Search in sources :

Example 1 with ConfigurationException

use of org.exist.config.ConfigurationException in project exist by eXist-db.

the class SecurityManagerImpl method processParameter.

@Override
public void processParameter(final DBBroker broker, final DocumentImpl document) throws ConfigurationException {
    XmldbURI uri = document.getCollection().getURI();
    final boolean isRemoved = uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI);
    if (isRemoved) {
        uri = uri.removeLastSegment();
    }
    final boolean isAccount = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
    final boolean isGroup = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
    if (isAccount || isGroup) {
        uri = uri.removeLastSegment();
        final String realmId = uri.lastSegment().toString();
        final AbstractRealm realm = (AbstractRealm) findRealmForRealmId(realmId);
        final Configuration conf = Configurator.parse(broker.getBrokerPool(), document);
        Integer id = -1;
        if (isRemoved) {
            id = conf.getPropertyInteger("id");
        }
        final String name = conf.getProperty("name");
        if (isAccount) {
            if (isRemoved && id > 2 && !hasUser(id)) {
                final AccountImpl account = new AccountImpl(realm, conf);
                account.removed = true;
                registerAccount(account);
            } else if (name != null) {
                if (realm.hasAccount(name)) {
                    final Integer oldId = saving.get(document.getURI());
                    final Integer newId = conf.getPropertyInteger("id");
                    if (!newId.equals(oldId)) {
                        final Account current = realm.getAccount(name);
                        try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(accountLocks.getLock(current), LockMode.WRITE_LOCK)) {
                            usersById.write(principalDb -> {
                                principalDb.remove(oldId);
                                principalDb.put(newId, current);
                            });
                        }
                    }
                } else {
                    final Account account = new AccountImpl(realm, conf);
                    if (account.getGroups().length == 0) {
                        try {
                            account.setPrimaryGroup(realm.getGroup(SecurityManager.UNKNOWN_GROUP));
                            LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
                        } catch (final PermissionDeniedException e) {
                            throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
                        }
                    }
                    registerAccount(account);
                    realm.registerAccount(account);
                }
            } else {
                // this can't be! log any way
                LOG.error("Account '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
            }
        } else if (isGroup) {
            if (isRemoved && id > 2 && !hasGroup(id)) {
                final GroupImpl group = new GroupImpl(realm, conf);
                group.removed = true;
                registerGroup(group);
            } else if (name != null && !realm.hasGroup(name)) {
                final GroupImpl group = new GroupImpl(realm, conf);
                registerGroup(group);
                realm.registerGroup(group);
            } else {
                // this can't be! log any way
                LOG.error("Group '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
            }
        }
        saving.remove(document.getURI());
    }
}
Also used : LockMode(org.exist.storage.lock.Lock.LockMode) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool) ConfigurationException(org.exist.config.ConfigurationException) BiFunction(java.util.function.BiFunction) JobDescription(org.exist.scheduler.JobDescription) PermissionDeniedException(org.exist.security.PermissionDeniedException) ConcurrentValueWrapper(org.exist.util.ConcurrentValueWrapper) Configuration(org.exist.config.Configuration) Configurator(org.exist.config.Configurator) Map(java.util.Map) SchemaType(org.exist.security.SchemaType) Collection(org.exist.collections.Collection) ReadWriteLock(java.util.concurrent.locks.ReadWriteLock) JobExecutionContext(org.quartz.JobExecutionContext) Int2ObjectOpenHashMap(it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap) AbstractRealm(org.exist.security.AbstractRealm) AuthenticationException(org.exist.security.AuthenticationException) GroupAider(org.exist.security.internal.aider.GroupAider) Session(org.exist.security.Session) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) AtomicLazyVal(com.evolvedbinary.j8fu.lazy.AtomicLazyVal) Collectors(java.util.stream.Collectors) SecurityManager(org.exist.security.SecurityManager) List(java.util.List) Logger(org.apache.logging.log4j.Logger) Principal(org.exist.security.Principal) ManagedLock(org.exist.storage.lock.ManagedLock) JobDataMap(org.quartz.JobDataMap) Realm(org.exist.security.realm.Realm) WeakLazyStripes(org.exist.util.WeakLazyStripes) ThreadSafe(net.jcip.annotations.ThreadSafe) HashMap(java.util.HashMap) ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock) ArrayList(java.util.ArrayList) Account(org.exist.security.Account) Subject(org.exist.security.Subject) BrokerPoolServiceException(org.exist.storage.BrokerPoolServiceException) XmldbURI(org.exist.xmldb.XmldbURI) SimpleTrigger(org.quartz.SimpleTrigger) DocumentImpl(org.exist.dom.persistent.DocumentImpl) EXistException(org.exist.EXistException) Permission(org.exist.security.Permission) Database(org.exist.Database) Properties(java.util.Properties) Group(org.exist.security.Group) BrokerPoolService(org.exist.storage.BrokerPoolService) org.exist.config.annotation(org.exist.config.annotation) DBBroker(org.exist.storage.DBBroker) Int2ObjectMap(it.unimi.dsi.fastutil.ints.Int2ObjectMap) LogManager(org.apache.logging.log4j.LogManager) Account(org.exist.security.Account) Configuration(org.exist.config.Configuration) AbstractRealm(org.exist.security.AbstractRealm) ManagedLock(org.exist.storage.lock.ManagedLock) ConfigurationException(org.exist.config.ConfigurationException) PermissionDeniedException(org.exist.security.PermissionDeniedException) XmldbURI(org.exist.xmldb.XmldbURI)

Example 2 with ConfigurationException

use of org.exist.config.ConfigurationException in project exist by eXist-db.

the class SecurityManagerImpl method addGroup.

@Override
public Group addGroup(final DBBroker broker, final Group group) throws PermissionDeniedException, EXistException {
    if (group.getRealmId() == null) {
        throw new ConfigurationException("Group must have realm id.");
    }
    if (group.getName() == null || group.getName().isEmpty()) {
        throw new ConfigurationException("Group must have name.");
    }
    final int id;
    if (group.getId() != Group.UNDEFINED_ID) {
        id = group.getId();
    } else {
        id = groupsById.getNextPrincipalId();
    }
    final AbstractRealm registeredRealm = (AbstractRealm) findRealmForRealmId(group.getRealmId());
    if (registeredRealm.hasGroupLocal(group.getName())) {
        throw new ConfigurationException("The group '" + group.getName() + "' at realm '" + group.getRealmId() + "' already exists.");
    }
    final GroupImpl newGroup = new GroupImpl(broker, registeredRealm, id, group.getName(), group.getManagers());
    for (final SchemaType metadataKey : group.getMetadataKeys()) {
        final String metadataValue = group.getMetadataValue(metadataKey);
        newGroup.setMetadataValue(metadataKey, metadataValue);
    }
    try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(groupLocks.getLock(newGroup), LockMode.WRITE_LOCK)) {
        registerGroup(newGroup);
        registeredRealm.registerGroup(newGroup);
        newGroup.save(broker);
        return newGroup;
    }
}
Also used : ConfigurationException(org.exist.config.ConfigurationException) ReadWriteLock(java.util.concurrent.locks.ReadWriteLock) ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock) SchemaType(org.exist.security.SchemaType) AbstractRealm(org.exist.security.AbstractRealm)

Example 3 with ConfigurationException

use of org.exist.config.ConfigurationException in project exist by eXist-db.

the class SecurityManagerImpl method addAccount.

@Override
public final Account addAccount(final DBBroker broker, final Account account) throws PermissionDeniedException, EXistException {
    if (account.getRealmId() == null) {
        throw new ConfigurationException("Account must have realm id.");
    }
    if (account.getName() == null || account.getName().isEmpty()) {
        throw new ConfigurationException("Account must have name.");
    }
    final int id;
    if (account.getId() != Account.UNDEFINED_ID) {
        id = account.getId();
    } else {
        id = usersById.getNextPrincipalId();
    }
    final AbstractRealm registeredRealm = (AbstractRealm) findRealmForRealmId(account.getRealmId());
    if (registeredRealm.hasAccountLocal(account.getName())) {
        throw new ConfigurationException("The account '" + account.getName() + "' at realm '" + account.getRealmId() + "' already exists.");
    }
    final AccountImpl newAccount = new AccountImpl(broker, registeredRealm, id, account);
    try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(accountLocks.getLock(newAccount), LockMode.WRITE_LOCK)) {
        registerAccount(newAccount);
        registeredRealm.registerAccount(newAccount);
        newAccount.save(broker);
        return newAccount;
    }
}
Also used : ConfigurationException(org.exist.config.ConfigurationException) ReadWriteLock(java.util.concurrent.locks.ReadWriteLock) ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock) AbstractRealm(org.exist.security.AbstractRealm)

Example 4 with ConfigurationException

use of org.exist.config.ConfigurationException in project exist by eXist-db.

the class AbstractRealm method loadAccountsFromRealmStorage.

private void loadAccountsFromRealmStorage(final DBBroker broker) throws ConfigurationException, PermissionDeniedException, LockException {
    // load accounts information
    if (collectionAccounts != null && collectionAccounts.getDocumentCount(broker) > 0) {
        final AbstractRealm r = this;
        for (final Iterator<DocumentImpl> i = collectionAccounts.iterator(broker); i.hasNext(); ) {
            final DocumentImpl doc = i.next();
            final Configuration conf = Configurator.parse(broker.getBrokerPool(), doc);
            final String name = conf.getProperty("name");
            usersByName.writeE(principalDb -> {
                if (name != null && !principalDb.containsKey(name)) {
                    // A account = instantiateAccount(this, conf);
                    final Account account;
                    try {
                        account = new AccountImpl(r, conf);
                        // ensure that the account has at least a primary group
                        if (account.getGroups().length == 0) {
                            try {
                                account.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
                                LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
                            } catch (final PermissionDeniedException e) {
                                throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
                            }
                        }
                    } catch (Throwable e) {
                        LOG.error("Account object can't be built from '{}'", doc.getFileURI(), e);
                        return;
                    }
                    getSecurityManager().registerAccount(account);
                    principalDb.put(account.getName(), account);
                    // set collection
                    if (account.getId() > 0) {
                        ((AbstractPrincipal) account).setCollection(broker, collectionAccounts);
                        // ensure that the account has at least a primary group
                        if (account.getGroups().length == 0) {
                            try {
                                account.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
                                LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
                            } catch (final PermissionDeniedException e) {
                                throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
                            }
                        }
                    }
                }
            });
        }
    }
}
Also used : Configuration(org.exist.config.Configuration) ConfigurationException(org.exist.config.ConfigurationException) AccountImpl(org.exist.security.internal.AccountImpl) DocumentImpl(org.exist.dom.persistent.DocumentImpl)

Aggregations

ConfigurationException (org.exist.config.ConfigurationException)4 ReadWriteLock (java.util.concurrent.locks.ReadWriteLock)3 ReentrantReadWriteLock (java.util.concurrent.locks.ReentrantReadWriteLock)3 AbstractRealm (org.exist.security.AbstractRealm)3 Configuration (org.exist.config.Configuration)2 DocumentImpl (org.exist.dom.persistent.DocumentImpl)2 SchemaType (org.exist.security.SchemaType)2 AtomicLazyVal (com.evolvedbinary.j8fu.lazy.AtomicLazyVal)1 Int2ObjectMap (it.unimi.dsi.fastutil.ints.Int2ObjectMap)1 Int2ObjectOpenHashMap (it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 Properties (java.util.Properties)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 BiFunction (java.util.function.BiFunction)1 Collectors (java.util.stream.Collectors)1 ThreadSafe (net.jcip.annotations.ThreadSafe)1 LogManager (org.apache.logging.log4j.LogManager)1