You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2016/05/14 22:06:40 UTC
directory-fortress-core git commit: FC-75 - Add Role grouping
mechanism
Repository: directory-fortress-core
Updated Branches:
refs/heads/master 2431eb886 -> a199f7a7d
FC-75 - Add Role grouping mechanism
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/a199f7a7
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/a199f7a7
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/a199f7a7
Branch: refs/heads/master
Commit: a199f7a7dcb67e42c52cd1a262fd2faeed2acf39
Parents: 2431eb8
Author: Shawn McKinney <sm...@apache.org>
Authored: Sat May 14 16:51:38 2016 -0500
Committer: Shawn McKinney <sm...@apache.org>
Committed: Sat May 14 16:51:38 2016 -0500
----------------------------------------------------------------------
ldap/schema/fortress.schema | 5 +-
.../directory/fortress/core/GlobalIds.java | 5 ++
.../directory/fortress/core/impl/GroupDAO.java | 4 +
.../fortress/core/impl/GroupMgrImpl.java | 33 +++++++--
.../directory/fortress/core/impl/PermDAO.java | 17 ++---
.../directory/fortress/core/impl/RoleDAO.java | 2 +-
.../directory/fortress/core/model/Group.java | 77 +++++++++++++++++++-
.../directory/fortress/core/model/Role.java | 31 +++++++-
8 files changed, 152 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a199f7a7/ldap/schema/fortress.schema
----------------------------------------------------------------------
diff --git a/ldap/schema/fortress.schema b/ldap/schema/fortress.schema
index 9bc5c80..741d72e 100644
--- a/ldap/schema/fortress.schema
+++ b/ldap/schema/fortress.schema
@@ -403,7 +403,10 @@ objectClass ( ftObId:8
NAME 'configGroup'
DESC 'LDAP Configuration Group'
SUP groupOfNames
- MUST configProtocol
+ MUST (
+ configProtocol $
+ ftType
+ )
MAY configParameter
)
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a199f7a7/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
index fee3111..9a81c4c 100755
--- a/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
+++ b/src/main/java/org/apache/directory/fortress/core/GlobalIds.java
@@ -334,6 +334,11 @@ public final class GlobalIds
*/
public static final String PARENT_NODES = "ftParents";
+ /**
+ * Attribute name for storing type on either permission or groups.
+ */
+ public static final String TYPE = "ftType";
+
/*
* *************************************************************************
* ** RBAC Entity maximum length constants
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a199f7a7/src/main/java/org/apache/directory/fortress/core/impl/GroupDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/GroupDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/GroupDAO.java
index 7a38421..7019441 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/GroupDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/GroupDAO.java
@@ -111,7 +111,11 @@ final class GroupDAO extends LdapDataProvider
Entry myEntry = new DefaultEntry( nodeDn );
myEntry.add( SchemaConstants.OBJECT_CLASS_AT, GROUP_OBJ_CLASS );
myEntry.add( SchemaConstants.CN_AT, group.getName() );
+ // protocol is required:
myEntry.add( GROUP_PROTOCOL_ATTR_IMPL, group.getProtocol() );
+ // type is required:
+ myEntry.add( GlobalIds.TYPE, group.getType().toString() );
+
loadAttrs( group.getMembers(), myEntry, SchemaConstants.MEMBER_AT );
loadProperties( group.getProperties(), myEntry, GROUP_PROPERTY_ATTR_IMPL, '=' );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a199f7a7/src/main/java/org/apache/directory/fortress/core/impl/GroupMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/GroupMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/GroupMgrImpl.java
index acd2e67..8e7639c 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/GroupMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/GroupMgrImpl.java
@@ -30,6 +30,7 @@ import org.apache.directory.fortress.core.ReviewMgr;
import org.apache.directory.fortress.core.ReviewMgrFactory;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.Group;
+import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.model.User;
@@ -167,9 +168,19 @@ public class GroupMgrImpl extends Manageable implements GroupMgr, Serializable
assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
checkAccess(CLS_NM, methodName);
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
- User user = reviewMgr.readUser( new User( member ) );
-
- return GROUP_P.assign( group, user.getDn() );
+ String dn;
+ if( group.getType() == Group.Type.ROLE )
+ {
+ Role role = reviewMgr.readRole( new Role( member ) );
+ dn = role.getDn();
+ }
+ else
+ {
+ User user = reviewMgr.readUser( new User( member ) );
+ dn = user.getDn();
+ }
+
+ return GROUP_P.assign( group, dn );
}
/**
@@ -182,9 +193,19 @@ public class GroupMgrImpl extends Manageable implements GroupMgr, Serializable
assertContext(CLS_NM, methodName, group, GlobalErrIds.GROUP_NULL);
checkAccess(CLS_NM, methodName);
ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
- User user = reviewMgr.readUser( new User( member ) );
-
- return GROUP_P.deassign( group, user.getDn() );
+ String dn;
+ if( group.getType() == Group.Type.ROLE )
+ {
+ Role role = reviewMgr.readRole( new Role( member ) );
+ dn = role.getDn();
+ }
+ else
+ {
+ User user = reviewMgr.readUser( new User( member ) );
+ dn = user.getDn();
+ }
+
+ return GROUP_P.deassign( group, dn );
}
private void loadUserDns( Group group ) throws SecurityException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a199f7a7/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java
index 8b3e594..f2a7eeb 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/PermDAO.java
@@ -158,7 +158,6 @@ final class PermDAO extends LdapDataProvider
* ** OpenAccessMgr PERMISSION STATICS
* ************************************************************************
*/
- private static final String TYPE = "ftType";
private static final String PERM_OBJ_OBJECT_CLASS_NAME = "ftObject";
private static final String PERM_OP_OBJECT_CLASS_NAME = "ftOperation";
@@ -192,7 +191,7 @@ final class PermDAO extends LdapDataProvider
SchemaConstants.DESCRIPTION_AT,
SchemaConstants.OU_AT,
GlobalIds.POBJ_ID,
- TYPE,
+ GlobalIds.TYPE,
ROLES,
USERS,
GlobalIds.PROPS
@@ -200,7 +199,7 @@ final class PermDAO extends LdapDataProvider
private static final String[] PERMISION_OBJ_ATRS =
{
- GlobalIds.FT_IID, GlobalIds.POBJ_NAME, SchemaConstants.DESCRIPTION_AT, SchemaConstants.OU_AT, TYPE,
+ GlobalIds.FT_IID, GlobalIds.POBJ_NAME, SchemaConstants.DESCRIPTION_AT, SchemaConstants.OU_AT, GlobalIds.TYPE,
GlobalIds.PROPS
};
@@ -243,7 +242,7 @@ final class PermDAO extends LdapDataProvider
// type is optional:
if ( StringUtils.isNotEmpty( entity.getType() ) )
{
- entry.add( TYPE, entity.getType() );
+ entry.add( GlobalIds.TYPE, entity.getType() );
}
// props are optional as well:
@@ -304,7 +303,7 @@ final class PermDAO extends LdapDataProvider
if ( StringUtils.isNotEmpty( entity.getType() ) )
{
mods.add( new DefaultModification(
- ModificationOperation.REPLACE_ATTRIBUTE, TYPE, entity.getType() ) );
+ ModificationOperation.REPLACE_ATTRIBUTE, GlobalIds.TYPE, entity.getType() ) );
}
if ( PropUtil.isNotEmpty( entity.getProperties() ) )
@@ -415,7 +414,7 @@ final class PermDAO extends LdapDataProvider
// type is optional:
if ( StringUtils.isNotEmpty( entity.getType() ) )
{
- entry.add( TYPE, entity.getType() );
+ entry.add( GlobalIds.TYPE, entity.getType() );
}
// These are multi-valued attributes, use the util function to load:
@@ -483,7 +482,7 @@ final class PermDAO extends LdapDataProvider
{
mods.add( new DefaultModification(
- ModificationOperation.REPLACE_ATTRIBUTE, TYPE, entity.getType() ) );
+ ModificationOperation.REPLACE_ATTRIBUTE, GlobalIds.TYPE, entity.getType() ) );
}
// These are multi-valued attributes, use the util function to load:
@@ -1026,7 +1025,7 @@ final class PermDAO extends LdapDataProvider
entity.setInternalId( getAttribute( le, GlobalIds.FT_IID ) );
entity.setRoles( getAttributeSet( le, ROLES ) );
entity.setUsers( getAttributeSet( le, USERS ) );
- entity.setType( getAttribute( le, TYPE ) );
+ entity.setType( getAttribute( le, GlobalIds.TYPE ) );
entity.setDescription( getAttribute( le, SchemaConstants.DESCRIPTION_AT ) );
entity.addProperties( PropUtil.getProperties( getAttributes( le, GlobalIds.PROPS ) ) );
entity.setAdmin( isAdmin );
@@ -1055,7 +1054,7 @@ final class PermDAO extends LdapDataProvider
entity.setOu( getAttribute( le, SchemaConstants.OU_AT ) );
entity.setDn( le.getDn().getName() );
entity.setInternalId( getAttribute( le, GlobalIds.FT_IID ) );
- entity.setType( getAttribute( le, TYPE ) );
+ entity.setType( getAttribute( le, GlobalIds.TYPE ) );
entity.setDescription( getAttribute( le, SchemaConstants.DESCRIPTION_AT ) );
entity.addProperties( PropUtil.getProperties( getAttributes( le, GlobalIds.PROPS ) ) );
entity.setAdmin( isAdmin );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a199f7a7/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
index e21e916..3d9e9a6 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/RoleDAO.java
@@ -654,7 +654,7 @@ final class RoleDAO extends LdapDataProvider
entity.setChildren( RoleUtil.getInstance().getChildren( entity.getName().toUpperCase(), contextId ) );
entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );
unloadTemporal( le, entity );
-
+ entity.setDn( le.getDn().getName() );
return entity;
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a199f7a7/src/main/java/org/apache/directory/fortress/core/model/Group.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Group.java b/src/main/java/org/apache/directory/fortress/core/model/Group.java
index b511e60..276ba76 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/Group.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/Group.java
@@ -22,6 +22,7 @@ package org.apache.directory.fortress.core.model;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlEnum;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
import java.io.Serializable;
@@ -41,6 +42,7 @@ import java.util.StringTokenizer;
"protocol",
"members",
"props",
+ "type"
})
public class Group extends FortEntity implements Serializable
{
@@ -51,15 +53,62 @@ public class Group extends FortEntity implements Serializable
private List<String> members;
private Props props = new Props();
private boolean memberDn;
+ private Type type;
+ /**
+ * enum for User or Role data sets. Both nodes may be stored in the same LDAP container.
+ */
+ @XmlType(name = "type")
+ @XmlEnum
+ public enum Type
+ {
+ /**
+ * Entry contains a set of Users.
+ */
+ USER,
+
+ /**
+ * Entry contains a set of Roles.
+ */
+ ROLE
+ }
+
+ /**
+ * Get the required type of Group - 'USER' Or 'ROLE'.
+ *
+ * @return type that determines what node maps to.
+ */
+ public Type getType()
+ {
+ return type;
+ }
/**
- * Default constructor used by {@link org.apache.directory.fortress.core.ant.FortressAntTask}
+ * Set the required type of Group - 'USER' Or 'ROLE'.
+ *
+ * @param type determines what set the node contains.
+ */
+ public void setType( Type type )
+ {
+ this.type = type;
+ }
+
+
+ /**
+ * Default constructor used by {@link org.apache.directory.fortress.core.ant.FortressAntTask} defaults to type USER.
*/
public Group()
{
+ type = Type.USER;
}
+ /**
+ * Constructor for base type.
+ */
+ public Group( Type type )
+ {
+ this.type = type;
+ }
/**
* Generate instance of group to be loaded as ldap object.
@@ -69,8 +118,19 @@ public class Group extends FortEntity implements Serializable
public Group( String name )
{
this.name = name;
+ type = Type.USER;
}
+ /**
+ * Generate instance of group to be loaded as ldap object with node type.
+ *
+ * @param name maps to 'cn' attribute in group object class.
+ */
+ public Group( String name, Type type )
+ {
+ this.name = name;
+ this.type = type;
+ }
/**
* Generate instance of group to be loaded as ldap object.
@@ -82,6 +142,21 @@ public class Group extends FortEntity implements Serializable
{
this.name = name;
this.description = description;
+ type = Type.USER;
+ }
+
+
+ /**
+ * Generate instance of group to be loaded as ldap object with node type.
+ *
+ * @param name maps to 'cn' attribute in group object class.
+ * @param description maps to 'description' attribute in group object class.
+ */
+ public Group( String name, String description, Type type )
+ {
+ this.name = name;
+ this.description = description;
+ this.type = type;
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a199f7a7/src/main/java/org/apache/directory/fortress/core/model/Role.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/model/Role.java b/src/main/java/org/apache/directory/fortress/core/model/Role.java
index 639b67b..9c48bd2 100755
--- a/src/main/java/org/apache/directory/fortress/core/model/Role.java
+++ b/src/main/java/org/apache/directory/fortress/core/model/Role.java
@@ -208,7 +208,8 @@ import javax.xml.bind.annotation.XmlType;
"endDate",
"endLockDate",
"endTime",
- "timeout"
+ "timeout",
+ "dn"
})
@XmlSeeAlso(
{
@@ -220,7 +221,6 @@ public class Role extends FortEntity implements Constraint, Graphable, java.io.S
private String id; // this maps to ftId
private String name; // this is ftRoleName
private String description; // this is description
- @XmlTransient
private String dn; // this attribute is automatically saved to each ldap record.
@XmlTransient
private List<String> occupants;
@@ -719,8 +719,31 @@ public class Role extends FortEntity implements Constraint, Graphable, java.io.S
{
this.children = children;
}
-
-
+
+ /**
+ * Returns distinguished name associated with Role. This attribute is generated by DAO and is not allowed for outside classes to modify.
+ * This attribute is for internal use only and need not be processed by external clients.
+ *
+ * @return value that is mapped to the dn of the entry in DIT.
+ */
+ public String getDn()
+ {
+ return dn;
+ }
+
+
+ /**
+ * Set distinguished name associated with Role. This attribute is used by DAO and is not allowed for outside classes.
+ * This attribute cannot be set by external callers.
+ *
+ * @return value that is mapped to the dn of the entry in DIT.
+ */
+ public void setDn( String dn )
+ {
+ this.dn = dn;
+ }
+
+
/**
* Matches the name from two Role entities.
*