You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2018/08/30 01:43:21 UTC
directory-fortress-core git commit: FC-239 - + ant enable role
constraint op
Repository: directory-fortress-core
Updated Branches:
refs/heads/master 0beb2db48 -> aeb515432
FC-239 - + ant enable role constraint op
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/aeb51543
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/aeb51543
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/aeb51543
Branch: refs/heads/master
Commit: aeb5154328d6224d99e03a85efdb5f5a2f74be16
Parents: 0beb2db
Author: Shawn McKinney <sm...@apache.org>
Authored: Wed Aug 29 00:13:42 2018 -0500
Committer: Shawn McKinney <sm...@apache.org>
Committed: Wed Aug 29 00:13:42 2018 -0500
----------------------------------------------------------------------
ldap/setup/RbacAbacSample.xml | 10 ++++--
.../fortress/core/ant/FortressAntTask.java | 33 +++++++++++++++-----
2 files changed, 33 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/aeb51543/ldap/setup/RbacAbacSample.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/RbacAbacSample.xml b/ldap/setup/RbacAbacSample.xml
index 9887972..c578116 100644
--- a/ldap/setup/RbacAbacSample.xml
+++ b/ldap/setup/RbacAbacSample.xml
@@ -29,11 +29,13 @@
<FortressAdmin>
<!-- This config setting constrains role activation by locale on Teller and Washer -->
+<!--
<updconfig>
<config props="config.realm:DEFAULT"/>
<config props="Tellers:locale"/>
<config props="Washers:locale"/>
</updconfig>
+-->
<adduser>
<!-- The userProps attribute is used to map user role activation to locale (branch) attribute. -->
@@ -77,6 +79,9 @@
</addrole>
<addroleconstraint>
+ <roleconstraint role="tellers" key="locale" typeName="USER"/>
+ <roleconstraint role="washers" key="locale" typeName="USER"/>
+
<roleconstraint userId="curly" role="tellers" key="locale" value="east" typeName="USER"/>
<roleconstraint userId="curly" role="washers" key="locale" value="north" typeName="USER"/>
<roleconstraint userId="curly" role="washers" key="locale" value="south" typeName="USER"/>
@@ -90,8 +95,10 @@
<roleconstraint userId="larry" role="washers" key="locale" value="east" typeName="USER"/>
</addroleconstraint>
-<!--
<delroleconstraint>
+ <roleconstraint role="tellers" key="locale" typeName="USER"/>
+ <roleconstraint role="washers" key="locale" typeName="USER"/>
+
<roleconstraint userId="curly" role="tellers" key="locale" value="east" typeName="USER"/>
<roleconstraint userId="curly" role="washers" key="locale" value="north" typeName="USER"/>
<roleconstraint userId="curly" role="washers" key="locale" value="south" typeName="USER"/>
@@ -104,7 +111,6 @@
<roleconstraint userId="larry" role="washers" key="locale" value="north" typeName="USER"/>
<roleconstraint userId="larry" role="washers" key="locale" value="east" typeName="USER"/>
</delroleconstraint>
--->
<addsdset>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/aeb51543/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java b/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java
index 2c9c727..2b3459c 100755
--- a/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java
+++ b/src/main/java/org/apache/directory/fortress/core/ant/FortressAntTask.java
@@ -1426,8 +1426,17 @@ public class FortressAntTask extends Task implements InputHandler
{
try
{
- adminMgr.addRoleConstraint( new UserRole( roleConstraint.getUserId(), roleConstraint.getRole() ), roleConstraint );
- LOG.info( "addRoleConstraint successfully added: tenant={} type={} userid={} role={} key={} value={}", getTenant(), roleConstraint.getType(), roleConstraint.getUserId(), roleConstraint.getRole(), roleConstraint.getKey(), roleConstraint.getValue() );
+ // If userid null, enable constraint on role:
+ if( StringUtils.isEmpty( roleConstraint.getUserId() ) && roleConstraint.getType() == org.apache.directory.fortress.core.model.RoleConstraint.RCType.USER )
+ {
+ adminMgr.enableRoleConstraint( new Role( roleConstraint.getRole() ), roleConstraint );
+ LOG.info( "enableRoleConstraint successfully enabled: tenant={} type={} role={} key={}", getTenant(), roleConstraint.getType(), roleConstraint.getRole(), roleConstraint.getKey() );
+ }
+ else
+ {
+ adminMgr.addRoleConstraint( new UserRole( roleConstraint.getUserId(), roleConstraint.getRole() ), roleConstraint );
+ LOG.info( "addRoleConstraint successfully added: tenant={} type={} userid={} role={} key={} value={}", getTenant(), roleConstraint.getType(), roleConstraint.getUserId(), roleConstraint.getRole(), roleConstraint.getKey(), roleConstraint.getValue() );
+ }
}
catch ( SecurityException se )
{
@@ -1438,7 +1447,6 @@ public class FortressAntTask extends Task implements InputHandler
}
-
/**
* @throws BuildException An error occurred while building
*/
@@ -1457,11 +1465,20 @@ public class FortressAntTask extends Task implements InputHandler
{
try
{
- adminMgr.removeRoleConstraint( new UserRole( roleConstraint.getUserId(), roleConstraint.getRole()
- ), roleConstraint );
- LOG.info( "removeRoleConstraint success: tenant={} type={} userid={} role={} key={} value={}",
- getTenant(), roleConstraint.getType(), roleConstraint.getUserId(), roleConstraint.getRole(),
- roleConstraint.getKey(), roleConstraint.getValue() );
+ // If userid null, disable constraint on role:
+ if( StringUtils.isEmpty( roleConstraint.getUserId() ) && roleConstraint.getType() == org.apache.directory.fortress.core.model.RoleConstraint.RCType.USER )
+ {
+ adminMgr.disableRoleConstraint( new Role( roleConstraint.getRole() ), roleConstraint );
+ LOG.info( "disableRoleConstraint successfully disabled: tenant={} type={} role={} key={}", getTenant(), roleConstraint.getType(), roleConstraint.getRole(), roleConstraint.getKey() );
+ }
+ else
+ {
+ adminMgr.removeRoleConstraint( new UserRole( roleConstraint.getUserId(), roleConstraint.getRole()
+ ), roleConstraint );
+ LOG.info( "removeRoleConstraint success: tenant={} type={} userid={} role={} key={} value={}",
+ getTenant(), roleConstraint.getType(), roleConstraint.getUserId(), roleConstraint.getRole(),
+ roleConstraint.getKey(), roleConstraint.getValue() );
+ }
}
catch ( SecurityException se )
{