Google Git
Sign in
apache / directory-fortress-enmasse / 1752a5e5d58892e826acbe2a56f6e5049b82fe56 / . / src / main / java / org / openldap / enmasse / DelegatedAccessMgrImpl.java
blob: ac8ccc4a626ccd8d586f346cd5e26bb5e7207a33 [file] [log] [blame]
/*
* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2014 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
package org.openldap.enmasse;
import org.openldap.fortress.DelAccessMgr;
import org.openldap.fortress.DelAccessMgrFactory;
import org.openldap.fortress.SecurityException;
import org.openldap.fortress.rbac.RolePerm;
import org.openldap.fortress.rbac.UserAdminRole;
import org.openldap.fortress.rbac.Permission;
import org.openldap.fortress.rbac.Role;
import org.openldap.fortress.rbac.Session;
import org.openldap.fortress.rbac.User;
import org.openldap.fortress.rbac.UserRole;
import org.openldap.fortress.rest.FortRequest;
import org.openldap.fortress.rest.FortResponse;
import org.apache.log4j.Logger;
import java.util.List;
import java.util.Set;
/**
* Utility for EnMasse Server. This class is thread safe.
*
* @author Shawn McKinney
*/
class DelegatedAccessMgrImpl
{
private static final String CLS_NM = DelegatedAccessMgrImpl.class.getName();
private static final Logger log = Logger.getLogger(CLS_NM);
/**
* ************************************************************************************************************************************
* BEGIN DELEGATEDACCESSMGR
* **************************************************************************************************************************************
*/
FortResponse canAssign(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
UserRole uRole = (UserRole) request.getEntity();
Session session = request.getSession();
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
boolean result = accessMgr.canAssign(session, new User(uRole.getUserId()), new Role(uRole.getName()));
response.setSession(session);
response.setAuthorized(result);
response.setErrorCode(0);
}
catch (org.openldap.fortress.SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
FortResponse canDeassign(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
UserRole uRole = (UserRole) request.getEntity();
Session session = request.getSession();
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
boolean result = accessMgr.canDeassign(session, new User(uRole.getUserId()), new Role(uRole.getName()));
response.setSession(session);
response.setAuthorized(result);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
FortResponse canGrant(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
RolePerm context = (RolePerm) request.getEntity();
Session session = request.getSession();
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
boolean result = accessMgr.canGrant(session, new Role(context.getRole().getName()), context.getPerm());
response.setSession(session);
response.setAuthorized(result);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
FortResponse canRevoke(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
RolePerm context = (RolePerm) request.getEntity();
Session session = request.getSession();
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
boolean result = accessMgr.canRevoke(session, new Role(context.getRole().getName()), context.getPerm());
response.setSession(session);
response.setAuthorized(result);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
public FortResponse checkAdminAccess(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
Permission perm = (Permission) request.getEntity();
Session session = request.getSession();
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
perm.setAdmin(true);
boolean result = accessMgr.checkAccess(session, perm);
response.setSession(session);
response.setAuthorized(result);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
FortResponse addActiveAdminRole(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
UserAdminRole uAdminRole = (UserAdminRole) request.getEntity();
Session session = request.getSession();
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
accessMgr.addActiveRole(session, uAdminRole);
response.setSession(session);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
FortResponse dropActiveAdminRole(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
UserAdminRole uAdminRole = (UserAdminRole) request.getEntity();
Session session = request.getSession();
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
accessMgr.dropActiveRole(session, uAdminRole);
response.setSession(session);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
FortResponse sessionAdminRoles(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
Session session = request.getSession();
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
List<UserAdminRole> roles = accessMgr.sessionAdminRoles(session);
response.setEntities(roles);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
FortResponse sessionAdminPermissions(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
Session session = request.getSession();
List<Permission> perms = accessMgr.sessionPermissions(session);
response.setSession(session);
response.setEntities(perms);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
FortResponse authorizedSessionRoles(FortRequest request)
{
FortResponse response = new FortResponse();
try
{
DelAccessMgr accessMgr = DelAccessMgrFactory.createInstance(request.getContextId());
Session session = request.getSession();
Set<String> roles = accessMgr.authorizedAdminRoles(session);
response.setValueSet(roles);
response.setSession(session);
response.setErrorCode(0);
}
catch (SecurityException se)
{
log.info(CLS_NM + " caught " + se);
response.setErrorCode(se.getErrorId());
response.setErrorMessage(se.getMessage());
}
return response;
}
}