You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2014/10/21 01:06:30 UTC
[13/50] git commit: FC-135 - add objectId to accel checkAccess
FC-135 - add objectId to accel checkAccess
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/9e3c8006
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/9e3c8006
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/9e3c8006
Branch: refs/heads/master
Commit: 9e3c80063be49c8782b56d166c891cc2fc53e75a
Parents: 63893e3
Author: Shawn McKinney <sh...@jts.us>
Authored: Thu Jun 26 22:34:34 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Thu Jun 26 22:34:34 2014 -0500
----------------------------------------------------------------------
.../rbac/dao/apache/AcceleratorDAO.java | 1 +
.../org/openldap/fortress/util/LogUtil.java | 4 +-
.../fortress/rbac/AccelMgrImplTest.java | 56 +++++++++++++-------
3 files changed, 42 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9e3c8006/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
index b4a8c98..2747101 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
@@ -143,6 +143,7 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
RbacCheckAccessRequest rbacCheckAccessRequest = new RbacCheckAccessRequestImpl();
rbacCheckAccessRequest.setSessionId( session.getSessionId() );
rbacCheckAccessRequest.setObject( perm.getObjName() );
+ rbacCheckAccessRequest.setObjectId( perm.getObjId() );
rbacCheckAccessRequest.setOperation( perm.getOpName() );
// Send the request
RbacCheckAccessResponse rbacCheckAccessResponse = ( RbacCheckAccessResponse ) ld.extended(
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9e3c8006/src/main/java/org/openldap/fortress/util/LogUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/util/LogUtil.java b/src/main/java/org/openldap/fortress/util/LogUtil.java
index 5aae540..b452c54 100755
--- a/src/main/java/org/openldap/fortress/util/LogUtil.java
+++ b/src/main/java/org/openldap/fortress/util/LogUtil.java
@@ -37,7 +37,9 @@ public class LogUtil
*/
public static void logIt(String msg)
{
- msg = getContext() + " " + msg;
+ if(VUtil.isNotNullOrEmpty( getContext() ))
+ msg = getContext() + " " + msg;
+
if(LOG.isDebugEnabled())
{
LOG.debug( msg );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9e3c8006/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java b/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java
index 143acd4..f2e34fe 100644
--- a/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java
+++ b/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java
@@ -22,6 +22,7 @@ import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
+import org.openldap.fortress.util.attr.VUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -190,6 +191,15 @@ public class AccelMgrImplTest extends TestCase
{
checkAccess( "CHCK-ACS TU3 TOB3 TOP3 ", UserTestData.USERS_TU3, PermTestData.OBJS_TOB3,
PermTestData.OPS_TOP3, PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 );
+
+ checkAccess( "CHCK-ACS TU3 TO3 TOP1 ", UserTestData.USERS_TU3, PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3,
+ PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 );
+
+ checkAccess( "CHCK-ACS TU4 TO4 TOP1 ", UserTestData.USERS_TU4, PermTestData.OBJS_TOB2, PermTestData.OPS_TOP2,
+ PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 );
+
+ checkAccess( "CHCK-ACS TU1_UPD TO1 TOP1 ", UserTestData.USERS_TU1_UPD, PermTestData.OBJS_TOB1,
+ PermTestData.OPS_TOP1, PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3 );
}
@@ -219,27 +229,37 @@ public class AccelMgrImplTest extends TestCase
int j = 0;
for ( String[] op : opArray )
{
- // Call checkAccess method
+ Permission goodPerm;
+ if( VUtil.isNotNullOrEmpty( PermTestData.getObjId( opArray[j] ) ) )
+ {
+ // with an objectId:
+ goodPerm = new Permission(
+ PermTestData.getName( obj ),
+ PermTestData.getName( op ),
+ PermTestData.getObjId( opArray[j] ) );
+ }
+ else
+ {
+ // without an objectId:
+ goodPerm = new Permission(
+ PermTestData.getName( obj ),
+ PermTestData.getName( op ) );
+ }
+
+ // Positive test case, call checkAccess method, should return 'true':
assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" +
PermTestData.getName( obj ) + "] operationName [" + PermTestData.getName( op ) + "]",
- accelMgr.checkAccess( session, new Permission( PermTestData.getName( obj ),
- PermTestData.getName( op ) ) ) );
- // TODO: add support for objectIds:
-/*
- assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
- + PermTestData.getName( obj ) + "] operationName [" + PermTestData.getName( op ) + "]",
- accelMgr.checkAccess(
- session,
- new Permission( PermTestData.getName( obj ), PermTestData.getName( op ), PermTestData
- .getObjId( opArray[j] ) ) ) );
-*/
- // Call checkAccess method (this should fail):
- assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" +
- PermTestData.getName( oArrayBad[i] ) + "] operationName [" + PermTestData.getName(
- opArrayBad[j] ) + "]", !accelMgr.checkAccess( session,
- new Permission( PermTestData.getName( oArrayBad[i] ), PermTestData.getName( opArrayBad[j]
- ), PermTestData.getObjId( opArrayBad[j] ) ) ) );
+ accelMgr.checkAccess( session, goodPerm ) );
+ Permission badPerm = new Permission(
+ PermTestData.getName( oArrayBad[i] ),
+ PermTestData.getName( opArrayBad[j]),
+ PermTestData.getObjId( opArrayBad[j] ) );
+
+ // Negative test case, call checkAccess method again, should return 'false':
+ assertFalse( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" +
+ PermTestData.getName( oArrayBad[i] ) + "] operationName [" + PermTestData.getName(
+ opArrayBad[j] ) + "]", accelMgr.checkAccess( session, badPerm ) );
j++;
}
i++;