directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject [directory-fortress-enmasse] branch FC-265 updated: remove DA checks from access and delaccess methods
Date Thu, 14 Mar 2019 22:11:38 GMT
This is an automated email from the ASF dual-hosted git repository.

smckinney pushed a commit to branch FC-265
in repository https://gitbox.apache.org/repos/asf/directory-fortress-enmasse.git


The following commit(s) were added to refs/heads/FC-265 by this push:
     new ba29f57  remove DA checks from access and delaccess methods
ba29f57 is described below

commit ba29f57107e11e6ee9bcd10d9d940c9d5eb6a41c
Author: Shawn McKinney <smckinney@apache.org>
AuthorDate: Thu Mar 14 17:11:32 2019 -0500

    remove DA checks from access and delaccess methods
---
 .../fortress/rest/FortressServiceImpl.java         | 60 ++++------------------
 src/main/resources/FortressRestServerPolicy.xml    | 25 +--------
 2 files changed, 11 insertions(+), 74 deletions(-)

diff --git a/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
index 21e7af4..ae5fcc5 100644
--- a/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
+++ b/src/main/java/org/apache/directory/fortress/rest/FortressServiceImpl.java
@@ -2082,11 +2082,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse canAssign( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.canAssign( request );
-        return response;
-        //return delegatedAccessMgrImpl.canAssign( request );
+        return delegatedAccessMgrImpl.canAssign( request );
     }
 
 
@@ -2099,11 +2095,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse canDeassign( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.canDeassign( request );
-        return response;
-        //return delegatedAccessMgrImpl.canDeassign( request );
+        return delegatedAccessMgrImpl.canDeassign( request );
     }
 
 
@@ -2116,11 +2108,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse canGrant( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.canGrant( request );
-        return response;
-        //return delegatedAccessMgrImpl.canGrant( request );
+        return delegatedAccessMgrImpl.canGrant( request );
     }
 
 
@@ -2133,11 +2121,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse canRevoke( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.canRevoke( request );
-        return response;
-        //return delegatedAccessMgrImpl.canRevoke( request );
+        return delegatedAccessMgrImpl.canRevoke( request );
     }
 
 
@@ -2150,11 +2134,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse checkAdminAccess( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.checkAdminAccess( request );
-        return response;
-        //return delegatedAccessMgrImpl.checkAdminAccess( request );
+        return delegatedAccessMgrImpl.checkAdminAccess( request );
     }
 
 
@@ -2167,11 +2147,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse addActiveAdminRole( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.addActiveAdminRole( request );
-        return response;
-        //return delegatedAccessMgrImpl.addActiveAdminRole( request );
+        return delegatedAccessMgrImpl.addActiveAdminRole( request );
     }
 
 
@@ -2184,11 +2160,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse dropActiveAdminRole( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.dropActiveAdminRole( request );
-        return response;
-        //return delegatedAccessMgrImpl.dropActiveAdminRole( request );
+        return delegatedAccessMgrImpl.dropActiveAdminRole( request );
     }
 
 
@@ -2201,11 +2173,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse sessionAdminRoles( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.sessionAdminRoles( request );
-        return response;
-        //return delegatedAccessMgrImpl.sessionAdminRoles( request );
+        return delegatedAccessMgrImpl.sessionAdminRoles( request );
     }
 
 
@@ -2218,11 +2186,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse sessionAdminPermissions( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.sessionAdminPermissions( request );
-        return response;
-        //return delegatedAccessMgrImpl.sessionAdminPermissions( request );
+        return delegatedAccessMgrImpl.sessionAdminPermissions( request );
     }
 
 
@@ -2235,11 +2199,7 @@ public class FortressServiceImpl implements FortressService
     @Override
     public FortResponse authorizedSessionAdminRoles( FortRequest request )
     {
-        FortResponse response = SecUtils.initializeSession(request, httpRequest);
-        if( response == null )
-            response = delegatedAccessMgrImpl.authorizedSessionRoles( request );
-        return response;
-        //return delegatedAccessMgrImpl.authorizedSessionRoles( request );
+        return delegatedAccessMgrImpl.authorizedSessionRoles( request );
     }
 
 
diff --git a/src/main/resources/FortressRestServerPolicy.xml b/src/main/resources/FortressRestServerPolicy.xml
index 64a719a..63167cf 100644
--- a/src/main/resources/FortressRestServerPolicy.xml
+++ b/src/main/resources/FortressRestServerPolicy.xml
@@ -50,11 +50,6 @@
                 />
             </adduseradminrole>
 
-            <!--
-                      osps="APP1,APP2,APP3,APP4,APP5,APP6,APP7,APP8,APP9,APP10"
-                      osus="DEV0,DEV1,DEV2,DEV3,DEV4,DEV5,DEV6,DEV7,DEV8,DEV9,DEV10"
-ou=T7UOrg7,ou=OS-U,ou=ARBAC,dc=example,dc=com
-            -->
             <deladminrole>
                 <role name="fortress-rest-admin-user"/>
             </deladminrole>
@@ -64,7 +59,7 @@ ou=T7UOrg7,ou=OS-U,ou=ARBAC,dc=example,dc=com
                       description="Fortress Rest Admin User"
                       begininclusive="true"
                       endinclusive="true"
-                      osps="APP1,APP2,APP3,APP4,APP5,APP6,APP7,APP8,APP9,APP10,oamT3POrg8,oamT3POrg9,oamT3POrg1,oamT3POrg10,oamT3POrg2,oamT3POrg3,oamT3POrg4,oamT3POrg5,oamT3POrg6,oamT3POrg7,oamT3POrg8,oamT4POrg1,oamT4POrg10,oamT4POrg2,oamT4POrg3,oamT4POrg4,oamT4POrg5,oamT4POrg6,oamT4POrg7,oamT4POrg8,oamT4POrg9,T5POrg1,T5POrg2,T5POrg3,T5POrg4,T5POrg5,T6POrg1,T6POrg2,T6POrg3,T6POrg4,T6POrg5,T6POrg6,T6POrg7,T7POrg1,T7POrg2,T7POrg3,T7POrg4,T7POrg5,T7POrg6,T7POrg7,"
+                      osps="APP0,APP1,APP2,APP3,APP4,APP5,APP6,APP7,APP8,APP9,APP10,oamT3POrg8,oamT3POrg9,oamT3POrg1,oamT3POrg10,oamT3POrg2,oamT3POrg3,oamT3POrg4,oamT3POrg5,oamT3POrg6,oamT3POrg7,oamT3POrg8,oamT4POrg1,oamT4POrg10,oamT4POrg2,oamT4POrg3,oamT4POrg4,oamT4POrg5,oamT4POrg6,oamT4POrg7,oamT4POrg8,oamT4POrg9,T5POrg1,T5POrg2,T5POrg3,T5POrg4,T5POrg5,T6POrg1,T6POrg2,T6POrg3,T6POrg4,T6POrg5,T6POrg6,T6POrg7,T7POrg1,T7POrg2,T7POrg3,T7POrg4,T7POrg5,T7POrg6,T7POrg7,"
                       osus="DEV0,DEV1,DEV2,DEV3,DEV4,DEV5,DEV6,DEV7,DEV8,DEV9,DEV10,oamT1UOrg1,oamT1UOrg10,oamT1UOrg2,oamT1UOrg3,oamT1UOrg4,oamT1UOrg5,oamT1UOrg6,oamT1UOrg7,oamT1UOrg8,oamT1UOrg9,oamT2UOrg1,oamT2UOrg10,oamT2UOrg2,oamT2UOrg3,oamT2UOrg4,oamT2UOrg5,oamT2UOrg6,oamT2UOrg7,oamT2UOrg8,oamT2UOrg9,T5UOrg1,T5UOrg2,T5UOrg3,T5UOrg4,T5UOrg5,T6UOrg1,T6UOrg2,T6UOrg3,T6UOrg4,T6UOrg5,T6UOrg6,T6UOrg7,T7UOrg1,T7UOrg2,T7UOrg3,T7UOrg4,T7UOrg5,T7UOrg6,T7UOrg7"
                       beginTime="0000"
                       endTime="0000"
@@ -76,22 +71,6 @@ ou=T7UOrg7,ou=OS-U,ou=ARBAC,dc=example,dc=com
                       timeout="0"
                       beginrange=""
                       endrange=""/>
-                <role name="jtsTestAdminUser"
-                      description="Fortress Rest Admin User"
-                      begininclusive="true"
-                      endinclusive="true"
-                      osps="APP1,APP2,APP3,APP4,APP5,APP6,APP7,APP8,APP9,APP10,oamT3POrg1,oamT3POrg10,oamT3POrg2,oamT3POrg3,oamT3POrg4,oamT3POrg5,oamT3POrg6,oamT3POrg7,oamT3POrg8"
-                      osus="DEV0,DEV1,DEV2,DEV3,DEV4,DEV5,DEV6,DEV7,DEV8,DEV9,DEV10,oamT1UOrg1,oamT1UOrg10,oamT1UOrg2,oamT1UOrg3,oamT1UOrg4,oamT1UOrg5,oamT1UOrg6,oamT1UOrg7,oamT1UOrg8m"
-                      beginTime="0000"
-                      endTime="0000"
-                      beginDate="none"
-                      endDate="none"
-                      beginLockDate="none"
-                      endLockDate="none"
-                      dayMask="all"
-                      timeout="0"
-                      beginrange=""
-                      endrange=""/>
             </addadminrole>
 
             <addrole>
@@ -231,8 +210,6 @@ ou=T7UOrg7,ou=OS-U,ou=ARBAC,dc=example,dc=com
                 <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="setDsdSetCardinality" roleNm="fortress-rest-admin-user" admin="true"/>
                 <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="addPermissionAttributeSet" roleNm="fortress-rest-admin-user" admin="true"/>
                 <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="deletePermissionAttributeSet" roleNm="fortress-rest-admin-user" admin="true"/>
-<!--                <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="updatePermissionAttributeInSet" roleNm="fortress-rest-admin-user" admin="true"/>-->
-                <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="removePermissionAttributeFromSet" roleNm="fortress-rest-admin-user" admin="true"/>
                 <permgrant objName="org.apache.directory.fortress.core.impl.AdminMgrImpl"
opName="addPermissionAttributeToSet" roleNm="fortress-rest-admin-user" admin="true"/>
 
                 <permgrant objName="org.apache.directory.fortress.core.impl.PwPolicyMgrImpl"
opName="add" roleNm="fortress-rest-admin-user" admin="true"/>


Mime
View raw message