Package org.apache.directory.server.core.authn

Examples of org.apache.directory.server.core.authn.LdapPrincipal

181
182
183
184
185
186
187
188
189
190
191
    public void testFrontAndBackDoubleBypass() throws Exception
    {
        LdapDN dn = new LdapDN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new LdapDN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        Set<String> bypass = new HashSet<String>();
        bypass.add( "0" );
        bypass.add( "4" );
        opContext.setByPassed( bypass );
View Full Code Here
209
210
211
212
213
214
215
216
217
218
219
    public void testDoubleBypass() throws Exception
    {
        LdapDN dn = new LdapDN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new LdapDN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        Set<String> bypass = new HashSet<String>();
        bypass.add( "1" );
        bypass.add( "3" );
        opContext.setByPassed( bypass );
View Full Code Here
237
238
239
240
241
242
243
244
245
246
247
    public void testCompleteBypass() throws Exception
    {
        LdapDN dn = new LdapDN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new LdapDN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        opContext.setByPassed( ByPassConstants.BYPASS_ALL_COLLECTION );
        InvocationStack.getInstance().push( opContext );

        try
View Full Code Here
141
142
143
144
145
146
147
148
149
150
151
            principalDn = "";
        }

        LdapDN userDn = new LdapDN( principalDn );
        userDn.normalize( service.getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
        LdapPrincipal principal = new LdapPrincipal( userDn, AuthenticationLevel.SIMPLE );

        if ( dn == null )
        {
            dn = "";
        }
View Full Code Here
164
165
166
167
168
169
170
171
172
173
174
            principalDn = "";
        }
       
        LdapDN userDn = new LdapDN( principalDn );
        userDn.normalize( service.getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
        LdapPrincipal principal = new LdapPrincipal( userDn, AuthenticationLevel.SIMPLE );
       
        if ( dn == null )
        {
            dn = "";
        }
View Full Code Here
148
149
150
151
152
153
154
155
156
157
158
        // read in the administrators and cache their normalized names
        Set<String> newAdministrators = new HashSet<String>( 2 );
        LdapDN adminDn = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
        adminDn.normalize( directoryService.getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
        CoreSession adminSession = new DefaultCoreSession(
            new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );

        ServerEntry adminGroup = nexus.lookup( new LookupOperationContext( adminSession, ADMIN_GROUP_DN ) );
       
        if ( adminGroup == null )
        {
View Full Code Here
205
206
207
208
209
210
211
212

        public MockOperation( int count ) throws Exception
        {
            this.count = count;
            this.session = new DefaultCoreSession( new LdapPrincipal( new LdapDN(), AuthenticationLevel.STRONG ),
                new MockDirectoryService( count ) );
        }
View Full Code Here
203
204
205
206
207
208
209
210
211
212
213
        super.init( directoryService );

        LdapDN adminDn = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
        adminDn.normalize( directoryService.getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
        CoreSession adminSession = new DefaultCoreSession(
            new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );

        tupleCache = new TupleCache( adminSession );
        groupCache = new GroupCache( adminSession );
        registries = directoryService.getRegistries();
        atRegistry = registries.getAttributeTypeRegistry();
View Full Code Here
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
     */

    public void add( NextInterceptor next, AddOperationContext addContext ) throws Exception
    {
        // Access the principal requesting the operation, and bypass checks if it is the admin
        LdapPrincipal principal = addContext.getSession().getEffectivePrincipal();
        LdapDN principalDn = principal.getJndiName();
       
        ServerEntry serverEntry = addContext.getEntry();
        //Attributes entry = ServerEntryUtils.toAttributesImpl( serverEntry );

        LdapDN name = addContext.getDn();

        // bypass authz code if we are disabled
        if ( !enabled )
        {
            next.add( addContext );
            return;
        }

        // bypass authz code but manage caches if operation is performed by the admin
        if ( isPrincipalAnAdministrator( principalDn ) )
        {
            next.add( addContext );
            tupleCache.subentryAdded( name, serverEntry );
            groupCache.groupAdded( name, serverEntry );
            return;
        }

        // perform checks below here for all non-admin users
        SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class.getName() );
        ServerEntry subentryAttrs = subentryInterceptor.getSubentryAttributes( name, serverEntry );
       
        for ( EntryAttribute attribute:serverEntry )
        {
            subentryAttrs.put( attribute );
        }

        // Assemble all the information required to make an access control decision
        Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toNormName() );
        Collection<ACITuple> tuples = new HashSet<ACITuple>();

        // Build the total collection of tuples to be considered for add rights
        // NOTE: entryACI are NOT considered in adds (it would be a security breech)
        addPerscriptiveAciTuples( addContext, tuples, name, subentryAttrs );
        addSubentryAciTuples( addContext, tuples, name, subentryAttrs );

        // check if entry scope permission is granted
        engine.checkPermission( registries, addContext, userGroups, principalDn, principal.getAuthenticationLevel(), name, null, null,
            ADD_PERMS, tuples, subentryAttrs, null );

        // now we must check if attribute type and value scope permission is granted
        for ( EntryAttribute attribute:serverEntry )
        {
            for ( Value<?> value:attribute )
            {
                engine.checkPermission( registries, addContext, userGroups, principalDn,
                    principal.getAuthenticationLevel(), name, attribute.getUpId(), value,
                    ADD_PERMS, tuples, serverEntry, null );
            }
        }

        // if we've gotten this far then access has been granted
View Full Code Here
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
    public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws Exception
    {
        LdapDN name = deleteContext.getDn();
       
        LdapPrincipal principal = deleteContext.getSession().getEffectivePrincipal();
        LdapDN principalDn = principal.getJndiName();

        // bypass authz code if we are disabled
        if ( ! enabled )
        {
            next.delete( deleteContext );
            return;
        }

        ClonedServerEntry entry = deleteContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );

        protectCriticalEntries( name );

        // bypass authz code but manage caches if operation is performed by the admin
        if ( isPrincipalAnAdministrator( principalDn ) )
        {
            next.delete( deleteContext );
            tupleCache.subentryDeleted( name, entry );
            groupCache.groupDeleted( name, entry );
            return;
        }

        Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toString() );
        Collection<ACITuple> tuples = new HashSet<ACITuple>();
        addPerscriptiveAciTuples( deleteContext, tuples, name, entry.getOriginalEntry() );
        addEntryAciTuples( tuples, entry );
        addSubentryAciTuples( deleteContext, tuples, name, entry );

        engine.checkPermission( registries, deleteContext, userGroups, principalDn,
            principal.getAuthenticationLevel(), name, null, null, REMOVE_PERMS, tuples, entry, null );

        next.delete( deleteContext );
        tupleCache.subentryDeleted( name, entry );
        groupCache.groupDeleted( name, entry );
    }
View Full Code Here
TOP

Related Classes of org.apache.directory.server.core.authn.LdapPrincipal

  • org.apache.directory.server.core.authz.AciAuthorizationInterceptor
  • org.apache.directory.server.core.authz.AuthorizationServiceAsNonAdminIT
  • org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor
  • org.apache.directory.server.core.authz.support.MaxImmSubFilterTest$MockOperation
  • org.apache.directory.server.core.changelog.MemoryChangeLogStoreTest
  • org.apache.directory.server.core.DefaultDirectoryService
  • org.apache.directory.server.core.integ.IntegrationUtils
  • org.apache.directory.server.core.interceptor.InterceptorChainTest
  • org.apache.directory.server.core.partition.DefaultPartitionNexus
  • org.apache.directory.server.core.security.CoreKeyStoreSpi
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.