use of org.exist.security.SecurityManager in project exist by eXist-db.
the class BlobStoreRecoveryTest method newBlobDb.
private BlobDb newBlobDb(final Path journalDir, final Path blobDbx, final Path blobDir) throws BrokerPoolServiceException, EXistException {
final Configuration mockConfiguration = createNiceMock(Configuration.class);
expect(mockConfiguration.getProperty(Journal.PROPERTY_RECOVERY_JOURNAL_DIR)).andReturn(journalDir);
expect(mockConfiguration.getProperty(BrokerPool.PROPERTY_RECOVERY_GROUP_COMMIT, false)).andReturn(false);
expect(mockConfiguration.getProperty(PROPERTY_RECOVERY_SYNC_ON_COMMIT, true)).andReturn(true);
expect(mockConfiguration.getProperty(PROPERTY_RECOVERY_SIZE_MIN, 1)).andReturn(1);
expect(mockConfiguration.getProperty(PROPERTY_RECOVERY_SIZE_LIMIT, 100)).andReturn(100);
replay(mockConfiguration);
final BrokerPool mockBrokerPool = createNiceMock(BrokerPool.class);
if (!cleanShutdown) {
// NOTE: needed so we don't checkpoint at clean shutdown and can simulate a crash!
mockBrokerPool.FORCE_CORRUPTION = true;
}
final SecurityManager mockSecurityManager = createNiceMock(SecurityManager.class);
final Subject mockSystemSubject = createNiceMock(Subject.class);
expect(mockBrokerPool.getSecurityManager()).andReturn(mockSecurityManager).anyTimes();
expect(mockSecurityManager.getSystemSubject()).andReturn(mockSystemSubject).anyTimes();
replay(mockSecurityManager);
final JournalManager journalManager = new JournalManager();
journalManager.configure(mockConfiguration);
final DBBroker mockSystemBroker = createNiceMock(DBBroker.class);
final Txn mockSystemTransaction = createNiceMock(Txn.class);
final SystemTaskManager mockSystemTaskManager = createNiceMock(SystemTaskManager.class);
mockSystemTaskManager.processTasks(mockSystemBroker, mockSystemTransaction);
expectLastCall().anyTimes();
replay(mockSystemTaskManager);
final DBBroker mockBroker = createNiceMock(DBBroker.class);
expect(mockBroker.getBrokerPool()).andReturn(mockBrokerPool).anyTimes();
expect(mockBrokerPool.getBroker()).andReturn(mockBroker).anyTimes();
replay(mockBroker);
final TransactionManager transactionManager = new TransactionManager(mockBrokerPool, Optional.of(journalManager), mockSystemTaskManager);
final Scheduler mockScheduler = createNiceMock(Scheduler.class);
final BlobStore blobStore = new BlobStoreImpl(mockBrokerPool, blobDbx, blobDir, DIGEST_TYPE);
expect(mockBrokerPool.getConfiguration()).andReturn(mockConfiguration).anyTimes();
expect(mockBrokerPool.getScheduler()).andReturn(mockScheduler);
expect(mockScheduler.createPeriodicJob(anyLong(), anyObject(FileLockHeartBeat.class), anyLong(), anyObject(Properties.class))).andReturn(true);
expect(mockBrokerPool.getTransactionManager()).andReturn(transactionManager).anyTimes();
expect(mockBrokerPool.getThreadGroup()).andReturn(Thread.currentThread().getThreadGroup());
expect(mockBrokerPool.getId()).andReturn("BlobStoreRecoveryTest").times(2);
expect(mockBrokerPool.getJournalManager()).andReturn(Optional.of(journalManager)).anyTimes();
expect(mockBrokerPool.getBlobStore()).andReturn(blobStore).anyTimes();
replay(mockBrokerPool);
journalManager.prepare(mockBrokerPool);
final RecoveryManager recoveryManager = new RecoveryManager(mockBroker, journalManager, false);
recoveryManager.recover();
return new BlobDb(transactionManager, blobStore);
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class RpcConnection method getGroup.
@Override
public Map<String, Object> getGroup(final String name) throws EXistException, PermissionDeniedException {
return withDb((broker, transaction) -> {
final SecurityManager securityManager = factory.getBrokerPool().getSecurityManager();
final Group group = securityManager.getGroup(name);
if (group != null) {
final Map<String, Object> map = new HashMap<>();
map.put("id", group.getId());
map.put("realmId", group.getRealmId());
map.put("name", name);
final List<Account> groupManagers = group.getManagers();
final List<String> managers = new ArrayList<>(groupManagers.size());
for (final Account groupManager : groupManagers) {
managers.add(groupManager.getName());
}
map.put("managers", managers);
final Map<String, String> metadata = new HashMap<>();
for (final SchemaType key : group.getMetadataKeys()) {
metadata.put(key.getNamespace(), group.getMetadataValue(key));
}
map.put("metadata", metadata);
return map;
}
return null;
});
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class RpcConnection method addAccount.
@Override
public boolean addAccount(final String name, String passwd, final String passwdDigest, final List<String> groups, final Boolean enabled, final Integer umask, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
if (passwd.length() == 0) {
passwd = null;
}
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (manager.hasAccount(name)) {
throw new PermissionDeniedException("Account '" + name + "' exist");
}
if (!manager.hasAdminPrivileges(user)) {
throw new PermissionDeniedException("Account '" + user.getName() + "' not allowed to create new account");
}
final UserAider u = new UserAider(name);
u.setEncodedPassword(passwd);
u.setPasswordDigest(passwdDigest);
for (final String g : groups) {
if (!u.hasGroup(g)) {
u.addGroup(g);
}
}
if (enabled != null) {
u.setEnabled(enabled);
}
if (umask != null) {
u.setUserMask(umask);
}
if (metadata != null) {
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
u.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
u.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
}
withDb((broker, transaction) -> manager.addAccount(u));
return true;
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class RpcConnection method setUserPrimaryGroup.
@Override
public boolean setUserPrimaryGroup(final String username, final String groupName) throws EXistException, PermissionDeniedException {
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (!manager.hasGroup(groupName)) {
throw new EXistException("Group '" + groupName + "' does not exist!");
}
if (!manager.hasAdminPrivileges(user)) {
throw new PermissionDeniedException("Not allowed to modify user");
}
withDb((broker, transaction) -> {
final Account account = manager.getAccount(username);
final Group group = manager.getGroup(groupName);
account.setPrimaryGroup(group);
manager.updateAccount(account);
return null;
});
return true;
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class RpcConnection method updateGroup.
@Override
public boolean updateGroup(final String name, final List<String> managers, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (manager.hasGroup(name)) {
final GroupAider group = new GroupAider(name);
for (final String groupManager : managers) {
group.addManager(new UserAider(groupManager));
}
if (metadata != null) {
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
group.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
group.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
}
withDb((broker, transaction) -> manager.updateGroup(group));
return true;
} else {
return false;
}
}
Aggregations