Search in sources :

Example 31 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class PersistentLoginFunctions method login.

private boolean login(final String user, final String pass) throws XPathException {
    try {
        final SecurityManager sm = BrokerPool.getInstance().getSecurityManager();
        final Subject subject = sm.authenticate(user, pass);
        // switch the user of the current broker
        switchUser(subject);
        return true;
    } catch (final AuthenticationException | EXistException e) {
        return false;
    }
}
Also used : SecurityManager(org.exist.security.SecurityManager) AuthenticationException(org.exist.security.AuthenticationException) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject)

Example 32 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class XMLDBAuthenticate method eval.

@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
    if (args[1].isEmpty()) {
        return BooleanValue.FALSE;
    }
    final String uri = args[0].getStringValue();
    final String userName = args[1].getStringValue();
    if (userName == null) {
        logger.error("Unable to authenticate username == NULL");
        return BooleanValue.FALSE;
    }
    final String password = args[2].getStringValue();
    final boolean createSession = args.length > 3 && args[3].effectiveBooleanValue();
    try {
        final Subject user;
        try {
            final SecurityManager sm = BrokerPool.getInstance().getSecurityManager();
            user = sm.authenticate(userName, password);
        } catch (final AuthenticationException | EXistException e) {
            logger.error("Unable to authenticate user: {} {}", userName, getLocation(), e);
            return BooleanValue.FALSE;
        }
        final Collection root = XMLDBAbstractCollectionManipulator.getCollection(context, uri, Optional.of(userName), Optional.of(password));
        if (root == null) {
            logger.error("Unable to authenticate user: target collection {} does not exist {}", uri, getLocation());
            return BooleanValue.FALSE;
        }
        if (isCalledAs("login")) {
            // switch the user of the current broker
            switchUser(user);
            // if there is a http session cache the user in the http session
            cacheUserInHttpSession(user, createSession);
        }
        return BooleanValue.TRUE;
    } catch (final XMLDBException e) {
        logger.error("{} : {}", getLocation(), e.getMessage(), e);
        return BooleanValue.FALSE;
    }
}
Also used : SecurityManager(org.exist.security.SecurityManager) AuthenticationException(org.exist.security.AuthenticationException) Collection(org.xmldb.api.base.Collection) XMLDBException(org.xmldb.api.base.XMLDBException) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject)

Example 33 with AuthenticationException

use of org.exist.security.AuthenticationException in project exist by eXist-db.

the class XSLTServlet method doPost.

@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    final String uri = (String) request.getAttribute(REQ_ATTRIBUTE_STYLESHEET);
    if (uri == null) {
        throw new ServletException("No stylesheet source specified!");
    }
    Item inputNode = null;
    final String sourceAttrib = (String) request.getAttribute(REQ_ATTRIBUTE_INPUT);
    if (sourceAttrib != null) {
        Object sourceObj = request.getAttribute(sourceAttrib);
        if (sourceObj != null) {
            if (sourceObj instanceof ValueSequence) {
                final ValueSequence seq = (ValueSequence) sourceObj;
                if (seq.size() == 1) {
                    sourceObj = seq.itemAt(0);
                }
            }
            if (sourceObj instanceof Item) {
                inputNode = (Item) sourceObj;
                if (!Type.subTypeOf(inputNode.getType(), Type.NODE)) {
                    throw new ServletException("Input for XSLT servlet is not a node. Read from attribute " + sourceAttrib);
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Taking XSLT input from request attribute {}", sourceAttrib);
                }
            } else {
                throw new ServletException("Input for XSLT servlet is not a node. Read from attribute " + sourceAttrib);
            }
        }
    }
    try {
        pool = BrokerPool.getInstance();
    } catch (final EXistException e) {
        throw new ServletException(e.getMessage(), e);
    }
    Subject user = pool.getSecurityManager().getGuestSubject();
    Subject requestUser = HttpAccount.getUserFromServletRequest(request);
    if (requestUser != null) {
        user = requestUser;
    }
    // Retrieve username / password from HTTP request attributes
    final String userParam = (String) request.getAttribute("xslt.user");
    final String passwd = (String) request.getAttribute("xslt.password");
    if (userParam != null) {
        try {
            user = pool.getSecurityManager().authenticate(userParam, passwd);
        } catch (final AuthenticationException e1) {
            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Wrong password or user");
            return;
        }
    }
    final Stylesheet stylesheet = stylesheet(uri, request, response);
    if (stylesheet == null) {
        return;
    }
    // do the transformation
    try (final DBBroker broker = pool.get(Optional.of(user))) {
        final TransformerHandler handler = stylesheet.newTransformerHandler(broker, errorListener);
        setTransformerParameters(request, handler.getTransformer());
        final Properties properties = handler.getTransformer().getOutputProperties();
        setOutputProperties(request, properties);
        String encoding = properties.getProperty("encoding");
        if (encoding == null) {
            encoding = "UTF-8";
        }
        response.setCharacterEncoding(encoding);
        final String mediaType = properties.getProperty("media-type");
        if (mediaType != null) {
            // check, do mediaType have "charset"
            if (!mediaType.contains("charset")) {
                response.setContentType(mediaType + "; charset=" + encoding);
            } else {
                response.setContentType(mediaType);
            }
        }
        final SAXSerializer sax = (SAXSerializer) SerializerPool.getInstance().borrowObject(SAXSerializer.class);
        final Writer writer = new BufferedWriter(response.getWriter());
        sax.setOutput(writer, properties);
        final SAXResult result = new SAXResult(sax);
        handler.setResult(result);
        final Serializer serializer = broker.borrowSerializer();
        Receiver receiver = new ReceiverToSAX(handler);
        try {
            XIncludeFilter xinclude = new XIncludeFilter(serializer, receiver);
            receiver = xinclude;
            String baseUri;
            final String base = (String) request.getAttribute(REQ_ATTRIBUTE_BASE);
            if (base != null) {
                baseUri = getServletContext().getRealPath(base);
            } else if (uri.startsWith("xmldb:exist://")) {
                baseUri = XmldbURI.xmldbUriFor(uri).getCollectionPath();
            } else {
                baseUri = getCurrentDir(request).toAbsolutePath().toString();
            }
            xinclude.setModuleLoadPath(baseUri);
            serializer.setReceiver(receiver);
            if (inputNode != null) {
                serializer.toSAX((NodeValue) inputNode);
            } else {
                final SAXToReceiver saxreceiver = new SAXToReceiver(receiver);
                final XMLReader reader = pool.getParserPool().borrowXMLReader();
                try {
                    reader.setContentHandler(saxreceiver);
                    // Handle gziped input stream
                    InputStream stream;
                    InputStream inStream = new BufferedInputStream(request.getInputStream());
                    inStream.mark(10);
                    try {
                        stream = new GZIPInputStream(inStream);
                    } catch (final IOException e) {
                        inStream.reset();
                        stream = inStream;
                    }
                    reader.parse(new InputSource(stream));
                } finally {
                    pool.getParserPool().returnXMLReader(reader);
                }
            }
        } catch (final SAXParseException e) {
            LOG.error(e.getMessage());
            response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
        } catch (final SAXException e) {
            throw new ServletException("SAX exception while transforming node: " + e.getMessage(), e);
        } finally {
            SerializerPool.getInstance().returnObject(sax);
            broker.returnSerializer(serializer);
        }
        writer.flush();
        response.flushBuffer();
    } catch (final IOException e) {
        throw new ServletException("IO exception while transforming node: " + e.getMessage(), e);
    } catch (final TransformerException e) {
        throw new ServletException("Exception while transforming node: " + e.getMessage(), e);
    } catch (final Throwable e) {
        LOG.error(e);
        throw new ServletException("An error occurred: " + e.getMessage(), e);
    }
}
Also used : TransformerHandler(javax.xml.transform.sax.TransformerHandler) InputSource(org.xml.sax.InputSource) AuthenticationException(org.exist.security.AuthenticationException) Properties(java.util.Properties) SAXException(org.xml.sax.SAXException) ServletException(javax.servlet.ServletException) GZIPInputStream(java.util.zip.GZIPInputStream) Item(org.exist.xquery.value.Item) XIncludeFilter(org.exist.storage.serializers.XIncludeFilter) SAXParseException(org.xml.sax.SAXParseException) ValueSequence(org.exist.xquery.value.ValueSequence) XMLReader(org.xml.sax.XMLReader) TransformerException(javax.xml.transform.TransformerException) Serializer(org.exist.storage.serializers.Serializer) GZIPInputStream(java.util.zip.GZIPInputStream) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject) Stylesheet(org.exist.xslt.Stylesheet) DBBroker(org.exist.storage.DBBroker) SAXResult(javax.xml.transform.sax.SAXResult)

Aggregations

AuthenticationException (org.exist.security.AuthenticationException)33 NamingException (javax.naming.NamingException)16 Subject (org.exist.security.Subject)13 SearchResult (javax.naming.directory.SearchResult)12 LdapContext (javax.naming.ldap.LdapContext)12 SearchControls (javax.naming.directory.SearchControls)9 ArrayList (java.util.ArrayList)8 EXistException (org.exist.EXistException)8 SecurityManager (org.exist.security.SecurityManager)8 AbstractAccount (org.exist.security.AbstractAccount)6 Account (org.exist.security.Account)6 PermissionDeniedException (org.exist.security.PermissionDeniedException)5 Group (org.exist.security.Group)4 DBBroker (org.exist.storage.DBBroker)4 HttpSession (javax.servlet.http.HttpSession)3 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 URISyntaxException (java.net.URISyntaxException)2 Properties (java.util.Properties)2 ServletException (javax.servlet.ServletException)2