use of org.exist.security.Account in project exist by eXist-db.
the class ExistDocument method refreshLock.
public LockToken refreshLock(String token) throws PermissionDeniedException, DocumentAlreadyLockedException, EXistException, DocumentNotLockedException {
if (LOG.isDebugEnabled()) {
LOG.debug("refresh lock {} lock={}", xmldbUri, token);
}
if (token == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("token is null");
}
throw new EXistException("token is null");
}
// Try to get document
try (final DBBroker broker = brokerPool.get(Optional.ofNullable(subject));
final LockedDocument lockedDocument = broker.getXMLResource(xmldbUri, LockMode.WRITE_LOCK)) {
final DocumentImpl document = lockedDocument.getDocument();
if (document == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("No resource found for path: {}", xmldbUri);
}
// return null; // throw exception?
throw new EXistException("No resource found.");
}
// Get current userlock
Account userLock = document.getUserLock();
// Check if Resource is already locked.
if (userLock == null) {
final String msg = "Resource was not locked.";
if (LOG.isDebugEnabled()) {
LOG.debug(msg);
}
throw new DocumentNotLockedException(msg);
}
if (userLock.getName() != null && !userLock.getName().equals(subject.getName()) && !subject.hasDbaRole()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Resource is locked by {}", userLock.getName());
}
throw new PermissionDeniedException(userLock.getName());
}
LockToken lockToken = document.getLockToken();
if (!token.equals(lockToken.getOpaqueLockToken())) {
if (LOG.isDebugEnabled()) {
LOG.debug("Token does not match");
}
throw new PermissionDeniedException(String.format("Token %s does not match %s", token, lockToken.getOpaqueLockToken()));
}
lockToken.setTimeOut(LockToken.LOCK_TIMEOUT_INFINITE);
// Make token persistant
final TransactionManager txnManager = brokerPool.getTransactionManager();
try (final Txn txn = txnManager.beginTransaction()) {
broker.storeXMLResource(txn, document);
txnManager.commit(txn);
}
if (LOG.isDebugEnabled()) {
LOG.debug("Successfully retrieved token");
}
return lockToken;
} catch (EXistException | PermissionDeniedException e) {
LOG.error(e);
throw e;
} finally {
if (LOG.isDebugEnabled()) {
LOG.debug("Finished create lock");
}
}
}
use of org.exist.security.Account in project exist by eXist-db.
the class LDAPRealm method getAccount.
private synchronized Account getAccount(final LdapContext ctx, String name) {
name = ensureCase(name);
if (LOG.isDebugEnabled()) {
LOG.debug("Get request for account '{}'.", name);
}
// first attempt to get the cached account
final Account acct = super.getAccount(name);
if (acct != null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Cached used.");
}
// XXX: synchronize with LDAP
return acct;
} else {
// if the account is not cached, we should try and find it in LDAP and cache it if it exists
try {
// do the lookup
final SearchResult ldapUser = findAccountByAccountName(ctx, name);
if (LOG.isDebugEnabled()) {
LOG.debug("LDAP search return '{}'.", ldapUser);
}
if (ldapUser == null) {
return null;
} else {
// found a user from ldap so cache them and return
try {
final String primaryGroupSID = getPrimaryGroupSID(ldapUser);
final String primaryGroup = findGroupBySID(ctx, primaryGroupSID);
if (LOG.isDebugEnabled()) {
LOG.debug("LDAP search for primary group by SID '{}', found '{}'.", primaryGroupSID, primaryGroup);
}
if (primaryGroup == null) {
// or exception?
return null;
}
return createAccountInDatabase(ctx, name, ldapUser, ensureCase(primaryGroup));
// registerAccount(acct); //TODO do we need this
} catch (final AuthenticationException ae) {
LOG.error(ae.getMessage(), ae);
return null;
}
}
} catch (final NamingException ne) {
if (LOG.isDebugEnabled()) {
LOG.debug(ne.getMessage(), ne);
}
// LOG.error(new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage()));
return null;
}
}
}
use of org.exist.security.Account in project exist by eXist-db.
the class XUpdateTest method startup.
@Before
public void startup() throws XMLDBException, IOException, URISyntaxException {
col = existXmldbEmbeddedServer.getRoot().getChildCollection(XUPDATE_COLLECTION);
if (col == null) {
final CollectionManagementService collectionManagementService = (CollectionManagementService) existXmldbEmbeddedServer.getRoot().getService("CollectionManagementService", "1.0");
col = collectionManagementService.createCollection(XUPDATE_COLLECTION);
final UserManagementService ums = (UserManagementService) col.getService("UserManagementService", "1.0");
// change ownership to guest
final Account guest = ums.getAccount("guest");
ums.chown(guest, guest.getPrimaryGroup());
ums.chmod(Permission.DEFAULT_COLLECTION_PERM);
}
addDocument(sourceFile);
}
use of org.exist.security.Account in project exist by eXist-db.
the class InteractiveClient method process.
/**
* In interactive mode, process a line entered by the user.
*
* @param line the line entered
* @return true if command != quit
*/
protected boolean process(final String line) {
if (options.startGUI) {
frame.setPath(path);
}
final String[] args;
if (line.startsWith("find")) {
args = new String[2];
args[0] = "find";
args[1] = line.substring(5);
} else {
final StreamTokenizer tok = new StreamTokenizer(new StringReader(line));
tok.resetSyntax();
tok.wordChars(0x21, 0x7FFF);
tok.quoteChar('"');
tok.whitespaceChars(0x20, 0x20);
final List<String> argList = new ArrayList<>(3);
// int i = 0;
int token;
try {
while ((token = tok.nextToken()) != StreamTokenizer.TT_EOF) {
if (token == StreamTokenizer.TT_WORD || token == '"') {
argList.add(tok.sval);
}
}
} catch (final IOException e) {
System.err.println("Could not parse command line.");
return true;
}
args = new String[argList.size()];
argList.toArray(args);
}
if (args.length == 0) {
return true;
}
try {
XmldbURI newPath = path;
final XmldbURI currUri = XmldbURI.xmldbUriFor(properties.getProperty(URI)).resolveCollectionPath(path);
if (args[0].equalsIgnoreCase("ls")) {
// list collection contents
getResources();
if ("true".equals(properties.getProperty(PERMISSIONS))) {
for (String resource : resources) {
messageln(resource);
}
} else {
for (int i = 0; i < resources.length; i++) {
final StringBuilder buf = new StringBuilder();
int k = 0;
for (int j = 0; i < resources.length && j < 5; i++, j++) {
buf.append(resources[i]);
buf.append('\t');
k = j;
}
if (k == 4 && i < resources.length) {
i--;
}
messageln(buf.toString());
}
}
} else if (args[0].equalsIgnoreCase("cd")) {
// change current collection
completitions.clear();
Collection temp;
XmldbURI collectionPath;
if (args.length < 2 || args[1] == null) {
collectionPath = XmldbURI.ROOT_COLLECTION_URI;
} else {
collectionPath = XmldbURI.xmldbUriFor(args[1]);
}
collectionPath = currUri.resolveCollectionPath(collectionPath);
if (collectionPath.numSegments() == 0) {
collectionPath = currUri.resolveCollectionPath(XmldbURI.ROOT_COLLECTION_URI);
messageln("cannot go above " + XmldbURI.ROOT_COLLECTION_URI.toString());
}
temp = DatabaseManager.getCollection(collectionPath.toString(), properties.getProperty(USER), properties.getProperty(PASSWORD));
if (temp != null) {
current.close();
current = temp;
newPath = collectionPath.toCollectionPathURI();
if (options.startGUI) {
frame.setPath(collectionPath.toCollectionPathURI());
}
} else {
messageln("no such collection.");
}
getResources();
} else if (args[0].equalsIgnoreCase("cp")) {
if (args.length != 3) {
messageln("cp requires two arguments.");
return true;
}
final XmldbURI src;
final XmldbURI dest;
try {
src = XmldbURI.xmldbUriFor(args[1]);
dest = XmldbURI.xmldbUriFor(args[2]);
} catch (final URISyntaxException e) {
errorln("could not parse collection name into a valid URI: " + e.getMessage());
return false;
}
copy(src, dest);
getResources();
} else if (args[0].equalsIgnoreCase("edit")) {
if (args.length == 2) {
final XmldbURI resource;
try {
resource = XmldbURI.xmldbUriFor(args[1]);
} catch (final URISyntaxException e) {
errorln("could not parse resource name into a valid URI: " + e.getMessage());
return false;
}
editResource(resource);
} else {
messageln("Please specify a resource.");
}
} else if (args[0].equalsIgnoreCase("get")) {
if (args.length < 2) {
System.err.println("wrong number of arguments.");
return true;
}
final XmldbURI resource;
try {
resource = XmldbURI.xmldbUriFor(args[1]);
} catch (final URISyntaxException e) {
errorln("could not parse resource name into a valid URI: " + e.getMessage());
return false;
}
final Resource res = retrieve(resource);
// display document
if (res != null) {
final String data;
if ("XMLResource".equals(res.getResourceType())) {
data = (String) res.getContent();
} else {
data = new String((byte[]) res.getContent());
}
if (options.startGUI) {
frame.setEditable(false);
frame.display(data);
frame.setEditable(true);
} else {
final String content = data;
more(content);
}
}
return true;
} else if (args[0].equalsIgnoreCase("find")) {
// search
if (args.length < 2) {
messageln("no query argument found.");
return true;
}
messageln(args[1]);
final long start = System.currentTimeMillis();
result = find(args[1]);
if (result == null) {
messageln("nothing found");
} else {
messageln("found " + result.getSize() + " hits in " + (System.currentTimeMillis() - start) + "ms.");
}
nextInSet = 1;
} else if (args[0].equalsIgnoreCase("run")) {
if (args.length < 2) {
messageln("please specify a query file.");
return true;
}
try (final BufferedReader reader = Files.newBufferedReader(Paths.get(args[1]))) {
final StringBuilder buf = new StringBuilder();
String nextLine;
while ((nextLine = reader.readLine()) != null) {
buf.append(nextLine);
buf.append(EOL);
}
args[1] = buf.toString();
final long start = System.currentTimeMillis();
result = find(args[1]);
if (result == null) {
messageln("nothing found");
} else {
messageln("found " + result.getSize() + " hits in " + (System.currentTimeMillis() - start) + "ms.");
}
nextInSet = 1;
} catch (final Exception e) {
errorln("An error occurred: " + e.getMessage());
}
} else if (args[0].equalsIgnoreCase("show")) {
// show search results
if (result == null) {
messageln("no result set.");
return true;
}
try {
int start = nextInSet;
int count = 1;
if (args.length > 1) {
start = Integer.parseInt(args[1]);
}
if (args.length > 2) {
count = Integer.parseInt(args[2]);
}
final int s = (int) result.getSize();
if (start < 1 || start > s) {
messageln("start offset out of range");
return true;
}
--start;
if (start + count > s) {
count = s - start;
}
nextInSet = start + count + 1;
for (int i = start; i < start + count; i++) {
final Resource r = result.getResource(i);
if (options.startGUI) {
frame.display((String) r.getContent());
} else {
more((String) r.getContent());
}
}
messageln("displayed items " + (start + 1) + " to " + (start + count) + " of " + result.getSize());
} catch (final NumberFormatException nfe) {
errorln("wrong argument");
return true;
}
} else if (args[0].equalsIgnoreCase("mkcol")) {
// create collection
if (args.length < 2) {
messageln("missing argument.");
return true;
}
final XmldbURI collUri;
try {
collUri = XmldbURI.xmldbUriFor(args[1]);
} catch (final URISyntaxException e) {
errorln("could not parse collection name into a valid URI: " + e.getMessage());
return false;
}
final EXistCollectionManagementService mgtService = (EXistCollectionManagementService) current.getService("CollectionManagementService", "1.0");
final Collection newCollection = mgtService.createCollection(collUri);
if (newCollection == null) {
messageln("could not create collection.");
} else {
messageln("created collection.");
}
// re-read current collection
current = DatabaseManager.getCollection(properties.getProperty(URI) + path, properties.getProperty(USER), properties.getProperty("password"));
getResources();
} else if (args[0].equalsIgnoreCase("put")) {
// put a document or directory into the database
if (args.length < 2) {
messageln("missing argument.");
return true;
}
final boolean r = parse(Paths.get(args[1]));
getResources();
return r;
} else if (args[0].equalsIgnoreCase("putzip")) {
// put the contents of a zip archive into the database
if (args.length < 2) {
messageln("missing argument.");
return true;
}
final boolean r = parseZip(Paths.get(args[1]));
getResources();
return r;
} else if (args[0].equalsIgnoreCase("putgz")) {
// put the contents of a zip archive into the database
if (args.length < 2) {
messageln("missing argument.");
return true;
}
final boolean r = parseGZip(args[1]);
getResources();
return r;
} else if (args[0].equalsIgnoreCase("blob")) {
// put a document or directory into the database
if (args.length < 2) {
messageln("missing argument.");
return true;
}
storeBinary(args[1]);
getResources();
} else if (args[0].equalsIgnoreCase("rm")) {
// remove document
if (args.length < 2) {
messageln("missing argument.");
return true;
}
remove(args[1]);
// re-read current collection
current = DatabaseManager.getCollection(properties.getProperty("uri") + path, properties.getProperty(USER), properties.getProperty("password"));
getResources();
} else if (args[0].equalsIgnoreCase("rmcol")) {
// remove collection
if (args.length < 2) {
messageln("wrong argument count.");
return true;
}
final XmldbURI collUri;
try {
collUri = XmldbURI.xmldbUriFor(args[1]);
} catch (final URISyntaxException e) {
errorln("could not parse collection name into a valid URI: " + e.getMessage());
return false;
}
rmcol(collUri);
// re-read current collection
current = DatabaseManager.getCollection(properties.getProperty(URI) + path, properties.getProperty(USER), properties.getProperty(PASSWORD));
getResources();
} else if (args[0].equalsIgnoreCase("adduser")) {
if (args.length < 2) {
System.err.println("Usage: adduser name");
return true;
}
if (options.startGUI) {
messageln("command not supported in GUI mode. Please use the \"Edit users\" menu option.");
return true;
}
try {
final UserManagementService mgtService = (UserManagementService) current.getService("UserManagementService", "1.0");
String p1;
String p2;
while (true) {
p1 = console.readLine("password: ", '*');
p2 = console.readLine("re-enter password: ", '*');
if (p1.equals(p2)) {
break;
}
messageln("Entered passwords differ. Try again...");
}
final UserAider user = new UserAider(args[1]);
user.setPassword(p1);
final String groups = console.readLine("enter groups: ");
final StringTokenizer tok = new StringTokenizer(groups, " ,");
while (tok.hasMoreTokens()) {
final String group = tok.nextToken();
if (group.length() > 0) {
user.addGroup(group);
}
}
if (user.getGroups().length == 0) {
messageln("No groups specified, will be a member of the '" + SecurityManager.GUEST_GROUP + "' group!");
user.addGroup(SecurityManager.GUEST_GROUP);
}
mgtService.addAccount(user);
messageln("User '" + user.getName() + "' created.");
} catch (final Exception e) {
errorln("ERROR: " + e.getMessage());
e.printStackTrace();
}
} else if (args[0].equalsIgnoreCase("users")) {
final UserManagementService mgtService = (UserManagementService) current.getService("UserManagementService", "1.0");
final Account[] users = mgtService.getAccounts();
messageln("User\t\tGroups");
messageln("-----------------------------------------");
for (Account user : users) {
System.out.print(user.getName() + "\t\t");
final String[] groups = user.getGroups();
for (int j = 0; j < groups.length; j++) {
System.out.print(groups[j]);
if (j + 1 < groups.length) {
System.out.print(", ");
}
}
System.out.println();
}
} else if (args[0].equalsIgnoreCase("passwd")) {
if (options.startGUI) {
messageln("command not supported in GUI mode. Please use the \"Edit users\" menu option.");
return true;
}
if (args.length < 2) {
messageln("Usage: passwd username");
return true;
}
try {
final UserManagementService mgtService = (UserManagementService) current.getService("UserManagementService", "1.0");
final Account user = mgtService.getAccount(args[1]);
if (user == null) {
messageln("no such user.");
return true;
}
String p1;
String p2;
while (true) {
p1 = console.readLine("password: ", '*');
p2 = console.readLine("re-enter password: ", '*');
if (p1.equals(p2)) {
break;
}
System.out.println(EOL + "entered passwords differ. Try again...");
}
user.setPassword(p1);
mgtService.updateAccount(user);
properties.setProperty(PASSWORD, p1);
} catch (final Exception e) {
errorln("ERROR: " + e.getMessage());
e.printStackTrace();
}
} else if (args[0].equalsIgnoreCase("chmod")) {
if (args.length < 2) {
System.out.println("Usage: chmod [resource] mode");
return true;
}
final Collection temp;
if (args.length == 3) {
System.out.println("trying collection: " + args[1]);
temp = current.getChildCollection(args[1]);
if (temp == null) {
System.out.println(EOL + "trying resource: " + args[1]);
final Resource r = current.getResource(args[1]);
if (r != null) {
final UserManagementService mgtService = (UserManagementService) current.getService("UserManagementService", "1.0");
mgtService.chmod(r, args[2]);
} else {
System.err.println("Resource " + args[1] + " not found.");
}
} else {
final UserManagementService mgtService = (UserManagementService) temp.getService("UserManagementService", "1.0");
mgtService.chmod(args[2]);
}
} else {
final UserManagementService mgtService = (UserManagementService) current.getService("UserManagementService", "1.0");
mgtService.chmod(args[1]);
}
// re-read current collection
current = DatabaseManager.getCollection(properties.getProperty(URI) + path, properties.getProperty(USER), properties.getProperty(PASSWORD));
getResources();
} else if (args[0].equalsIgnoreCase("chown")) {
if (args.length < 3) {
System.out.println("Usage: chown username group [resource]");
return true;
}
final Collection temp;
if (args.length == 4) {
temp = current.getChildCollection(args[3]);
} else {
temp = current;
}
if (temp != null) {
final UserManagementService mgtService = (UserManagementService) temp.getService("UserManagementService", "1.0");
final Account u = mgtService.getAccount(args[1]);
if (u == null) {
System.out.println("unknown user");
return true;
}
mgtService.chown(u, args[2]);
System.out.println("owner changed.");
getResources();
return true;
}
final Resource res = current.getResource(args[3]);
if (res != null) {
final UserManagementService mgtService = (UserManagementService) current.getService("UserManagementService", "1.0");
final Account u = mgtService.getAccount(args[1]);
if (u == null) {
System.out.println("unknown user");
return true;
}
mgtService.chown(res, u, args[2]);
getResources();
return true;
}
System.err.println("Resource " + args[3] + " not found.");
} else if (args[0].equalsIgnoreCase("lock") || args[0].equalsIgnoreCase("unlock")) {
if (args.length < 2) {
messageln("Usage: lock resource");
return true;
}
final Resource res = current.getResource(args[1]);
if (res != null) {
final UserManagementService mgtService = (UserManagementService) current.getService("UserManagementService", "1.0");
final Account user = mgtService.getAccount(properties.getProperty(USER, "guest"));
if (args[0].equalsIgnoreCase("lock")) {
mgtService.lockResource(res, user);
} else {
mgtService.unlockResource(res);
}
}
} else if (args[0].equalsIgnoreCase("elements")) {
System.out.println("Element occurrences in collection " + current.getName());
System.out.println("--------------------------------------------" + "-----------");
final IndexQueryService service = (IndexQueryService) current.getService("IndexQueryService", "1.0");
final Occurrences[] elements = service.getIndexedElements(true);
for (Occurrences element : elements) {
System.out.println(formatString(element.getTerm().toString(), Integer.toString(element.getOccurrences()), 50));
}
return true;
} else if (args[0].equalsIgnoreCase("xupdate")) {
if (options.startGUI) {
messageln("command not supported in GUI mode.");
return true;
}
final StringBuilder command = new StringBuilder();
try {
while (true) {
final String lastLine = console.readLine("| ");
if (lastLine == null || lastLine.length() == 0) {
break;
}
command.append(lastLine);
}
} catch (final UserInterruptException e) {
// TODO report error?
}
final String xupdate = "<xu:modifications version=\"1.0\" " + "xmlns:xu=\"http://www.xmldb.org/xupdate\">" + command.toString() + "</xu:modifications>";
final XUpdateQueryService service = (XUpdateQueryService) current.getService("XUpdateQueryService", "1.0");
final long mods = service.update(xupdate);
System.out.println(mods + " modifications processed.");
} else if (args[0].equalsIgnoreCase("map")) {
final StringTokenizer tok = new StringTokenizer(args[1], "= ");
final String prefix;
if (args[1].startsWith("=")) {
prefix = "";
} else {
if (tok.countTokens() < 2) {
messageln("please specify a namespace/prefix mapping as: prefix=namespaceURI");
return true;
}
prefix = tok.nextToken();
}
final String uri = tok.nextToken();
namespaceMappings.put(prefix, uri);
} else if (args[0].equalsIgnoreCase("set")) {
if (args.length == 1) {
properties.list(System.out);
} else {
try {
final StringTokenizer tok = new StringTokenizer(args[1], "= ");
if (tok.countTokens() < 2) {
System.err.println("please specify a key=value pair");
return true;
}
final String key = tok.nextToken();
final String val = tok.nextToken();
properties.setProperty(key, val);
current.setProperty(key, val);
getResources();
} catch (final Exception e) {
System.err.println("Exception: " + e.getMessage());
}
}
} else if (args[0].equalsIgnoreCase("shutdown")) {
final DatabaseInstanceManager mgr = (DatabaseInstanceManager) current.getService("DatabaseInstanceManager", "1.0");
if (mgr == null) {
messageln("Service is not available");
return true;
}
mgr.shutdown();
return true;
} else if (args[0].equalsIgnoreCase("help") || "?".equals(args[0])) {
displayHelp();
} else if (args[0].equalsIgnoreCase("quit")) {
return false;
// XXX:make it pluggable
} else if (havePluggableCommands) {
final EXistCollectionManagementService mgtService = (EXistCollectionManagementService) current.getService("CollectionManagementService", "1.0");
try {
mgtService.runCommand(args);
} catch (final XMLDBException e) {
if (e.getCause() != null && e.getCause().getClass().getName().equals("org.exist.plugin.command.CommandNotFoundException")) {
messageln("unknown command: '" + args[0] + "'");
return true;
} else {
throw e;
}
}
// ****************************************************************
} else {
messageln("unknown command: '" + args[0] + "'");
return true;
}
path = newPath;
return true;
} catch (final Throwable e) {
if (options.startGUI) {
ClientFrame.showErrorMessage(getExceptionMessage(e), e);
} else {
errorln(getExceptionMessage(e));
e.printStackTrace();
}
return true;
}
}
use of org.exist.security.Account in project exist by eXist-db.
the class EditUserDialog method updateUser.
private void updateUser() {
try {
final Optional<String> newPassword = setAccountFromFormProperties();
/**
* We update the account in three stages:
*
* 1) General account properties
* 2) Group memebrship
* 3) Optionally set changed password.
*
* The password is always changed last if needed,
* as it means the admin client must reconnect
* if we are changing the logged in users password.
*
* The reconnection is performed by the registered
* DialogCompleteWithResponse handler
*/
// 1) Update general account properties
getUserManagementService().updateAccount(getAccount());
// 2) Update group membership (has to be modified separately from (1))
modifyAccountGroupMembership();
// 3) Finally, optionally change the password
if (newPassword.isPresent()) {
final Account acct = getUserManagementService().getAccount(getAccount().getName());
acct.setPassword(newPassword.get());
getUserManagementService().updateAccount(acct);
}
} catch (final PermissionDeniedException | XMLDBException pde) {
JOptionPane.showMessageDialog(this, "Could not update user '" + txtUsername.getText() + "': " + pde.getMessage(), "Edit User Error", JOptionPane.ERROR_MESSAGE);
}
}
Aggregations