4.3 - Session Permissions
4 - Fortress Code Samples
4.5 - Drop Active Role

4.4 - Add Active Role

void addActiveRole(Session session, UserRole role) throws SecurityException

This function adds a role as an active role of a session whose owner is a given user.

The function is valid if and only if:

  • the user is a member of the USERS data set
  • the role is a member of the ROLES data set
  • the role inclusion does not violate Dynamic Separation of Duty Relationships
  • the session is a valid Fortress session
  • the user is authorized to that role
  • the session is owned by that user

Parameters:

  • session - object contains the user’s returned RBAC session from the createSession method.
  • role - object contains the role name, UserRole.name, to be activated into session.

Throws:

  • SecurityException - is thrown if user is not allowed to activate or runtime error occurs with system.

addActiveRole

import org.apache.directory.fortress.core.AccessMgr;
import org.apache.directory.fortress.core.AccessMgrFactory;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.UserRole;

@test
public static void testAddActiveRole( Session session, String roleName )
{
    String szLocation = ".testAddActiveRole";
    try
    {
        // Instantiate the AccessMgr implementation.
        AccessMgr accessMgr = AccessMgrFactory.createInstance();
        UserRole userRole = new UserRole( session.getUserId(), roleName );
        accessMgr.addActiveRole( session, userRole );
    }
    catch ( SecurityException ex )
    {
        LOG.error( szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex );
        fail( ex.getMessage() );
    }
}
4.3 - Session Permissions
4 - Fortress Code Samples
4.5 - Drop Active Role