use of org.exist.security.SecurityManager in project exist by eXist-db.
the class RpcConnection method addGroup.
@Override
public boolean addGroup(final String name, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
if (!manager.hasGroup(name)) {
if (!manager.hasAdminPrivileges(user)) {
throw new PermissionDeniedException("Not allowed to create group");
}
final Group role = new GroupAider(name);
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
role.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
role.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
withDb((broker, transaction) -> manager.addGroup(broker, role));
return true;
}
return false;
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class TransactionManagerTestHelper method createTestableTransactionManager.
protected TransactionManager createTestableTransactionManager(final boolean expectTxnClose) throws NoSuchFieldException, IllegalAccessException, EXistException {
mockBrokerPool = createMock(BrokerPool.class);
mockBroker = createMock(NativeBroker.class);
expect(mockBrokerPool.getBroker()).andReturn(mockBroker).atLeastOnce();
mockBroker.addCurrentTransaction(anyObject());
expectLastCall().atLeastOnce();
if (expectTxnClose) {
mockBroker.removeCurrentTransaction(anyObject());
expectLastCall().atLeastOnce();
}
mockBroker.close();
expectLastCall().atLeastOnce();
final SecurityManager mockSecurityManager = createMock(SecurityManager.class);
final Subject mockSystemSubject = createMock(Subject.class);
expect(mockBrokerPool.get(Optional.of(mockSystemSubject))).andReturn(mockBroker).anyTimes();
expect(mockBrokerPool.getSecurityManager()).andReturn(mockSecurityManager).anyTimes();
expect(mockSecurityManager.getSystemSubject()).andReturn(mockSystemSubject).anyTimes();
final JournalManager mockJournalManager = createMock(JournalManager.class);
final SystemTaskManager mockTaskManager = createMock(SystemTaskManager.class);
replay(mockBrokerPool, mockBroker, mockSecurityManager);
return new TransactionManager(mockBrokerPool, Optional.of(mockJournalManager), mockTaskManager);
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class AccountFunctions method eval.
@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
final SecurityManager sm = context.getBroker().getBrokerPool().getSecurityManager();
final LDAPRealm ldapRealm = getLdapRealm(sm);
final String accountName = args[0].itemAt(0).getStringValue();
final Account ldapAccount = sm.getAccount(accountName);
if (ldapAccount == null)
throw new XPathException("The Account '" + accountName + "' does not exist!");
try {
ldapRealm.refreshAccountFromLdap(ldapAccount);
} catch (final PermissionDeniedException | AuthenticationException pde) {
throw new XPathException(this, pde);
}
return Sequence.EMPTY_SEQUENCE;
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class FindUserFunction method eval.
@Override
public Sequence eval(Sequence[] args, Sequence contextSequence) throws XPathException {
final DBBroker broker = getContext().getBroker();
final Subject currentUser = broker.getCurrentSubject();
final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
final Sequence result;
if (isCalledAs(qnListUsers.getLocalPart())) {
result = new ValueSequence();
if (currentUser.getName().equals(SecurityManager.GUEST_USER)) {
result.add(new StringValue(SecurityManager.GUEST_USER));
} else {
addUserNamesToSequence(securityManager.findAllUserNames(), result);
}
} else {
if (currentUser.getName().equals(SecurityManager.GUEST_USER)) {
throw new XPathException("You must be an authenticated user");
}
if (isCalledAs(qnUserExists.getLocalPart())) {
final String username = args[0].getStringValue();
result = BooleanValue.valueOf(securityManager.hasAccount(username));
} else {
result = new ValueSequence();
final String startsWith = args[0].getStringValue();
final List<String> usernames;
if (isCalledAs(qnFindUsersByUsername.getLocalPart())) {
usernames = securityManager.findUsernamesWhereUsernameStarts(startsWith);
} else if (isCalledAs(qnFindUsersByName.getLocalPart())) {
usernames = securityManager.findUsernamesWhereNameStarts(startsWith);
} else if (isCalledAs(qnFindUsersByNamePart.getLocalPart())) {
usernames = securityManager.findUsernamesWhereNamePartStarts(startsWith);
} else {
throw new XPathException("Unknown function");
}
addUserNamesToSequence(usernames, result);
}
}
return result;
}
use of org.exist.security.SecurityManager in project exist by eXist-db.
the class GroupManagementFunction method eval.
@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
final SecurityManager securityManager = context.getBroker().getBrokerPool().getSecurityManager();
final Subject currentSubject = context.getBroker().getCurrentSubject();
try {
final String groupName = args[0].itemAt(0).getStringValue();
if (isCalledAs(qnCreateGroup.getLocalPart())) {
if (securityManager.hasGroup(groupName)) {
throw new XPathException(this, "The group with name " + groupName + " already exists.");
}
if (!currentSubject.hasDbaRole()) {
throw new XPathException(this, "Only DBA users may create a user group.");
}
final Group group = new GroupAider(groupName);
group.addManager(currentSubject);
if (getSignature().getArgumentCount() == 3) {
// set group managers
final List<Account> groupManagers = getGroupManagers(securityManager, args[1]);
group.addManagers(groupManagers);
}
// set metadata
if (getSignature().getArgumentCount() >= 2) {
group.setMetadataValue(EXistSchemaType.DESCRIPTION, args[getSignature().getArgumentCount() - 1].toString());
}
securityManager.addGroup(context.getBroker(), group);
} else if (isCalledAs(qnRemoveGroup.getLocalPart())) {
if (!securityManager.hasGroup(groupName)) {
throw new XPathException(this, "The group with name " + groupName + " does not exist.");
}
final Group successorGroup;
if (getArgumentCount() == 2) {
final String successorGroupName = args[1].itemAt(0).getStringValue();
if (!currentSubject.hasGroup(successorGroupName)) {
throw new PermissionDeniedException("You must be a member of the group for which permissions should be inherited by");
}
successorGroup = securityManager.getGroup(successorGroupName);
} else {
successorGroup = securityManager.getGroup("guest");
}
try {
securityManager.deleteGroup(groupName);
} catch (final EXistException ee) {
throw new XPathException(this, ee);
}
} else {
throw new XPathException(this, "Unknown function call: " + getSignature());
}
return Sequence.EMPTY_SEQUENCE;
} catch (final PermissionDeniedException | EXistException pde) {
throw new XPathException(this, pde);
}
}
Aggregations