Search in sources :

Example 1 with Password

use of org.exist.security.internal.Password in project exist by eXist-db.

the class Restore method setAdminCredentials.

private void setAdminCredentials(final DBBroker broker, final String adminPassword) throws EXistException, PermissionDeniedException {
    final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
    final Account dba = securityManager.getAccount(SecurityManager.DBA_USER);
    if (dba == null) {
        throw new EXistException("'" + SecurityManager.DBA_USER + "' account can't be found.");
    }
    dba.setCredential(new Password(dba, adminPassword));
    securityManager.updateAccount(dba);
}
Also used : Account(org.exist.security.Account) SecurityManager(org.exist.security.SecurityManager) EXistException(org.exist.EXistException) Password(org.exist.security.internal.Password)

Example 2 with Password

use of org.exist.security.internal.Password in project exist by eXist-db.

the class UserPasswordTask method execute.

@Override
public void execute() throws BuildException {
    super.execute();
    if (name == null) {
        throw (new BuildException("Must specify at least a user name"));
    }
    try {
        log("Looking up user " + name, Project.MSG_INFO);
        final Account usr = service.getAccount(name);
        if (usr != null) {
            log("Setting password for user " + name, Project.MSG_INFO);
            if (secret != null) {
                usr.setCredential(new Password(usr, secret));
                this.service.updateAccount(usr);
            }
        } else {
            final String msg = "user " + name + " not found";
            if (failonerror) {
                throw (new BuildException(msg));
            } else {
                log(msg, Project.MSG_ERR);
            }
        }
    } catch (final XMLDBException e) {
        final String msg = "XMLDB exception caught: " + e.getMessage();
        if (failonerror) {
            throw (new BuildException(msg, e));
        } else {
            log(msg, e, Project.MSG_ERR);
        }
    }
}
Also used : Account(org.exist.security.Account) XMLDBException(org.xmldb.api.base.XMLDBException) BuildException(org.apache.tools.ant.BuildException) Password(org.exist.security.internal.Password)

Example 3 with Password

use of org.exist.security.internal.Password in project exist by eXist-db.

the class AccountManagementFunction method eval.

@Override
public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
    final DBBroker broker = getContext().getBroker();
    final Subject currentUser = broker.getCurrentSubject();
    final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
    final String username = args[0].getStringValue();
    try {
        if (isCalledAs(qnRemoveAccount.getLocalPart())) {
            /* remove account */
            if (!currentUser.hasDbaRole()) {
                throw new XPathException(this, "Only a DBA user may remove accounts.");
            }
            if (!securityManager.hasAccount(username)) {
                throw new XPathException(this, "The user account with username " + username + " does not exist.");
            }
            if (currentUser.getName().equals(username)) {
                throw new XPathException(this, "You cannot remove yourself i.e. the currently logged in user.");
            }
            securityManager.deleteAccount(username);
        } else {
            final String password = args[1].getStringValue();
            if (isCalledAs(qnPasswd.getLocalPart()) || isCalledAs(qnPasswdHash.getLocalPart())) {
                if (!(currentUser.getName().equals(username) || currentUser.hasDbaRole())) {
                    throw new XPathException(this, "You may only change your own password, unless you are a DBA.");
                }
                final Account account = securityManager.getAccount(username);
                if (isCalledAs(qnPasswdHash.getLocalPart())) {
                    account.setCredential(new Password(account, Password.DEFAULT_ALGORITHM, password));
                } else {
                    account.setPassword(password);
                }
                securityManager.updateAccount(account);
            } else if (isCalledAs(qnCreateAccount.getLocalPart())) {
                /* create account */
                if (!currentUser.hasDbaRole()) {
                    throw new XPathException(this, "You must be a DBA to create a User Account.");
                }
                if (securityManager.hasAccount(username)) {
                    throw new XPathException(this, "The user account with username " + username + " already exists.");
                }
                final Account user = new UserAider(username);
                user.setPassword(password);
                if (getSignature().getArgumentCount() >= 5) {
                    // set metadata values if present
                    user.setMetadataValue(AXSchemaType.FULLNAME, args[getSignature().getArgumentCount() - 2].toString());
                    user.setMetadataValue(EXistSchemaType.DESCRIPTION, args[getSignature().getArgumentCount() - 1].toString());
                }
                final String[] subGroups;
                if (getSignature().getArgumentCount() == 3 || getSignature().getArgumentCount() == 5) {
                    // create the personal group
                    final Group group = new GroupAider(username);
                    group.setMetadataValue(EXistSchemaType.DESCRIPTION, "Personal group for " + username);
                    group.addManager(currentUser);
                    securityManager.addGroup(broker, group);
                    // add the personal group as the primary group
                    user.addGroup(username);
                    subGroups = getGroups(args[2]);
                } else {
                    // add the primary group as the primary group
                    final String primaryGroup = args[2].getStringValue();
                    if (primaryGroup == null || primaryGroup.isEmpty()) {
                        throw new XPathException(this, "You must specify a primary group for the user.");
                    }
                    user.addGroup(primaryGroup);
                    subGroups = getGroups(args[3]);
                }
                for (String subGroup : subGroups) {
                    user.addGroup(subGroup);
                }
                // create the account
                securityManager.addAccount(user);
                // if we created a personal group, then add the new account as a manager of their personal group
                if (getSignature().getArgumentCount() == 3 || getSignature().getArgumentCount() == 5) {
                    final Group group = securityManager.getGroup(username);
                    group.addManager(securityManager.getAccount(username));
                    securityManager.updateGroup(group);
                }
            } else {
                throw new XPathException(this, "Unknown function call: " + getSignature());
            }
        }
    } catch (final PermissionDeniedException | EXistException pde) {
        throw new XPathException(this, pde);
    }
    return Sequence.EMPTY_SEQUENCE;
}
Also used : SecurityManager(org.exist.security.SecurityManager) EXistException(org.exist.EXistException) DBBroker(org.exist.storage.DBBroker) UserAider(org.exist.security.internal.aider.UserAider) GroupAider(org.exist.security.internal.aider.GroupAider) Password(org.exist.security.internal.Password)

Aggregations

Password (org.exist.security.internal.Password)3 EXistException (org.exist.EXistException)2 Account (org.exist.security.Account)2 SecurityManager (org.exist.security.SecurityManager)2 BuildException (org.apache.tools.ant.BuildException)1 GroupAider (org.exist.security.internal.aider.GroupAider)1 UserAider (org.exist.security.internal.aider.UserAider)1 DBBroker (org.exist.storage.DBBroker)1 XMLDBException (org.xmldb.api.base.XMLDBException)1