Example 1 with AccountImpl
use of org.exist.security.internal.AccountImpl in project exist by eXist-db.
the class AccountTest method testGroupFallback.
@Ignore
@Test
public void testGroupFallback() throws NoSuchMethodException, PermissionDeniedException {
// final String mockRealmId = "mock";
final String testAccountName = "testUser";
final String testGroupName = "testGroup";
Database mockDatabase = EasyMock.createMock(Database.class);
SecurityManagerImpl mockSecurityManager = EasyMock.createMockBuilder(SecurityManagerImpl.class).withConstructor(Database.class).withArgs(mockDatabase).createMock();
Configuration mockConfiguration = EasyMock.createMock(Configuration.class);
AbstractRealm mockRealm = EasyMock.createMockBuilder(AbstractRealm.class).withConstructor(SecurityManager.class, Configuration.class).withArgs(mockSecurityManager, mockConfiguration).createMock();
AccountImpl mockAccountImpl = EasyMock.createMockBuilder(AccountImpl.class).withConstructor(AbstractRealm.class, String.class).withArgs(mockRealm, testAccountName).addMockedMethods(AccountImpl.class.getMethod("getRealm"), AccountImpl.class.getMethod("addGroup", Group.class)).createMock();
expect(mockAccountImpl.getRealm()).andReturn(mockRealm);
expect(mockRealm.getGroup(testGroupName)).andReturn(null);
// expect(mockAccountImpl.getRealm()).andReturn(mockRealm);
// expect(mockRealm.getSecurityManager()).andReturn(mockSecurityManager);
replay();
mockAccountImpl.addGroup(testGroupName);
verify();
}
Also used :
Configuration(org.exist.config.Configuration)
Database(org.exist.Database)
AccountImpl(org.exist.security.internal.AccountImpl)
SecurityManagerImpl(org.exist.security.internal.SecurityManagerImpl)
Ignore(org.junit.Ignore)
Test(org.junit.Test)
Example 2 with AccountImpl
use of org.exist.security.internal.AccountImpl in project exist by eXist-db.
the class AbstractRealm method loadRemovedAccountsFromRealmStorage.
private void loadRemovedAccountsFromRealmStorage(final DBBroker broker) throws ConfigurationException, PermissionDeniedException, LockException {
// load marked for remove accounts information
if (collectionRemovedAccounts != null && collectionRemovedAccounts.getDocumentCount(broker) > 0) {
for (final Iterator<DocumentImpl> i = collectionRemovedAccounts.iterator(broker); i.hasNext(); ) {
final Configuration conf = Configurator.parse(broker.getBrokerPool(), i.next());
final Integer id = conf.getPropertyInteger("id");
if (id != null && !getSecurityManager().hasUser(id)) {
// A account = instantiateAccount(this, conf, true);
final AccountImpl account = new AccountImpl(this, conf);
account.removed = true;
getSecurityManager().registerAccount(account);
}
}
}
}
Also used :
Configuration(org.exist.config.Configuration)
AccountImpl(org.exist.security.internal.AccountImpl)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
Example 3 with AccountImpl
use of org.exist.security.internal.AccountImpl in project exist by eXist-db.
the class AbstractRealm method loadAccountsFromRealmStorage.
private void loadAccountsFromRealmStorage(final DBBroker broker) throws ConfigurationException, PermissionDeniedException, LockException {
// load accounts information
if (collectionAccounts != null && collectionAccounts.getDocumentCount(broker) > 0) {
final AbstractRealm r = this;
for (final Iterator<DocumentImpl> i = collectionAccounts.iterator(broker); i.hasNext(); ) {
final DocumentImpl doc = i.next();
final Configuration conf = Configurator.parse(broker.getBrokerPool(), doc);
final String name = conf.getProperty("name");
usersByName.writeE(principalDb -> {
if (name != null && !principalDb.containsKey(name)) {
// A account = instantiateAccount(this, conf);
final Account account;
try {
account = new AccountImpl(r, conf);
// ensure that the account has at least a primary group
if (account.getGroups().length == 0) {
try {
account.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
} catch (final PermissionDeniedException e) {
throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
}
}
} catch (Throwable e) {
LOG.error("Account object can't be built from '{}'", doc.getFileURI(), e);
return;
}
getSecurityManager().registerAccount(account);
principalDb.put(account.getName(), account);
// set collection
if (account.getId() > 0) {
((AbstractPrincipal) account).setCollection(broker, collectionAccounts);
// ensure that the account has at least a primary group
if (account.getGroups().length == 0) {
try {
account.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
} catch (final PermissionDeniedException e) {
throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
}
}
}
}
});
}
}
}
Also used :
Configuration(org.exist.config.Configuration)
ConfigurationException(org.exist.config.ConfigurationException)
AccountImpl(org.exist.security.internal.AccountImpl)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
Example 4 with AccountImpl
use of org.exist.security.internal.AccountImpl in project exist by eXist-db.
the class DigestAuthenticator method authenticate.
@Override
public Subject authenticate(HttpServletRequest request, HttpServletResponse response, boolean sendChallenge) throws IOException {
final String credentials = request.getHeader("Authorization");
if (credentials == null) {
sendChallenge(request, response);
return null;
}
final Digest digest = new Digest(request.getMethod());
parseCredentials(digest, credentials);
final SecurityManager secman = pool.getSecurityManager();
final AccountImpl user = (AccountImpl) secman.getAccount(digest.username);
if (user == null) {
// If user does not exist then send a challenge request again
if (sendChallenge) {
sendChallenge(request, response);
}
return null;
}
if (!digest.check(user.getDigestPassword())) {
// If password is incorrect then send a challenge request again
if (sendChallenge) {
sendChallenge(request, response);
}
return null;
}
return new SubjectAccreditedImpl(user, this);
}
Also used :
SecurityManager(org.exist.security.SecurityManager)
MessageDigest(java.security.MessageDigest)
SubjectAccreditedImpl(org.exist.security.internal.SubjectAccreditedImpl)
AccountImpl(org.exist.security.internal.AccountImpl)
Aggregations
AccountImpl (org.exist.security.internal.AccountImpl)4
Configuration (org.exist.config.Configuration)3
DocumentImpl (org.exist.dom.persistent.DocumentImpl)2
MessageDigest (java.security.MessageDigest)1
Database (org.exist.Database)1
ConfigurationException (org.exist.config.ConfigurationException)1
SecurityManager (org.exist.security.SecurityManager)1
SecurityManagerImpl (org.exist.security.internal.SecurityManagerImpl)1
SubjectAccreditedImpl (org.exist.security.internal.SubjectAccreditedImpl)1
Ignore (org.junit.Ignore)1
Test (org.junit.Test)1
