use of org.exist.security.SecurityManager in project exist by eXist-db.
the class PermissionsFunctionChownTest method prepareDb.
@BeforeClass
public static void prepareDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Collection collection = broker.getOrCreateCollection(transaction, TestConstants.TEST_COLLECTION_URI);
PermissionFactory.chmod(broker, collection, Optional.of(511), Optional.empty());
broker.saveCollection(transaction, collection);
createUser(broker, sm, USER1_NAME, USER1_PWD);
createUser(broker, sm, USER2_NAME, USER2_PWD);
createUser(broker, sm, USERRM_NAME, USERRM_PWD);
final Group otherGroup = new GroupAider(OTHER_GROUP_NAME);
sm.addGroup(broker, otherGroup);
final Account user1 = sm.getAccount(USER1_NAME);
user1.addGroup(OTHER_GROUP_NAME);
sm.updateAccount(user1);
final Account user2 = sm.getAccount(USER2_NAME);
user2.addGroup(OTHER_GROUP_NAME);
sm.updateAccount(user2);
transaction.commit();
}
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
removeUser(sm, USERRM_NAME);
transaction.commit();
}
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class GroupMembershipFunctionRemoveGroupMemberTest method setup.
@Before
public void setup() throws EXistException, PermissionDeniedException, XPathException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
// create user with personal group as primary group
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Account user1 = createUser(broker, sm, USER1_NAME, USER1_PWD);
final Group otherGroup1 = createGroup(broker, sm, OTHER_GROUP1_NAME);
addUserToGroup(sm, user1, otherGroup1);
addUserAsGroupManager(USER1_NAME, OTHER_GROUP1_NAME);
final Group otherGroup2 = createGroup(broker, sm, OTHER_GROUP2_NAME);
addUserToGroup(sm, user1, otherGroup2);
addUserAsGroupManager(USER1_NAME, OTHER_GROUP2_NAME);
transaction.commit();
}
// check that the user is as we expect
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final Account user1 = sm.getAccount(USER1_NAME);
assertEquals(USER1_NAME, user1.getPrimaryGroup());
final String[] user1Groups = user1.getGroups();
assertArrayEquals(new String[] { USER1_NAME, OTHER_GROUP1_NAME, OTHER_GROUP2_NAME }, user1Groups);
for (final String user1Group : user1Groups) {
assertNotNull(sm.getGroup(user1Group));
}
transaction.commit();
}
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class PermissionsFunctionChmodTest method cleanupDb.
@AfterClass
public static void cleanupDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
final BrokerPool pool = existWebServer.getBrokerPool();
final SecurityManager sm = pool.getSecurityManager();
try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
removeUser(sm, USER2_NAME);
removeUser(sm, USER1_NAME);
removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI);
transaction.commit();
}
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class IPRangeServlet method doPost.
@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
// Get reverse proxy header when available, otherwise use regular IP address
String ipAddress = request.getHeader("X-Forwarded-For");
// there may be a comma-separated chain of proxies
if (ipAddress != null && !ipAddress.isEmpty()) {
ipAddress = ipAddress.replaceAll("\\s", "");
String[] xFFs = ipAddress.split(",");
if (xFFs.length > 1)
ipAddress = xFFs[xFFs.length - 1];
} else {
ipAddress = request.getRemoteAddr();
}
LOG.info("Detected IPaddress {}", ipAddress);
String jsonResponse = "{\"fail\":\"IP range not authenticated\"}";
try {
final SecurityManager securityManager = IPRangeRealm.getInstance().getSecurityManager();
final Subject user = securityManager.authenticate(ipAddress, ipAddress);
if (user != null) {
LOG.info("IPRangeServlet user {} found", user.getUsername());
// Security check
if (user.hasDbaRole()) {
LOG.error("User {} has DBA rights, will not be authorized", user.getUsername());
return;
}
final HttpSession session = request.getSession();
// store the user in the session
if (session != null) {
jsonResponse = "{\"user\":\"" + user.getUsername() + "\",\"isAdmin\":\"" + user.hasDbaRole() + "\"}";
LOG.info("IPRangeServlet setting session attr " + XQueryContext.HTTP_SESSIONVAR_XMLDB_USER);
session.setAttribute(XQueryContext.HTTP_SESSIONVAR_XMLDB_USER, user);
} else {
LOG.info("IPRangeServlet session is null");
}
} else {
LOG.error("IPRangeServlet user not found");
}
} catch (final AuthenticationException e) {
throw new IOException(e.getMessage());
} finally {
response.setContentType("application/json");
final PrintWriter out = response.getWriter();
out.print(jsonResponse);
out.flush();
}
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class LocalUserManagementService method updateGroup.
@Override
public void updateGroup(final Group g) throws XMLDBException {
withDb((broker, transaction) -> {
final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
sm.updateGroup(g);
return null;
});
}
Aggregations