Google Git
Sign in
apache / directory-fortress-core / 18b1b16a2d3a9903f05fb0245c8431a9b2f1375a / . / src / main / java / org / apache / directory / fortress / core / rest / DelReviewMgrRestImpl.java
blob: eba8429fb8b3703cf42cd2bc100dedff2afe78b2 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.fortress.core.rest;
import java.util.ArrayList;
import java.util.List;
import org.apache.directory.fortress.core.DelReviewMgr;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.impl.Manageable;
import org.apache.directory.fortress.core.model.AdminRole;
import org.apache.directory.fortress.core.model.FortRequest;
import org.apache.directory.fortress.core.model.FortResponse;
import org.apache.directory.fortress.core.model.OrgUnit;
import org.apache.directory.fortress.core.model.Permission;
import org.apache.directory.fortress.core.model.User;
import org.apache.directory.fortress.core.model.UserAdminRole;
import org.apache.directory.fortress.core.util.VUtil;
/**
* This class implements the ARBAC02 DelReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC entities
* using HTTP access to Fortress Rest server.
* These APIs map directly to similar named APIs specified by ARBAC02 functions. The ARBAC Functional specification describes delegated administrative
* operations for the creation and maintenance of ARBAC element sets and relations. Delegated administrative review functions for performing administrative queries
* and system functions for creating and managing ARBAC attributes on user sessions and making delegated administrative access control decisions.
* <h3>Administrative Role Based Access Control (ARBAC)</h3>
* <img src="../doc-files/ARbac.png" alt="">
* <p>
* Fortress fully supports the Oh/Sandhu/Zhang ARBAC02 model for delegated administration. ARBAC provides large enterprises the capability to delegate administrative authority to users that reside outside of the security admin group.
* Decentralizing administration helps because it provides security provisioning capability to work groups without sacrificing regulations for accountability or traceability.
* <p>
* This class is NOT thread safe if "adminSession" instance variable is set
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public class DelReviewMgrRestImpl extends Manageable implements DelReviewMgr
{
private static final String CLS_NM = DelReviewMgrRestImpl.class.getName();
/**
* {@inheritDoc}
*/
@Override
public AdminRole readRole(AdminRole role)
throws SecurityException
{
VUtil.assertNotNull(role, GlobalErrIds.ARLE_NULL, CLS_NM + ".readRole");
AdminRole retRole;
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
request.setEntity(role);
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ARLE_READ);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0)
{
retRole = (AdminRole) response.getEntity();
}
else
{
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return retRole;
}
/**
* {@inheritDoc}
*/
@Override
public List<AdminRole> findRoles(String searchVal)
throws SecurityException
{
VUtil.assertNotNull(searchVal, GlobalErrIds.ARLE_NM_NULL, CLS_NM + ".findRoles");
List<AdminRole> retRoles;
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
request.setValue(searchVal);
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ARLE_SEARCH);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0)
{
retRoles = response.getEntities();
}
else
{
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return retRoles;
}
/**
* {@inheritDoc}
*/
@Override
public List<UserAdminRole> assignedRoles(User user)
throws SecurityException
{
VUtil.assertNotNull(user, GlobalErrIds.USER_NULL, CLS_NM + ".assignedRoles");
List<UserAdminRole> retUserRoles;
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
request.setEntity(user);
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ARLE_ASGNED);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0)
{
retUserRoles = response.getEntities();
}
else
{
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return retUserRoles;
}
/**
* {@inheritDoc}
*/
@Override
public List<User> assignedUsers(AdminRole role)
throws SecurityException
{
VUtil.assertNotNull(role, GlobalErrIds.ARLE_NULL, CLS_NM + ".assignedUsers");
List<User> retUsers;
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
request.setEntity(role);
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.USER_ASGNED_ADMIN);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0)
{
retUsers = response.getEntities();
// do not return a null list to the caller:
if (retUsers == null)
{
retUsers = new ArrayList<>();
}
}
else
{
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return retUsers;
}
/**
* {@inheritDoc}
*/
@Override
public OrgUnit read(OrgUnit entity)
throws SecurityException
{
VUtil.assertNotNull(entity, GlobalErrIds.ORG_NULL, CLS_NM + ".readOrgUnit");
OrgUnit retOrg;
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
request.setEntity(entity);
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ORG_READ);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0)
{
retOrg = (OrgUnit) response.getEntity();
}
else
{
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return retOrg;
}
/**
* {@inheritDoc}
*/
@Override
public List<OrgUnit> search(OrgUnit.Type type, String searchVal)
throws SecurityException
{
VUtil.assertNotNull(type, GlobalErrIds.ORG_TYPE_NULL, CLS_NM + ".search");
List<OrgUnit> retOrgs;
FortRequest request = new FortRequest();
request.setContextId(this.contextId);
OrgUnit inOrg = new OrgUnit(searchVal, type);
request.setEntity(inOrg);
String szRequest = RestUtils.marshal(request);
String szResponse = RestUtils.getInstance().post(szRequest, HttpIds.ORG_SEARCH);
FortResponse response = RestUtils.unmarshall(szResponse);
if (response.getErrorCode() == 0)
{
retOrgs = response.getEntities();
}
else
{
throw new SecurityException(response.getErrorCode(), response.getErrorMessage());
}
return retOrgs;
}
@Override
public List<Permission> rolePermissions(AdminRole role)
throws SecurityException
{
// TODO Auto-generated method stub
return null;
}
@Override
public List<Permission> rolePermissions(AdminRole role,
boolean noInheritance) throws SecurityException
{
// TODO Auto-generated method stub
return null;
}
}