use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class ZipFileFunctions method extractEntries.
private Sequence extractEntries(XmldbURI uri) throws XPathException {
ZipFileSource zipFileSource = new ZipFileFromDb(uri);
ZipInputStream zis = null;
Sequence xmlResponse = null;
context.pushDocumentContext();
try {
MemTreeBuilder builder = context.getDocumentBuilder();
builder.startDocument();
builder.startElement(new QName("file", ZipModule.NAMESPACE_URI, ZipModule.PREFIX), null);
builder.addAttribute(new QName("href", null, null), uri.toString());
try {
zis = zipFileSource.getStream();
ZipEntry zipEntry;
while ((zipEntry = zis.getNextEntry()) != null) {
if (zipEntry.isDirectory()) {
builder.startElement(new QName("dir", ZipModule.NAMESPACE_URI, ZipModule.PREFIX), null);
builder.addAttribute(new QName("name", null, null), zipEntry.toString());
builder.endElement();
} else {
logger.debug("file: {}", zipEntry.getName());
builder.startElement(new QName("entry", ZipModule.NAMESPACE_URI, ZipModule.PREFIX), null);
builder.addAttribute(new QName("name", null, null), zipEntry.toString());
builder.endElement();
}
}
} catch (PermissionDeniedException pde) {
logger.error(pde.getMessage(), pde);
throw new XPathException("Permission denied to read the source zip");
} catch (IOException ioe) {
logger.error(ioe.getMessage(), ioe);
throw new XPathException("IO exception while reading the source zip");
}
builder.endElement();
xmlResponse = (NodeValue) builder.getDocument().getDocumentElement();
return (xmlResponse);
} finally {
context.popDocumentContext();
}
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class RestXqServlet method service.
@Override
protected void service(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
// authenticate
final Subject user = authenticate(request, response);
if (user == null) {
// "Permission denied: unknown user or password");
return;
}
try (final DBBroker broker = getPool().get(Optional.of(user))) {
final Configuration configuration = broker.getConfiguration();
final HttpRequest requestAdapter = new HttpServletRequestAdapter(request, () -> (String) configuration.getProperty(Configuration.BINARY_CACHE_CLASS_PROPERTY));
final RestXqService service = getRegistry().findService(requestAdapter);
if (service != null) {
if (log.isTraceEnabled()) {
log.trace("Received {} request for \"{}\" and found Resource Function \"{}\" in module \"{}\"", requestAdapter.getMethod().name(), requestAdapter.getPath(), service.getResourceFunction().getFunctionSignature(), service.getResourceFunction().getXQueryLocation());
}
service.service(requestAdapter, new HttpServletResponseAdapter(response), new ResourceFunctionExecutorImpl(getPool(), request.getContextPath() + request.getServletPath(), request.getRequestURI()), new RestXqServiceSerializerImpl(getPool()));
} else {
if (log.isTraceEnabled()) {
log.trace("Received {} request for \"{}\" but no suitable Resource Function found!", requestAdapter.getMethod().name(), requestAdapter.getPath());
}
super.service(request, response);
}
} catch (final EXistException e) {
getLog().error(e.getMessage(), e);
throw new ServletException(e.getMessage(), e);
} catch (final RestXqServiceException e) {
if (e.getCause() instanceof PermissionDeniedException) {
getAuthenticator().sendChallenge(request, response);
} else {
// TODO should probably be caught higher up and returned as a HTTP Response? maybe need two different types of exception to differentiate critical vs processing exception
getLog().error(e.getMessage(), e);
throw new ServletException(e.getMessage(), e);
}
}
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class Deployment method scanDirectory.
private List<String> scanDirectory(final DBBroker broker, final Txn transaction, final Path directory, final XmldbURI target, final InMemoryNodeSet resources, final boolean inRootDir, final boolean isResourcesDir, final Optional<RequestedPerms> requestedPerms, final List<String> errors) {
Collection collection = null;
try {
collection = broker.getOrCreateCollection(transaction, target);
setPermissions(broker, requestedPerms, true, null, collection.getPermissionsNoLock());
broker.saveCollection(transaction, collection);
} catch (final PermissionDeniedException | TriggerException | IOException e) {
LOG.warn(e);
errors.add(e.getMessage());
}
final boolean isResources = isResourcesDir || isResourceDir(target, resources);
// the root dir is not allowed to be a resources directory
if (!inRootDir && isResources) {
try {
storeBinaryResources(broker, transaction, directory, collection, requestedPerms, errors);
} catch (Exception e) {
LOG.error(e.getMessage(), e);
}
} else {
storeFiles(broker, transaction, directory, collection, inRootDir, requestedPerms, errors);
}
// scan sub directories
try (final Stream<Path> subDirs = Files.find(directory, 1, (path, attrs) -> (!path.equals(directory)) && attrs.isDirectory())) {
subDirs.forEach(path -> scanDirectory(broker, transaction, path, target.append(FileUtils.fileName(path)), resources, false, isResources, requestedPerms, errors));
} catch (final IOException ioe) {
LOG.warn("Unable to scan sub-directories", ioe);
}
return errors;
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class Deployment method checkUserSettings.
private void checkUserSettings(final DBBroker broker, final RequestedPerms requestedPerms) throws PackageException {
final org.exist.security.SecurityManager secman = broker.getBrokerPool().getSecurityManager();
try {
if (requestedPerms.group.filter(g -> !secman.hasGroup(g)).isPresent()) {
secman.addGroup(broker, new GroupAider(requestedPerms.group.get()));
}
if (!secman.hasAccount(requestedPerms.user)) {
final UserAider aider = new UserAider(requestedPerms.user);
aider.setPassword(requestedPerms.password);
requestedPerms.group.ifPresent(aider::addGroup);
secman.addAccount(broker, aider);
}
} catch (final PermissionDeniedException | EXistException e) {
throw new PackageException("Failed to create user: " + requestedPerms.user, e);
}
}
use of org.exist.security.PermissionDeniedException in project exist by eXist-db.
the class Deployment method runQuery.
private Sequence runQuery(final DBBroker broker, final XmldbURI targetCollection, final Path tempDir, final String fileName, final String pkgName, final QueryPurpose purpose) throws PackageException, IOException, XPathException {
final Path xquery = tempDir.resolve(fileName);
if (!Files.isReadable(xquery)) {
LOG.warn("The XQuery resource specified in the {} was not found for EXPath Package: '{}'", purpose.getPurposeString(), pkgName);
return Sequence.EMPTY_SEQUENCE;
}
final XQuery xqs = broker.getBrokerPool().getXQueryService();
final XQueryContext ctx = new XQueryContext(broker.getBrokerPool());
ctx.declareVariable("dir", tempDir.toAbsolutePath().toString());
final Optional<Path> home = broker.getConfiguration().getExistHome();
if (home.isPresent()) {
ctx.declareVariable("home", home.get().toAbsolutePath().toString());
}
if (targetCollection != null) {
ctx.declareVariable("target", targetCollection.toString());
ctx.setModuleLoadPath(XmldbURI.EMBEDDED_SERVER_URI + targetCollection.toString());
} else {
ctx.declareVariable("target", Sequence.EMPTY_SEQUENCE);
}
if (QueryPurpose.PREINSTALL == purpose) {
// when running pre-setup scripts, base path should point to directory
// because the target collection does not yet exist
ctx.setModuleLoadPath(tempDir.toAbsolutePath().toString());
}
CompiledXQuery compiled;
try {
compiled = xqs.compile(ctx, new FileSource(xquery, false));
return xqs.execute(broker, compiled, null);
} catch (final PermissionDeniedException e) {
throw new PackageException(e.getMessage(), e);
}
}
Aggregations