Example 1 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class SecurityManagerTest method setup.
@BeforeClass
public static void setup() throws EXistException, PermissionDeniedException {
final BrokerPool brokerPool = existEmbeddedServer.getBrokerPool();
final SecurityManager securityManager = brokerPool.getSecurityManager();
// create the personal group
final Group group = new GroupAider(TEST_GROUP_NAME);
group.setMetadataValue(EXistSchemaType.DESCRIPTION, "Personal group for " + TEST_GROUP_NAME);
try (final DBBroker broker = brokerPool.get(Optional.of(securityManager.getSystemSubject()))) {
securityManager.addGroup(broker, group);
// create the account
final Account user = new UserAider(TEST_USER_NAME);
user.setPassword(TEST_USER_NAME);
user.addGroup(TEST_GROUP_NAME);
securityManager.addAccount(user);
// add the new account as a manager of their personal group
final Group personalGroup = securityManager.getGroup(TEST_GROUP_NAME);
personalGroup.addManager(securityManager.getAccount(TEST_USER_NAME));
securityManager.updateGroup(personalGroup);
}
}
Also used :
DBBroker(org.exist.storage.DBBroker)
GroupAider(org.exist.security.internal.aider.GroupAider)
UserAider(org.exist.security.internal.aider.UserAider)
BrokerPool(org.exist.storage.BrokerPool)
BeforeClass(org.junit.BeforeClass)
Example 2 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class FnCollectionSecurityTest method createUser.
private static void createUser(final SecurityManager securityManager, final DBBroker broker, final String username) throws PermissionDeniedException, EXistException {
final UserAider user = new UserAider(username);
user.setPassword(username);
Group group = new GroupAider(username);
group.setMetadataValue(EXistSchemaType.DESCRIPTION, "Personal group for " + username);
group.addManager(user);
securityManager.addGroup(broker, group);
// add the personal group as the primary group
user.addGroup(username);
securityManager.addAccount(user);
// add the new account as a manager of their personal group
group = securityManager.getGroup(username);
group.addManager(securityManager.getAccount(username));
securityManager.updateGroup(group);
}
Also used :
UserAider(org.exist.security.internal.aider.UserAider)
GroupAider(org.exist.security.internal.aider.GroupAider)
Example 3 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class AbstractSecurityManagerRoundtripTest method checkGroupMembership.
@Test
public void checkGroupMembership() throws XMLDBException, PermissionDeniedException, EXistException, IOException, DatabaseConfigurationException {
UserManagementService ums = (UserManagementService) getRoot().getService("UserManagementService", "1.0");
final String group1Name = "testGroup1";
final String group2Name = "testGroup2";
final String userName = "testUser";
Group group1 = new GroupAider(group1Name);
Group group2 = new GroupAider(group2Name);
Account user = new UserAider(userName, group1);
try {
ums.addGroup(group1);
ums.addGroup(group2);
ums.addAccount(user);
ums.getAccount(userName);
user.addGroup(group2);
ums.updateAccount(user);
/**
* RESTART THE SERVER **
*/
restartServer();
/**
***********************
*/
ums = (UserManagementService) getRoot().getService("UserManagementService", "1.0");
user = ums.getAccount(userName);
assertNotNull(user);
Group defaultGroup = user.getDefaultGroup();
assertNotNull(defaultGroup);
assertEquals(group1Name, defaultGroup.getName());
String[] groups = user.getGroups();
assertNotNull(groups);
assertEquals(2, groups.length);
assertEquals(group1Name, groups[0]);
assertEquals(group2Name, groups[1]);
} finally {
// cleanup
final Account u1 = ums.getAccount(userName);
if (u1 != null) {
ums.removeAccount(u1);
}
final Group g1 = ums.getGroup(group1Name);
if (g1 != null) {
ums.removeGroup(g1);
}
final Group g2 = ums.getGroup(group2Name);
if (g2 != null) {
ums.removeGroup(g2);
}
}
}
Also used :
UserManagementService(org.exist.xmldb.UserManagementService)
GroupAider(org.exist.security.internal.aider.GroupAider)
UserAider(org.exist.security.internal.aider.UserAider)
Test(org.junit.Test)
Example 4 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class AbstractSecurityManagerRoundtripTest method checkPrimaryGroupStability.
@Test
public void checkPrimaryGroupStability() throws XMLDBException, PermissionDeniedException, EXistException, IOException, DatabaseConfigurationException {
UserManagementService ums = (UserManagementService) getRoot().getService("UserManagementService", "1.0");
final String group1Name = "testGroupA";
final String group2Name = "testGroupB";
final String userName = "testUserA";
Group group1 = new GroupAider(group1Name);
Group group2 = new GroupAider(group2Name);
// set users primary group as group1
Account user = new UserAider(userName, group1);
try {
ums.addGroup(group1);
ums.addGroup(group2);
ums.addAccount(user);
ums.getAccount(userName);
user.addGroup(group2Name);
ums.updateAccount(user);
/**
* RESTART THE SERVER **
*/
restartServer();
/**
***********************
*/
ums = (UserManagementService) getRoot().getService("UserManagementService", "1.0");
user = ums.getAccount(userName);
assertNotNull(user);
Group defaultGroup = user.getDefaultGroup();
assertNotNull(defaultGroup);
assertEquals(group1Name, defaultGroup.getName());
String[] groups = user.getGroups();
assertNotNull(groups);
assertEquals(2, groups.length);
assertEquals(group1Name, groups[0]);
assertEquals(group2Name, groups[1]);
} finally {
// cleanup
final Account u1 = ums.getAccount(userName);
if (u1 != null) {
ums.removeAccount(u1);
}
final Group g1 = ums.getGroup(group1Name);
if (g1 != null) {
ums.removeGroup(g1);
}
final Group g2 = ums.getGroup(group2Name);
if (g2 != null) {
ums.removeGroup(g2);
}
}
}
Also used :
UserManagementService(org.exist.xmldb.UserManagementService)
GroupAider(org.exist.security.internal.aider.GroupAider)
UserAider(org.exist.security.internal.aider.UserAider)
Test(org.junit.Test)
Example 5 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class ActiveDirectoryRealm method authenticate.
/*
* (non-Javadoc)
*
* @see org.exist.security.Realm#authenticate(java.lang.String,
* java.lang.Object)
*/
@Override
public Subject authenticate(final String username, Object credentials) throws AuthenticationException {
String[] returnedAtts = { "sn", "givenName", "mail" };
String searchFilter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
// Create the search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
LdapContext ctxGC = null;
boolean ldapUser = false;
try {
ctxGC = ensureContextFactory().getLdapContext(username, String.valueOf(credentials));
// Search objects in GC using filters
NamingEnumeration<SearchResult> answer = ctxGC.search(((ContextFactory) ensureContextFactory()).getSearchBase(), searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = answer.next();
Attributes attrs = sr.getAttributes();
Map<String, Object> amap = null;
if (attrs != null) {
amap = new HashMap<>();
NamingEnumeration<? extends Attribute> ne = attrs.getAll();
while (ne.hasMore()) {
Attribute attr = ne.next();
amap.put(attr.getID(), attr.get());
ldapUser = true;
}
ne.close();
}
}
} catch (NamingException e) {
e.printStackTrace();
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
}
if (ldapUser) {
AbstractAccount account = (AbstractAccount) getAccount(username);
if (account == null) {
try (final DBBroker broker = getDatabase().get(Optional.of(getSecurityManager().getSystemSubject()))) {
// perform as SYSTEM user
account = (AbstractAccount) getSecurityManager().addAccount(new UserAider(ID, username));
} catch (Exception e) {
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
}
}
return new SubjectAccreditedImpl(account, ctxGC);
}
return null;
}
Also used :
Attribute(javax.naming.directory.Attribute)
AuthenticationException(org.exist.security.AuthenticationException)
AbstractAccount(org.exist.security.AbstractAccount)
Attributes(javax.naming.directory.Attributes)
SearchResult(javax.naming.directory.SearchResult)
AuthenticationException(org.exist.security.AuthenticationException)
NamingException(javax.naming.NamingException)
DBBroker(org.exist.storage.DBBroker)
SubjectAccreditedImpl(org.exist.security.internal.SubjectAccreditedImpl)
SearchControls(javax.naming.directory.SearchControls)
NamingException(javax.naming.NamingException)
UserAider(org.exist.security.internal.aider.UserAider)
LdapContext(javax.naming.ldap.LdapContext)
Aggregations
UserAider (org.exist.security.internal.aider.UserAider)28
GroupAider (org.exist.security.internal.aider.GroupAider)15
UserManagementService (org.exist.xmldb.UserManagementService)9
Account (org.exist.security.Account)5
XMLDBException (org.xmldb.api.base.XMLDBException)5
EXistException (org.exist.EXistException)4
PermissionDeniedException (org.exist.security.PermissionDeniedException)4
SecurityManager (org.exist.security.SecurityManager)4
DBBroker (org.exist.storage.DBBroker)4
Test (org.junit.Test)4
Collection (org.xmldb.api.base.Collection)4
IOException (java.io.IOException)2
NamingException (javax.naming.NamingException)2
AbstractAccount (org.exist.security.AbstractAccount)2
AuthenticationException (org.exist.security.AuthenticationException)2
LockedDocumentMap (org.exist.storage.lock.LockedDocumentMap)2
EXistCollectionManagementService (org.exist.xmldb.EXistCollectionManagementService)2
Before (org.junit.Before)2
BinaryResource (org.xmldb.api.modules.BinaryResource)2
Either (com.evolvedbinary.j8fu.Either)1
