use of org.exist.security.SecurityManager in project exist by eXist-db.
the class LocalUserManagementService method unlockResource.
@Override
public void unlockResource(final Resource resource) throws XMLDBException {
modify(resource).apply((document, broker, transaction) -> {
final String resourceId = resource.getId();
if (!document.getPermissions().validate(user, Permission.WRITE)) {
throw new PermissionDeniedException("User is not allowed to lock resource '" + resourceId + "'");
}
final Account lockOwner = document.getUserLock();
final SecurityManager manager = broker.getBrokerPool().getSecurityManager();
if (lockOwner != null && !(lockOwner.equals(user) || manager.hasAdminPrivileges(user))) {
throw new PermissionDeniedException("Resource '" + resourceId + "' is already locked by user " + lockOwner.getName());
}
document.setUserLock(null);
return null;
});
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class LocalUserManagementService method addAccountToGroup.
@Override
public void addAccountToGroup(final String accountName, final String groupName) throws XMLDBException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Account account = sm.getAccount(accountName);
account.addGroup(groupName);
sm.updateAccount(account);
return null;
});
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class LocalUserManagementService method addGroupManager.
@Override
public void addGroupManager(final String manager, final String groupName) throws XMLDBException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Account account = sm.getAccount(manager);
final Group group = sm.getGroup(groupName);
group.addManager(account);
sm.updateGroup(group);
return null;
});
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class LocalUserManagementService method removeGroupManager.
@Override
public void removeGroupManager(final String groupName, final String manager) throws XMLDBException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
final Group group = sm.getGroup(groupName);
final Account account = sm.getAccount(manager);
group.removeManager(account);
sm.updateGroup(group);
return null;
});
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class XMLDBAuthenticate method eval.
@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
if (args[1].isEmpty()) {
return BooleanValue.FALSE;
}
final String uri = args[0].getStringValue();
final String userName = args[1].getStringValue();
if (userName == null) {
logger.error("Unable to authenticate username == NULL");
return BooleanValue.FALSE;
}
final String password = args[2].getStringValue();
final boolean createSession = args.length > 3 && args[3].effectiveBooleanValue();
try {
final Subject user;
try {
final SecurityManager sm = BrokerPool.getInstance().getSecurityManager();
user = sm.authenticate(userName, password);
} catch (final AuthenticationException | EXistException e) {
logger.error("Unable to authenticate user: {} {}", userName, getLocation(), e);
return BooleanValue.FALSE;
}
final Collection root = XMLDBAbstractCollectionManipulator.getCollection(context, uri, Optional.of(userName), Optional.of(password));
if (root == null) {
logger.error("Unable to authenticate user: target collection {} does not exist {}", uri, getLocation());
return BooleanValue.FALSE;
}
if (isCalledAs("login")) {
// switch the user of the current broker
switchUser(user);
// if there is a http session cache the user in the http session
cacheUserInHttpSession(user, createSession);
}
return BooleanValue.TRUE;
} catch (final XMLDBException e) {
logger.error("{} : {}", getLocation(), e.getMessage(), e);
return BooleanValue.FALSE;
}
}
Aggregations