use of org.exist.security.Account in project exist by eXist-db.
the class LDAPRealmTest method testAuthenticate.
/**
* Test method for {@link org.exist.security.realm.ldap.LDAPRealm#authenticate(java.lang.String, java.lang.Object)}.
*/
@Ignore
@Test
public void testAuthenticate() {
Account account = null;
try {
account = realm.authenticate("admin", "passwd");
} catch (AuthenticationException e) {
fail(e.getMessage());
}
assertNotNull(account);
}
use of org.exist.security.Account in project exist by eXist-db.
the class ExistDocument method unlock.
/**
* Unlock document in database.
*/
void unlock() throws PermissionDeniedException, DocumentNotLockedException, EXistException {
if (LOG.isDebugEnabled()) {
LOG.debug("unlock {}", xmldbUri);
}
final TransactionManager txnManager = brokerPool.getTransactionManager();
// Try to get document
try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
final Txn txn = txnManager.beginTransaction();
final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.WRITE_LOCK)) {
final DocumentImpl document = lockedDocument.getDocument();
if (document == null) {
final String msg = String.format("No resource found for path: %s", xmldbUri);
LOG.debug(msg);
throw new EXistException(msg);
}
// Get current userlock
Account lock = document.getUserLock();
// Check if Resource is already locked.
if (lock == null) {
LOG.debug("Resource {} is not locked.", xmldbUri);
throw new DocumentNotLockedException("" + xmldbUri);
}
// Check if Resource is from subject
if (!lock.getName().equals(subject.getName()) && !subject.hasDbaRole()) {
LOG.debug("Resource lock is from user {}", lock.getName());
throw new PermissionDeniedException(lock.getName());
}
// Update document
document.setUserLock(null);
document.setLockToken(null);
// Make it persistant
broker.storeMetadata(txn, document);
txnManager.commit(txn);
} catch (EXistException | PermissionDeniedException e) {
LOG.error(e);
throw e;
} catch (TriggerException e) {
LOG.error(e);
throw new EXistException(e);
} finally {
if (LOG.isDebugEnabled()) {
LOG.debug("Finished create lock");
}
}
}
use of org.exist.security.Account in project exist by eXist-db.
the class LDAPRealm method getAccount.
@Override
public final synchronized Account getAccount(String name) {
name = ensureCase(name);
// first attempt to get the cached account
final Account acct = super.getAccount(name);
if (acct != null) {
return acct;
} else {
LdapContext ctx = null;
try {
ctx = getContext(getSecurityManager().getDatabase().getActiveBroker().getCurrentSubject());
return getAccount(ctx, name);
} catch (final NamingException ne) {
if (LOG.isDebugEnabled()) {
LOG.debug(ne.getMessage(), ne);
}
LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
return null;
} finally {
if (ctx != null) {
LdapUtils.closeContext(ctx);
}
}
}
}
use of org.exist.security.Account in project exist by eXist-db.
the class LDAPRealm method createAccountInDatabase.
private Account createAccountInDatabase(final LdapContext ctx, final String username, final SearchResult ldapUser, final String primaryGroupName) throws AuthenticationException {
try {
return executeAsSystemUser(ctx, (ctx2, broker) -> {
if (LOG.isDebugEnabled()) {
LOG.debug("Saving account '{}'.", username);
}
// get (or create) the primary group if it doesnt exist
final Group primaryGroup = getGroup(ctx, broker, primaryGroupName);
// get (or create) member groups
/*LDAPSearchContext search = ensureContextFactory().getSearch();
String userDistinguishedName = (String)ldapUser.getAttributes().get(search.getSearchAccount().getSearchAttribute(LDAPSearchAttributeKey.DN)).get();
List<String> memberOf_groupNames = findGroupnamesForUserDistinguishedName(invokingUser, userDistinguishedName);
List<Group> memberOf_groups = new ArrayList<Group>();
for(String memberOf_groupName : memberOf_groupNames) {
memberOf_groups.add(getGroup(invokingUser, memberOf_groupName));
}*/
// create the user account
final UserAider userAider = new UserAider(ID, username, primaryGroup);
// add the member groups
for (final Group memberOf_group : getGroupMembershipForLdapUser(ctx, broker, ldapUser)) {
userAider.addGroup(memberOf_group);
}
// store any requested metadata
for (final SimpleEntry<AXSchemaType, String> metadata : getMetadataForLdapUser(ldapUser)) {
userAider.setMetadataValue(metadata.getKey(), metadata.getValue());
}
final Account account = getSecurityManager().addAccount(userAider);
return account;
});
} catch (final Exception e) {
if (LOG.isDebugEnabled()) {
LOG.debug(e);
}
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
}
}
use of org.exist.security.Account in project exist by eXist-db.
the class RpcConnection method addGroupManager.
@Override
public void addGroupManager(final String manager, final String groupName) throws EXistException, PermissionDeniedException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Account account = sm.getAccount(manager);
final Group group = sm.getGroup(groupName);
group.addManager(account);
sm.updateGroup(group);
return null;
});
}
Aggregations