSetName(paSetName);
 
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/AuditMgrImplTest.java b/src/test/java/org/apache/directory/fortress/core/impl/AuditMgrImplTest.java
index db7f847..dc1d283 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/AuditMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/AuditMgrImplTest.java
@@ -92,12 +92,20 @@ public class AuditMgrImplTest extends TestCase
      */
     public void testSearchAdminMods()
     {
+        searchAdminMods( "SESS-USRS RBAC TU0", PermTestData.ADMINMGR_OBJ,
+            PermTestData.ADMINMGR_OPS );
+        searchAdminMods( "SESS-USRS ARBAC TU0", PermTestData.DELEGATEDMGR_OBJ,
+            PermTestData.DELEGATEDMGR_OPS );
+        searchAdminMods( "SESS-USRS PWPOLICY TU0", PermTestData.PSWDMGR_OBJ,
+            PermTestData.PSWDMGR_OPS );
+/*
         searchAdminMods( "SESS-USRS RBAC TU0", UserTestData.USERS_TU0, PermTestData.ADMINMGR_OBJ,
             PermTestData.ADMINMGR_OPS );
         searchAdminMods( "SESS-USRS ARBAC TU0", UserTestData.USERS_TU0, PermTestData.DELEGATEDMGR_OBJ,
             PermTestData.DELEGATEDMGR_OPS );
         searchAdminMods( "SESS-USRS PWPOLICY TU0", UserTestData.USERS_TU0, PermTestData.PSWDMGR_OBJ,
             PermTestData.PSWDMGR_OPS );
+*/
     }
 
     private static Map disabled = loadAuditMap();
@@ -108,11 +116,12 @@ public class AuditMgrImplTest extends TestCase
         disabled = new HashMap();
         disabled.put("AdminMgrImpl.updateSsdSet", null);
         disabled.put("AdminMgrImpl.updateDsdSet", null);
+        // TODO: this should not be disabled, must place audit context into entry before
it is auditable:
         disabled.put("AdminMgrImpl.enableRoleConstraint", null);
         disabled.put("AdminMgrImpl.disableRoleConstraint", null);
-        disabled.put("AdminMgrImpl.addPermissionAttributeToSet", null);
-        disabled.put("AdminMgrImpl.addPermissionAttributeSet", null);
-        disabled.put("AdminMgrImpl.deletePermissionAttributeSet", null);
+        //disabled.put("AdminMgrImpl.addPermissionAttributeSet", null);
+        //disabled.put("AdminMgrImpl.addPermissionAttributeToSet", null);
+        //disabled.put("AdminMgrImpl.deletePermissionAttributeSet", null);
         disabled.put("PwPolicyMgrImpl.search", null);
         disabled.put("PwPolicyMgrImpl.read", null);
         LOG.info( "loadAuditMap isFirstRun [" + FortressJUnitTest.isFirstRun() + "]" );
@@ -133,13 +142,11 @@ public class AuditMgrImplTest extends TestCase
             disabled.put( "AdminMgrImpl.disableUser", null );
             disabled.put( "AdminMgrImpl.deletePermissionAttributeSet", null );
             disabled.put( "AdminMgrImpl.removePermissionAttributeFromSet", null );
-
             disabled.put( "DelAdminMgrImpl.deleteRole", null );
             disabled.put( "DelAdminMgrImpl.deassignUser", null );
             disabled.put( "DelAdminMgrImpl.deleteOU", null );
             disabled.put( "DelAdminMgrImpl.deleteInheritanceOU", null );
             disabled.put( "DelAdminMgrImpl.deleteInheritanceRole", null );
-
             disabled.put( "PwPolicyMgrImpl.deletePasswordPolicy", null );
             disabled.put( "PwPolicyMgrImpl.delete", null );
         }
@@ -174,40 +181,36 @@ public class AuditMgrImplTest extends TestCase
     /**
      *
      * @param msg
-     * @param uArray
      */
-    private static void searchAdminMods( String msg, String[][] uArray, String[][] oArray,
String[][] opArray )
+    private static void searchAdminMods( String msg, String[][] oArray, String[][] opArray
)
     {
         LogUtil.logIt( msg );
         try
         {
             AuditMgr auditMgr = getManagedAuditMgr();
-            for ( String[] usr : uArray )
+            User user = adminSess.getUser();
+            // now search for successful session creation events:
+            UserAudit uAudit = new UserAudit();
+            uAudit.setUserId( user.getUserId() );
+            for ( String[] obj : oArray )
             {
-                User user = UserTestData.getUser( usr );
-                // now search for successful session creation events:
-                UserAudit uAudit = new UserAudit();
-                uAudit.setUserId( user.getUserId() );
-                for ( String[] obj : oArray )
+                String objName = AdminUtil.getObjName( PermTestData.getName( obj ) );
+                uAudit.setObjName( objName );
+                for ( String[] op : opArray )
                 {
-                    String objName = AdminUtil.getObjName( PermTestData.getName( obj ) );
-                    uAudit.setObjName( objName );
-                    for ( String[] op : opArray )
-                    {
-                        uAudit.setOpName( PermTestData.getName( op ) );
-                        List<Mod> mods = auditMgr.searchAdminMods( uAudit );
-                        assertNotNull( mods );
-
-                        assertTrue(
-                            CLS_NM + "searchAdminMods failed search for successful authentication
user ["
-                                + user.getUserId() + "] object [" + objName + "] operation
["
-                                + PermTestData.getName( op ) + "]",
-                            mods.size() > 0 || !isAudit( objName, PermTestData.getName(
op ) ) );
-                        boolean result = mods.size() > 0 || !isAudit( objName, PermTestData.getName(
op ) );
-                        LOG.debug( "searchAdminMods search user [" + user.getUserId() + "]
object ["
-                            + objName + "] operation [" + PermTestData.getName( op ) + "]
result: " + result );
-                        //System.out.println("searchAdminMods search user [" + user.getUserId()
+ "] object [" + objName + "] operation [" + PermTestData.getName(op) + "] result: " + result);
-                    }
+                    uAudit.setOpName( PermTestData.getName( op ) );
+                    List<Mod> mods = auditMgr.searchAdminMods( uAudit );
+                    assertNotNull( mods );
+
+                    assertTrue(
+                        CLS_NM + "searchAdminMods failed search for successful authentication
user ["
+                            + user.getUserId() + "] object [" + objName + "] operation ["
+                            + PermTestData.getName( op ) + "]",
+                        mods.size() > 0 || !isAudit( objName, PermTestData.getName( op
) ) );
+                    boolean result = mods.size() > 0 || !isAudit( objName, PermTestData.getName(
op ) );
+                    LOG.debug( "searchAdminMods search user [" + user.getUserId() + "] object
["
+                        + objName + "] operation [" + PermTestData.getName( op ) + "] result:
" + result );
+                    //System.out.println("searchAdminMods search user [" + user.getUserId()
+ "] object [" + objName + "] operation [" + PermTestData.getName(op) + "] result: " + result);
                 }
             }
             LOG.debug( "searchAdminMods successful" );
diff --git a/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
b/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
index c272d89..275929e 100755
--- a/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
+++ b/src/test/java/org/apache/directory/fortress/core/impl/DelegatedMgrImplTest.java
@@ -30,6 +30,8 @@ import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
 
+import org.apache.directory.fortress.core.*;
+import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.model.AdminRole;
 import org.apache.directory.fortress.core.model.OrgUnit;
 import org.apache.directory.fortress.core.model.PermObj;
@@ -38,21 +40,11 @@ import org.apache.directory.fortress.core.model.Role;
 import org.apache.directory.fortress.core.model.Session;
 import org.apache.directory.fortress.core.model.User;
 import org.apache.directory.fortress.core.model.UserAdminRole;
+import org.apache.directory.fortress.core.util.Config;
+import org.apache.directory.fortress.core.util.EncryptUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import org.apache.directory.fortress.core.AccessMgr;
-import org.apache.directory.fortress.core.AccessMgrFactory;
-import org.apache.directory.fortress.core.DelAccessMgr;
-import org.apache.directory.fortress.core.DelAccessMgrFactory;
-import org.apache.directory.fortress.core.DelAdminMgr;
-import org.apache.directory.fortress.core.DelAdminMgrFactory;
-import org.apache.directory.fortress.core.DelReviewMgr;
-import org.apache.directory.fortress.core.DelReviewMgrFactory;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.ReviewMgr;
-import org.apache.directory.fortress.core.ReviewMgrFactory;
-import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.util.LogUtil;
 
 
@@ -121,7 +113,7 @@ public class DelegatedMgrImplTest extends TestCase
     public static Test suite()
     {
         TestSuite suite = new TestSuite();
-        suite.addTest( new DelegatedMgrImplTest( "testAddAdminUser" ) );
+        suite.addTest( new DelegatedMgrImplTest( "testCanAssignUser" ) );
 
         return suite;
     }
@@ -786,6 +778,7 @@ public class DelegatedMgrImplTest extends TestCase
                 User aUser = UserTestData.getUser( aUsr );
                 Session session = accessMgr.createSession( aUser, false );
                 assertNotNull( session );
+                delAccessMgr.setAdmin( session );
                 for ( String[] usr : uArray )
                 {
                     User user = UserTestData.getUser( usr );
@@ -2079,7 +2072,16 @@ public class DelegatedMgrImplTest extends TestCase
         try
         {
             AccessMgr accessMgr = AccessMgrFactory.createInstance( TestUtils.getContext()
);
-            User admin = UserTestData.getUser( UserTestData.USERS_TU0[0] );
+            User admin;
+            // If these tests are invoked via REST, the admin creds will configured as fortress.properties,
otherwise part of the test data.
+            if(Config.getInstance().isRestEnabled())
+            {
+                admin = new User(Config.getInstance().getProperty( GlobalIds.HTTP_UID_PROP
), Config.getInstance().getProperty( GlobalIds.HTTP_PW_PROP ));
+            }
+            else
+            {
+                admin = UserTestData.getUser( UserTestData.USERS_TU0[0] );
+            }
             adminSess = accessMgr.createSession( admin, false );
         }
         catch ( SecurityException ex )


Mime
View raw message