Example 1 with SchemaType
use of org.exist.security.SchemaType in project exist by eXist-db.
the class RpcConnection method toMap.
private Map<String, Object> toMap(final Account account) {
final Map<String, Object> result = new HashMap<>();
result.put("uid", account.getId());
result.put("name", account.getName());
result.put("groups", Arrays.asList(account.getGroups()));
final Group dg = account.getDefaultGroup();
if (dg != null) {
result.put("default-group-id", dg.getId());
result.put("default-group-realmId", dg.getRealmId());
result.put("default-group-name", dg.getName());
}
result.put("enabled", Boolean.toString(account.isEnabled()));
result.put("umask", account.getUserMask());
final Map<String, String> metadata = new HashMap<>();
for (final SchemaType key : account.getMetadataKeys()) {
metadata.put(key.getNamespace(), account.getMetadataValue(key));
}
result.put("metadata", metadata);
return result;
}
Also used :
Group(org.exist.security.Group)
EXistSchemaType(org.exist.security.EXistSchemaType)
SchemaType(org.exist.security.SchemaType)
AXSchemaType(org.exist.security.AXSchemaType)
Example 2 with SchemaType
use of org.exist.security.SchemaType in project exist by eXist-db.
the class RemoteUserManagementService method addGroup.
@Override
public void addGroup(final Group role) throws XMLDBException {
final List<Object> params = new ArrayList<>();
params.add(role.getName());
// TODO what about group managers?
final Map<String, String> metadata = new HashMap<>();
for (final SchemaType key : role.getMetadataKeys()) {
metadata.put(key.getNamespace(), role.getMetadataValue(key));
}
params.add(metadata);
collection.execute("addGroup", params);
}
Also used :
AXSchemaType(org.exist.security.AXSchemaType)
EXistSchemaType(org.exist.security.EXistSchemaType)
SchemaType(org.exist.security.SchemaType)
Example 3 with SchemaType
use of org.exist.security.SchemaType in project exist by eXist-db.
the class RemoteUserManagementService method updateAccount.
@Override
public void updateAccount(final Account user) throws XMLDBException {
final List<Object> params = new ArrayList<>();
params.add(user.getName());
params.add(user.getPassword() == null ? "" : user.getPassword());
params.add(user.getDigestPassword() == null ? "" : user.getDigestPassword());
final String[] gl = user.getGroups();
params.add(gl);
params.add(user.isEnabled());
params.add(user.getUserMask());
final Map<String, String> metadata = new HashMap<>();
for (final SchemaType key : user.getMetadataKeys()) {
metadata.put(key.getNamespace(), user.getMetadataValue(key));
}
params.add(metadata);
collection.execute("updateAccount", params);
}
Also used :
AXSchemaType(org.exist.security.AXSchemaType)
EXistSchemaType(org.exist.security.EXistSchemaType)
SchemaType(org.exist.security.SchemaType)
Example 4 with SchemaType
use of org.exist.security.SchemaType in project exist by eXist-db.
the class RpcConnection method getGroup.
@Override
public Map<String, Object> getGroup(final String name) throws EXistException, PermissionDeniedException {
return withDb((broker, transaction) -> {
final SecurityManager securityManager = factory.getBrokerPool().getSecurityManager();
final Group group = securityManager.getGroup(name);
if (group != null) {
final Map<String, Object> map = new HashMap<>();
map.put("id", group.getId());
map.put("realmId", group.getRealmId());
map.put("name", name);
final List<Account> groupManagers = group.getManagers();
final List<String> managers = new ArrayList<>(groupManagers.size());
for (final Account groupManager : groupManagers) {
managers.add(groupManager.getName());
}
map.put("managers", managers);
final Map<String, String> metadata = new HashMap<>();
for (final SchemaType key : group.getMetadataKeys()) {
metadata.put(key.getNamespace(), group.getMetadataValue(key));
}
map.put("metadata", metadata);
return map;
}
return null;
});
}
Also used :
Group(org.exist.security.Group)
Account(org.exist.security.Account)
SecurityManager(org.exist.security.SecurityManager)
EXistSchemaType(org.exist.security.EXistSchemaType)
SchemaType(org.exist.security.SchemaType)
AXSchemaType(org.exist.security.AXSchemaType)
Example 5 with SchemaType
use of org.exist.security.SchemaType in project exist by eXist-db.
the class LDAPRealm method refreshAccountFromLdap.
public Account refreshAccountFromLdap(final Account account) throws PermissionDeniedException, AuthenticationException {
final int UPDATE_NONE = 0;
final int UPDATE_GROUP = 1;
final int UPDATE_METADATA = 2;
final Subject invokingUser = getSecurityManager().getCurrentSubject();
if (!invokingUser.hasDbaRole() && invokingUser.getId() != account.getId()) {
throw new PermissionDeniedException("You do not have permission to modify the account");
}
LdapContext ctx = null;
try {
ctx = getContext(invokingUser);
final SearchResult ldapUser = findAccountByAccountName(ctx, account.getName());
if (ldapUser == null) {
throw new AuthenticationException(AuthenticationException.ACCOUNT_NOT_FOUND, "Could not find the account in the LDAP");
}
return executeAsSystemUser(ctx, (ctx2, broker) -> {
int update = UPDATE_NONE;
// 1) get the ldap group membership
final List<Group> memberOf_groups = getGroupMembershipForLdapUser(ctx2, broker, ldapUser);
// 2) get the ldap primary group
final String primaryGroup = findGroupBySID(ctx2, getPrimaryGroupSID(ldapUser));
// append the ldap primaryGroup to the head of the ldap group list, and compare
// to the account group list
memberOf_groups.add(0, getGroup(ctx2, broker, primaryGroup));
final String[] accountGroups = account.getGroups();
if (!accountGroups[0].equals(ensureCase(primaryGroup))) {
update |= UPDATE_GROUP;
} else {
if (accountGroups.length != memberOf_groups.size()) {
update |= UPDATE_GROUP;
} else {
for (final String accountGroup : accountGroups) {
boolean found = false;
for (final Group memberOf_group : memberOf_groups) {
if (accountGroup.equals(ensureCase(memberOf_group.getName()))) {
found = true;
break;
}
}
if (!found) {
update |= UPDATE_GROUP;
break;
}
}
}
}
// 3) check metadata
final List<SimpleEntry<AXSchemaType, String>> ldapMetadatas = getMetadataForLdapUser(ldapUser);
final Set<SchemaType> accountMetadataKeys = account.getMetadataKeys();
if (accountMetadataKeys.size() != ldapMetadatas.size()) {
update |= UPDATE_METADATA;
} else {
for (SchemaType accountMetadataKey : accountMetadataKeys) {
final String accountMetadataValue = account.getMetadataValue(accountMetadataKey);
boolean found = false;
for (SimpleEntry<AXSchemaType, String> ldapMetadata : ldapMetadatas) {
if (accountMetadataKey.equals(ldapMetadata.getKey()) && accountMetadataValue.equals(ldapMetadata.getValue())) {
found = true;
break;
}
}
if (!found) {
update |= UPDATE_METADATA;
break;
}
}
}
// update the groups?
if ((update & UPDATE_GROUP) == UPDATE_GROUP) {
try {
final Field fld = account.getClass().getSuperclass().getDeclaredField("groups");
fld.setAccessible(true);
fld.set(account, memberOf_groups);
} catch (final NoSuchFieldException | IllegalAccessException nsfe) {
throw new EXistException(nsfe.getMessage(), nsfe);
}
}
// update the metdata?
if ((update & UPDATE_METADATA) == UPDATE_METADATA) {
account.clearMetadata();
for (final SimpleEntry<AXSchemaType, String> ldapMetadata : ldapMetadatas) {
account.setMetadataValue(ldapMetadata.getKey(), ldapMetadata.getValue());
}
}
if (update != UPDATE_NONE) {
final boolean updated = getSecurityManager().updateAccount(account);
if (!updated) {
LOG.error("Could not update account");
}
}
return account;
});
} catch (final NamingException | EXistException ne) {
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, ne.getMessage(), ne);
} finally {
LdapUtils.closeContext(ctx);
}
}
Also used :
Group(org.exist.security.Group)
AuthenticationException(org.exist.security.AuthenticationException)
SimpleEntry(java.util.AbstractMap.SimpleEntry)
SearchResult(javax.naming.directory.SearchResult)
EXistException(org.exist.EXistException)
Subject(org.exist.security.Subject)
SchemaType(org.exist.security.SchemaType)
AXSchemaType(org.exist.security.AXSchemaType)
Field(java.lang.reflect.Field)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
NamingException(javax.naming.NamingException)
LdapContext(javax.naming.ldap.LdapContext)
AXSchemaType(org.exist.security.AXSchemaType)
Aggregations
SchemaType (org.exist.security.SchemaType)10
AXSchemaType (org.exist.security.AXSchemaType)8
EXistSchemaType (org.exist.security.EXistSchemaType)7
Group (org.exist.security.Group)3
PermissionDeniedException (org.exist.security.PermissionDeniedException)2
Field (java.lang.reflect.Field)1
SimpleEntry (java.util.AbstractMap.SimpleEntry)1
ReadWriteLock (java.util.concurrent.locks.ReadWriteLock)1
ReentrantReadWriteLock (java.util.concurrent.locks.ReentrantReadWriteLock)1
NamingException (javax.naming.NamingException)1
SearchResult (javax.naming.directory.SearchResult)1
LdapContext (javax.naming.ldap.LdapContext)1
EXistException (org.exist.EXistException)1
ConfigurationException (org.exist.config.ConfigurationException)1
AbstractRealm (org.exist.security.AbstractRealm)1
Account (org.exist.security.Account)1
AuthenticationException (org.exist.security.AuthenticationException)1
SecurityManager (org.exist.security.SecurityManager)1
Subject (org.exist.security.Subject)1
UserAider (org.exist.security.internal.aider.UserAider)1
