Search in sources :

Example 61 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class LocalUserManagementService method unlockResource.

@Override
public void unlockResource(final Resource resource) throws XMLDBException {
    modify(resource).apply((document, broker, transaction) -> {
        final String resourceId = resource.getId();
        if (!document.getPermissions().validate(user, Permission.WRITE)) {
            throw new PermissionDeniedException("User is not allowed to lock resource '" + resourceId + "'");
        }
        final Account lockOwner = document.getUserLock();
        final SecurityManager manager = broker.getBrokerPool().getSecurityManager();
        if (lockOwner != null && !(lockOwner.equals(user) || manager.hasAdminPrivileges(user))) {
            throw new PermissionDeniedException("Resource '" + resourceId + "' is already locked by user " + lockOwner.getName());
        }
        document.setUserLock(null);
        return null;
    });
}
Also used : SecurityManager(org.exist.security.SecurityManager)

Example 62 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class LocalUserManagementService method addAccountToGroup.

@Override
public void addAccountToGroup(final String accountName, final String groupName) throws XMLDBException {
    withDb((broker, transaction) -> {
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        final Account account = sm.getAccount(accountName);
        account.addGroup(groupName);
        sm.updateAccount(account);
        return null;
    });
}
Also used : SecurityManager(org.exist.security.SecurityManager)

Example 63 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class LocalUserManagementService method addGroupManager.

@Override
public void addGroupManager(final String manager, final String groupName) throws XMLDBException {
    withDb((broker, transaction) -> {
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        final Account account = sm.getAccount(manager);
        final Group group = sm.getGroup(groupName);
        group.addManager(account);
        sm.updateGroup(group);
        return null;
    });
}
Also used : SecurityManager(org.exist.security.SecurityManager)

Example 64 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class LocalUserManagementService method removeGroupManager.

@Override
public void removeGroupManager(final String groupName, final String manager) throws XMLDBException {
    withDb((broker, transaction) -> {
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        final Group group = sm.getGroup(groupName);
        final Account account = sm.getAccount(manager);
        group.removeManager(account);
        sm.updateGroup(group);
        return null;
    });
}
Also used : SecurityManager(org.exist.security.SecurityManager)

Example 65 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class XMLDBAuthenticate method eval.

@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
    if (args[1].isEmpty()) {
        return BooleanValue.FALSE;
    }
    final String uri = args[0].getStringValue();
    final String userName = args[1].getStringValue();
    if (userName == null) {
        logger.error("Unable to authenticate username == NULL");
        return BooleanValue.FALSE;
    }
    final String password = args[2].getStringValue();
    final boolean createSession = args.length > 3 && args[3].effectiveBooleanValue();
    try {
        final Subject user;
        try {
            final SecurityManager sm = BrokerPool.getInstance().getSecurityManager();
            user = sm.authenticate(userName, password);
        } catch (final AuthenticationException | EXistException e) {
            logger.error("Unable to authenticate user: {} {}", userName, getLocation(), e);
            return BooleanValue.FALSE;
        }
        final Collection root = XMLDBAbstractCollectionManipulator.getCollection(context, uri, Optional.of(userName), Optional.of(password));
        if (root == null) {
            logger.error("Unable to authenticate user: target collection {} does not exist {}", uri, getLocation());
            return BooleanValue.FALSE;
        }
        if (isCalledAs("login")) {
            // switch the user of the current broker
            switchUser(user);
            // if there is a http session cache the user in the http session
            cacheUserInHttpSession(user, createSession);
        }
        return BooleanValue.TRUE;
    } catch (final XMLDBException e) {
        logger.error("{} : {}", getLocation(), e.getMessage(), e);
        return BooleanValue.FALSE;
    }
}
Also used : SecurityManager(org.exist.security.SecurityManager) AuthenticationException(org.exist.security.AuthenticationException) Collection(org.xmldb.api.base.Collection) XMLDBException(org.xmldb.api.base.XMLDBException) EXistException(org.exist.EXistException) Subject(org.exist.security.Subject)

Aggregations

SecurityManager (org.exist.security.SecurityManager)68 DBBroker (org.exist.storage.DBBroker)22 Txn (org.exist.storage.txn.Txn)16 Account (org.exist.security.Account)15 BrokerPool (org.exist.storage.BrokerPool)15 Subject (org.exist.security.Subject)12 EXistException (org.exist.EXistException)11 PermissionDeniedException (org.exist.security.PermissionDeniedException)9 XPathException (org.exist.xquery.XPathException)9 AuthenticationException (org.exist.security.AuthenticationException)8 GroupAider (org.exist.security.internal.aider.GroupAider)6 Collection (org.exist.collections.Collection)5 Group (org.exist.security.Group)5 Database (org.exist.Database)4 UserAider (org.exist.security.internal.aider.UserAider)4 LockedDocumentMap (org.exist.storage.lock.LockedDocumentMap)4 Test (org.junit.Test)4 java.util (java.util)2 List (java.util.List)2 HttpSession (javax.servlet.http.HttpSession)2