Example 56 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RemoteUserManagementService method listResourcePermissions.
@Override
public Permission[] listResourcePermissions() throws XMLDBException {
try {
final List<Object> params = new ArrayList<>();
params.add(collection.getPath());
final Map result = (Map) collection.execute("listDocumentPermissions", params);
final Permission[] perm = new Permission[result.size()];
final String[] resources = collection.listResources();
Object[] t;
for (int i = 0; i < resources.length; i++) {
t = (Object[]) result.get(resources[i]);
final String owner = (String) t[0];
final String group = (String) t[1];
final int mode = (Integer) t[2];
final Stream<ACEAider> aces = extractAces(t[3]);
perm[i] = getPermission(owner, group, mode, aces);
}
return perm;
} catch (final PermissionDeniedException pde) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, pde.getMessage(), pde);
}
}
Also used :
XMLDBException(org.xmldb.api.base.XMLDBException)
ACEAider(org.exist.security.internal.aider.ACEAider)
ACLPermission(org.exist.security.ACLPermission)
Permission(org.exist.security.Permission)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
Example 57 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RemoteUserManagementService method getGroup.
@Override
public Group getGroup(final String name) throws XMLDBException {
try {
final List<Object> params = new ArrayList<>();
params.add(name);
final Map<String, Object> tab = (Map<String, Object>) collection.execute("getGroup", params);
if (tab != null && !tab.isEmpty()) {
final Group group = new GroupAider((Integer) tab.get("id"), (String) tab.get("realmId"), (String) tab.get("name"));
final Object[] managers = (Object[]) tab.get("managers");
for (final Object manager : managers) {
group.addManager(getAccount((String) manager));
}
final Map<String, String> metadata = (Map<String, String>) tab.get("metadata");
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
group.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
group.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
return group;
}
return null;
} catch (final PermissionDeniedException pde) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, pde);
}
}
Also used :
Group(org.exist.security.Group)
XMLDBException(org.xmldb.api.base.XMLDBException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
GroupAider(org.exist.security.internal.aider.GroupAider)
Example 58 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RemoteUserManagementService method getPermissions.
@Override
public Permission getPermissions(final Resource res) throws XMLDBException {
if (res == null) {
throw new XMLDBException(ErrorCodes.INVALID_RESOURCE, "resource is null");
}
// TODO : use dedicated function in XmldbURI
final String path = ((RemoteCollection) res.getParentCollection()).getPath() + "/" + res.getId();
try {
final List<Object> params = new ArrayList<>();
params.add(path);
final Map result = (Map) collection.execute("getPermissions", params);
final String owner = (String) result.get("owner");
final String group = (String) result.get("group");
final int mode = (Integer) result.get("permissions");
final Stream<ACEAider> aces = extractAces(result.get("acl"));
return getPermission(owner, group, mode, aces);
} catch (final PermissionDeniedException pde) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, pde.getMessage(), pde);
}
}
Also used :
ACEAider(org.exist.security.internal.aider.ACEAider)
XMLDBException(org.xmldb.api.base.XMLDBException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
Example 59 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method parse.
private boolean parse(final byte[] xml, final XmldbURI docUri, final int overwrite, @Nullable final Date created, @Nullable final Date modified) throws EXistException, PermissionDeniedException {
return this.<Boolean>writeCollection(docUri.removeLastSegment()).apply((collection, broker, transaction) -> {
try (final ManagedDocumentLock lockedDocument = broker.getBrokerPool().getLockManager().acquireDocumentWriteLock(docUri)) {
if (overwrite == 0) {
// NOTE: we have the document write lock above
final DocumentImpl old = collection.getDocument(broker, docUri.lastSegment());
if (old != null) {
// NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
collection.close();
throw new PermissionDeniedException("Document exists and overwrite is not allowed");
}
}
final InputSource source = new StringInputSource(xml);
final long startTime = System.currentTimeMillis();
final MimeType mime = MimeTable.getInstance().getContentTypeFor(docUri.lastSegment());
broker.storeDocument(transaction, docUri.lastSegment(), source, mime, created, modified, null, null, null, collection);
// NOTE: early release of Collection lock inline with Asymmetrical Locking scheme
collection.close();
if (LOG.isDebugEnabled()) {
LOG.debug("parsing {} took {}ms.", docUri, System.currentTimeMillis() - startTime);
}
return true;
}
});
}
Also used :
ManagedDocumentLock(org.exist.storage.lock.ManagedDocumentLock)
InputSource(org.xml.sax.InputSource)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
Example 60 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method updateAccount.
/**
* Added by {Marco.Tampucci, Massimo.Martinelli} @isti.cnr.it
*
* modified by Chris Tomlinson based on above updateAccount - it appears
* that this code can rely on the SecurityManager to enforce policy about
* whether user is or is not permitted to update the Account with name.
*
* This is called via RemoteUserManagementService.removeGroup(Account,
* String)
*
* @param name username to update
* @param groups a list of groups
* @param rgroup the user will be removed from this group
* @return true, if the action succeeded
*/
public boolean updateAccount(final String name, final List<String> groups, final String rgroup) {
try {
return withDb((broker, transaction) -> {
final SecurityManager manager = broker.getBrokerPool().getSecurityManager();
final Account u = manager.getAccount(name);
for (final String g : groups) {
if (g.equals(rgroup)) {
u.remGroup(g);
}
}
return manager.updateAccount(u);
});
} catch (final EXistException | PermissionDeniedException ex) {
if (LOG.isDebugEnabled()) {
LOG.debug("removeGroup encountered error", ex);
}
return false;
}
}
Also used :
Account(org.exist.security.Account)
SecurityManager(org.exist.security.SecurityManager)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
Aggregations
PermissionDeniedException (org.exist.security.PermissionDeniedException)182
EXistException (org.exist.EXistException)82
XmldbURI (org.exist.xmldb.XmldbURI)70
IOException (java.io.IOException)58
DocumentImpl (org.exist.dom.persistent.DocumentImpl)48
Collection (org.exist.collections.Collection)44
DBBroker (org.exist.storage.DBBroker)41
Txn (org.exist.storage.txn.Txn)38
LockException (org.exist.util.LockException)35
SAXException (org.xml.sax.SAXException)35
LockedDocument (org.exist.dom.persistent.LockedDocument)31
XPathException (org.exist.xquery.XPathException)31
Permission (org.exist.security.Permission)23
URISyntaxException (java.net.URISyntaxException)22
TriggerException (org.exist.collections.triggers.TriggerException)22
Source (org.exist.source.Source)20
Path (java.nio.file.Path)19
Account (org.exist.security.Account)18
InputSource (org.xml.sax.InputSource)18
Sequence (org.exist.xquery.value.Sequence)17
