You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by cp...@apache.org on 2016/02/20 15:52:04 UTC
[4/7] directory-fortress-core git commit: Added ability to perform
arbac checks for del access manager
Added ability to perform arbac checks for del access manager
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/9924cac5
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/9924cac5
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/9924cac5
Branch: refs/heads/master
Commit: 9924cac58d7ed1aa2f327ab71d2925909d51afba
Parents: e17a16b
Author: clp207 <cl...@psu.edu>
Authored: Sat Feb 20 09:04:42 2016 -0500
Committer: clp207 <cl...@psu.edu>
Committed: Sat Feb 20 09:04:42 2016 -0500
----------------------------------------------------------------------
ldap/setup/DelegatedAdminManagerLoad.xml | 5 +++++
.../fortress/core/impl/DelAccessMgrImpl.java | 16 ++++++++++------
2 files changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9924cac5/ldap/setup/DelegatedAdminManagerLoad.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/DelegatedAdminManagerLoad.xml b/ldap/setup/DelegatedAdminManagerLoad.xml
index 1d117dc..ed6d4e6 100644
--- a/ldap/setup/DelegatedAdminManagerLoad.xml
+++ b/ldap/setup/DelegatedAdminManagerLoad.xml
@@ -168,6 +168,7 @@
<permobj objName="org.apache.directory.fortress.core.impl.AuditMgrImpl" description="RBAC audit review" ou="default" type="ARBAC" admin="true"/>
<permobj objName="org.apache.directory.fortress.core.impl.GroupMgrImpl" description="LDAP Group admin policies" ou="default" type="ARBAC" admin="true"/>
<permobj objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" description="Access Manager Policies" ou="default" type="ARBAC" admin="true"/>
+ <permobj objName="org.apache.directory.fortress.core.impl.DelAccessMgrImpl" description="Delegated Access Manager Policies" ou="default" type="ARBAC" admin="true"/>
</addpermobj>
<addpermop>
@@ -294,6 +295,10 @@
<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="sessionPermissions" admin="true"/>
<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="sessionRoles" admin="true"/>
<permop objName="org.apache.directory.fortress.core.impl.AccessMgrImpl" opName="authorizedRoles" admin="true"/>
+
+ <permop objName="org.apache.directory.fortress.core.impl.DelAccessMgrImpl" opName="sessionAdminRoles" admin="true"/>
+ <permop objName="org.apache.directory.fortress.core.impl.DelAccessMgrImpl" opName="authorizedAdminRoles" admin="true"/>
+ <permop objName="org.apache.directory.fortress.core.impl.DelAccessMgrImpl" opName="sessionPermissions" admin="true"/>
</addpermop>
</FortressAdmin>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9924cac5/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
index 975d24a..62e7797 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/DelAccessMgrImpl.java
@@ -19,22 +19,22 @@
*/
package org.apache.directory.fortress.core.impl;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
import org.apache.commons.collections.CollectionUtils;
import org.apache.directory.fortress.core.DelAccessMgr;
import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.util.Config;
+import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.PermObj;
import org.apache.directory.fortress.core.model.Permission;
import org.apache.directory.fortress.core.model.Role;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.User;
import org.apache.directory.fortress.core.model.UserAdminRole;
+import org.apache.directory.fortress.core.util.Config;
import org.apache.directory.fortress.core.util.VUtil;
-import org.apache.directory.fortress.core.SecurityException;
-
-import java.util.List;
-import java.util.Set;
-import java.util.TreeSet;
/**
* This class implements the ARBAC02 DelAccessMgr interface for performing runtime delegated access control operations on
@@ -209,7 +209,9 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr
public List<UserAdminRole> sessionAdminRoles(Session session)
throws SecurityException
{
+ String methodName = "sessionAdminRoles";
VUtil.assertNotNull(session, GlobalErrIds.USER_SESS_NULL, CLS_NM + ".sessionAdminRoles");
+ setEntitySession(CLS_NM, methodName, session);
return session.getAdminRoles();
}
@@ -223,6 +225,7 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr
String methodName = "authorizedAdminRoles";
assertContext(CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL);
assertContext( CLS_NM, methodName, session.getUser(), GlobalErrIds.USER_NULL );
+ setEntitySession(CLS_NM, methodName, session);
return AdminRoleUtil.getInheritedRoles( session.getAdminRoles(), this.contextId );
}
@@ -237,6 +240,7 @@ public class DelAccessMgrImpl extends AccessMgrImpl implements DelAccessMgr
assertContext(CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL);
VUtil.validateConstraints( session, VUtil.ConstraintType.USER, false );
VUtil.validateConstraints( session, VUtil.ConstraintType.ROLE, false );
+ setEntitySession(CLS_NM, methodName, session);
return permP.search( session, true );
}