Example 6 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class Deployment method checkUserSettings.
private void checkUserSettings(final DBBroker broker, final RequestedPerms requestedPerms) throws PackageException {
final org.exist.security.SecurityManager secman = broker.getBrokerPool().getSecurityManager();
try {
if (requestedPerms.group.filter(g -> !secman.hasGroup(g)).isPresent()) {
secman.addGroup(broker, new GroupAider(requestedPerms.group.get()));
}
if (!secman.hasAccount(requestedPerms.user)) {
final UserAider aider = new UserAider(requestedPerms.user);
aider.setPassword(requestedPerms.password);
requestedPerms.group.ifPresent(aider::addGroup);
secman.addAccount(broker, aider);
}
} catch (final PermissionDeniedException | EXistException e) {
throw new PackageException("Failed to create user: " + requestedPerms.user, e);
}
}
Also used :
DependencyVersion(org.expath.pkg.repo.deps.DependencyVersion)
Txn(org.exist.storage.txn.Txn)
java.util(java.util)
BufferedInputStream(java.io.BufferedInputStream)
QName(org.exist.dom.QName)
SequenceIterator(org.exist.xquery.value.SequenceIterator)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
org.exist.xquery(org.exist.xquery)
DirectoryStream(java.nio.file.DirectoryStream)
JarEntry(java.util.jar.JarEntry)
org.exist.dom.memtree(org.exist.dom.memtree)
Collection(org.exist.collections.Collection)
UnixStylePermission(org.exist.security.UnixStylePermission)
XmldbURI(org.exist.xmldb.XmldbURI)
Attributes(org.xml.sax.Attributes)
JarInputStream(java.util.jar.JarInputStream)
EXistException(org.exist.EXistException)
DocUtils(org.exist.xquery.util.DocUtils)
DateTimeValue(org.exist.xquery.value.DateTimeValue)
SystemProperties(org.exist.SystemProperties)
Path(java.nio.file.Path)
Permission(org.exist.security.Permission)
Nullable(javax.annotation.Nullable)
BatchUserInteraction(org.expath.pkg.repo.tui.BatchUserInteraction)
PermissionFactory(org.exist.security.PermissionFactory)
InputSource(org.xml.sax.InputSource)
Files(java.nio.file.Files)
GroupAider(org.exist.security.internal.aider.GroupAider)
Type(org.exist.xquery.value.Type)
FileSource(org.exist.source.FileSource)
IOException(java.io.IOException)
UserAider(org.exist.security.internal.aider.UserAider)
Either(com.evolvedbinary.j8fu.Either)
org.expath.pkg.repo(org.expath.pkg.repo)
Logger(org.apache.logging.log4j.Logger)
Element(org.w3c.dom.Element)
Stream(java.util.stream.Stream)
DBBroker(org.exist.storage.DBBroker)
SAXException(org.xml.sax.SAXException)
org.exist.util(org.exist.util)
Sequence(org.exist.xquery.value.Sequence)
TriggerException(org.exist.collections.triggers.TriggerException)
LogManager(org.apache.logging.log4j.LogManager)
Package(org.expath.pkg.repo.Package)
AttrList(org.exist.util.serializer.AttrList)
InputStream(java.io.InputStream)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
GroupAider(org.exist.security.internal.aider.GroupAider)
UserAider(org.exist.security.internal.aider.UserAider)
Example 7 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class LDAPRealm method createAccountInDatabase.
private Account createAccountInDatabase(final LdapContext ctx, final String username, final SearchResult ldapUser, final String primaryGroupName) throws AuthenticationException {
try {
return executeAsSystemUser(ctx, (ctx2, broker) -> {
if (LOG.isDebugEnabled()) {
LOG.debug("Saving account '{}'.", username);
}
// get (or create) the primary group if it doesnt exist
final Group primaryGroup = getGroup(ctx, broker, primaryGroupName);
// get (or create) member groups
/*LDAPSearchContext search = ensureContextFactory().getSearch();
String userDistinguishedName = (String)ldapUser.getAttributes().get(search.getSearchAccount().getSearchAttribute(LDAPSearchAttributeKey.DN)).get();
List<String> memberOf_groupNames = findGroupnamesForUserDistinguishedName(invokingUser, userDistinguishedName);
List<Group> memberOf_groups = new ArrayList<Group>();
for(String memberOf_groupName : memberOf_groupNames) {
memberOf_groups.add(getGroup(invokingUser, memberOf_groupName));
}*/
// create the user account
final UserAider userAider = new UserAider(ID, username, primaryGroup);
// add the member groups
for (final Group memberOf_group : getGroupMembershipForLdapUser(ctx, broker, ldapUser)) {
userAider.addGroup(memberOf_group);
}
// store any requested metadata
for (final SimpleEntry<AXSchemaType, String> metadata : getMetadataForLdapUser(ldapUser)) {
userAider.setMetadataValue(metadata.getKey(), metadata.getValue());
}
final Account account = getSecurityManager().addAccount(userAider);
return account;
});
} catch (final Exception e) {
if (LOG.isDebugEnabled()) {
LOG.debug(e);
}
throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
}
}
Also used :
Group(org.exist.security.Group)
Account(org.exist.security.Account)
AbstractAccount(org.exist.security.AbstractAccount)
AuthenticationException(org.exist.security.AuthenticationException)
UserAider(org.exist.security.internal.aider.UserAider)
NamingException(javax.naming.NamingException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
EXistException(org.exist.EXistException)
AuthenticationException(org.exist.security.AuthenticationException)
AXSchemaType(org.exist.security.AXSchemaType)
Example 8 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class RpcConnection method updateAccount.
@Override
public boolean updateAccount(final String name, String passwd, final String passwdDigest, final List<String> groups, final Boolean enabled, final Integer umask, final Map<String, String> metadata) throws EXistException, PermissionDeniedException {
if (passwd.length() == 0) {
passwd = null;
}
final UserAider account = new UserAider(name);
account.setEncodedPassword(passwd);
account.setPasswordDigest(passwdDigest);
for (final String g : groups) {
account.addGroup(g);
}
if (enabled != null) {
account.setEnabled(enabled);
}
if (umask != null) {
account.setUserMask(umask);
}
if (metadata != null) {
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
account.setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
account.setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
}
final SecurityManager manager = factory.getBrokerPool().getSecurityManager();
withDb((broker, transaction) -> manager.updateAccount(account));
return true;
}
Also used :
SecurityManager(org.exist.security.SecurityManager)
UserAider(org.exist.security.internal.aider.UserAider)
LockedDocumentMap(org.exist.storage.lock.LockedDocumentMap)
Example 9 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class RemoteUserManagementService method getAccounts.
@Override
public Account[] getAccounts() throws XMLDBException {
final Object[] users = (Object[]) collection.execute("getAccounts", Collections.EMPTY_LIST);
final UserAider[] u = new UserAider[users.length];
for (int i = 0; i < u.length; i++) {
final Map tab = (Map) users[i];
int uid = -1;
try {
uid = (Integer) tab.get("uid");
} catch (final NumberFormatException e) {
}
u[i] = new UserAider(uid, (String) tab.get("realmId"), (String) tab.get("name"));
final Object[] groups = (Object[]) tab.get("groups");
for (Object group : groups) {
u[i].addGroup((String) group);
}
u[i].setEnabled(Boolean.parseBoolean((String) tab.get("enabled")));
u[i].setUserMask((Integer) tab.get("umask"));
final Map<String, String> metadata = (Map<String, String>) tab.get("metadata");
for (final Map.Entry<String, String> m : metadata.entrySet()) {
if (AXSchemaType.valueOfNamespace(m.getKey()) != null) {
u[i].setMetadataValue(AXSchemaType.valueOfNamespace(m.getKey()), m.getValue());
} else if (EXistSchemaType.valueOfNamespace(m.getKey()) != null) {
u[i].setMetadataValue(EXistSchemaType.valueOfNamespace(m.getKey()), m.getValue());
}
}
}
return u;
}
Also used :
UserAider(org.exist.security.internal.aider.UserAider)
Example 10 with UserAider
use of org.exist.security.internal.aider.UserAider in project exist by eXist-db.
the class RemoteUserManagementService method lockResource.
@Override
public void lockResource(final Resource res, final User u) throws XMLDBException {
final Account account = new UserAider(u.getName());
lockResource(res, account);
}Aggregations
UserAider (org.exist.security.internal.aider.UserAider)28
GroupAider (org.exist.security.internal.aider.GroupAider)15
UserManagementService (org.exist.xmldb.UserManagementService)9
Account (org.exist.security.Account)5
XMLDBException (org.xmldb.api.base.XMLDBException)5
EXistException (org.exist.EXistException)4
PermissionDeniedException (org.exist.security.PermissionDeniedException)4
SecurityManager (org.exist.security.SecurityManager)4
DBBroker (org.exist.storage.DBBroker)4
Test (org.junit.Test)4
Collection (org.xmldb.api.base.Collection)4
IOException (java.io.IOException)2
NamingException (javax.naming.NamingException)2
AbstractAccount (org.exist.security.AbstractAccount)2
AuthenticationException (org.exist.security.AuthenticationException)2
LockedDocumentMap (org.exist.storage.lock.LockedDocumentMap)2
EXistCollectionManagementService (org.exist.xmldb.EXistCollectionManagementService)2
Before (org.junit.Before)2
BinaryResource (org.xmldb.api.modules.BinaryResource)2
Either (com.evolvedbinary.j8fu.Either)1
