use of org.exist.config.ConfigurationException in project exist by eXist-db.
the class SecurityManagerImpl method processParameter.
@Override
public void processParameter(final DBBroker broker, final DocumentImpl document) throws ConfigurationException {
XmldbURI uri = document.getCollection().getURI();
final boolean isRemoved = uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI);
if (isRemoved) {
uri = uri.removeLastSegment();
}
final boolean isAccount = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
final boolean isGroup = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
if (isAccount || isGroup) {
uri = uri.removeLastSegment();
final String realmId = uri.lastSegment().toString();
final AbstractRealm realm = (AbstractRealm) findRealmForRealmId(realmId);
final Configuration conf = Configurator.parse(broker.getBrokerPool(), document);
Integer id = -1;
if (isRemoved) {
id = conf.getPropertyInteger("id");
}
final String name = conf.getProperty("name");
if (isAccount) {
if (isRemoved && id > 2 && !hasUser(id)) {
final AccountImpl account = new AccountImpl(realm, conf);
account.removed = true;
registerAccount(account);
} else if (name != null) {
if (realm.hasAccount(name)) {
final Integer oldId = saving.get(document.getURI());
final Integer newId = conf.getPropertyInteger("id");
if (!newId.equals(oldId)) {
final Account current = realm.getAccount(name);
try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(accountLocks.getLock(current), LockMode.WRITE_LOCK)) {
usersById.write(principalDb -> {
principalDb.remove(oldId);
principalDb.put(newId, current);
});
}
}
} else {
final Account account = new AccountImpl(realm, conf);
if (account.getGroups().length == 0) {
try {
account.setPrimaryGroup(realm.getGroup(SecurityManager.UNKNOWN_GROUP));
LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
} catch (final PermissionDeniedException e) {
throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
}
}
registerAccount(account);
realm.registerAccount(account);
}
} else {
// this can't be! log any way
LOG.error("Account '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
}
} else if (isGroup) {
if (isRemoved && id > 2 && !hasGroup(id)) {
final GroupImpl group = new GroupImpl(realm, conf);
group.removed = true;
registerGroup(group);
} else if (name != null && !realm.hasGroup(name)) {
final GroupImpl group = new GroupImpl(realm, conf);
registerGroup(group);
realm.registerGroup(group);
} else {
// this can't be! log any way
LOG.error("Group '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
}
}
saving.remove(document.getURI());
}
}
use of org.exist.config.ConfigurationException in project exist by eXist-db.
the class SecurityManagerImpl method addGroup.
@Override
public Group addGroup(final DBBroker broker, final Group group) throws PermissionDeniedException, EXistException {
if (group.getRealmId() == null) {
throw new ConfigurationException("Group must have realm id.");
}
if (group.getName() == null || group.getName().isEmpty()) {
throw new ConfigurationException("Group must have name.");
}
final int id;
if (group.getId() != Group.UNDEFINED_ID) {
id = group.getId();
} else {
id = groupsById.getNextPrincipalId();
}
final AbstractRealm registeredRealm = (AbstractRealm) findRealmForRealmId(group.getRealmId());
if (registeredRealm.hasGroupLocal(group.getName())) {
throw new ConfigurationException("The group '" + group.getName() + "' at realm '" + group.getRealmId() + "' already exists.");
}
final GroupImpl newGroup = new GroupImpl(broker, registeredRealm, id, group.getName(), group.getManagers());
for (final SchemaType metadataKey : group.getMetadataKeys()) {
final String metadataValue = group.getMetadataValue(metadataKey);
newGroup.setMetadataValue(metadataKey, metadataValue);
}
try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(groupLocks.getLock(newGroup), LockMode.WRITE_LOCK)) {
registerGroup(newGroup);
registeredRealm.registerGroup(newGroup);
newGroup.save(broker);
return newGroup;
}
}
use of org.exist.config.ConfigurationException in project exist by eXist-db.
the class SecurityManagerImpl method addAccount.
@Override
public final Account addAccount(final DBBroker broker, final Account account) throws PermissionDeniedException, EXistException {
if (account.getRealmId() == null) {
throw new ConfigurationException("Account must have realm id.");
}
if (account.getName() == null || account.getName().isEmpty()) {
throw new ConfigurationException("Account must have name.");
}
final int id;
if (account.getId() != Account.UNDEFINED_ID) {
id = account.getId();
} else {
id = usersById.getNextPrincipalId();
}
final AbstractRealm registeredRealm = (AbstractRealm) findRealmForRealmId(account.getRealmId());
if (registeredRealm.hasAccountLocal(account.getName())) {
throw new ConfigurationException("The account '" + account.getName() + "' at realm '" + account.getRealmId() + "' already exists.");
}
final AccountImpl newAccount = new AccountImpl(broker, registeredRealm, id, account);
try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(accountLocks.getLock(newAccount), LockMode.WRITE_LOCK)) {
registerAccount(newAccount);
registeredRealm.registerAccount(newAccount);
newAccount.save(broker);
return newAccount;
}
}
use of org.exist.config.ConfigurationException in project exist by eXist-db.
the class AbstractRealm method loadAccountsFromRealmStorage.
private void loadAccountsFromRealmStorage(final DBBroker broker) throws ConfigurationException, PermissionDeniedException, LockException {
// load accounts information
if (collectionAccounts != null && collectionAccounts.getDocumentCount(broker) > 0) {
final AbstractRealm r = this;
for (final Iterator<DocumentImpl> i = collectionAccounts.iterator(broker); i.hasNext(); ) {
final DocumentImpl doc = i.next();
final Configuration conf = Configurator.parse(broker.getBrokerPool(), doc);
final String name = conf.getProperty("name");
usersByName.writeE(principalDb -> {
if (name != null && !principalDb.containsKey(name)) {
// A account = instantiateAccount(this, conf);
final Account account;
try {
account = new AccountImpl(r, conf);
// ensure that the account has at least a primary group
if (account.getGroups().length == 0) {
try {
account.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
} catch (final PermissionDeniedException e) {
throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
}
}
} catch (Throwable e) {
LOG.error("Account object can't be built from '{}'", doc.getFileURI(), e);
return;
}
getSecurityManager().registerAccount(account);
principalDb.put(account.getName(), account);
// set collection
if (account.getId() > 0) {
((AbstractPrincipal) account).setCollection(broker, collectionAccounts);
// ensure that the account has at least a primary group
if (account.getGroups().length == 0) {
try {
account.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
} catch (final PermissionDeniedException e) {
throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
}
}
}
}
});
}
}
}
Aggregations