Search in sources :

Example 41 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class RpcConnection method addGroup.

@Override
public boolean addGroup(final String name, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
    final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
    if (!manager.hasGroup(name)) {
        if (!manager.hasAdminPrivileges(user)) {
            throw new PermissionDeniedException("Not allowed to create group");
        }
        final Group role = new GroupAider(name);
        for (final Map.Entry<String, String> m : metadata.entrySet()) {
            if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
                role.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
            } else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
                role.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
            }
        }
        withDb((broker, transaction) -> manager.addGroup(broker, role));
        return true;
    }
    return false;
}
Also used : Group(org.exist.security.Group) SecurityManager(org.exist.security.SecurityManager) PermissionDeniedException(org.exist.security.PermissionDeniedException) GroupAider(org.exist.security.internal.aider.GroupAider) LockedDocumentMap(org.exist.storage.lock.LockedDocumentMap)

Example 42 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class TransactionManagerTestHelper method createTestableTransactionManager.

protected TransactionManager createTestableTransactionManager(final boolean expectTxnClose) throws NoSuchFieldException, IllegalAccessException, EXistException {
    mockBrokerPool = createMock(BrokerPool.class);
    mockBroker = createMock(NativeBroker.class);
    expect(mockBrokerPool.getBroker()).andReturn(mockBroker).atLeastOnce();
    mockBroker.addCurrentTransaction(anyObject());
    expectLastCall().atLeastOnce();
    if (expectTxnClose) {
        mockBroker.removeCurrentTransaction(anyObject());
        expectLastCall().atLeastOnce();
    }
    mockBroker.close();
    expectLastCall().atLeastOnce();
    final SecurityManager mockSecurityManager = createMock(SecurityManager.class);
    final Subject mockSystemSubject = createMock(Subject.class);
    expect(mockBrokerPool.get(Optional.of(mockSystemSubject))).andReturn(mockBroker).anyTimes();
    expect(mockBrokerPool.getSecurityManager()).andReturn(mockSecurityManager).anyTimes();
    expect(mockSecurityManager.getSystemSubject()).andReturn(mockSystemSubject).anyTimes();
    final JournalManager mockJournalManager = createMock(JournalManager.class);
    final SystemTaskManager mockTaskManager = createMock(SystemTaskManager.class);
    replay(mockBrokerPool, mockBroker, mockSecurityManager);
    return new TransactionManager(mockBrokerPool, Optional.of(mockJournalManager), mockTaskManager);
}
Also used : SecurityManager(org.exist.security.SecurityManager) JournalManager(org.exist.storage.journal.JournalManager) NativeBroker(org.exist.storage.NativeBroker) SystemTaskManager(org.exist.storage.SystemTaskManager) BrokerPool(org.exist.storage.BrokerPool) Subject(org.exist.security.Subject)

Example 43 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class AccountFunctions method eval.

@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
    final SecurityManager sm = context.getBroker().getBrokerPool().getSecurityManager();
    final LDAPRealm ldapRealm = getLdapRealm(sm);
    final String accountName = args[0].itemAt(0).getStringValue();
    final Account ldapAccount = sm.getAccount(accountName);
    if (ldapAccount == null)
        throw new XPathException("The Account '" + accountName + "' does not exist!");
    try {
        ldapRealm.refreshAccountFromLdap(ldapAccount);
    } catch (final PermissionDeniedException | AuthenticationException pde) {
        throw new XPathException(this, pde);
    }
    return Sequence.EMPTY_SEQUENCE;
}
Also used : Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager) LDAPRealm(org.exist.security.realm.ldap.LDAPRealm) XPathException(org.exist.xquery.XPathException) AuthenticationException(org.exist.security.AuthenticationException) PermissionDeniedException(org.exist.security.PermissionDeniedException)

Example 44 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class FindUserFunction method eval.

@Override
public Sequence eval(Sequence[] args, Sequence contextSequence) throws XPathException {
    final DBBroker broker = getContext().getBroker();
    final Subject currentUser = broker.getCurrentSubject();
    final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
    final Sequence result;
    if (isCalledAs(qnListUsers.getLocalPart())) {
        result = new ValueSequence();
        if (currentUser.getName().equals(SecurityManager.GUEST_USER)) {
            result.add(new StringValue(SecurityManager.GUEST_USER));
        } else {
            addUserNamesToSequence(securityManager.findAllUserNames(), result);
        }
    } else {
        if (currentUser.getName().equals(SecurityManager.GUEST_USER)) {
            throw new XPathException("You must be an authenticated user");
        }
        if (isCalledAs(qnUserExists.getLocalPart())) {
            final String username = args[0].getStringValue();
            result = BooleanValue.valueOf(securityManager.hasAccount(username));
        } else {
            result = new ValueSequence();
            final String startsWith = args[0].getStringValue();
            final List<String> usernames;
            if (isCalledAs(qnFindUsersByUsername.getLocalPart())) {
                usernames = securityManager.findUsernamesWhereUsernameStarts(startsWith);
            } else if (isCalledAs(qnFindUsersByName.getLocalPart())) {
                usernames = securityManager.findUsernamesWhereNameStarts(startsWith);
            } else if (isCalledAs(qnFindUsersByNamePart.getLocalPart())) {
                usernames = securityManager.findUsernamesWhereNamePartStarts(startsWith);
            } else {
                throw new XPathException("Unknown function");
            }
            addUserNamesToSequence(usernames, result);
        }
    }
    return result;
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) XPathException(org.exist.xquery.XPathException) ValueSequence(org.exist.xquery.value.ValueSequence) ValueSequence(org.exist.xquery.value.ValueSequence) Sequence(org.exist.xquery.value.Sequence) StringValue(org.exist.xquery.value.StringValue) Subject(org.exist.security.Subject)

Example 45 with SecurityManager

use of org.exist.security.SecurityManager in project exist by eXist-db.

the class GroupManagementFunction method eval.

@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
    final SecurityManager securityManager = context.getBroker().getBrokerPool().getSecurityManager();
    final Subject currentSubject = context.getBroker().getCurrentSubject();
    try {
        final String groupName = args[0].itemAt(0).getStringValue();
        if (isCalledAs(qnCreateGroup.getLocalPart())) {
            if (securityManager.hasGroup(groupName)) {
                throw new XPathException(this, "The group with name " + groupName + " already exists.");
            }
            if (!currentSubject.hasDbaRole()) {
                throw new XPathException(this, "Only DBA users may create a user group.");
            }
            final Group group = new GroupAider(groupName);
            group.addManager(currentSubject);
            if (getSignature().getArgumentCount() == 3) {
                // set group managers
                final List<Account> groupManagers = getGroupManagers(securityManager, args[1]);
                group.addManagers(groupManagers);
            }
            // set metadata
            if (getSignature().getArgumentCount() >= 2) {
                group.setMetadataValue(EXistSchemaType.DESCRIPTION, args[getSignature().getArgumentCount() - 1].toString());
            }
            securityManager.addGroup(context.getBroker(), group);
        } else if (isCalledAs(qnRemoveGroup.getLocalPart())) {
            if (!securityManager.hasGroup(groupName)) {
                throw new XPathException(this, "The group with name " + groupName + " does not exist.");
            }
            final Group successorGroup;
            if (getArgumentCount() == 2) {
                final String successorGroupName = args[1].itemAt(0).getStringValue();
                if (!currentSubject.hasGroup(successorGroupName)) {
                    throw new PermissionDeniedException("You must be a member of the group for which permissions should be inherited by");
                }
                successorGroup = securityManager.getGroup(successorGroupName);
            } else {
                successorGroup = securityManager.getGroup("guest");
            }
            try {
                securityManager.deleteGroup(groupName);
            } catch (final EXistException ee) {
                throw new XPathException(this, ee);
            }
        } else {
            throw new XPathException(this, "Unknown function call: " + getSignature());
        }
        return Sequence.EMPTY_SEQUENCE;
    } catch (final PermissionDeniedException | EXistException pde) {
        throw new XPathException(this, pde);
    }
}
Also used : SecurityManager(org.exist.security.SecurityManager) XPathException(org.exist.xquery.XPathException) EXistException(org.exist.EXistException) GroupAider(org.exist.security.internal.aider.GroupAider)

Aggregations

SecurityManager (org.exist.security.SecurityManager)68 DBBroker (org.exist.storage.DBBroker)22 Txn (org.exist.storage.txn.Txn)16 Account (org.exist.security.Account)15 BrokerPool (org.exist.storage.BrokerPool)15 Subject (org.exist.security.Subject)12 EXistException (org.exist.EXistException)11 PermissionDeniedException (org.exist.security.PermissionDeniedException)9 XPathException (org.exist.xquery.XPathException)9 AuthenticationException (org.exist.security.AuthenticationException)8 GroupAider (org.exist.security.internal.aider.GroupAider)6 Collection (org.exist.collections.Collection)5 Group (org.exist.security.Group)5 Database (org.exist.Database)4 UserAider (org.exist.security.internal.aider.UserAider)4 LockedDocumentMap (org.exist.storage.lock.LockedDocumentMap)4 Test (org.junit.Test)4 java.util (java.util)2 List (java.util.List)2 HttpSession (javax.servlet.http.HttpSession)2