Search in sources :

Example 36 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class BlobStoreRecoveryTest method newBlobDb.

private BlobDb newBlobDb(final Path journalDir, final Path blobDbx, final Path blobDir) throws BrokerPoolServiceException, EXistException {
    final Configuration mockConfiguration = createNiceMock(Configuration.class);
    expect(mockConfiguration.getProperty(Journal.PROPERTY_RECOVERY_JOURNAL_DIR)).andReturn(journalDir);
    expect(mockConfiguration.getProperty(BrokerPool.PROPERTY_RECOVERY_GROUP_COMMIT, false)).andReturn(false);
    expect(mockConfiguration.getProperty(PROPERTY_RECOVERY_SYNC_ON_COMMIT, true)).andReturn(true);
    expect(mockConfiguration.getProperty(PROPERTY_RECOVERY_SIZE_MIN, 1)).andReturn(1);
    expect(mockConfiguration.getProperty(PROPERTY_RECOVERY_SIZE_LIMIT, 100)).andReturn(100);
    replay(mockConfiguration);
    final BrokerPool mockBrokerPool = createNiceMock(BrokerPool.class);
    if (!cleanShutdown) {
        // NOTE: needed so we don't checkpoint at clean shutdown and can simulate a crash!
        mockBrokerPool.FORCE_CORRUPTION = true;
    }
    final SecurityManager mockSecurityManager = createNiceMock(SecurityManager.class);
    final Subject mockSystemSubject = createNiceMock(Subject.class);
    expect(mockBrokerPool.getSecurityManager()).andReturn(mockSecurityManager).anyTimes();
    expect(mockSecurityManager.getSystemSubject()).andReturn(mockSystemSubject).anyTimes();
    replay(mockSecurityManager);
    final JournalManager journalManager = new JournalManager();
    journalManager.configure(mockConfiguration);
    final DBBroker mockSystemBroker = createNiceMock(DBBroker.class);
    final Txn mockSystemTransaction = createNiceMock(Txn.class);
    final SystemTaskManager mockSystemTaskManager = createNiceMock(SystemTaskManager.class);
    mockSystemTaskManager.processTasks(mockSystemBroker, mockSystemTransaction);
    expectLastCall().anyTimes();
    replay(mockSystemTaskManager);
    final DBBroker mockBroker = createNiceMock(DBBroker.class);
    expect(mockBroker.getBrokerPool()).andReturn(mockBrokerPool).anyTimes();
    expect(mockBrokerPool.getBroker()).andReturn(mockBroker).anyTimes();
    replay(mockBroker);
    final TransactionManager transactionManager = new TransactionManager(mockBrokerPool, Optional.of(journalManager), mockSystemTaskManager);
    final Scheduler mockScheduler = createNiceMock(Scheduler.class);
    final BlobStore blobStore = new BlobStoreImpl(mockBrokerPool, blobDbx, blobDir, DIGEST_TYPE);
    expect(mockBrokerPool.getConfiguration()).andReturn(mockConfiguration).anyTimes();
    expect(mockBrokerPool.getScheduler()).andReturn(mockScheduler);
    expect(mockScheduler.createPeriodicJob(anyLong(), anyObject(FileLockHeartBeat.class), anyLong(), anyObject(Properties.class))).andReturn(true);
    expect(mockBrokerPool.getTransactionManager()).andReturn(transactionManager).anyTimes();
    expect(mockBrokerPool.getThreadGroup()).andReturn(Thread.currentThread().getThreadGroup());
    expect(mockBrokerPool.getId()).andReturn("BlobStoreRecoveryTest").times(2);
    expect(mockBrokerPool.getJournalManager()).andReturn(Optional.of(journalManager)).anyTimes();
    expect(mockBrokerPool.getBlobStore()).andReturn(blobStore).anyTimes();
    replay(mockBrokerPool);
    journalManager.prepare(mockBrokerPool);
    final RecoveryManager recoveryManager = new RecoveryManager(mockBroker, journalManager, false);
    recoveryManager.recover();
    return new BlobDb(transactionManager, blobStore);
}
Also used : Configuration(org.exist.util.Configuration) SecurityManager(org.exist.security.SecurityManager) Scheduler(org.exist.scheduler.Scheduler) JournalManager(org.exist.storage.journal.JournalManager) Txn(org.exist.storage.txn.Txn) Properties(java.util.Properties) Subject(org.exist.security.Subject) FileLockHeartBeat(org.exist.storage.lock.FileLockHeartBeat) RecoveryManager(org.exist.storage.recovery.RecoveryManager) DBBroker(org.exist.storage.DBBroker) TransactionManager(org.exist.storage.txn.TransactionManager) SystemTaskManager(org.exist.storage.SystemTaskManager) BrokerPool(org.exist.storage.BrokerPool)

Example 37 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class RpcConnection method getGroup.

@Override
public Map<String, Object> getGroup(final String name) throws EXistException, PermissionDeniedException {
    return withDb((broker, transaction) -> {
        final SecurityManager securityManager = factory.getBrokerPool().getSecurityManager();
        final Group group = securityManager.getGroup(name);
        if (group != null) {
            final Map<String, Object> map = new HashMap<>();
            map.put("id", group.getId());
            map.put("realmId", group.getRealmId());
            map.put("name", name);
            final List<Account> groupManagers = group.getManagers();
            final List<String> managers = new ArrayList<>(groupManagers.size());
            for (final Account groupManager : groupManagers) {
                managers.add(groupManager.getName());
            }
            map.put("managers", managers);
            final Map<String, String> metadata = new HashMap<>();
            for (final SchemaType key : group.getMetadataKeys()) {
                metadata.put(key.getNamespace(), group.getMetadataValue(key));
            }
            map.put("metadata", metadata);
            return map;
        }
        return null;
    });
}
Also used : Group(org.exist.security.Group) Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager) EXistSchemaType(org.exist.security.EXistSchemaType) SchemaType(org.exist.security.SchemaType) AXSchemaType(org.exist.security.AXSchemaType)

Example 38 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class RpcConnection method addAccount.

@Override
public boolean addAccount(final String name, String passwd, final String passwdDigest, final List<String> groups, final Boolean enabled, final Integer umask, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
    if (passwd.length() == 0) {
        passwd = null;
    }
    final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
    if (manager.hasAccount(name)) {
        throw new PermissionDeniedException("Account '" + name + "' exist");
    }
    if (!manager.hasAdminPrivileges(user)) {
        throw new PermissionDeniedException("Account '" + user.getName() + "' not allowed to create new account");
    }
    final UserAider u = new UserAider(name);
    u.setEncodedPassword(passwd);
    u.setPasswordDigest(passwdDigest);
    for (final String g : groups) {
        if (!u.hasGroup(g)) {
            u.addGroup(g);
        }
    }
    if (enabled != null) {
        u.setEnabled(enabled);
    }
    if (umask != null) {
        u.setUserMask(umask);
    }
    if (metadata != null) {
        for (final Map.Entry<String, String> m : metadata.entrySet()) {
            if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
                u.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
            } else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
                u.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
            }
        }
    }
    withDb((broker, transaction) -> manager.addAccount(u));
    return true;
}
Also used : SecurityManager(org.exist.security.SecurityManager) PermissionDeniedException(org.exist.security.PermissionDeniedException) UserAider(org.exist.security.internal.aider.UserAider) LockedDocumentMap(org.exist.storage.lock.LockedDocumentMap)

Example 39 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class RpcConnection method setUserPrimaryGroup.

@Override
public boolean setUserPrimaryGroup(final String username, final String groupName) throws EXistException, PermissionDeniedException {
    final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
    if (!manager.hasGroup(groupName)) {
        throw new EXistException("Group '" + groupName + "' does not exist!");
    }
    if (!manager.hasAdminPrivileges(user)) {
        throw new PermissionDeniedException("Not allowed to modify user");
    }
    withDb((broker, transaction) -> {
        final Account account = manager.getAccount(username);
        final Group group = manager.getGroup(groupName);
        account.setPrimaryGroup(group);
        manager.updateAccount(account);
        return null;
    });
    return true;
}
Also used : Account(org.exist.security.Account) Group(org.exist.security.Group) SecurityManager(org.exist.security.SecurityManager) PermissionDeniedException(org.exist.security.PermissionDeniedException) EXistException(org.exist.EXistException)

Example 40 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class RpcConnection method updateGroup.

@Override
public boolean updateGroup(final String name, final List<String> managers, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
    final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
    if (manager.hasGroup(name)) {
        final GroupAider group = new GroupAider(name);
        for (final String groupManager : managers) {
            group.addManager(new UserAider(groupManager));
        }
        if (metadata != null) {
            for (final Map.Entry<String, String> m : metadata.entrySet()) {
                if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
                    group.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
                } else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
                    group.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
                }
            }
        }
        withDb((broker, transaction) -> manager.updateGroup(group));
        return true;
    } else {
        return false;
    }
}
Also used : SecurityManager(org.exist.security.SecurityManager) GroupAider(org.exist.security.internal.aider.GroupAider) UserAider(org.exist.security.internal.aider.UserAider) LockedDocumentMap(org.exist.storage.lock.LockedDocumentMap)

Aggregations

SecurityManager (org.exist.security.SecurityManager)68 DBBroker (org.exist.storage.DBBroker)22 Txn (org.exist.storage.txn.Txn)16 Account (org.exist.security.Account)15 BrokerPool (org.exist.storage.BrokerPool)15 Subject (org.exist.security.Subject)12 EXistException (org.exist.EXistException)11 PermissionDeniedException (org.exist.security.PermissionDeniedException)9 XPathException (org.exist.xquery.XPathException)9 AuthenticationException (org.exist.security.AuthenticationException)8 GroupAider (org.exist.security.internal.aider.GroupAider)6 Collection (org.exist.collections.Collection)5 Group (org.exist.security.Group)5 Database (org.exist.Database)4 UserAider (org.exist.security.internal.aider.UserAider)4 LockedDocumentMap (org.exist.storage.lock.LockedDocumentMap)4 Test (org.junit.Test)4 java.util (java.util)2 List (java.util.List)2 HttpSession (javax.servlet.http.HttpSession)2