Example 6 with Group
use of org.exist.security.Group in project exist by eXist-db.
the class RpcConnection method removeGroupManager.
@Override
public void removeGroupManager(final String groupName, final String manager) throws EXistException, PermissionDeniedException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Group group = sm.getGroup(groupName);
final Account account = sm.getAccount(manager);
group.removeManager(account);
sm.updateGroup(group);
return null;
});
}
Also used :
Group(org.exist.security.Group)
Account(org.exist.security.Account)
SecurityManager(org.exist.security.SecurityManager)
Example 7 with Group
use of org.exist.security.Group in project exist by eXist-db.
the class RpcConnection method getGroups.
@Override
public List<String> getGroups() throws EXistException, PermissionDeniedException {
final java.util.Collection<Group> groups = factory.getBrokerPool().getSecurityManager().getGroups();
final List<String> v = new ArrayList<>(groups.size());
for (final Group group : groups) {
v.add(group.getName());
}
return v;
}Example 8 with Group
use of org.exist.security.Group in project exist by eXist-db.
the class RpcConnection method toMap.
private Map<String, Object> toMap(final Account account) {
final Map<String, Object> result = new HashMap<>();
result.put("uid", account.getId());
result.put("name", account.getName());
result.put("groups", Arrays.asList(account.getGroups()));
final Group dg = account.getDefaultGroup();
if (dg != null) {
result.put("default-group-id", dg.getId());
result.put("default-group-realmId", dg.getRealmId());
result.put("default-group-name", dg.getName());
}
result.put("enabled", Boolean.toString(account.isEnabled()));
result.put("umask", account.getUserMask());
final Map<String, String> metadata = new HashMap<>();
for (final SchemaType key : account.getMetadataKeys()) {
metadata.put(key.getNamespace(), account.getMetadataValue(key));
}
result.put("metadata", metadata);
return result;
}
Also used :
Group(org.exist.security.Group)
EXistSchemaType(org.exist.security.EXistSchemaType)
SchemaType(org.exist.security.SchemaType)
AXSchemaType(org.exist.security.AXSchemaType)
Example 9 with Group
use of org.exist.security.Group in project exist by eXist-db.
the class RemoteUserManagementService method getGroup.
@Override
public Group getGroup(final String name) throws XMLDBException {
try {
final List<Object> params = new ArrayList<>();
params.add(name);
final Map<String, Object> tab = (Map<String, Object>) collection.execute("getGroup", params);
if (tab != null && !tab.isEmpty()) {
final Group group = new GroupAider((Integer) tab.get("id"), (String) tab.get("realmId"), (String) tab.get("name"));
final Object[] managers = (Object[]) tab.get("managers");
for (final Object manager : managers) {
group.addManager(getAccount((String) manager));
}
final Map<String, String> metadata = (Map<String, String>) tab.get("metadata");
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
group.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
group.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
return group;
}
return null;
} catch (final PermissionDeniedException pde) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, pde);
}
}
Also used :
Group(org.exist.security.Group)
XMLDBException(org.xmldb.api.base.XMLDBException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
GroupAider(org.exist.security.internal.aider.GroupAider)
Example 10 with Group
use of org.exist.security.Group in project exist by eXist-db.
the class SecurityManagerImpl method processParameter.
@Override
public void processParameter(final DBBroker broker, final DocumentImpl document) throws ConfigurationException {
XmldbURI uri = document.getCollection().getURI();
final boolean isRemoved = uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI);
if (isRemoved) {
uri = uri.removeLastSegment();
}
final boolean isAccount = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
final boolean isGroup = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
if (isAccount || isGroup) {
uri = uri.removeLastSegment();
final String realmId = uri.lastSegment().toString();
final AbstractRealm realm = (AbstractRealm) findRealmForRealmId(realmId);
final Configuration conf = Configurator.parse(broker.getBrokerPool(), document);
Integer id = -1;
if (isRemoved) {
id = conf.getPropertyInteger("id");
}
final String name = conf.getProperty("name");
if (isAccount) {
if (isRemoved && id > 2 && !hasUser(id)) {
final AccountImpl account = new AccountImpl(realm, conf);
account.removed = true;
registerAccount(account);
} else if (name != null) {
if (realm.hasAccount(name)) {
final Integer oldId = saving.get(document.getURI());
final Integer newId = conf.getPropertyInteger("id");
if (!newId.equals(oldId)) {
final Account current = realm.getAccount(name);
try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(accountLocks.getLock(current), LockMode.WRITE_LOCK)) {
usersById.write(principalDb -> {
principalDb.remove(oldId);
principalDb.put(newId, current);
});
}
}
} else {
final Account account = new AccountImpl(realm, conf);
if (account.getGroups().length == 0) {
try {
account.setPrimaryGroup(realm.getGroup(SecurityManager.UNKNOWN_GROUP));
LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
} catch (final PermissionDeniedException e) {
throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
}
}
registerAccount(account);
realm.registerAccount(account);
}
} else {
// this can't be! log any way
LOG.error("Account '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
}
} else if (isGroup) {
if (isRemoved && id > 2 && !hasGroup(id)) {
final GroupImpl group = new GroupImpl(realm, conf);
group.removed = true;
registerGroup(group);
} else if (name != null && !realm.hasGroup(name)) {
final GroupImpl group = new GroupImpl(realm, conf);
registerGroup(group);
realm.registerGroup(group);
} else {
// this can't be! log any way
LOG.error("Group '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
}
}
saving.remove(document.getURI());
}
}
Also used :
LockMode(org.exist.storage.lock.Lock.LockMode)
Txn(org.exist.storage.txn.Txn)
BrokerPool(org.exist.storage.BrokerPool)
ConfigurationException(org.exist.config.ConfigurationException)
BiFunction(java.util.function.BiFunction)
JobDescription(org.exist.scheduler.JobDescription)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
ConcurrentValueWrapper(org.exist.util.ConcurrentValueWrapper)
Configuration(org.exist.config.Configuration)
Configurator(org.exist.config.Configurator)
Map(java.util.Map)
SchemaType(org.exist.security.SchemaType)
Collection(org.exist.collections.Collection)
ReadWriteLock(java.util.concurrent.locks.ReadWriteLock)
JobExecutionContext(org.quartz.JobExecutionContext)
Int2ObjectOpenHashMap(it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap)
AbstractRealm(org.exist.security.AbstractRealm)
AuthenticationException(org.exist.security.AuthenticationException)
GroupAider(org.exist.security.internal.aider.GroupAider)
Session(org.exist.security.Session)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
AtomicLazyVal(com.evolvedbinary.j8fu.lazy.AtomicLazyVal)
Collectors(java.util.stream.Collectors)
SecurityManager(org.exist.security.SecurityManager)
List(java.util.List)
Logger(org.apache.logging.log4j.Logger)
Principal(org.exist.security.Principal)
ManagedLock(org.exist.storage.lock.ManagedLock)
JobDataMap(org.quartz.JobDataMap)
Realm(org.exist.security.realm.Realm)
WeakLazyStripes(org.exist.util.WeakLazyStripes)
ThreadSafe(net.jcip.annotations.ThreadSafe)
HashMap(java.util.HashMap)
ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock)
ArrayList(java.util.ArrayList)
Account(org.exist.security.Account)
Subject(org.exist.security.Subject)
BrokerPoolServiceException(org.exist.storage.BrokerPoolServiceException)
XmldbURI(org.exist.xmldb.XmldbURI)
SimpleTrigger(org.quartz.SimpleTrigger)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
EXistException(org.exist.EXistException)
Permission(org.exist.security.Permission)
Database(org.exist.Database)
Properties(java.util.Properties)
Group(org.exist.security.Group)
BrokerPoolService(org.exist.storage.BrokerPoolService)
org.exist.config.annotation(org.exist.config.annotation)
DBBroker(org.exist.storage.DBBroker)
Int2ObjectMap(it.unimi.dsi.fastutil.ints.Int2ObjectMap)
LogManager(org.apache.logging.log4j.LogManager)
Account(org.exist.security.Account)
Configuration(org.exist.config.Configuration)
AbstractRealm(org.exist.security.AbstractRealm)
ManagedLock(org.exist.storage.lock.ManagedLock)
ConfigurationException(org.exist.config.ConfigurationException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
XmldbURI(org.exist.xmldb.XmldbURI)
Aggregations
Group (org.exist.security.Group)23
Account (org.exist.security.Account)9
PermissionDeniedException (org.exist.security.PermissionDeniedException)9
AuthenticationException (org.exist.security.AuthenticationException)6
SecurityManager (org.exist.security.SecurityManager)6
XMLDBException (org.xmldb.api.base.XMLDBException)6
EXistException (org.exist.EXistException)5
NamingException (javax.naming.NamingException)4
AXSchemaType (org.exist.security.AXSchemaType)4
SchemaType (org.exist.security.SchemaType)4
GroupAider (org.exist.security.internal.aider.GroupAider)4
IOException (java.io.IOException)2
ArrayList (java.util.ArrayList)2
SearchResult (javax.naming.directory.SearchResult)2
LdapContext (javax.naming.ldap.LdapContext)2
XMLStreamException (javax.xml.stream.XMLStreamException)2
ConfigurationException (org.exist.config.ConfigurationException)2
AbstractAccount (org.exist.security.AbstractAccount)2
Permission (org.exist.security.Permission)2
Subject (org.exist.security.Subject)2
