Example 16 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class LDAPRealmTest method testAuthenticate.
/**
* Test method for {@link org.exist.security.realm.ldap.LDAPRealm#authenticate(java.lang.String, java.lang.Object)}.
*/
@Ignore
@Test
public void testAuthenticate() {
Account account = null;
try {
account = realm.authenticate("admin", "passwd");
} catch (AuthenticationException e) {
fail(e.getMessage());
}
assertNotNull(account);
}
Also used :
Account(org.exist.security.Account)
AuthenticationException(org.exist.security.AuthenticationException)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Example 17 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class ExistDocument method unlock.
/**
* Unlock document in database.
*/
void unlock() throws PermissionDeniedException, DocumentNotLockedException, EXistException {
if (LOG.isDebugEnabled()) {
LOG.debug("unlock {}", xmldbUri);
}
final TransactionManager txnManager = brokerPool.getTransactionManager();
// Try to get document
try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
final Txn txn = txnManager.beginTransaction();
final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.WRITE_LOCK)) {
final DocumentImpl document = lockedDocument.getDocument();
if (document == null) {
final String msg = String.format("No resource found for path: %s", xmldbUri);
LOG.debug(msg);
throw new EXistException(msg);
}
// Get current userlock
Account lock = document.getUserLock();
// Check if Resource is already locked.
if (lock == null) {
LOG.debug("Resource {} is not locked.", xmldbUri);
throw new DocumentNotLockedException("" + xmldbUri);
}
// Check if Resource is from subject
if (!lock.getName().equals(subject.getName()) && !subject.hasDbaRole()) {
LOG.debug("Resource lock is from user {}", lock.getName());
throw new PermissionDeniedException(lock.getName());
}
// Update document
document.setUserLock(null);
document.setLockToken(null);
// Make it persistant
broker.storeMetadata(txn, document);
txnManager.commit(txn);
} catch (EXistException | PermissionDeniedException e) {
LOG.error(e);
throw e;
} catch (TriggerException e) {
LOG.error(e);
throw new EXistException(e);
} finally {
if (LOG.isDebugEnabled()) {
LOG.debug("Finished create lock");
}
}
}
Also used :
Account(org.exist.security.Account)
DBBroker(org.exist.storage.DBBroker)
TransactionManager(org.exist.storage.txn.TransactionManager)
LockedDocument(org.exist.dom.persistent.LockedDocument)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
Txn(org.exist.storage.txn.Txn)
EXistException(org.exist.EXistException)
DocumentNotLockedException(org.exist.webdav.exceptions.DocumentNotLockedException)
TriggerException(org.exist.collections.triggers.TriggerException)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
Example 18 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class LDAPRealm method getAccount.
@Override
public final synchronized Account getAccount(String name) {
name = ensureCase(name);
// first attempt to get the cached account
final Account acct = super.getAccount(name);
if (acct != null) {
return acct;
} else {
LdapContext ctx = null;
try {
ctx = getContext(getSecurityManager().getDatabase().getActiveBroker().getCurrentSubject());
return getAccount(ctx, name);
} catch (final NamingException ne) {
if (LOG.isDebugEnabled()) {
LOG.debug(ne.getMessage(), ne);
}
LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
return null;
} finally {
if (ctx != null) {
LdapUtils.closeContext(ctx);
}
}
}
}
Also used :
Account(org.exist.security.Account)
AbstractAccount(org.exist.security.AbstractAccount)
AuthenticationException(org.exist.security.AuthenticationException)
NamingException(javax.naming.NamingException)
LdapContext(javax.naming.ldap.LdapContext)
Example 19 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class LDAPRealm method createAccountInDatabase.
private Account createAccountInDatabase(final LdapContext ctx, final String username, final SearchResult ldapUser, final String primaryGroupName) throws AuthenticationException {
try {
return executeAsSystemUser(ctx, (ctx2, broker) -> {
if (LOG.isDebugEnabled()) {
LOG.debug("Saving account '{}'.", username);
}
// get (or create) the primary group if it doesnt exist
final Group primaryGroup = getGroup(ctx, broker, primaryGroupName);
// get (or create) member groups
/*LDAPSearchContext search = ensureContextFactory().getSearch();
String userDistinguishedName = (String)ldapUser.getAttributes().get(search.getSearchAccount().getSearchAttribute(LDAPSearchAttributeKey.DN)).get();
List<String> memberOf_groupNames = findGroupnamesForUserDistinguishedName(invokingUser, userDistinguishedName);
List<Group> memberOf_groups = new ArrayList<Group>();
for(String memberOf_groupName : memberOf_groupNames) {
memberOf_groups.add(getGroup(invokingUser, memberOf_groupName));
}*/
// create the user account
final UserAider userAider = new UserAider(ID, username, primaryGroup);
// add the member groups
for (final Group memberOf_group : getGroupMembershipForLdapUser(ctx, broker, ldapUser)) {
userAider.addGroup(memberOf_group);
}
// store any requested metadata
for (final SimpleEntry<AXSchemaType, String> metadata : getMetadataForLdapUser(ldapUser)) {
userAider.setMetadataValue(metadata.getKey(), metadata.getValue());
}
final Account account = getSecurityManager().addAccount(userAider);
return account;
});
} catch (final Exception e) {
if (LOG.isDebugEnabled()) {
LOG.debug(e);
}
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
}
}
Also used :
Group(org.exist.security.Group)
Account(org.exist.security.Account)
AbstractAccount(org.exist.security.AbstractAccount)
AuthenticationException(org.exist.security.AuthenticationException)
UserAider(org.exist.security.internal.aider.UserAider)
NamingException(javax.naming.NamingException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
AuthenticationException(org.exist.security.AuthenticationException)
AXSchemaType(org.exist.security.AXSchemaType)
Example 20 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class RpcConnection method addGroupManager.
@Override
public void addGroupManager(final String manager, final String groupName) throws EXistException, PermissionDeniedException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Account account = sm.getAccount(manager);
final Group group = sm.getGroup(groupName);
group.addManager(account);
sm.updateGroup(group);
return null;
});
}
Also used :
Account(org.exist.security.Account)
Group(org.exist.security.Group)
SecurityManager(org.exist.security.SecurityManager)
Aggregations
Account (org.exist.security.Account)60
PermissionDeniedException (org.exist.security.PermissionDeniedException)18
SecurityManager (org.exist.security.SecurityManager)17
EXistException (org.exist.EXistException)12
XMLDBException (org.xmldb.api.base.XMLDBException)11
Group (org.exist.security.Group)10
Collection (org.xmldb.api.base.Collection)10
AuthenticationException (org.exist.security.AuthenticationException)9
DBBroker (org.exist.storage.DBBroker)9
AbstractAccount (org.exist.security.AbstractAccount)7
CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)7
Txn (org.exist.storage.txn.Txn)6
DocumentImpl (org.exist.dom.persistent.DocumentImpl)5
Subject (org.exist.security.Subject)5
UserAider (org.exist.security.internal.aider.UserAider)5
UserManagementService (org.exist.xmldb.UserManagementService)5
Permission (org.exist.security.Permission)4
XPathException (org.exist.xquery.XPathException)4
Before (org.junit.Before)4
Test (org.junit.Test)4
