Example 1 with Realm
use of org.exist.security.realm.Realm in project exist by eXist-db.
the class SecurityManagerImpl method attach.
/**
* Initialize the security manager.
*
* Checks if the file users.xml exists in the system collection of the database.
* If not, it is created with two default users: admin and guest.
*
* @param broker the database broker
*/
@Override
public void attach(final DBBroker broker, final Txn transaction) throws EXistException {
// TODO: check that db is same?
db = broker.getDatabase();
Collection systemCollection = null;
try {
systemCollection = broker.getCollection(XmldbURI.SYSTEM_COLLECTION_URI);
if (systemCollection == null) {
systemCollection = broker.getOrCreateCollection(transaction, XmldbURI.SYSTEM_COLLECTION_URI);
if (systemCollection == null) {
return;
}
systemCollection.setPermissions(broker, Permission.DEFAULT_SYSTEM_COLLECTION_PERM);
broker.saveCollection(transaction, systemCollection);
}
} catch (final Exception e) {
LOG.error("Setting /db/system permissions failed: {}", e.getMessage(), e);
}
try {
collection = broker.getCollection(SECURITY_COLLECTION_URI);
if (collection == null) {
collection = broker.getOrCreateCollection(transaction, SECURITY_COLLECTION_URI);
if (collection == null) {
LOG.error("Collection '/db/system/security' can't be created. Database may be corrupt!");
return;
}
collection.setPermissions(broker, Permission.DEFAULT_SYSTEM_SECURITY_COLLECTION_PERM);
broker.saveCollection(transaction, collection);
}
} catch (final Exception e) {
e.printStackTrace();
LOG.error("Loading security configuration failed: {}", e.getMessage(), e);
}
final Configuration _config_ = Configurator.parse(this, broker, collection, CONFIG_FILE_URI);
configuration = Configurator.configure(this, _config_);
for (final Realm realm : realms) {
realm.start(broker, transaction);
}
}
Also used :
Configuration(org.exist.config.Configuration)
Collection(org.exist.collections.Collection)
AbstractRealm(org.exist.security.AbstractRealm)
Realm(org.exist.security.realm.Realm)
ConfigurationException(org.exist.config.ConfigurationException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
AuthenticationException(org.exist.security.AuthenticationException)
BrokerPoolServiceException(org.exist.storage.BrokerPoolServiceException)
EXistException(org.exist.EXistException)
Example 2 with Realm
use of org.exist.security.realm.Realm in project exist by eXist-db.
the class AccountFunctions method getLdapRealm.
private LDAPRealm getLdapRealm(final SecurityManager sm) throws XPathException {
try {
final Method mFindRealm = sm.getClass().getDeclaredMethod("findRealmForRealmId", String.class);
mFindRealm.setAccessible(true);
final Realm realm = (Realm) mFindRealm.invoke(sm, LDAPRealm.ID);
if (realm == null) {
throw new XPathException("The LDAP Realm is not in use!");
}
return (LDAPRealm) realm;
} catch (final NoSuchMethodException ex) {
throw new XPathException(this, "The LDAP Realm is not in use!", ex);
} catch (final SecurityException | IllegalArgumentException | IllegalAccessException se) {
throw new XPathException(this, "Permission to access the LDAP Realm is denied: " + se.getMessage(), se);
} catch (final InvocationTargetException ite) {
throw new XPathException(this, "An error occured whilst accessing the LDAP Realm: " + ite.getMessage(), ite);
}
}
Also used :
LDAPRealm(org.exist.security.realm.ldap.LDAPRealm)
XPathException(org.exist.xquery.XPathException)
Method(java.lang.reflect.Method)
LDAPRealm(org.exist.security.realm.ldap.LDAPRealm)
Realm(org.exist.security.realm.Realm)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Example 3 with Realm
use of org.exist.security.realm.Realm in project exist by eXist-db.
the class SecurityManagerImpl method processParameter.
@Override
public void processParameter(final DBBroker broker, final DocumentImpl document) throws ConfigurationException {
XmldbURI uri = document.getCollection().getURI();
final boolean isRemoved = uri.endsWith(SecurityManager.REMOVED_COLLECTION_URI);
if (isRemoved) {
uri = uri.removeLastSegment();
}
final boolean isAccount = uri.endsWith(SecurityManager.ACCOUNTS_COLLECTION_URI);
final boolean isGroup = uri.endsWith(SecurityManager.GROUPS_COLLECTION_URI);
if (isAccount || isGroup) {
uri = uri.removeLastSegment();
final String realmId = uri.lastSegment().toString();
final AbstractRealm realm = (AbstractRealm) findRealmForRealmId(realmId);
final Configuration conf = Configurator.parse(broker.getBrokerPool(), document);
Integer id = -1;
if (isRemoved) {
id = conf.getPropertyInteger("id");
}
final String name = conf.getProperty("name");
if (isAccount) {
if (isRemoved && id > 2 && !hasUser(id)) {
final AccountImpl account = new AccountImpl(realm, conf);
account.removed = true;
registerAccount(account);
} else if (name != null) {
if (realm.hasAccount(name)) {
final Integer oldId = saving.get(document.getURI());
final Integer newId = conf.getPropertyInteger("id");
if (!newId.equals(oldId)) {
final Account current = realm.getAccount(name);
try (final ManagedLock<ReadWriteLock> lock = ManagedLock.acquire(accountLocks.getLock(current), LockMode.WRITE_LOCK)) {
usersById.write(principalDb -> {
principalDb.remove(oldId);
principalDb.put(newId, current);
});
}
}
} else {
final Account account = new AccountImpl(realm, conf);
if (account.getGroups().length == 0) {
try {
account.setPrimaryGroup(realm.getGroup(SecurityManager.UNKNOWN_GROUP));
LOG.warn("Account '{}' has no groups, but every account must have at least 1 group. Assigned group: " + SecurityManager.UNKNOWN_GROUP, account.getName());
} catch (final PermissionDeniedException e) {
throw new ConfigurationException("Account has no group, unable to default to " + SecurityManager.UNKNOWN_GROUP + ": " + e.getMessage(), e);
}
}
registerAccount(account);
realm.registerAccount(account);
}
} else {
// this can't be! log any way
LOG.error("Account '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
}
} else if (isGroup) {
if (isRemoved && id > 2 && !hasGroup(id)) {
final GroupImpl group = new GroupImpl(realm, conf);
group.removed = true;
registerGroup(group);
} else if (name != null && !realm.hasGroup(name)) {
final GroupImpl group = new GroupImpl(realm, conf);
registerGroup(group);
realm.registerGroup(group);
} else {
// this can't be! log any way
LOG.error("Group '{}' already exists in realm: '{}', but received notification that a new one was created.", name, realmId);
}
}
saving.remove(document.getURI());
}
}
Also used :
LockMode(org.exist.storage.lock.Lock.LockMode)
Txn(org.exist.storage.txn.Txn)
BrokerPool(org.exist.storage.BrokerPool)
ConfigurationException(org.exist.config.ConfigurationException)
BiFunction(java.util.function.BiFunction)
JobDescription(org.exist.scheduler.JobDescription)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
ConcurrentValueWrapper(org.exist.util.ConcurrentValueWrapper)
Configuration(org.exist.config.Configuration)
Configurator(org.exist.config.Configurator)
Map(java.util.Map)
SchemaType(org.exist.security.SchemaType)
Collection(org.exist.collections.Collection)
ReadWriteLock(java.util.concurrent.locks.ReadWriteLock)
JobExecutionContext(org.quartz.JobExecutionContext)
Int2ObjectOpenHashMap(it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap)
AbstractRealm(org.exist.security.AbstractRealm)
AuthenticationException(org.exist.security.AuthenticationException)
GroupAider(org.exist.security.internal.aider.GroupAider)
Session(org.exist.security.Session)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
AtomicLazyVal(com.evolvedbinary.j8fu.lazy.AtomicLazyVal)
Collectors(java.util.stream.Collectors)
SecurityManager(org.exist.security.SecurityManager)
List(java.util.List)
Logger(org.apache.logging.log4j.Logger)
Principal(org.exist.security.Principal)
ManagedLock(org.exist.storage.lock.ManagedLock)
JobDataMap(org.quartz.JobDataMap)
Realm(org.exist.security.realm.Realm)
WeakLazyStripes(org.exist.util.WeakLazyStripes)
ThreadSafe(net.jcip.annotations.ThreadSafe)
HashMap(java.util.HashMap)
ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock)
ArrayList(java.util.ArrayList)
Account(org.exist.security.Account)
Subject(org.exist.security.Subject)
BrokerPoolServiceException(org.exist.storage.BrokerPoolServiceException)
XmldbURI(org.exist.xmldb.XmldbURI)
SimpleTrigger(org.quartz.SimpleTrigger)
DocumentImpl(org.exist.dom.persistent.DocumentImpl)
EXistException(org.exist.EXistException)
Permission(org.exist.security.Permission)
Database(org.exist.Database)
Properties(java.util.Properties)
Group(org.exist.security.Group)
BrokerPoolService(org.exist.storage.BrokerPoolService)
org.exist.config.annotation(org.exist.config.annotation)
DBBroker(org.exist.storage.DBBroker)
Int2ObjectMap(it.unimi.dsi.fastutil.ints.Int2ObjectMap)
LogManager(org.apache.logging.log4j.LogManager)
Account(org.exist.security.Account)
Configuration(org.exist.config.Configuration)
AbstractRealm(org.exist.security.AbstractRealm)
ManagedLock(org.exist.storage.lock.ManagedLock)
ConfigurationException(org.exist.config.ConfigurationException)
PermissionDeniedException(org.exist.security.PermissionDeniedException)
XmldbURI(org.exist.xmldb.XmldbURI)
Aggregations
Realm (org.exist.security.realm.Realm)3
EXistException (org.exist.EXistException)2
Collection (org.exist.collections.Collection)2
Configuration (org.exist.config.Configuration)2
ConfigurationException (org.exist.config.ConfigurationException)2
AbstractRealm (org.exist.security.AbstractRealm)2
AuthenticationException (org.exist.security.AuthenticationException)2
PermissionDeniedException (org.exist.security.PermissionDeniedException)2
BrokerPoolServiceException (org.exist.storage.BrokerPoolServiceException)2
AtomicLazyVal (com.evolvedbinary.j8fu.lazy.AtomicLazyVal)1
Int2ObjectMap (it.unimi.dsi.fastutil.ints.Int2ObjectMap)1
Int2ObjectOpenHashMap (it.unimi.dsi.fastutil.ints.Int2ObjectOpenHashMap)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Method (java.lang.reflect.Method)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
Properties (java.util.Properties)1
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1
