You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2022/07/26 22:39:23 UTC
[directory-site] branch master updated: + addUser, deleteUser
This is an automated email from the ASF dual-hosted git repository.
smckinney pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-site.git
The following commit(s) were added to refs/heads/master by this push:
new aa8c89ac + addUser, deleteUser
aa8c89ac is described below
commit aa8c89acf21fbe65280fd39c1177d024054f0cfd
Author: Shawn McKinney <sm...@symas.com>
AuthorDate: Tue Jul 26 17:39:01 2022 -0500
+ addUser, deleteUser
---
source/fortress/user-guide.md | 5 +-
.../fortress/user-guide/4-fortress-code-samples.md | 2 +
source/fortress/user-guide/4.10-delete-user.md | 67 ++++++++++++++++
source/fortress/user-guide/4.7-add-role.md | 2 +-
source/fortress/user-guide/4.8-delete-role.md | 2 +
source/fortress/user-guide/4.9-add-user.md | 90 ++++++++++++++++++++++
6 files changed, 165 insertions(+), 3 deletions(-)
diff --git a/source/fortress/user-guide.md b/source/fortress/user-guide.md
index 28d47eef..06f97e47 100644
--- a/source/fortress/user-guide.md
+++ b/source/fortress/user-guide.md
@@ -29,10 +29,11 @@ This guide is primarily for people new to Fortress.
* [4.6 - Authorized Roles](user-guide/4.6-authorized-roles.html)
* [4.7 - Add Role](user-guide/4.7-add-role.html)
* [4.8 - Delete Role](user-guide/4.8-delete-role.html)
+ * [4.9 - Add User](user-guide/4.9-add-user.html)
+ * [4.10 - Delete User](user-guide/4.10-delete-user.html)
+
* TODO (more code samples):
- * [4.9 - addUser]
- * [4.10 - deleteUser]
* [4.11 - addPermObj]
* [4.12 - deletePermObj]
* [4.13 - addPermission]
diff --git a/source/fortress/user-guide/4-fortress-code-samples.md b/source/fortress/user-guide/4-fortress-code-samples.md
index f44adf4c..60d28e30 100644
--- a/source/fortress/user-guide/4-fortress-code-samples.md
+++ b/source/fortress/user-guide/4-fortress-code-samples.md
@@ -20,3 +20,5 @@ navNextText: 4.1 - Example Creating RBAC Session
* [4.6 - Get Authorized Roles](4.6-authorized-roles.html)
* [4.7 - Add Role](4.7-add-role.html)
* [4.8 - Delete Role](4.8-delete-role.html)
+* [4.9 - Add User](4.9-add-user.html)
+* [4.10 - Delete User](4.10-delete-user.html)
diff --git a/source/fortress/user-guide/4.10-delete-user.md b/source/fortress/user-guide/4.10-delete-user.md
new file mode 100644
index 00000000..8343e721
--- /dev/null
+++ b/source/fortress/user-guide/4.10-delete-user.md
@@ -0,0 +1,67 @@
+---
+title: 4.10 - Delete User
+navPrev: 4.9-add-user.html
+navPrevText: 4.9 - Add User
+navUp: 4-fortress-code-samples.html
+navUpText: 4 - Fortress Code Samples
+---
+
+```java
+void deleteUser(User user) throws SecurityException
+```
+
+# 4.10 - Delete User
+
+This command deletes an existing user from the RBAC database.
+The command is valid if and only if the user to be deleted is a member of the USERS data set.
+The USERS and UA data sets and the assigned_users function are updated. This method performs a "hard" delete.
+It completely removes all data associated with this user from the directory.
+User entity must exist in directory prior to making this call else exception will be thrown.
+
+required parameters:
+- User#userId - maps to INetOrgPerson uid
+
+Parameters:
+- user - Contains the User#userId of the User targeted for deletion.
+
+Throws:
+- SecurityException - thrown in the event of data validation or system error.
+
+## deleteUser
+
+```java
+@test
+public static void testDeleteUser(String userId)
+{
+ String szLocation = ".testDeleteUser";
+
+ try
+ {
+ // Instantiate the AdminMgr implementation which is used to provision RBAC policies.
+ AdminMgr adminMgr = AdminMgrFactory.createInstance();
+ User inUser = new User(userId);
+ adminMgr.deleteUser(inUser);
+
+ // now read it back:
+ // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
+ try
+ {
+ // this should fail because User was deleted above:
+ reviewMgr.readUser(inUser);
+ fail(szLocation + " user [" + inUser.getUserId() + "] delete failed");
+ }
+ catch (SecurityException se)
+ {
+ assertTrue(szLocation + " excep id check", se.getErrorId() == GlobalErrIds.USER_NOT_FOUND);
+ // pass
+ }
+ LOG.info(szLocation + " user [" + inUser.getUserId() + "] success");
+ }
+ catch (SecurityException ex)
+ {
+ LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
+ fail(ex.getMessage());
+ }
+}
+```
diff --git a/source/fortress/user-guide/4.7-add-role.md b/source/fortress/user-guide/4.7-add-role.md
index 5c49ceef..20d15d41 100644
--- a/source/fortress/user-guide/4.7-add-role.md
+++ b/source/fortress/user-guide/4.7-add-role.md
@@ -59,7 +59,7 @@ public static void testCreateRole()
adminMgr.addRole(inRole);
// Instantiate the ReviewMgr implementation which is used to interrogate RBAC policy information.
- ReviewMgr reviewMgr = ReviewMgrFactory.createInstance(TestUtils.getContext());
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
// now read the newly created Role entity back:
Role outRole = reviewMgr.readRole(inRole);
diff --git a/source/fortress/user-guide/4.8-delete-role.md b/source/fortress/user-guide/4.8-delete-role.md
index 1faceb64..bf12101e 100644
--- a/source/fortress/user-guide/4.8-delete-role.md
+++ b/source/fortress/user-guide/4.8-delete-role.md
@@ -4,6 +4,8 @@ navPrev: 4.7-add-role.html
navPrevText: 4.7 - Add Role
navUp: 4-fortress-code-samples.html
navUpText: 4 - Fortress Code Samples
+navNext: 4.9-add-user.html
+navNextText: 4.9 - Add User
---
# 4.8 - Delete Role
diff --git a/source/fortress/user-guide/4.9-add-user.md b/source/fortress/user-guide/4.9-add-user.md
new file mode 100644
index 00000000..f013c2c9
--- /dev/null
+++ b/source/fortress/user-guide/4.9-add-user.md
@@ -0,0 +1,90 @@
+---
+title: 4.9 - Add User
+navPrev: 4.8-delete-role.html
+navPrevText: 4.8 - Delete Role
+navUp: 4-fortress-code-samples.html
+navUpText: 4 - Fortress Code Samples
+navNext: 4.10-delete-user.html
+navNextText: 4.10 - Delete User
+---
+
+# 4.9 - Add User
+
+```java
+User addUser(User user) throws SecurityException
+```
+
+This command creates a new RBAC user. The command is valid only if the new user is not already a member of the USERS data set.
+The USER data set is updated. The new user does not own any session at the time of its creation.
+
+required parameters:
+- User#userId - maps to INetOrgPerson uid
+- User#password - used when password authentication is required
+- User#ou - contains the name of an already existing User OU node
+
+optional parameters:
+- User#pwPolicy - contains the name of an already existing OpenLDAP password policy node
+- User#cn - maps to INetOrgPerson common name attribute
+- User#sn - maps to INetOrgPerson surname attribute
+- User#description - maps to INetOrgPerson description attribute
+- User#title - maps to INetOrgPerson title attribute
+- User#employeeType - maps to INetOrgPerson employeeType attribute
+- User#phones * - multivalued attribute maps to organizationalPerson telephoneNumber attribute
+- User#mobiles * - multivalued attribute maps to INetOrgPerson mobile attribute
+- User#emails * - multivalued attribute maps to INetOrgPerson mail attribute
+- User#address * - multivalued attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes
+- User#beginTime - HHMM - determines begin hour user may activate session
+- User#endTime - HHMM - determines end hour user may activate session.
+- User#beginDate - YYYYMMDD - determines date when user may sign on
+- User#endDate - YYYYMMDD - indicates latest date user may sign on
+- User#beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
+- User#endLockDate - YYYYMMDD - determines end of enforced inactive status
+- User#dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on
+- User#timeout - number (in minutes) of session inactivity time allowed
+- User#props * - multivalued attribute contains property key and values are separated with a ':'. e.g. mykey1:myvalue1
+- User#roles * - multivalued attribute contains the name of already existing role to assign to user
+- User#adminRoles * - multivalued attribute contains the name of already existing adminRole to assign to user
+
+Parameters:
+- user - User entity must contain User#userId and User#ou (required) and optional User#description,User#roles and many others.
+
+Returns:
+- Returns entity containing user data that was added.
+
+Throws:
+- SecurityException - thrown in the event of data validation or system error.
+
+## addUser
+
+```java
+@test
+public static void testCreateUser(String userId, String password, String userOu)
+{
+ String szLocation = ".testCreateUser";
+ try
+ {
+ // Instantiate the AdminMgr implementation. All AdminMgr APIs can throw a SecurityException in the event
+ // of rule violation or system error.
+ AdminMgr adminMgr = AdminMgrFactory.createInstance();
+ User inUser = new User(userId, password);
+ // ou is required attribute:
+ inUser.setOu(userOu);
+ // Now call the add API. The API will return User entity with associated LDAP dn if creation was successful.
+ User outUser = adminMgr.addUser(inUser);
+ assertNotNull(outUser);
+
+ // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
+ ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();
+
+ // now read the newly created User entity back:
+ User outUser2 = reviewMgr.readUser(inUser);
+ assertTrue(szLocation + " failed read", inUser.equals(outUser2));
+ LOG.info(szLocation + " user [" + outUser2.getUserId() + "] success");
+ }
+ catch (SecurityException ex)
+ {
+ LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
+ fail(ex.getMessage());
+ }
+}
+```