Example 6 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb by orientechnologies.
the class OTokenHandlerImplTest method testBinartTokenCreationValidation.
@Test
public void testBinartTokenCreationValidation() throws InvalidKeyException, NoSuchAlgorithmException, IOException {
ODatabaseDocumentTx db = new ODatabaseDocumentTx("memory:" + OTokenHandlerImplTest.class.getSimpleName());
db.create();
try {
OSecurityUser original = db.getUser();
OTokenHandlerImpl handler = new OTokenHandlerImpl("any key".getBytes(), 60, "HmacSHA256");
ONetworkProtocolData data = new ONetworkProtocolData();
data.driverName = "aa";
data.driverVersion = "aa";
data.serializationImpl = "a";
data.protocolVersion = 2;
byte[] token = handler.getSignedBinaryToken(db, original, data);
OToken tok = handler.parseBinaryToken(token);
assertNotNull(tok);
assertTrue(tok.getIsVerified());
OUser user = tok.getUser(db);
assertEquals(user.getName(), original.getName());
boolean boole = handler.validateBinaryToken(tok);
assertTrue(boole);
assertTrue(tok.getIsValid());
} finally {
db.drop();
}
}
Also used :
ONetworkProtocolData(com.orientechnologies.orient.server.network.protocol.ONetworkProtocolData)
OToken(com.orientechnologies.orient.core.metadata.security.OToken)
ODatabaseDocumentTx(com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)
OUser(com.orientechnologies.orient.core.metadata.security.OUser)
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
Test(org.junit.Test)
Example 7 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb by orientechnologies.
the class ODistributedWorker method onMessage.
/**
* Executes the remote call on the local node and send back the result
*/
protected void onMessage(final ODistributedRequest iRequest) {
String senderNodeName = null;
for (int retry = 0; retry < 10; retry++) {
senderNodeName = manager.getNodeNameById(iRequest.getId().getNodeId());
if (senderNodeName != null)
break;
try {
Thread.sleep(200);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
throw new ODistributedException("Execution has been interrupted");
}
}
if (senderNodeName == null) {
ODistributedServerLog.warn(this, localNodeName, senderNodeName, DIRECTION.IN, "Sender server id %d is not registered in the cluster configuration, discard the request: (%s) (worker=%d)", iRequest.getId().getNodeId(), iRequest, id);
sendResponseBack(iRequest, new ODistributedException("Sender server id " + iRequest.getId().getNodeId() + " is not registered in the cluster configuration, discard the request"));
return;
}
final ORemoteTask task = iRequest.getTask();
if (ODistributedServerLog.isDebugEnabled())
ODistributedServerLog.debug(this, localNodeName, senderNodeName, DIRECTION.IN, "Received request: (%s) (worker=%d)", iRequest, id);
// EXECUTE IT LOCALLY
Object responsePayload = null;
OSecurityUser origin = null;
try {
waitNodeIsOnline();
distributed.waitIsReady(task);
if (task.isUsingDatabase()) {
initDatabaseInstance();
if (database == null)
throw new ODistributedOperationException("Error on executing remote request because the database '" + databaseName + "' is not available");
}
// reset to original user
if (database != null) {
database.activateOnCurrentThread();
origin = database.getUser();
try {
if (iRequest.getUserRID() != null && iRequest.getUserRID().isValid() && (lastUser == null || !(lastUser.getIdentity()).equals(iRequest.getUserRID()))) {
lastUser = database.getMetadata().getSecurity().getUser(iRequest.getUserRID());
// set to new user
database.setUser(lastUser);
} else
origin = null;
} catch (Throwable ex) {
OLogManager.instance().error(this, "Failed on user switching database. " + ex.getMessage());
}
}
// EXECUTE THE TASK
for (int retry = 1; running; ++retry) {
responsePayload = manager.executeOnLocalNode(iRequest.getId(), iRequest.getTask(), database);
if (responsePayload instanceof OModificationOperationProhibitedException) {
// RETRY
try {
ODistributedServerLog.info(this, localNodeName, senderNodeName, DIRECTION.IN, "Database is frozen, waiting and retrying. Request %s (retry=%d, worker=%d)", iRequest, retry, id);
Thread.sleep(1000);
} catch (InterruptedException e) {
}
} else {
// OPERATION EXECUTED (OK OR ERROR), NO RETRY NEEDED
if (retry > 1)
ODistributedServerLog.info(this, localNodeName, senderNodeName, DIRECTION.IN, "Request %s succeed after retry=%d", iRequest, retry);
break;
}
}
} catch (RuntimeException e) {
sendResponseBack(iRequest, e);
throw e;
} finally {
if (database != null && !database.isClosed()) {
database.activateOnCurrentThread();
if (!database.isClosed()) {
database.rollback();
database.getLocalCache().clear();
if (origin != null)
database.setUser(origin);
}
}
}
sendResponseBack(iRequest, responsePayload);
}
Also used :
ORemoteTask(com.orientechnologies.orient.server.distributed.task.ORemoteTask)
ODistributedOperationException(com.orientechnologies.orient.server.distributed.task.ODistributedOperationException)
OModificationOperationProhibitedException(com.orientechnologies.common.concur.lock.OModificationOperationProhibitedException)
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
Example 8 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb by orientechnologies.
the class OClassImpl method addSuperClassInternal.
void addSuperClassInternal(final OClass superClass) {
acquireSchemaWriteLock();
try {
final OClassImpl cls;
if (superClass instanceof OClassAbstractDelegate)
cls = (OClassImpl) ((OClassAbstractDelegate) superClass).delegate;
else
cls = (OClassImpl) superClass;
if (cls != null) {
// CHECK THE USER HAS UPDATE PRIVILEGE AGAINST EXTENDING CLASS
final OSecurityUser user = getDatabase().getUser();
if (user != null)
user.allow(ORule.ResourceGeneric.CLASS, cls.getName(), ORole.PERMISSION_UPDATE);
if (superClasses.contains(superClass)) {
throw new OSchemaException("Class: '" + this.getName() + "' already has the class '" + superClass.getName() + "' as superclass");
}
cls.addBaseClass(this);
superClasses.add(cls);
}
} finally {
releaseSchemaWriteLock();
}
}
Also used :
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
OSchemaException(com.orientechnologies.orient.core.exception.OSchemaException)
Example 9 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb by orientechnologies.
the class OServerCommandPostAuthToken method execute.
@Override
public boolean execute(OHttpRequest iRequest, OHttpResponse iResponse) throws Exception {
init();
String[] urlParts = checkSyntax(iRequest.url, 2, "Syntax error: token/<database>");
iRequest.databaseName = urlParts[1];
iRequest.data.commandInfo = "Generate authentication token";
// Parameter names consistent with 4.3.2 (Access Token Request) of RFC 6749
Map<String, String> content = iRequest.getUrlEncodedContent();
if (content == null) {
ODocument result = new ODocument().field("error", "missing_auth_data");
sendError(iRequest, iResponse, result);
return false;
}
// signedJWT.serialize();
String signedToken = "";
String grantType = content.get("grant_type").toLowerCase();
String username = content.get("username");
String password = content.get("password");
String authenticatedRid;
ODocument result;
if (grantType.equals("password")) {
authenticatedRid = authenticate(username, password, iRequest.databaseName);
if (authenticatedRid == null) {
sendAuthorizationRequest(iRequest, iResponse, iRequest.databaseName);
} else if (tokenHandler != null) {
// Generate and return a JWT access token
ODatabaseDocument db = null;
OSecurityUser user = null;
try {
db = (ODatabaseDocument) server.openDatabase(iRequest.databaseName, username, password);
user = db.getUser();
if (user != null) {
byte[] tokenBytes = tokenHandler.getSignedWebToken(db, user);
signedToken = new String(tokenBytes);
} else {
// Server user (not supported yet!)
}
} catch (OSecurityAccessException e) {
// WRONG USER/PASSWD
} catch (OLockException e) {
OLogManager.instance().error(this, "Cannot access to the database '" + iRequest.databaseName + "'", ODatabaseException.class, e);
} finally {
if (db != null) {
db.close();
}
}
// 4.1.4 (Access Token Response) of RFC 6749
result = new ODocument().field("access_token", signedToken).field("expires_in", 3600);
iResponse.writeRecord(result, RESPONSE_FORMAT, null);
} else {
result = new ODocument().field("error", "unsupported_grant_type");
sendError(iRequest, iResponse, result);
}
} else {
result = new ODocument().field("error", "unsupported_grant_type");
sendError(iRequest, iResponse, result);
}
return false;
}
Also used :
OSecurityAccessException(com.orientechnologies.orient.core.exception.OSecurityAccessException)
ODatabaseDocument(com.orientechnologies.orient.core.db.document.ODatabaseDocument)
OLockException(com.orientechnologies.common.concur.lock.OLockException)
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
ODocument(com.orientechnologies.orient.core.record.impl.ODocument)
Example 10 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb by orientechnologies.
the class OTokenHandlerImplTest method testWebTokenCreationValidation.
@Test
@Ignore
public void testWebTokenCreationValidation() throws InvalidKeyException, NoSuchAlgorithmException, IOException {
ODatabaseDocumentTx db = new ODatabaseDocumentTx("memory:" + OTokenHandlerImplTest.class.getSimpleName());
db.create();
try {
OSecurityUser original = db.getUser();
OTokenHandlerImpl handler = new OTokenHandlerImpl("any key".getBytes(), 60, "HmacSHA256");
byte[] token = handler.getSignedWebToken(db, original);
try {
// Make this thread wait at least 10 milliseconds before check the validity
Thread.sleep(10);
} catch (InterruptedException e) {
}
OToken tok = handler.parseWebToken(token);
assertNotNull(tok);
assertTrue(tok.getIsVerified());
OUser user = tok.getUser(db);
assertEquals(user.getName(), original.getName());
boolean boole = handler.validateToken(tok, "open", db.getName());
assertTrue(boole);
assertTrue(tok.getIsValid());
} finally {
db.drop();
}
}
Also used :
OToken(com.orientechnologies.orient.core.metadata.security.OToken)
ODatabaseDocumentTx(com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)
OUser(com.orientechnologies.orient.core.metadata.security.OUser)
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Aggregations
OSecurityUser (com.orientechnologies.orient.core.metadata.security.OSecurityUser)11
ODatabaseDocumentTx (com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)5
OToken (com.orientechnologies.orient.core.metadata.security.OToken)5
Test (org.junit.Test)5
ONetworkProtocolData (com.orientechnologies.orient.server.network.protocol.ONetworkProtocolData)3
OModificationOperationProhibitedException (com.orientechnologies.common.concur.lock.OModificationOperationProhibitedException)2
OUser (com.orientechnologies.orient.core.metadata.security.OUser)2
OLockException (com.orientechnologies.common.concur.lock.OLockException)1
OException (com.orientechnologies.common.exception.OException)1
ODatabaseDocumentInternal (com.orientechnologies.orient.core.db.ODatabaseDocumentInternal)1
ODatabaseListener (com.orientechnologies.orient.core.db.ODatabaseListener)1
ODatabaseDocument (com.orientechnologies.orient.core.db.document.ODatabaseDocument)1
OSchemaException (com.orientechnologies.orient.core.exception.OSchemaException)1
OSecurityAccessException (com.orientechnologies.orient.core.exception.OSecurityAccessException)1
OClass (com.orientechnologies.orient.core.metadata.schema.OClass)1
ODocument (com.orientechnologies.orient.core.record.impl.ODocument)1
ODistributedOperationException (com.orientechnologies.orient.server.distributed.task.ODistributedOperationException)1
ORemoteTask (com.orientechnologies.orient.server.distributed.task.ORemoteTask)1
Ignore (org.junit.Ignore)1
