Search in sources :

Example 1 with AccountImpl

use of org.exist.security.internal.AccountImpl in project exist by eXist-db.

the class AccountTest method testGroupFallback.

@Ignore
@Test
public void testGroupFallback() throws NoSuchMethodException, PermissionDeniedException {
    // final String mockRealmId = "mock";
    final String testAccountName = "testUser";
    final String testGroupName = "testGroup";
    Database mockDatabase = EasyMock.createMock(Database.class);
    SecurityManagerImpl mockSecurityManager = EasyMock.createMockBuilder(SecurityManagerImpl.class).withConstructor(Database.class).withArgs(mockDatabase).createMock();
    Configuration mockConfiguration = EasyMock.createMock(Configuration.class);
    AbstractRealm mockRealm = EasyMock.createMockBuilder(AbstractRealm.class).withConstructor(SecurityManager.class, Configuration.class).withArgs(mockSecurityManager, mockConfiguration).createMock();
    AccountImpl mockAccountImpl = EasyMock.createMockBuilder(AccountImpl.class).withConstructor(AbstractRealm.class, String.class).withArgs(mockRealm, testAccountName).addMockedMethods(AccountImpl.class.getMethod("getRealm"), AccountImpl.class.getMethod("addGroup", Group.class)).createMock();
    expect(mockAccountImpl.getRealm()).andReturn(mockRealm);
    expect(mockRealm.getGroup(testGroupName)).andReturn(null);
    // expect(mockAccountImpl.getRealm()).andReturn(mockRealm);
    // expect(mockRealm.getSecurityManager()).andReturn(mockSecurityManager);
    replay();
    mockAccountImpl.addGroup(testGroupName);
    verify();
}
Also used : Configuration(org.exist.config.Configuration) Database(org.exist.Database) AccountImpl(org.exist.security.internal.AccountImpl) SecurityManagerImpl(org.exist.security.internal.SecurityManagerImpl) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 2 with AccountImpl

use of org.exist.security.internal.AccountImpl in project exist by eXist-db.

the class AbstractRealm method loadRemovedAccountsFromRealmStorage.

private void loadRemovedAccountsFromRealmStorage(final DBBroker broker) throws ConfigurationException, PermissionDeniedException, LockException {
    // load marked for remove accounts information
    if (collectionRemovedAccounts != null && collectionRemovedAccounts.getDocumentCount(broker) > 0) {
        for (final Iterator<DocumentImpl> i = collectionRemovedAccounts.iterator(broker); i.hasNext(); ) {
            final Configuration conf = Configurator.parse(broker.getBrokerPool(), i.next());
            final Integer id = conf.getPropertyInteger("id");
            if (id != null && !getSecurityManager().hasUser(id)) {
                // A account = instantiateAccount(this, conf, true);
                final AccountImpl account = new AccountImpl(this, conf);
                account.removed = true;
                getSecurityManager().registerAccount(account);
            }
        }
    }
}
Also used : Configuration(org.exist.config.Configuration) AccountImpl(org.exist.security.internal.AccountImpl) DocumentImpl(org.exist.dom.persistent.DocumentImpl)

Example 3 with AccountImpl

use of org.exist.security.internal.AccountImpl in project exist by eXist-db.

the class AbstractRealm method loadAccountsFromRealmStorage.

private void loadAccountsFromRealmStorage(final DBBroker broker) throws ConfigurationException, PermissionDeniedException, LockException {
    // load accounts information
    if (collectionAccounts != null && collectionAccounts.getDocumentCount(broker) > 0) {
        final AbstractRealm r = this;
        for (final Iterator<DocumentImpl> i = collectionAccounts.iterator(broker); i.hasNext(); ) {
            final DocumentImpl doc = i.next();
            final Configuration conf = Configurator.parse(broker.getBrokerPool(), doc);
            final String name = conf.getProperty("name");
            usersByName.writeE(principalDb -> {
                if (name != null && !principalDb.containsKey(name)) {
                    // A account = instantiateAccount(this, conf);
                    final Account account;
                    try {
                        account = new AccountImpl(r, conf);
                        // ensure that the account has at least a primary group
                        if (account.getGroups().length == 0) {
                            try {
                                account.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
                                LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
                            } catch (final PermissionDeniedException e) {
                                throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
                            }
                        }
                    } catch (Throwable e) {
                        LOG.error("Account object can't be built from '{}'", doc.getFileURI(), e);
                        return;
                    }
                    getSecurityManager().registerAccount(account);
                    principalDb.put(account.getName(), account);
                    // set collection
                    if (account.getId() > 0) {
                        ((AbstractPrincipal) account).setCollection(broker, collectionAccounts);
                        // ensure that the account has at least a primary group
                        if (account.getGroups().length == 0) {
                            try {
                                account.setPrimaryGroup(getGroup(SecurityManager.UNKNOWN_GROUP));
                                LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
                            } catch (final PermissionDeniedException e) {
                                throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
                            }
                        }
                    }
                }
            });
        }
    }
}
Also used : Configuration(org.exist.config.Configuration) ConfigurationException(org.exist.config.ConfigurationException) AccountImpl(org.exist.security.internal.AccountImpl) DocumentImpl(org.exist.dom.persistent.DocumentImpl)

Example 4 with AccountImpl

use of org.exist.security.internal.AccountImpl in project exist by eXist-db.

the class DigestAuthenticator method authenticate.

@Override
public Subject authenticate(HttpServletRequest request, HttpServletResponse response, boolean sendChallenge) throws IOException {
    final String credentials = request.getHeader("Authorization");
    if (credentials == null) {
        sendChallenge(request, response);
        return null;
    }
    final Digest digest = new Digest(request.getMethod());
    parseCredentials(digest, credentials);
    final SecurityManager secman = pool.getSecurityManager();
    final AccountImpl user = (AccountImpl) secman.getAccount(digest.username);
    if (user == null) {
        // If user does not exist then send a challenge request again
        if (sendChallenge) {
            sendChallenge(request, response);
        }
        return null;
    }
    if (!digest.check(user.getDigestPassword())) {
        // If password is incorrect then send a challenge request again
        if (sendChallenge) {
            sendChallenge(request, response);
        }
        return null;
    }
    return new SubjectAccreditedImpl(user, this);
}
Also used : SecurityManager(org.exist.security.SecurityManager) MessageDigest(java.security.MessageDigest) SubjectAccreditedImpl(org.exist.security.internal.SubjectAccreditedImpl) AccountImpl(org.exist.security.internal.AccountImpl)

Aggregations

AccountImpl (org.exist.security.internal.AccountImpl)4 Configuration (org.exist.config.Configuration)3 DocumentImpl (org.exist.dom.persistent.DocumentImpl)2 MessageDigest (java.security.MessageDigest)1 Database (org.exist.Database)1 ConfigurationException (org.exist.config.ConfigurationException)1 SecurityManager (org.exist.security.SecurityManager)1 SecurityManagerImpl (org.exist.security.internal.SecurityManagerImpl)1 SubjectAccreditedImpl (org.exist.security.internal.SubjectAccreditedImpl)1 Ignore (org.junit.Ignore)1 Test (org.junit.Test)1