Search in sources :

Example 6 with GroupAider

use of org.exist.security.internal.aider.GroupAider in project exist by eXist-db.

the class PermissionsFunctionChownTest method prepareDb.

@BeforeClass
public static void prepareDb() throws EXistException, PermissionDeniedException, IOException, TriggerException {
    final BrokerPool pool = existWebServer.getBrokerPool();
    final SecurityManager sm = pool.getSecurityManager();
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final Collection collection = broker.getOrCreateCollection(transaction, TestConstants.TEST_COLLECTION_URI);
        PermissionFactory.chmod(broker, collection, Optional.of(511), Optional.empty());
        broker.saveCollection(transaction, collection);
        createUser(broker, sm, USER1_NAME, USER1_PWD);
        createUser(broker, sm, USER2_NAME, USER2_PWD);
        createUser(broker, sm, USERRM_NAME, USERRM_PWD);
        final Group otherGroup = new GroupAider(OTHER_GROUP_NAME);
        sm.addGroup(broker, otherGroup);
        final Account user1 = sm.getAccount(USER1_NAME);
        user1.addGroup(OTHER_GROUP_NAME);
        sm.updateAccount(user1);
        final Account user2 = sm.getAccount(USER2_NAME);
        user2.addGroup(OTHER_GROUP_NAME);
        sm.updateAccount(user2);
        transaction.commit();
    }
    try (final DBBroker broker = pool.get(Optional.of(sm.getSystemSubject()));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        removeUser(sm, USERRM_NAME);
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) SecurityManager(org.exist.security.SecurityManager) Collection(org.exist.collections.Collection) Txn(org.exist.storage.txn.Txn) GroupAider(org.exist.security.internal.aider.GroupAider) BrokerPool(org.exist.storage.BrokerPool)

Example 7 with GroupAider

use of org.exist.security.internal.aider.GroupAider in project exist by eXist-db.

the class Deployment method checkUserSettings.

private void checkUserSettings(final DBBroker broker, final RequestedPerms requestedPerms) throws PackageException {
    final org.exist.security.SecurityManager secman = broker.getBrokerPool().getSecurityManager();
    try {
        if (requestedPerms.group.filter(g -> !secman.hasGroup(g)).isPresent()) {
            secman.addGroup(broker, new GroupAider(requestedPerms.group.get()));
        }
        if (!secman.hasAccount(requestedPerms.user)) {
            final UserAider aider = new UserAider(requestedPerms.user);
            aider.setPassword(requestedPerms.password);
            requestedPerms.group.ifPresent(aider::addGroup);
            secman.addAccount(broker, aider);
        }
    } catch (final PermissionDeniedException | EXistException e) {
        throw new PackageException("Failed to create user: " + requestedPerms.user, e);
    }
}
Also used : DependencyVersion(org.expath.pkg.repo.deps.DependencyVersion) Txn(org.exist.storage.txn.Txn) java.util(java.util) BufferedInputStream(java.io.BufferedInputStream) QName(org.exist.dom.QName) SequenceIterator(org.exist.xquery.value.SequenceIterator) PermissionDeniedException(org.exist.security.PermissionDeniedException) org.exist.xquery(org.exist.xquery) DirectoryStream(java.nio.file.DirectoryStream) JarEntry(java.util.jar.JarEntry) org.exist.dom.memtree(org.exist.dom.memtree) Collection(org.exist.collections.Collection) UnixStylePermission(org.exist.security.UnixStylePermission) XmldbURI(org.exist.xmldb.XmldbURI) Attributes(org.xml.sax.Attributes) JarInputStream(java.util.jar.JarInputStream) EXistException(org.exist.EXistException) DocUtils(org.exist.xquery.util.DocUtils) DateTimeValue(org.exist.xquery.value.DateTimeValue) SystemProperties(org.exist.SystemProperties) Path(java.nio.file.Path) Permission(org.exist.security.Permission) Nullable(javax.annotation.Nullable) BatchUserInteraction(org.expath.pkg.repo.tui.BatchUserInteraction) PermissionFactory(org.exist.security.PermissionFactory) InputSource(org.xml.sax.InputSource) Files(java.nio.file.Files) GroupAider(org.exist.security.internal.aider.GroupAider) Type(org.exist.xquery.value.Type) FileSource(org.exist.source.FileSource) IOException(java.io.IOException) UserAider(org.exist.security.internal.aider.UserAider) Either(com.evolvedbinary.j8fu.Either) org.expath.pkg.repo(org.expath.pkg.repo) Logger(org.apache.logging.log4j.Logger) Element(org.w3c.dom.Element) Stream(java.util.stream.Stream) DBBroker(org.exist.storage.DBBroker) SAXException(org.xml.sax.SAXException) org.exist.util(org.exist.util) Sequence(org.exist.xquery.value.Sequence) TriggerException(org.exist.collections.triggers.TriggerException) LogManager(org.apache.logging.log4j.LogManager) Package(org.expath.pkg.repo.Package) AttrList(org.exist.util.serializer.AttrList) InputStream(java.io.InputStream) PermissionDeniedException(org.exist.security.PermissionDeniedException) EXistException(org.exist.EXistException) GroupAider(org.exist.security.internal.aider.GroupAider) UserAider(org.exist.security.internal.aider.UserAider)

Example 8 with GroupAider

use of org.exist.security.internal.aider.GroupAider in project exist by eXist-db.

the class RemoteUserManagementService method getGroup.

@Override
public Group getGroup(final String name) throws XMLDBException {
    try {
        final List<Object> params = new ArrayList<>();
        params.add(name);
        final Map<String, Object> tab = (Map<String, Object>) collection.execute("getGroup", params);
        if (tab != null && !tab.isEmpty()) {
            final Group group = new GroupAider((Integer) tab.get("id"), (String) tab.get("realmId"), (String) tab.get("name"));
            final Object[] managers = (Object[]) tab.get("managers");
            for (final Object manager : managers) {
                group.addManager(getAccount((String) manager));
            }
            final Map<String, String> metadata = (Map<String, String>) tab.get("metadata");
            for (final Map.Entry<String, String> m : metadata.entrySet()) {
                if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
                    group.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
                } else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
                    group.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
                }
            }
            return group;
        }
        return null;
    } catch (final PermissionDeniedException pde) {
        throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, pde);
    }
}
Also used : Group(org.exist.security.Group) XMLDBException(org.xmldb.api.base.XMLDBException) PermissionDeniedException(org.exist.security.PermissionDeniedException) GroupAider(org.exist.security.internal.aider.GroupAider)

Example 9 with GroupAider

use of org.exist.security.internal.aider.GroupAider in project exist by eXist-db.

the class XmldbApiSecurityTest method createGroup.

@Override
protected void createGroup(String group_uid, String uid, String pwd) throws ApiException {
    Collection col = null;
    try {
        col = DatabaseManager.getCollection(getBaseUri() + "/db", uid, pwd);
        final UserManagementService ums = (UserManagementService) col.getService("UserManagementService", "1.0");
        Group group = new GroupAider("exist", group_uid);
        ums.addGroup(group);
    } catch (final XMLDBException xmldbe) {
        throw new ApiException(xmldbe);
    } finally {
        if (col != null) {
            try {
                col.close();
            } catch (final XMLDBException xmldbe) {
                throw new ApiException(xmldbe);
            }
        }
    }
}
Also used : Collection(org.xmldb.api.base.Collection) XMLDBException(org.xmldb.api.base.XMLDBException) UserManagementService(org.exist.xmldb.UserManagementService) GroupAider(org.exist.security.internal.aider.GroupAider)

Example 10 with GroupAider

use of org.exist.security.internal.aider.GroupAider in project exist by eXist-db.

the class RpcConnection method updateGroup.

@Override
public boolean updateGroup(final String name, final List<String> managers, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
    final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
    if (manager.hasGroup(name)) {
        final GroupAider group = new GroupAider(name);
        for (final String groupManager : managers) {
            group.addManager(new UserAider(groupManager));
        }
        if (metadata != null) {
            for (final Map.Entry<String, String> m : metadata.entrySet()) {
                if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
                    group.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
                } else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
                    group.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
                }
            }
        }
        withDb((broker, transaction) -> manager.updateGroup(group));
        return true;
    } else {
        return false;
    }
}
Also used : SecurityManager(org.exist.security.SecurityManager) GroupAider(org.exist.security.internal.aider.GroupAider) UserAider(org.exist.security.internal.aider.UserAider) LockedDocumentMap(org.exist.storage.lock.LockedDocumentMap)

Aggregations

GroupAider (org.exist.security.internal.aider.GroupAider)23 UserAider (org.exist.security.internal.aider.UserAider)15 UserManagementService (org.exist.xmldb.UserManagementService)8 XMLDBException (org.xmldb.api.base.XMLDBException)7 SecurityManager (org.exist.security.SecurityManager)6 DBBroker (org.exist.storage.DBBroker)5 EXistException (org.exist.EXistException)4 PermissionDeniedException (org.exist.security.PermissionDeniedException)4 Test (org.junit.Test)4 Collection (org.exist.collections.Collection)3 Group (org.exist.security.Group)3 BrokerPool (org.exist.storage.BrokerPool)3 Txn (org.exist.storage.txn.Txn)3 IOException (java.io.IOException)2 LockedDocumentMap (org.exist.storage.lock.LockedDocumentMap)2 Before (org.junit.Before)2 Collection (org.xmldb.api.base.Collection)2 Either (com.evolvedbinary.j8fu.Either)1 BufferedInputStream (java.io.BufferedInputStream)1 InputStream (java.io.InputStream)1