use of org.exist.security.internal.Password in project exist by eXist-db.
the class Restore method setAdminCredentials.
private void setAdminCredentials(final DBBroker broker, final String adminPassword) throws EXistException, PermissionDeniedException {
final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
final Account dba = securityManager.getAccount(SecurityManager.DBA_USER);
if (dba == null) {
throw new EXistException("'" + SecurityManager.DBA_USER + "' account can't be found.");
}
dba.setCredential(new Password(dba, adminPassword));
securityManager.updateAccount(dba);
}
use of org.exist.security.internal.Password in project exist by eXist-db.
the class UserPasswordTask method execute.
@Override
public void execute() throws BuildException {
super.execute();
if (name == null) {
throw (new BuildException("Must specify at least a user name"));
}
try {
log("Looking up user " + name, Project.MSG_INFO);
final Account usr = service.getAccount(name);
if (usr != null) {
log("Setting password for user " + name, Project.MSG_INFO);
if (secret != null) {
usr.setCredential(new Password(usr, secret));
this.service.updateAccount(usr);
}
} else {
final String msg = "user " + name + " not found";
if (failonerror) {
throw (new BuildException(msg));
} else {
log(msg, Project.MSG_ERR);
}
}
} catch (final XMLDBException e) {
final String msg = "XMLDB exception caught: " + e.getMessage();
if (failonerror) {
throw (new BuildException(msg, e));
} else {
log(msg, e, Project.MSG_ERR);
}
}
}
use of org.exist.security.internal.Password in project exist by eXist-db.
the class AccountManagementFunction method eval.
@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
final DBBroker broker = getContext().getBroker();
final Subject currentUser = broker.getCurrentSubject();
final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
final String username = args[0].getStringValue();
try {
if (isCalledAs(qnRemoveAccount.getLocalPart())) {
/* remove account */
if (!currentUser.hasDbaRole()) {
throw new XPathException(this, "Only a DBA user may remove accounts.");
}
if (!securityManager.hasAccount(username)) {
throw new XPathException(this, "The user account with username " + username + " does not exist.");
}
if (currentUser.getName().equals(username)) {
throw new XPathException(this, "You cannot remove yourself i.e. the currently logged in user.");
}
securityManager.deleteAccount(username);
} else {
final String password = args[1].getStringValue();
if (isCalledAs(qnPasswd.getLocalPart()) || isCalledAs(qnPasswdHash.getLocalPart())) {
if (!(currentUser.getName().equals(username) || currentUser.hasDbaRole())) {
throw new XPathException(this, "You may only change your own password, unless you are a DBA.");
}
final Account account = securityManager.getAccount(username);
if (isCalledAs(qnPasswdHash.getLocalPart())) {
account.setCredential(new Password(account, Password.DEFAULT_ALGORITHM, password));
} else {
account.setPassword(password);
}
securityManager.updateAccount(account);
} else if (isCalledAs(qnCreateAccount.getLocalPart())) {
/* create account */
if (!currentUser.hasDbaRole()) {
throw new XPathException(this, "You must be a DBA to create a User Account.");
}
if (securityManager.hasAccount(username)) {
throw new XPathException(this, "The user account with username " + username + " already exists.");
}
final Account user = new UserAider(username);
user.setPassword(password);
if (getSignature().getArgumentCount() >= 5) {
// set metadata values if present
user.setMetadataValue(AXSchemaType.FULLNAME, args[getSignature().getArgumentCount() - 2].toString());
user.setMetadataValue(EXistSchemaType.DESCRIPTION, args[getSignature().getArgumentCount() - 1].toString());
}
final String[] subGroups;
if (getSignature().getArgumentCount() == 3 || getSignature().getArgumentCount() == 5) {
// create the personal group
final Group group = new GroupAider(username);
group.setMetadataValue(EXistSchemaType.DESCRIPTION, "Personal group for " + username);
group.addManager(currentUser);
securityManager.addGroup(broker, group);
// add the personal group as the primary group
user.addGroup(username);
subGroups = getGroups(args[2]);
} else {
// add the primary group as the primary group
final String primaryGroup = args[2].getStringValue();
if (primaryGroup == null || primaryGroup.isEmpty()) {
throw new XPathException(this, "You must specify a primary group for the user.");
}
user.addGroup(primaryGroup);
subGroups = getGroups(args[3]);
}
for (String subGroup : subGroups) {
user.addGroup(subGroup);
}
// create the account
securityManager.addAccount(user);
// if we created a personal group, then add the new account as a manager of their personal group
if (getSignature().getArgumentCount() == 3 || getSignature().getArgumentCount() == 5) {
final Group group = securityManager.getGroup(username);
group.addManager(securityManager.getAccount(username));
securityManager.updateGroup(group);
}
} else {
throw new XPathException(this, "Unknown function call: " + getSignature());
}
}
} catch (final PermissionDeniedException | EXistException pde) {
throw new XPathException(this, pde);
}
return Sequence.EMPTY_SEQUENCE;
}
Aggregations