use of org.exist.security.AuthenticationException in project exist by eXist-db.
the class PersistentLoginFunctions method login.
private boolean login(final String user, final String pass) throws XPathException {
try {
final SecurityManager sm = BrokerPool.getInstance().getSecurityManager();
final Subject subject = sm.authenticate(user, pass);
// switch the user of the current broker
switchUser(subject);
return true;
} catch (final AuthenticationException | EXistException e) {
return false;
}
}
use of org.exist.security.AuthenticationException in project exist by eXist-db.
the class XMLDBAuthenticate method eval.
@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
if (args[1].isEmpty()) {
return BooleanValue.FALSE;
}
final String uri = args[0].getStringValue();
final String userName = args[1].getStringValue();
if (userName == null) {
logger.error("Unable to authenticate username == NULL");
return BooleanValue.FALSE;
}
final String password = args[2].getStringValue();
final boolean createSession = args.length > 3 && args[3].effectiveBooleanValue();
try {
final Subject user;
try {
final SecurityManager sm = BrokerPool.getInstance().getSecurityManager();
user = sm.authenticate(userName, password);
} catch (final AuthenticationException | EXistException e) {
logger.error("Unable to authenticate user: {} {}", userName, getLocation(), e);
return BooleanValue.FALSE;
}
final Collection root = XMLDBAbstractCollectionManipulator.getCollection(context, uri, Optional.of(userName), Optional.of(password));
if (root == null) {
logger.error("Unable to authenticate user: target collection {} does not exist {}", uri, getLocation());
return BooleanValue.FALSE;
}
if (isCalledAs("login")) {
// switch the user of the current broker
switchUser(user);
// if there is a http session cache the user in the http session
cacheUserInHttpSession(user, createSession);
}
return BooleanValue.TRUE;
} catch (final XMLDBException e) {
logger.error("{} : {}", getLocation(), e.getMessage(), e);
return BooleanValue.FALSE;
}
}
use of org.exist.security.AuthenticationException in project exist by eXist-db.
the class XSLTServlet method doPost.
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
final String uri = (String) request.getAttribute(REQ_ATTRIBUTE_STYLESHEET);
if (uri == null) {
throw new ServletException("No stylesheet source specified!");
}
Item inputNode = null;
final String sourceAttrib = (String) request.getAttribute(REQ_ATTRIBUTE_INPUT);
if (sourceAttrib != null) {
Object sourceObj = request.getAttribute(sourceAttrib);
if (sourceObj != null) {
if (sourceObj instanceof ValueSequence) {
final ValueSequence seq = (ValueSequence) sourceObj;
if (seq.size() == 1) {
sourceObj = seq.itemAt(0);
}
}
if (sourceObj instanceof Item) {
inputNode = (Item) sourceObj;
if (!Type.subTypeOf(inputNode.getType(), Type.NODE)) {
throw new ServletException("Input for XSLT servlet is not a node. Read from attribute " + sourceAttrib);
}
if (LOG.isDebugEnabled()) {
LOG.debug("Taking XSLT input from request attribute {}", sourceAttrib);
}
} else {
throw new ServletException("Input for XSLT servlet is not a node. Read from attribute " + sourceAttrib);
}
}
}
try {
pool = BrokerPool.getInstance();
} catch (final EXistException e) {
throw new ServletException(e.getMessage(), e);
}
Subject user = pool.getSecurityManager().getGuestSubject();
Subject requestUser = HttpAccount.getUserFromServletRequest(request);
if (requestUser != null) {
user = requestUser;
}
// Retrieve username / password from HTTP request attributes
final String userParam = (String) request.getAttribute("xslt.user");
final String passwd = (String) request.getAttribute("xslt.password");
if (userParam != null) {
try {
user = pool.getSecurityManager().authenticate(userParam, passwd);
} catch (final AuthenticationException e1) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Wrong password or user");
return;
}
}
final Stylesheet stylesheet = stylesheet(uri, request, response);
if (stylesheet == null) {
return;
}
// do the transformation
try (final DBBroker broker = pool.get(Optional.of(user))) {
final TransformerHandler handler = stylesheet.newTransformerHandler(broker, errorListener);
setTransformerParameters(request, handler.getTransformer());
final Properties properties = handler.getTransformer().getOutputProperties();
setOutputProperties(request, properties);
String encoding = properties.getProperty("encoding");
if (encoding == null) {
encoding = "UTF-8";
}
response.setCharacterEncoding(encoding);
final String mediaType = properties.getProperty("media-type");
if (mediaType != null) {
// check, do mediaType have "charset"
if (!mediaType.contains("charset")) {
response.setContentType(mediaType + "; charset=" + encoding);
} else {
response.setContentType(mediaType);
}
}
final SAXSerializer sax = (SAXSerializer) SerializerPool.getInstance().borrowObject(SAXSerializer.class);
final Writer writer = new BufferedWriter(response.getWriter());
sax.setOutput(writer, properties);
final SAXResult result = new SAXResult(sax);
handler.setResult(result);
final Serializer serializer = broker.borrowSerializer();
Receiver receiver = new ReceiverToSAX(handler);
try {
XIncludeFilter xinclude = new XIncludeFilter(serializer, receiver);
receiver = xinclude;
String baseUri;
final String base = (String) request.getAttribute(REQ_ATTRIBUTE_BASE);
if (base != null) {
baseUri = getServletContext().getRealPath(base);
} else if (uri.startsWith("xmldb:exist://")) {
baseUri = XmldbURI.xmldbUriFor(uri).getCollectionPath();
} else {
baseUri = getCurrentDir(request).toAbsolutePath().toString();
}
xinclude.setModuleLoadPath(baseUri);
serializer.setReceiver(receiver);
if (inputNode != null) {
serializer.toSAX((NodeValue) inputNode);
} else {
final SAXToReceiver saxreceiver = new SAXToReceiver(receiver);
final XMLReader reader = pool.getParserPool().borrowXMLReader();
try {
reader.setContentHandler(saxreceiver);
// Handle gziped input stream
InputStream stream;
InputStream inStream = new BufferedInputStream(request.getInputStream());
inStream.mark(10);
try {
stream = new GZIPInputStream(inStream);
} catch (final IOException e) {
inStream.reset();
stream = inStream;
}
reader.parse(new InputSource(stream));
} finally {
pool.getParserPool().returnXMLReader(reader);
}
}
} catch (final SAXParseException e) {
LOG.error(e.getMessage());
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
} catch (final SAXException e) {
throw new ServletException("SAX exception while transforming node: " + e.getMessage(), e);
} finally {
SerializerPool.getInstance().returnObject(sax);
broker.returnSerializer(serializer);
}
writer.flush();
response.flushBuffer();
} catch (final IOException e) {
throw new ServletException("IO exception while transforming node: " + e.getMessage(), e);
} catch (final TransformerException e) {
throw new ServletException("Exception while transforming node: " + e.getMessage(), e);
} catch (final Throwable e) {
LOG.error(e);
throw new ServletException("An error occurred: " + e.getMessage(), e);
}
}
Aggregations