Example 36 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class XMLDBRestoreTest method restoreUserWithoutGroupIsPlacedInNoGroup.
@Test
public void restoreUserWithoutGroupIsPlacedInNoGroup() throws IOException, XMLDBException {
final String username = UUID.randomUUID().toString() + "-user";
final Path contentsFile = createBackupWithUserWithoutPrimaryGroup(username);
final TestRestoreListener listener = new TestRestoreListener();
final XmldbURI rootUri = XmldbURI.create(getBaseUri()).append(XmldbURI.ROOT_COLLECTION_URI);
restoreBackup(rootUri, contentsFile, null, listener);
assertEquals(2, listener.restored.size());
assertEquals(0, listener.warnings.size());
assertEquals(0, listener.errors.size());
final Collection collection = DatabaseManager.getCollection(rootUri.toString(), TestUtils.ADMIN_DB_USER, TestUtils.ADMIN_DB_PWD);
final EXistUserManagementService userManagementService = (EXistUserManagementService) collection.getService("UserManagementService", "1.0");
final Account account = userManagementService.getAccount(username);
assertNotNull(account);
assertEquals(SecurityManager.UNKNOWN_GROUP, account.getPrimaryGroup());
assertArrayEquals(new String[] { SecurityManager.UNKNOWN_GROUP }, account.getGroups());
}
Also used :
Account(org.exist.security.Account)
Collection(org.xmldb.api.base.Collection)
Test(org.junit.Test)
Example 37 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class XMLDBRestoreTest method restoreUserWithNoSuchGroupIsPlacedInNoGroup.
@Test
public void restoreUserWithNoSuchGroupIsPlacedInNoGroup() throws IOException, XMLDBException {
final String username = UUID.randomUUID().toString() + "-user";
final Path contentsFile = createBackupWithUserInNoSuchGroup(username);
final TestRestoreListener listener = new TestRestoreListener();
final XmldbURI rootUri = XmldbURI.create(getBaseUri()).append(XmldbURI.ROOT_COLLECTION_URI);
restoreBackup(rootUri, contentsFile, null, listener);
assertEquals(2, listener.restored.size());
assertEquals(0, listener.warnings.size());
assertEquals(0, listener.errors.size());
final Collection collection = DatabaseManager.getCollection(rootUri.toString(), TestUtils.ADMIN_DB_USER, TestUtils.ADMIN_DB_PWD);
final EXistUserManagementService userManagementService = (EXistUserManagementService) collection.getService("UserManagementService", "1.0");
final Account account = userManagementService.getAccount(username);
assertNotNull(account);
assertEquals(SecurityManager.UNKNOWN_GROUP, account.getPrimaryGroup());
assertArrayEquals(new String[] { SecurityManager.UNKNOWN_GROUP }, account.getGroups());
}
Also used :
Account(org.exist.security.Account)
Collection(org.xmldb.api.base.Collection)
Test(org.junit.Test)
Example 38 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class AccountFunctions method eval.
@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
final SecurityManager sm = context.getBroker().getBrokerPool().getSecurityManager();
final LDAPRealm ldapRealm = getLdapRealm(sm);
final String accountName = args[0].itemAt(0).getStringValue();
final Account ldapAccount = sm.getAccount(accountName);
if (ldapAccount == null)
throw new XPathException("The Account '" + accountName + "' does not exist!");
try {
ldapRealm.refreshAccountFromLdap(ldapAccount);
} catch (final PermissionDeniedException | AuthenticationException pde) {
throw new XPathException(this, pde);
}
return Sequence.EMPTY_SEQUENCE;
}
Also used :
Account(org.exist.security.Account)
SecurityManager(org.exist.security.SecurityManager)
LDAPRealm(org.exist.security.realm.ldap.LDAPRealm)
XPathException(org.exist.xquery.XPathException)
AuthenticationException(org.exist.security.AuthenticationException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
Example 39 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class ExistDocument method lock.
/**
* Lock document.
*
* @param inputToken Lock token.
* @return Input lock token.
* @throws PermissionDeniedException Permission denied
* @throws DocumentAlreadyLockedException Document is already locked
* @throws EXistException Generic existdb exception
*/
public LockToken lock(LockToken inputToken) throws PermissionDeniedException, DocumentAlreadyLockedException, EXistException {
if (LOG.isDebugEnabled()) {
LOG.debug("create lock {}", xmldbUri);
}
// Try to get document
try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.WRITE_LOCK)) {
final DocumentImpl document = lockedDocument.getDocument();
if (document == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("No resource found for path: {}", xmldbUri);
}
// return null; // throw exception?
throw new EXistException("No resource found.");
}
// Get current userlock
Account userLock = document.getUserLock();
// Check if Resource is already locked. @@ToDo
if (userLock != null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Resource was already locked, ignored.");
}
}
if (userLock != null && userLock.getName() != null && !userLock.getName().equals(subject.getName()) && !subject.hasDbaRole()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Resource is locked by user {}.", userLock.getName());
}
throw new PermissionDeniedException(userLock.getName());
}
// Check for request for shared lock. @@TODO
if (inputToken.getScope() == LockToken.LockScope.SHARED) {
if (LOG.isDebugEnabled()) {
LOG.debug("Shared locks are not implemented.");
}
throw new EXistException("Shared locks are not implemented.");
}
// Update locktoken
inputToken.setOwner(subject.getName());
inputToken.createOpaqueLockToken();
// inputToken.setTimeOut(inputToken.getTimeOut());
inputToken.setTimeOut(LockToken.LOCK_TIMEOUT_INFINITE);
// Update document
document.setLockToken(inputToken);
document.setUserLock(subject);
// Make token persistant
final TransactionManager txnManager = brokerPool.getTransactionManager();
try (final Txn txn = txnManager.beginTransaction()) {
broker.storeMetadata(txn, document);
txnManager.commit(txn);
}
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully retrieved token");
}
return inputToken;
} catch (EXistException | PermissionDeniedException e) {
LOG.error(e);
throw e;
} catch (TriggerException e) {
LOG.error(e);
throw new EXistException(e);
} finally {
if (LOG.isDebugEnabled()) {
LOG.debug("Finished create lock");
}
}
}
Also used :
Account(org.exist.security.Account)
DBBroker(org.exist.storage.DBBroker)
TransactionManager(org.exist.storage.txn.TransactionManager)
LockedDocument(org.exist.dom.persistent.LockedDocument)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
Txn(org.exist.storage.txn.Txn)
TriggerException(org.exist.collections.triggers.TriggerException)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
Example 40 with Account
use of org.exist.security.Account in project exist by eXist-db.
the class ExistDocument method getCurrentLock.
/**
* Get lock token from database.
*
* @return current lock token.
*/
public LockToken getCurrentLock() {
if (LOG.isDebugEnabled()) {
LOG.debug("Get current lock {}", xmldbUri);
}
try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.READ_LOCK)) {
final DocumentImpl document = lockedDocument.getDocument();
if (document == null) {
LOG.debug("No resource found for path: {}", xmldbUri);
return null;
}
// TODO consider. A Webdav lock can be set without subject lock.
Account lock = document.getUserLock();
if (lock == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Document {} does not contain userlock", xmldbUri);
}
return null;
}
// Retrieve Locktoken from document metadata
org.exist.dom.persistent.LockToken token = document.getLockToken();
if (token == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Document meta data does not contain a LockToken");
}
return null;
}
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully retrieved token");
}
return token;
} catch (EXistException | PermissionDeniedException e) {
LOG.error(e);
return null;
} finally {
if (LOG.isDebugEnabled()) {
LOG.debug("Finished probe lock");
}
}
}
Also used :
Account(org.exist.security.Account)
DBBroker(org.exist.storage.DBBroker)
LockToken(org.exist.dom.persistent.LockToken)
LockedDocument(org.exist.dom.persistent.LockedDocument)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
Aggregations
Account (org.exist.security.Account)60
PermissionDeniedException (org.exist.security.PermissionDeniedException)18
SecurityManager (org.exist.security.SecurityManager)17
EXistException (org.exist.EXistException)12
XMLDBException (org.xmldb.api.base.XMLDBException)11
Group (org.exist.security.Group)10
Collection (org.xmldb.api.base.Collection)10
AuthenticationException (org.exist.security.AuthenticationException)9
DBBroker (org.exist.storage.DBBroker)9
AbstractAccount (org.exist.security.AbstractAccount)7
CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)7
UserAider (org.exist.security.internal.aider.UserAider)6
Txn (org.exist.storage.txn.Txn)6
DocumentImpl (org.exist.dom.persistent.DocumentImpl)5
Subject (org.exist.security.Subject)5
UserManagementService (org.exist.xmldb.UserManagementService)5
Permission (org.exist.security.Permission)4
XPathException (org.exist.xquery.XPathException)4
Before (org.junit.Before)4
Test (org.junit.Test)4
