Example 86 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method addAccount.
@Override
public boolean addAccount(final String name, String passwd, final String passwdDigest, final List<String> groups, final Boolean enabled, final Integer umask, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
if (passwd.length() == 0) {
passwd = null;
}
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (manager.hasAccount(name)) {
throw new PermissionDeniedException("Account '" + name + "' exist");
}
if (!manager.hasAdminPrivileges(user)) {
throw new PermissionDeniedException("Account '" + user.getName() + "' not allowed to create new account");
}
final UserAider u = new UserAider(name);
u.setEncodedPassword(passwd);
u.setPasswordDigest(passwdDigest);
for (final String g : groups) {
if (!u.hasGroup(g)) {
u.addGroup(g);
}
}
if (enabled != null) {
u.setEnabled(enabled);
}
if (umask != null) {
u.setUserMask(umask);
}
if (metadata != null) {
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
u.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
u.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
}
withDb((broker, transaction) -> manager.addAccount(u));
return true;
}
Also used :
SecurityManager(org.exist.security.SecurityManager)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
UserAider(org.exist.security.internal.aider.UserAider)
LockedDocumentMap(org.exist.storage.lock.LockedDocumentMap)
Example 87 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method queryP.
/**
* @deprecated Use {@link #queryPT(String, XmldbURI, String, Map)} instead.
* @param xpath the query to execute
* @param docUri the document to query
* @param s_id an id
* @param parameters map of options
* @return the result of the query
* @throws EXistException if an internal error occurs
* @throws PermissionDeniedException If the current user is not allowed to perform this action
*/
private Map<String, Object> queryP(final String xpath, final XmldbURI docUri, final String s_id, final Map<String, Object> parameters) throws EXistException, PermissionDeniedException {
final Source source = new StringSource(xpath);
final Optional<String> sortBy = Optional.ofNullable(parameters.get(RpcAPI.SORT_EXPR)).map(Object::toString);
return withDb((broker, transaction) -> {
final long startTime = System.currentTimeMillis();
final NodeSet nodes;
if (docUri != null && s_id != null) {
nodes = this.<NodeSet>readDocument(broker, transaction, docUri).apply((document, broker1, transaction1) -> {
final Object[] docs = new Object[1];
docs[0] = docUri.toString();
parameters.put(RpcAPI.STATIC_DOCUMENTS, docs);
if (s_id.length() > 0) {
final NodeId nodeId = factory.getBrokerPool().getNodeFactory().createFromString(s_id);
final NodeProxy node = new NodeProxy(document, nodeId);
final NodeSet nodeSet = new ExtArrayNodeSet(1);
nodeSet.add(node);
return nodeSet;
} else {
return null;
}
});
} else {
nodes = null;
}
try {
final Map<String, Object> rpcResponse = this.<Map<String, Object>>compileQuery(broker, transaction, source, parameters).apply(compiledQuery -> queryResultToRpcResponse(startTime, doQuery(broker, compiledQuery, nodes, parameters), sortBy));
return rpcResponse;
} catch (final XPathException e) {
throw new EXistException(e);
}
});
}
Also used :
Tuple2(com.evolvedbinary.j8fu.tuple.Tuple2)
LockMode(org.exist.storage.lock.Lock.LockMode)
Txn(org.exist.storage.txn.Txn)
ValidationReport(org.exist.validation.ValidationReport)
EXistOutputKeys(org.exist.storage.serializers.EXistOutputKeys)
StringSource(org.exist.source.StringSource)
TemporaryFileManager(org.exist.util.io.TemporaryFileManager)
URISyntaxException(java.net.URISyntaxException)
ManagedCollectionLock(org.exist.storage.lock.ManagedCollectionLock)
Modification(org.exist.xupdate.Modification)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
XmlRpcDocumentFunction(org.exist.xmlrpc.function.XmlRpcDocumentFunction)
org.xmldb.api.base(org.xmldb.api.base)
java.nio.file(java.nio.file)
EXistSchemaType(org.exist.security.EXistSchemaType)
org.exist.xquery(org.exist.xquery)
Tuple(com.evolvedbinary.j8fu.tuple.Tuple.Tuple)
Version(org.exist.Version)
PreserveType(org.exist.storage.DBBroker.PreserveType)
SerializerPool(org.exist.util.serializer.SerializerPool)
Namespaces(org.exist.Namespaces)
SchemaType(org.exist.security.SchemaType)
DigestType(org.exist.util.crypto.digest.DigestType)
Collection(org.exist.collections.Collection)
NodeImpl(org.exist.dom.memtree.NodeImpl)
SystemTaskJob(org.exist.scheduler.SystemTaskJob)
SystemTaskJobImpl(org.exist.scheduler.impl.SystemTaskJobImpl)
ACEAider(org.exist.security.internal.aider.ACEAider)
AttributesImpl(org.xml.sax.helpers.AttributesImpl)
PermissionFactory(org.exist.security.PermissionFactory)
ManagedDocumentLock(org.exist.storage.lock.ManagedDocumentLock)
GroupAider(org.exist.security.internal.aider.GroupAider)
java.util.concurrent(java.util.concurrent)
AXSchemaType(org.exist.security.AXSchemaType)
SupplierE(com.evolvedbinary.j8fu.function.SupplierE)
StandardOpenOption(java.nio.file.StandardOpenOption)
GuardedBy(javax.annotation.concurrent.GuardedBy)
StandardCharsets(java.nio.charset.StandardCharsets)
SecurityManager(org.exist.security.SecurityManager)
Logger(org.apache.logging.log4j.Logger)
XUpdateProcessor(org.exist.xupdate.XUpdateProcessor)
LockManager(org.exist.storage.lock.LockManager)
SAXException(org.xml.sax.SAXException)
ShutdownTask(org.exist.scheduler.impl.ShutdownTask)
Restore(org.exist.backup.Restore)
SAXSerializer(org.exist.util.serializer.SAXSerializer)
java.util(java.util)
QName(org.exist.dom.QName)
org.exist.xquery.value(org.exist.xquery.value)
org.exist.dom.persistent(org.exist.dom.persistent)
Function2E(com.evolvedbinary.j8fu.function.Function2E)
DeflaterOutputStream(java.util.zip.DeflaterOutputStream)
XmlRpcCollectionFunction(org.exist.xmlrpc.function.XmlRpcCollectionFunction)
LockedDocumentMap(org.exist.storage.lock.LockedDocumentMap)
Account(org.exist.security.Account)
Source(org.exist.source.Source)
org.exist.storage(org.exist.storage)
ACLPermission(org.exist.security.ACLPermission)
Charset(java.nio.charset.Charset)
DBSource(org.exist.source.DBSource)
Subject(org.exist.security.Subject)
XmldbURI(org.exist.xmldb.XmldbURI)
EXistException(org.exist.EXistException)
Validator(org.exist.validation.Validator)
Permission(org.exist.security.Permission)
Nullable(javax.annotation.Nullable)
InputSource(org.xml.sax.InputSource)
RestoreListener(org.exist.backup.restore.listener.RestoreListener)
ReentrantLock(java.util.concurrent.locks.ReentrantLock)
Group(org.exist.security.Group)
Backup(org.exist.backup.Backup)
XmlRpcFunction(org.exist.xmlrpc.function.XmlRpcFunction)
Sync(org.exist.storage.sync.Sync)
OutputKeys(javax.xml.transform.OutputKeys)
UserAider(org.exist.security.internal.aider.UserAider)
Function3E(com.evolvedbinary.j8fu.function.Function3E)
CollectionConfigurationManager(org.exist.collections.CollectionConfigurationManager)
MessageDigest(org.exist.util.crypto.digest.MessageDigest)
HTTPUtils(org.exist.xquery.util.HTTPUtils)
DocumentType(org.w3c.dom.DocumentType)
Lock(java.util.concurrent.locks.Lock)
java.io(java.io)
NodeId(org.exist.numbering.NodeId)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
CollectionConfigurationException(org.exist.collections.CollectionConfigurationException)
XmldbURL(org.exist.protocolhandler.xmldb.XmldbURL)
org.exist.util(org.exist.util)
Serializer(org.exist.storage.serializers.Serializer)
BEGIN_PROTECTED_MAX_LOCKING_RETRIES(org.exist.xmldb.EXistXPathQueryService.BEGIN_PROTECTED_MAX_LOCKING_RETRIES)
EmbeddedInputStream(org.exist.protocolhandler.embedded.EmbeddedInputStream)
XmlRpcCompiledXQueryFunction(org.exist.xmlrpc.function.XmlRpcCompiledXQueryFunction)
ConsumerE(com.evolvedbinary.j8fu.function.ConsumerE)
LogManager(org.apache.logging.log4j.LogManager)
EXistException(org.exist.EXistException)
StringSource(org.exist.source.StringSource)
Source(org.exist.source.Source)
DBSource(org.exist.source.DBSource)
InputSource(org.xml.sax.InputSource)
NodeId(org.exist.numbering.NodeId)
StringSource(org.exist.source.StringSource)
Example 88 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method getBinaryResource.
private byte[] getBinaryResource(final XmldbURI name, final int requiredPermissions) throws EXistException, PermissionDeniedException {
return this.<byte[]>readDocument(name).apply((document, broker, transaction) -> {
if (document.getResourceType() != DocumentImpl.BINARY_FILE) {
throw new EXistException("Document " + name + " is not a binary resource");
}
if (!document.getPermissions().validate(user, requiredPermissions)) {
throw new PermissionDeniedException("Insufficient privileges to access resource");
}
try (final InputStream is = broker.getBinaryResource(transaction, (BinaryDocument) document)) {
final long resourceSize = document.getContentLength();
if (resourceSize > (long) Integer.MAX_VALUE) {
throw new EXistException("Resource too big to be read using this method.");
}
final byte[] data = new byte[(int) resourceSize];
is.read(data);
return data;
}
});
}
Also used :
EmbeddedInputStream(org.exist.protocolhandler.embedded.EmbeddedInputStream)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
Example 89 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method setUserPrimaryGroup.
@Override
public boolean setUserPrimaryGroup(final String username, final String groupName) throws EXistException, PermissionDeniedException {
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (!manager.hasGroup(groupName)) {
throw new EXistException("Group '" + groupName + "' does not exist!");
}
if (!manager.hasAdminPrivileges(user)) {
throw new PermissionDeniedException("Not allowed to modify user");
}
withDb((broker, transaction) -> {
final Account account = manager.getAccount(username);
final Group group = manager.getGroup(groupName);
account.setPrimaryGroup(group);
manager.updateAccount(account);
return null;
});
return true;
}
Also used :
Account(org.exist.security.Account)
Group(org.exist.security.Group)
SecurityManager(org.exist.security.SecurityManager)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
Example 90 with PermissionDeniedException
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RpcConnection method addGroup.
@Override
public boolean addGroup(final String name, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (!manager.hasGroup(name)) {
if (!manager.hasAdminPrivileges(user)) {
throw new PermissionDeniedException("Not allowed to create group");
}
final Group role = new GroupAider(name);
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
role.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
role.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
withDb((broker, transaction) -> manager.addGroup(broker, role));
return true;
}
return false;
}
Also used :
Group(org.exist.security.Group)
SecurityManager(org.exist.security.SecurityManager)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
GroupAider(org.exist.security.internal.aider.GroupAider)
LockedDocumentMap(org.exist.storage.lock.LockedDocumentMap)
Aggregations
PermissionDeniedException (org.exist.security.PermissionDeniedException)182
EXistException (org.exist.EXistException)82
XmldbURI (org.exist.xmldb.XmldbURI)70
IOException (java.io.IOException)58
DocumentImpl (org.exist.dom.persistent.DocumentImpl)48
Collection (org.exist.collections.Collection)44
DBBroker (org.exist.storage.DBBroker)41
Txn (org.exist.storage.txn.Txn)38
LockException (org.exist.util.LockException)35
SAXException (org.xml.sax.SAXException)35
LockedDocument (org.exist.dom.persistent.LockedDocument)31
XPathException (org.exist.xquery.XPathException)31
Permission (org.exist.security.Permission)23
URISyntaxException (java.net.URISyntaxException)22
TriggerException (org.exist.collections.triggers.TriggerException)22
Source (org.exist.source.Source)20
Path (java.nio.file.Path)19
Account (org.exist.security.Account)18
InputSource (org.xml.sax.InputSource)18
Sequence (org.exist.xquery.value.Sequence)17
