Search in sources :

Example 16 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class LDAPRealmTest method testAuthenticate.

/**
 * Test method for {@link org.exist.security.realm.ldap.LDAPRealm#authenticate(java.lang.String, java.lang.Object)}.
 */
@Ignore
@Test
public void testAuthenticate() {
    Account account = null;
    try {
        account = realm.authenticate("admin", "passwd");
    } catch (AuthenticationException e) {
        fail(e.getMessage());
    }
    assertNotNull(account);
}
Also used : Account(org.exist.security.Account) AuthenticationException(org.exist.security.AuthenticationException) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 17 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class ExistDocument method unlock.

/**
 * Unlock document in database.
 */
void unlock() throws PermissionDeniedException, DocumentNotLockedException, EXistException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("unlock {}", xmldbUri);
    }
    final TransactionManager txnManager = brokerPool.getTransactionManager();
    // Try to get document
    try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
        final Txn txn = txnManager.beginTransaction();
        final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.WRITE_LOCK)) {
        final DocumentImpl document = lockedDocument.getDocument();
        if (document == null) {
            final String msg = String.format("No resource found for path: %s", xmldbUri);
            LOG.debug(msg);
            throw new EXistException(msg);
        }
        // Get current userlock
        Account lock = document.getUserLock();
        // Check if Resource is already locked.
        if (lock == null) {
            LOG.debug("Resource {} is not locked.", xmldbUri);
            throw new DocumentNotLockedException("" + xmldbUri);
        }
        // Check if Resource is from subject
        if (!lock.getName().equals(subject.getName()) && !subject.hasDbaRole()) {
            LOG.debug("Resource lock is from user {}", lock.getName());
            throw new PermissionDeniedException(lock.getName());
        }
        // Update document
        document.setUserLock(null);
        document.setLockToken(null);
        // Make it persistant
        broker.storeMetadata(txn, document);
        txnManager.commit(txn);
    } catch (EXistException | PermissionDeniedException e) {
        LOG.error(e);
        throw e;
    } catch (TriggerException e) {
        LOG.error(e);
        throw new EXistException(e);
    } finally {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Finished create lock");
        }
    }
}
Also used : Account(org.exist.security.Account) DBBroker(org.exist.storage.DBBroker) TransactionManager(org.exist.storage.txn.TransactionManager) LockedDocument(org.exist.dom.persistent.LockedDocument) PermissionDeniedException(org.exist.security.PermissionDeniedException) Txn(org.exist.storage.txn.Txn) EXistException(org.exist.EXistException) DocumentNotLockedException(org.exist.webdav.exceptions.DocumentNotLockedException) TriggerException(org.exist.collections.triggers.TriggerException) DocumentImpl(org.exist.dom.persistent.DocumentImpl)

Example 18 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class LDAPRealm method getAccount.

@Override
public final synchronized Account getAccount(String name) {
    name = ensureCase(name);
    // first attempt to get the cached account
    final Account acct = super.getAccount(name);
    if (acct != null) {
        return acct;
    } else {
        LdapContext ctx = null;
        try {
            ctx = getContext(getSecurityManager().getDatabase().getActiveBroker().getCurrentSubject());
            return getAccount(ctx, name);
        } catch (final NamingException ne) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(ne.getMessage(), ne);
            }
            LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
            return null;
        } finally {
            if (ctx != null) {
                LdapUtils.closeContext(ctx);
            }
        }
    }
}
Also used : Account(org.exist.security.Account) AbstractAccount(org.exist.security.AbstractAccount) AuthenticationException(org.exist.security.AuthenticationException) NamingException(javax.naming.NamingException) LdapContext(javax.naming.ldap.LdapContext)

Example 19 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class LDAPRealm method createAccountInDatabase.

private Account createAccountInDatabase(final LdapContext ctx, final String username, final SearchResult ldapUser, final String primaryGroupName) throws AuthenticationException {
    try {
        return executeAsSystemUser(ctx, (ctx2, broker) -> {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Saving account '{}'.", username);
            }
            // get (or create) the primary group if it doesnt exist
            final Group primaryGroup = getGroup(ctx, broker, primaryGroupName);
            // get (or create) member groups
            /*LDAPSearchContext search = ensureContextFactory().getSearch();
                    String userDistinguishedName = (String)ldapUser.getAttributes().get(search.getSearchAccount().getSearchAttribute(LDAPSearchAttributeKey.DN)).get();
                    List<String> memberOf_groupNames = findGroupnamesForUserDistinguishedName(invokingUser, userDistinguishedName);

                    List<Group> memberOf_groups = new ArrayList<Group>();
                    for(String memberOf_groupName : memberOf_groupNames) {
                        memberOf_groups.add(getGroup(invokingUser, memberOf_groupName));
                    }*/
            // create the user account
            final UserAider userAider = new UserAider(ID, username, primaryGroup);
            // add the member groups
            for (final Group memberOf_group : getGroupMembershipForLdapUser(ctx, broker, ldapUser)) {
                userAider.addGroup(memberOf_group);
            }
            // store any requested metadata
            for (final SimpleEntry<AXSchemaType, String> metadata : getMetadataForLdapUser(ldapUser)) {
                userAider.setMetadataValue(metadata.getKey(), metadata.getValue());
            }
            final Account account = getSecurityManager().addAccount(userAider);
            return account;
        });
    } catch (final Exception e) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(e);
        }
        throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
    }
}
Also used : Group(org.exist.security.Group) Account(org.exist.security.Account) AbstractAccount(org.exist.security.AbstractAccount) AuthenticationException(org.exist.security.AuthenticationException) UserAider(org.exist.security.internal.aider.UserAider) NamingException(javax.naming.NamingException) PermissionDeniedException(org.exist.security.PermissionDeniedException) EXistException(org.exist.EXistException) AuthenticationException(org.exist.security.AuthenticationException) AXSchemaType(org.exist.security.AXSchemaType)

Example 20 with Account

use of org.exist.security.Account in project exist by eXist-db.

the class RpcConnection method addGroupManager.

@Override
public void addGroupManager(final String manager, final String groupName) throws EXistException, PermissionDeniedException {
    withDb((broker, transaction) -> {
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        final Account account = sm.getAccount(manager);
        final Group group = sm.getGroup(groupName);
        group.addManager(account);
        sm.updateGroup(group);
        return null;
    });
}
Also used : Account(org.exist.security.Account) Group(org.exist.security.Group) SecurityManager(org.exist.security.SecurityManager)

Aggregations

Account (org.exist.security.Account)60 PermissionDeniedException (org.exist.security.PermissionDeniedException)18 SecurityManager (org.exist.security.SecurityManager)17 EXistException (org.exist.EXistException)12 XMLDBException (org.xmldb.api.base.XMLDBException)11 Group (org.exist.security.Group)10 Collection (org.xmldb.api.base.Collection)10 AuthenticationException (org.exist.security.AuthenticationException)9 DBBroker (org.exist.storage.DBBroker)9 AbstractAccount (org.exist.security.AbstractAccount)7 CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)7 Txn (org.exist.storage.txn.Txn)6 DocumentImpl (org.exist.dom.persistent.DocumentImpl)5 Subject (org.exist.security.Subject)5 UserAider (org.exist.security.internal.aider.UserAider)5 UserManagementService (org.exist.xmldb.UserManagementService)5 Permission (org.exist.security.Permission)4 XPathException (org.exist.xquery.XPathException)4 Before (org.junit.Before)4 Test (org.junit.Test)4