Search in sources :

Example 6 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class PermissionsFunctionChownTest method prepareDb.

@BeforeClass
public static void prepareDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final SecurityManager sm = pool.getSecurityManager();
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Collection collection = broker.getOrCreateCollection(transaction, TestConstants.TEST_COLLECTION_URI);
        PermissionFactory.chmod(broker, collection, Optional.of(511), Optional.empty());
        broker.saveCollection(transaction, collection);
        createUser(broker, sm, USER1_NAME, USER1_PWD);
        createUser(broker, sm, USER2_NAME, USER2_PWD);
        createUser(broker, sm, USERRM_NAME, USERRM_PWD);
        final Group otherGroup = new GroupAider(OTHER_GROUP_NAME);
        sm.addGroup(broker, otherGroup);
        final Account user1 = sm.getAccount(USER1_NAME);
        user1.addGroup(OTHER_GROUP_NAME);
        sm.updateAccount(user1);
        final Account user2 = sm.getAccount(USER2_NAME);
        user2.addGroup(OTHER_GROUP_NAME);
        sm.updateAccount(user2);
        transaction.commit();
    }
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        removeUser(sm, USERRM_NAME);
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) Collection(org.exist.collections.Collection) Txn(org.exist.storage.txn.Txn) GroupAider(org.exist.security.internal.aider.GroupAider) BrokerPool(org.exist.storage.BrokerPool)

Example 7 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class GroupMembershipFunctionRemoveGroupMemberTest method setup.

@Before
public void setup() throws EXistException, PermissionDeniedException, XPathException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final SecurityManager sm = pool.getSecurityManager();
    // create user with personal group as primary group
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Account user1 = createUser(broker, sm, USER1_NAME, USER1_PWD);
        final Group otherGroup1 = createGroup(broker, sm, OTHER_GROUP1_NAME);
        addUserToGroup(sm, user1, otherGroup1);
        addUserAsGroupManager(USER1_NAME, OTHER_GROUP1_NAME);
        final Group otherGroup2 = createGroup(broker, sm, OTHER_GROUP2_NAME);
        addUserToGroup(sm, user1, otherGroup2);
        addUserAsGroupManager(USER1_NAME, OTHER_GROUP2_NAME);
        transaction.commit();
    }
    // check that the user is as we expect
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Account user1 = sm.getAccount(USER1_NAME);
        assertEquals(USER1_NAME, user1.getPrimaryGroup());
        final String[] user1Groups = user1.getGroups();
        assertArrayEquals(new String[] { USER1_NAME, OTHER_GROUP1_NAME, OTHER_GROUP2_NAME }, user1Groups);
        for (final String user1Group : user1Groups) {
            assertNotNull(sm.getGroup(user1Group));
        }
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool) Before(org.junit.Before)

Example 8 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class PermissionsFunctionChmodTest method cleanupDb.

@AfterClass
public static void cleanupDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final SecurityManager sm = pool.getSecurityManager();
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        removeUser(sm, USER2_NAME);
        removeUser(sm, USER1_NAME);
        removeCollection(broker, transaction, TestConstants.TEST_COLLECTION_URI);
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) Txn(org.exist.storage.txn.Txn) BrokerPool(org.exist.storage.BrokerPool)

Example 9 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class IPRangeServlet method doPost.

@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    // Get reverse proxy header when available, otherwise use regular IP address
    String ipAddress = request.getHeader("X-Forwarded-For");
    // there may be a comma-separated chain of proxies
    if (ipAddress != null && !ipAddress.isEmpty()) {
        ipAddress = ipAddress.replaceAll("\\s", "");
        String[] xFFs = ipAddress.split(",");
        if (xFFs.length > 1)
            ipAddress = xFFs[xFFs.length - 1];
    } else {
        ipAddress = request.getRemoteAddr();
    }
    LOG.info("Detected IPaddress {}", ipAddress);
    String jsonResponse = "{\"fail\":\"IP range not authenticated\"}";
    try {
        final SecurityManager securityManager = IPRangeRealm.getInstance().getSecurityManager();
        final Subject user = securityManager.authenticate(ipAddress, ipAddress);
        if (user != null) {
            LOG.info("IPRangeServlet user {} found", user.getUsername());
            // Security check
            if (user.hasDbaRole()) {
                LOG.error("User {} has DBA rights, will not be authorized", user.getUsername());
                return;
            }
            final HttpSession session = request.getSession();
            // store the user in the session
            if (session != null) {
                jsonResponse = "{\"user\":\"" + user.getUsername() + "\",\"isAdmin\":\"" + user.hasDbaRole() + "\"}";
                LOG.info("IPRangeServlet setting session attr " + XQueryContext.HTTP_SESSIONVAR_XMLDB_USER);
                session.setAttribute(XQueryContext.HTTP_SESSIONVAR_XMLDB_USER, user);
            } else {
                LOG.info("IPRangeServlet session is null");
            }
        } else {
            LOG.error("IPRangeServlet user not found");
        }
    } catch (final AuthenticationException e) {
        throw new IOException(e.getMessage());
    } finally {
        response.setContentType("application/json");
        final PrintWriter out = response.getWriter();
        out.print(jsonResponse);
        out.flush();
    }
}
Also used : SecurityManager(org.exist.security.SecurityManager) AuthenticationException(org.exist.security.AuthenticationException) HttpSession(javax.servlet.http.HttpSession) IOException(java.io.IOException) Subject(org.exist.security.Subject) PrintWriter(java.io.PrintWriter)

Example 10 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class LocalUserManagementService method updateGroup.

@Override
public void updateGroup(final Group g) throws XMLDBException {
    withDb((broker, transaction) -> {
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        sm.updateGroup(g);
        return null;
    });
}
Also used : SecurityManager(org.exist.security.SecurityManager)

Aggregations

SecurityManager (org.exist.security.SecurityManager)68 DBBroker (org.exist.storage.DBBroker)22 Txn (org.exist.storage.txn.Txn)16 Account (org.exist.security.Account)15 BrokerPool (org.exist.storage.BrokerPool)15 Subject (org.exist.security.Subject)12 EXistException (org.exist.EXistException)11 PermissionDeniedException (org.exist.security.PermissionDeniedException)9 XPathException (org.exist.xquery.XPathException)9 AuthenticationException (org.exist.security.AuthenticationException)8 GroupAider (org.exist.security.internal.aider.GroupAider)6 Collection (org.exist.collections.Collection)5 Group (org.exist.security.Group)5 Database (org.exist.Database)4 UserAider (org.exist.security.internal.aider.UserAider)4 LockedDocumentMap (org.exist.storage.lock.LockedDocumentMap)4 Test (org.junit.Test)4 java.util (java.util)2 List (java.util.List)2 HttpSession (javax.servlet.http.HttpSession)2