本文整理汇总了Java中org.apache.directory.fortress.core.model.Session.getUserId方法的典型用法代码示例。如果您正苦于以下问题:Java Session.getUserId方法的具体用法?Java Session.getUserId怎么用?Java Session.getUserId使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.apache.directory.fortress.core.model.Session
的用法示例。
在下文中一共展示了Session.getUserId方法的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: dropActiveRole
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* {@inheritDoc}
*/
@Override
public void dropActiveRole(Session session, UserAdminRole role)
throws SecurityException
{
String methodName = "dropActiveRole";
assertContext(CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL);
assertContext(CLS_NM, methodName, role, GlobalErrIds.ARLE_NULL);
role.setUserId(session.getUserId());
List<UserAdminRole> roles = session.getAdminRoles();
VUtil.assertNotNull(roles, GlobalErrIds.ARLE_DEACTIVE_FAILED, methodName);
int indx = roles.indexOf(role);
if (indx != -1)
{
roles.remove(role);
}
else
{
String info = methodName + " Admin Role [" + role.getName() + "] User [" + session.getUserId() + "], not previously activated";
throw new SecurityException(GlobalErrIds.ARLE_NOT_ACTIVE, info);
}
}
示例2: createSession
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Used when web app needs to create a 'trusted' fortress session.
*
* Does not check user's password.
*
* @param accessMgr fortress access mgr apis
* @param userId required for rbac session creation.
* @return rbac session.
*/
public static Session createSession(AccessMgr accessMgr, String userId)
{
Session session;
try
{
// Create an RBAC session and attach to Wicket session:
session = accessMgr.createSession( new User( userId ), true );
String message = "RBAC Session successfully created for userId: " + session.getUserId();
LOG.debug( message );
}
catch ( org.apache.directory.fortress.core.SecurityException se )
{
String error = "createSession caught SecurityException=" + se;
LOG.error( error );
throw new RuntimeException( error );
}
return session;
}
示例3: loadPermissionsIntoSession
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Here the wicket session is loaded with the fortress session and permissions.
*
*
* @param delAccessMgr needed to pull back fortress arbac permissions.
* @param session needed for call into accessMgr.
*/
public static void loadPermissionsIntoSession( DelAccessMgr delAccessMgr, Session session)
{
try
{
// Retrieve user permissions and attach fortress session to Wicket session:
( ( WicketSession ) WicketSession.get() ).setSession( session );
List<Permission> permissions = delAccessMgr.sessionPermissions( session );
( ( WicketSession ) WicketSession.get() ).setPermissions( permissions );
String message = "Session successfully created for userId: " + session.getUserId();
LOG.debug( message );
}
catch ( org.apache.directory.fortress.core.SecurityException se )
{
String error = "loadPermissionsIntoSession caught SecurityException=" + se;
LOG.error( error );
throw new RuntimeException( error );
}
}
示例4: loadActivatedRoleSets
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* This loads the set of user's activated roles into a local page variable. It is used for deactivate combo
* box.
*/
private void loadActivatedRoleSets()
{
Session session = SecUtils.getSession( this );
if ( session != null )
{
LOG.info( "get assigned roles for user: " + session.getUserId() );
try
{
inactiveRoles = reviewMgr.assignedRoles( session.getUser() );
// remove inactiveRoles already activated:
for ( UserRole activatedRole : session.getRoles() )
{
inactiveRoles.remove( activatedRole );
}
LOG.info( "user: " + session.getUserId() + " inactiveRoles for activate list: " + inactiveRoles );
activeRoles = session.getRoles();
}
catch ( org.apache.directory.fortress.core.SecurityException se )
{
String error = "SecurityException getting assigned inactiveRoles for user: " + session.getUserId();
LOG.error( error );
}
}
}
示例5: getUserId
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
public static String getUserId(Component component)
{
String userId = null;
Session session = ( ( FtSession ) component.getSession() ).getSession();
if(session != null)
userId = session.getUserId();
return userId;
}
示例6: canAssign
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Wrapper function to call {@link DelAccessMgrImpl#canAssign(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.User, org.apache.directory.fortress.core.model.Role)}.
* This will determine if the user contains an AdminRole that is authorized assignment control over User-Role Assignment (URA). This adheres to the ARBAC02 functional specification for can-assign URA.
*
* @param session This object must be instantiated by calling {@link org.apache.directory.fortress.core.AccessMgr#createSession} method before passing into the method. No variables need to be set by client after returned from createSession.
* @param user Instantiated User entity requires only valid userId attribute set.
* @param role Instantiated Role entity requires only valid role name attribute set.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @throws org.apache.directory.fortress.core.SecurityException In the event of data validation error (i.e. invalid userId or role name) or system error.
*/
static void canAssign(Session session, User user, Role role, String contextId) throws SecurityException
{
if (session != null)
{
DelAccessMgr dAccessMgr = DelAccessMgrFactory.createInstance(contextId);
boolean result = dAccessMgr.canAssign(session, user, role);
if (!result)
{
String warning = "canAssign Role [" + role.getName() + "] User [" + user.getUserId() + "] Admin [" + session.getUserId() + "] failed check.";
throw new SecurityException(GlobalErrIds.URLE_ADMIN_CANNOT_ASSIGN, warning);
}
}
}
示例7: canDeassign
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Wrapper function to call {@link DelAccessMgrImpl#canDeassign(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.User, org.apache.directory.fortress.core.model.Role)}.
*
* This function will determine if the user contains an AdminRole that is authorized revoke control over User-Role Assignment (URA). This adheres to the ARBAC02 functional specification for can-revoke URA.
*
* @param session This object must be instantiated by calling {@link org.apache.directory.fortress.core.AccessMgr#createSession} method before passing into the method. No variables need to be set by client after returned from createSession. * @param user Instantiated User entity requires only valid userId attribute set.
* @param user Instantiated User entity requires userId attribute set.
* @param role Instantiated Role entity requires only valid role name attribute set.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @throws org.apache.directory.fortress.core.SecurityException In the event of data validation error (i.e. invalid userId or role name) or system error.
*/
static void canDeassign(Session session, User user, Role role, String contextId) throws SecurityException
{
if (session != null)
{
DelAccessMgr dAccessMgr = DelAccessMgrFactory.createInstance(contextId);
boolean result = dAccessMgr.canDeassign(session, user, role);
if (!result)
{
String warning = "canDeassign Role [" + role.getName() + "] User [" + user.getUserId() + "] Admin [" + session.getUserId() + "] failed check.";
throw new SecurityException(GlobalErrIds.URLE_ADMIN_CANNOT_DEASSIGN, warning);
}
}
}
示例8: canGrant
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Wrapper function to call {@link DelAccessMgrImpl#canGrant(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.Role, Permission)}.
* This function will determine if the user contains an AdminRole that is authorized assignment control over
* Permission-Role Assignment (PRA). This adheres to the ARBAC02 functional specification for can-assign-p PRA.
*
* @param session This object must be instantiated by calling {@link org.apache.directory.fortress.core.AccessMgr#createSession} method before passing into the method. No variables need to be set by client after returned from createSession. * @param perm Instantiated Permission entity requires valid object name and operation name attributes set.
* @param role Instantiated Role entity requires only valid role name attribute set.
* @param perm Instantiated Permission entity requires {@link Permission#objName} and {@link Permission#opName}.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @return boolean value true indicates access allowed.
* @throws SecurityException In the event of data validation error (i.e. invalid perm or role name) or system error.
*/
static void canGrant(Session session, Role role, Permission perm, String contextId) throws SecurityException
{
if (session != null)
{
DelAccessMgr dAccessMgr = DelAccessMgrFactory.createInstance(contextId);
boolean result = dAccessMgr.canGrant(session, role, perm);
if (!result)
{
String warning = "canGrant Role [" + role.getName() + "] Perm object [" + perm.getObjName() + "] Perm Operation [" + perm.getOpName() + "] Admin [" + session.getUserId() + "] failed check.";
throw new SecurityException(GlobalErrIds.URLE_ADMIN_CANNOT_GRANT, warning);
}
}
}
示例9: canRevoke
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Wrapper function to call {@link DelAccessMgrImpl#canRevoke(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.Role, Permission)}.
*
* This function will determine if the user contains an AdminRole that is authorized revoke control over
* Permission-Role Assignment (PRA). This adheres to the ARBAC02 functional specification for can-revoke-p PRA.
*
* @param session This object must be instantiated by calling {@link org.apache.directory.fortress.core.AccessMgr#createSession} method before passing into the method. No variables need to be set by client after returned from createSession. * @param perm Instantiated Permission entity requires valid object name and operation name attributes set.
* @param role Instantiated Role entity requires only valid role name attribute set.
* @param perm Instantiated Permission entity requires {@link Permission#objName} and {@link Permission#opName}.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @throws org.apache.directory.fortress.core.SecurityException In the event of data validation error (i.e. invalid perm or role name) or system error.
*/
static void canRevoke(Session session, Role role, Permission perm, String contextId) throws SecurityException
{
if (session != null)
{
DelAccessMgr dAccessMgr = DelAccessMgrFactory.createInstance(contextId);
boolean result = dAccessMgr.canRevoke(session, role, perm);
if (!result)
{
String warning = "canRevoke Role [" + role.getName() + "] Perm object [" + perm.getObjName() + "] Perm Operation [" + perm.getOpName() + "] Admin [" + session.getUserId() + "] failed check.";
throw new SecurityException(GlobalErrIds.URLE_ADMIN_CANNOT_REVOKE, warning);
}
}
}
示例10: dropActiveRole
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Deactivate user role from impl session
* This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#dropActiveRole(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.UserRole)}.
* Success will result in impl session state to be modified inside server-side cache.
* It uses the {@link RbacDropRoleRequest} and {@link RbacDropRoleResponse} accelerator APIs.
*
* @param session contains a valid sessionId captured from accelerator createSession method.
* @param userRole both the {@link org.apache.directory.fortress.core.model.UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
* @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_DROP_ROLE_ERR}.
*/
void dropActiveRole( Session session, UserRole userRole ) throws SecurityException
{
LdapConnection ld = null;
try
{
ld = getAdminConnection();
RbacDropRoleRequest dropRoleRequest = new RbacDropRoleRequestImpl();
dropRoleRequest.setSessionId( session.getSessionId() );
dropRoleRequest.setRole( userRole.getName() );
dropRoleRequest.setUserIdentity( userRole.getUserId() );
// Send the request
RbacDropRoleResponse rbacDropRoleResponse = ( RbacDropRoleResponse ) ld.extended(
dropRoleRequest );
LOG.debug( "dropActiveRole result: {}", rbacDropRoleResponse.getLdapResult().getResultCode() );
if ( rbacDropRoleResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS )
{
String info = "dropActiveRole Role [" + userRole.getName() + "] User ["
+ session.getUserId() + "], not previously activated.";
throw new SecurityException( GlobalErrIds.URLE_NOT_ACTIVE, info );
}
}
catch ( LdapException e )
{
String error = "dropActiveRole role name [" + userRole.getName() + "] caught LDAPException=" + " msg=" + e
.getMessage();
throw new SecurityException( GlobalErrIds.ACEL_DROP_ROLE_ERR, error, e );
}
finally
{
closeAdminConnection( ld );
}
}
示例11: getUserid
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
protected String getUserid()
{
String userid;
WicketSession session = ( WicketSession ) this.getSession();
Session ftSess = session.getSession();
userid = ftSess.getUserId();
return userid;
}
示例12: addActiveRole
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Activate user role into impl session
* This function follows the pattern from: {@link org.apache.directory.fortress.core.AccessMgr#addActiveRole(org.apache.directory.fortress.core.model.Session, org.apache.directory.fortress.core.model.UserRole)}.
* Success will result in impl session state to be modified inside server-side cache.
* It uses the {@link RbacAddRoleRequest} and {@link RbacAddRoleResponse} accelerator APIs.
*
* @param session contains a valid sessionId captured from accelerator createSession method.
* @param userRole both the {@link org.apache.directory.fortress.core.model.UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
* @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_ADD_ROLE_ERR}.
*/
void addActiveRole( Session session, UserRole userRole ) throws SecurityException
{
LdapConnection ld = null;
try
{
ld = getAdminConnection();
RbacAddRoleRequest addRoleRequest = new RbacAddRoleRequestImpl();
addRoleRequest.setSessionId( session.getSessionId() );
addRoleRequest.setRole( userRole.getName() );
addRoleRequest.setUserIdentity( userRole.getUserId() );
// Send the request
RbacAddRoleResponse rbacAddRoleResponse = ( RbacAddRoleResponse ) ld.extended(
addRoleRequest );
LOG.debug( "addActiveRole result: {}", rbacAddRoleResponse.getLdapResult().getResultCode() );
if ( rbacAddRoleResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS )
{
String info;
int rc;
if ( rbacAddRoleResponse.getLdapResult().getResultCode() == ResultCodeEnum.ATTRIBUTE_OR_VALUE_EXISTS )
{
info = "addActiveRole Role [" + userRole.getName() + "] User ["
+ session.getUserId() + "], already activated.";
rc = GlobalErrIds.URLE_ALREADY_ACTIVE;
}
else
{
info = "addActiveRole Role [" + userRole.getName() + "] User ["
+ session.getUserId() + "], not authorized for user.";
rc = GlobalErrIds.URLE_ACTIVATE_FAILED;
}
throw new SecurityException( rc, info );
}
}
catch ( LdapException e )
{
String error = "addActiveRole role name [" + userRole.getName() + "] caught LDAPException=" + " msg=" + e
.getMessage();
throw new SecurityException( GlobalErrIds.ACEL_ADD_ROLE_ERR, error, e );
}
finally
{
closeAdminConnection( ld );
}
}
示例13: checkAccess
import org.apache.directory.fortress.core.model.Session; //导入方法依赖的package包/类
/**
* Wrapper function to call {@link DelAccessMgrImpl#checkAccess(org.apache.directory.fortress.core.model.Session, Permission)}.
* Perform user arbac authorization. This function returns a Boolean value meaning whether the subject of a given session is
* allowed or not to perform a given operation on a given object. The function is valid if and
* only if the session is a valid Fortress session, the object is a member of the OBJS data set,
* and the operation is a member of the OPS data set. The session's subject has the permission
* to perform the operation on that object if and only if that permission is assigned to (at least)
* one of the session's active roles. This implementation will verify the roles or userId correspond
* to the subject's active roles are registered in the object's access control list.
*
* @param session This object must be instantiated by calling {@link org.apache.directory.fortress.core.AccessMgr#createSession} method before passing into the method. No variables need to be set by client after returned from createSession.
* @param perm object contains obj attribute which is a String and contains the name of the object user is trying to access;
* perm object contains operation attribute which is also a String and contains the operation name for the object.
* @param contextId maps to sub-tree in DIT, e.g. ou=contextId, dc=example, dc=com.
* @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
*/
static void checkAccess(Session session, Permission perm, String contextId) throws SecurityException
{
if (session != null)
{
DelAccessMgr dAccessMgr = DelAccessMgrFactory.createInstance(contextId);
boolean result = dAccessMgr.checkAccess(session, perm);
if (!result)
{
String info = "checkAccess failed for user [" + session.getUserId() + "] object [" + perm.getObjName() + "] operation [" + perm.getOpName() + "]";
throw new AuthorizationException(GlobalErrIds.USER_ADMIN_NOT_AUTHORIZED, info);
}
}
}