Search in sources :

Example 51 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class ActiveDirectoryRealm method authenticate.

/*
	 * (non-Javadoc)
	 * 
	 * @see org.exist.security.Realm#authenticate(java.lang.String,
	 * java.lang.Object)
	 */
@Override
public Subject authenticate(final String username, Object credentials) throws AuthenticationException {
    String[] returnedAtts = { "sn", "givenName", "mail" };
    String searchFilter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
    // Create the search controls
    SearchControls searchCtls = new SearchControls();
    searchCtls.setReturningAttributes(returnedAtts);
    // Specify the search scope
    searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
    LdapContext ctxGC = null;
    boolean ldapUser = false;
    try {
        ctxGC = ensureContextFactory().getLdapContext(username, String.valueOf(credentials));
        // Search objects in GC using filters
        NamingEnumeration<SearchResult> answer = ctxGC.search(((ContextFactory) ensureContextFactory()).getSearchBase(), searchFilter, searchCtls);
        while (answer.hasMoreElements()) {
            SearchResult sr = answer.next();
            Attributes attrs = sr.getAttributes();
            Map<String, Object> amap = null;
            if (attrs != null) {
                amap = new HashMap<>();
                NamingEnumeration<? extends Attribute> ne = attrs.getAll();
                while (ne.hasMore()) {
                    Attribute attr = ne.next();
                    amap.put(attr.getID(), attr.get());
                    ldapUser = true;
                }
                ne.close();
            }
        }
    } catch (NamingException e) {
        e.printStackTrace();
        throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage());
    }
    if (ldapUser) {
        AbstractAccount account = (AbstractAccount) getAccount(username);
        if (account == null) {
            try (final DBBroker broker = getDatabase().get(Optional.of(getSecurityManager().getSystemSubject()))) {
                // perform as SYSTEM user
                account = (AbstractAccount) getSecurityManager().addAccount(new UserAider(ID, username));
            } catch (Exception e) {
                throw new AuthenticationException(AuthenticationException.UNNOWN_EXCEPTION, e.getMessage(), e);
            }
        }
        return new SubjectAccreditedImpl(account, ctxGC);
    }
    return null;
}
Also used : Attribute(javax.naming.directory.Attribute) AuthenticationException(org.exist.security.AuthenticationException) AbstractAccount(org.exist.security.AbstractAccount) Attributes(javax.naming.directory.Attributes) SearchResult(javax.naming.directory.SearchResult) AuthenticationException(org.exist.security.AuthenticationException) NamingException(javax.naming.NamingException) DBBroker(org.exist.storage.DBBroker) SubjectAccreditedImpl(org.exist.security.internal.SubjectAccreditedImpl) SearchControls(javax.naming.directory.SearchControls) NamingException(javax.naming.NamingException) UserAider(org.exist.security.internal.aider.UserAider) LdapContext(javax.naming.ldap.LdapContext)

Example 52 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class ConnectionIT method getConnectionCanBeExplicitlyClosed.

@Test
public void getConnectionCanBeExplicitlyClosed() throws EXistException, XPathException, PermissionDeniedException, IOException {
    final String query = "import module namespace sql = \"http://exist-db.org/xquery/sql\";\n" + "let $conn := sql:get-connection(\"" + h2Database.getDriverClass().getName() + "\", \"" + h2Database.getUrl() + "\", \"" + h2Database.getUser() + "\", \"" + h2Database.getPassword() + "\")\n" + "return sql:close-connection($conn)";
    final BrokerPool pool = existEmbeddedServer.getBrokerPool();
    final Source source = new StringSource(query);
    try (final DBBroker broker = pool.getBroker();
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        // execute query
        final Tuple2<XQueryContext, Boolean> contextAndResult = withCompiledQuery(broker, source, compiledXQuery -> {
            final Sequence result = executeQuery(broker, compiledXQuery);
            return Tuple(compiledXQuery.getContext(), result.itemAt(0).toJavaObject(boolean.class));
        });
        // check that the handle for the sql connection was closed
        assertTrue(contextAndResult._2);
        // check the connections were closed
        final int connectionsCount = ModuleUtils.readContextMap(contextAndResult._1, SQLModule.CONNECTIONS_CONTEXTVAR, Map::size);
        assertEquals(0, connectionsCount);
        transaction.commit();
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) StringSource(org.exist.source.StringSource) Txn(org.exist.storage.txn.Txn) Sequence(org.exist.xquery.value.Sequence) Map(java.util.Map) BrokerPool(org.exist.storage.BrokerPool) StringSource(org.exist.source.StringSource) StringInputSource(org.exist.util.StringInputSource) Source(org.exist.source.Source) Test(org.junit.Test)

Example 53 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class ImplicitConnectionCloseIT method getJndiConnectionIsAutomaticallyClosed.

@Test
public void getJndiConnectionIsAutomaticallyClosed() throws EXistException, XPathException, PermissionDeniedException, IOException {
    final String mainQuery = "import module namespace sql = \"http://exist-db.org/xquery/sql\";\n" + "sql:get-jndi-connection(\"" + JNDI_DS_NAME + "\", \"" + STUB_JDBC_USER + "\", \"" + STUB_JDBC_PASSWORD + "\")";
    final BrokerPool pool = existEmbeddedServer.getBrokerPool();
    final Source mainQuerySource = new StringSource(mainQuery);
    try (final DBBroker broker = pool.getBroker();
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final XQueryContext escapedMainQueryContext = withCompiledQuery(broker, mainQuerySource, mainCompiledQuery -> {
            final XQueryContext mainQueryContext = mainCompiledQuery.getContext();
            // execute the query
            final Sequence result = executeQuery(broker, mainCompiledQuery);
            // check that the handle for the sql connection that was created was valid
            assertEquals(1, result.getItemCount());
            assertTrue(result.itemAt(0) instanceof IntegerValue);
            assertEquals(Type.LONG, result.itemAt(0).getType());
            final long connectionHandle = result.itemAt(0).toJavaObject(long.class);
            assertFalse(connectionHandle == 0);
            return mainQueryContext;
        });
        // check the connections map is empty
        final int connectionsCount = ModuleUtils.readContextMap(escapedMainQueryContext, SQLModule.CONNECTIONS_CONTEXTVAR, Map::size);
        assertEquals(0, connectionsCount);
        // check the connections from our StubDataSource, they should all be closed
        final Deque<StubDataSource> createdDataSources = StubDataSourceFactory.CREATED_DATA_SOURCES;
        assertEquals(1, createdDataSources.size());
        final StubDataSource stubDataSource = createdDataSources.peek();
        final Deque<StubConnection> createdConnections = stubDataSource.createdConnections;
        assertEquals(1, createdConnections.size());
        final StubConnection stubConnection = createdConnections.peek();
        assertTrue(stubConnection.isClosed());
        transaction.commit();
    }
}
Also used : IntegerValue(org.exist.xquery.value.IntegerValue) Txn(org.exist.storage.txn.Txn) Sequence(org.exist.xquery.value.Sequence) StringSource(org.exist.source.StringSource) StringInputSource(org.exist.util.StringInputSource) Source(org.exist.source.Source) DataSource(javax.sql.DataSource) DBBroker(org.exist.storage.DBBroker) StringSource(org.exist.source.StringSource) BrokerPool(org.exist.storage.BrokerPool) Test(org.junit.Test)

Example 54 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class Deployment method checkUserSettings.

private void checkUserSettings(final DBBroker broker, final RequestedPerms requestedPerms) throws PackageException {
    final org.exist.security.SecurityManager secman = broker.getBrokerPool().getSecurityManager();
    try {
        if (requestedPerms.group.filter(g -> !secman.hasGroup(g)).isPresent()) {
            secman.addGroup(broker, new GroupAider(requestedPerms.group.get()));
        }
        if (!secman.hasAccount(requestedPerms.user)) {
            final UserAider aider = new UserAider(requestedPerms.user);
            aider.setPassword(requestedPerms.password);
            requestedPerms.group.ifPresent(aider::addGroup);
            secman.addAccount(broker, aider);
        }
    } catch (final PermissionDeniedException | EXistException e) {
        throw new PackageException("Failed to create user: " + requestedPerms.user, e);
    }
}
Also used : DependencyVersion(org.expath.pkg.repo.deps.DependencyVersion) Txn(org.exist.storage.txn.Txn) java.util(java.util) BufferedInputStream(java.io.BufferedInputStream) QName(org.exist.dom.QName) SequenceIterator(org.exist.xquery.value.SequenceIterator) PermissionDeniedException(org.exist.security.PermissionDeniedException) org.exist.xquery(org.exist.xquery) DirectoryStream(java.nio.file.DirectoryStream) JarEntry(java.util.jar.JarEntry) org.exist.dom.memtree(org.exist.dom.memtree) Collection(org.exist.collections.Collection) UnixStylePermission(org.exist.security.UnixStylePermission) XmldbURI(org.exist.xmldb.XmldbURI) Attributes(org.xml.sax.Attributes) JarInputStream(java.util.jar.JarInputStream) EXistException(org.exist.EXistException) DocUtils(org.exist.xquery.util.DocUtils) DateTimeValue(org.exist.xquery.value.DateTimeValue) SystemProperties(org.exist.SystemProperties) Path(java.nio.file.Path) Permission(org.exist.security.Permission) Nullable(javax.annotation.Nullable) BatchUserInteraction(org.expath.pkg.repo.tui.BatchUserInteraction) PermissionFactory(org.exist.security.PermissionFactory) InputSource(org.xml.sax.InputSource) Files(java.nio.file.Files) GroupAider(org.exist.security.internal.aider.GroupAider) Type(org.exist.xquery.value.Type) FileSource(org.exist.source.FileSource) IOException(java.io.IOException) UserAider(org.exist.security.internal.aider.UserAider) Either(com.evolvedbinary.j8fu.Either) org.expath.pkg.repo(org.expath.pkg.repo) Logger(org.apache.logging.log4j.Logger) Element(org.w3c.dom.Element) Stream(java.util.stream.Stream) DBBroker(org.exist.storage.DBBroker) SAXException(org.xml.sax.SAXException) org.exist.util(org.exist.util) Sequence(org.exist.xquery.value.Sequence) TriggerException(org.exist.collections.triggers.TriggerException) LogManager(org.apache.logging.log4j.LogManager) Package(org.expath.pkg.repo.Package) AttrList(org.exist.util.serializer.AttrList) InputStream(java.io.InputStream) PermissionDeniedException(org.exist.security.PermissionDeniedException) EXistException(org.exist.EXistException) GroupAider(org.exist.security.internal.aider.GroupAider) UserAider(org.exist.security.internal.aider.UserAider)

Example 55 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class Deployment method deploy.

public Optional<String> deploy(final DBBroker broker, final Txn transaction, final String pkgName, final Optional<ExistRepository> repo, final String userTarget) throws PackageException, IOException {
    final Optional<Path> maybePackageDir = getPackageDir(pkgName, repo);
    if (!maybePackageDir.isPresent()) {
        throw new PackageException("Package not found: " + pkgName);
    }
    final Path packageDir = maybePackageDir.get();
    final DocumentImpl repoXML = getRepoXML(broker, packageDir);
    if (repoXML == null) {
        return Optional.empty();
    }
    try {
        // if there's a <setup> element, run the query it points to
        final Optional<ElementImpl> setup = findElement(repoXML, SETUP_ELEMENT);
        final Optional<String> setupPath = setup.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());
        if (setupPath.isPresent()) {
            runQuery(broker, null, packageDir, setupPath.get(), pkgName, QueryPurpose.SETUP);
            return Optional.empty();
        } else {
            // otherwise create the target collection
            XmldbURI targetCollection = null;
            if (userTarget != null) {
                try {
                    targetCollection = XmldbURI.create(userTarget);
                } catch (final IllegalArgumentException e) {
                    throw new PackageException("Bad collection URI: " + userTarget, e);
                }
            } else {
                final Optional<ElementImpl> target = findElement(repoXML, TARGET_COLL_ELEMENT);
                final Optional<String> targetPath = target.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());
                if (targetPath.isPresent()) {
                    // determine target collection
                    try {
                        targetCollection = XmldbURI.create(getTargetCollection(broker, targetPath.get()));
                    } catch (final IllegalArgumentException e) {
                        throw new PackageException("Bad collection URI for <target> element: " + targetPath.get(), e);
                    }
                } else {
                    LOG.warn("EXPath Package '{}' does not contain a <target> in its repo.xml, no files will be deployed to /apps", pkgName);
                }
            }
            if (targetCollection == null) {
                // no target means: package does not need to be deployed into database
                // however, we need to preserve a copy for backup purposes
                final Optional<Package> pkg = getPackage(pkgName, repo);
                pkg.orElseThrow(() -> new XPathException("expath repository is not available so the package was not stored."));
                final String pkgColl = pkg.get().getAbbrev() + "-" + pkg.get().getVersion();
                targetCollection = XmldbURI.SYSTEM.append("repo/" + pkgColl);
            }
            // extract the permissions (if any)
            final Optional<ElementImpl> permissions = findElement(repoXML, PERMISSIONS_ELEMENT);
            final Optional<RequestedPerms> requestedPerms = permissions.flatMap(elem -> {
                final Optional<Either<Integer, String>> perms = Optional.ofNullable(elem.getAttribute("mode")).flatMap(mode -> {
                    try {
                        return Optional.of(Either.Left(Integer.parseInt(mode, 8)));
                    } catch (final NumberFormatException e) {
                        if (mode.matches("^[rwx-]{9}")) {
                            return Optional.of(Either.Right(mode));
                        } else {
                            return Optional.empty();
                        }
                    }
                });
                return perms.map(p -> new RequestedPerms(elem.getAttribute("user"), elem.getAttribute("password"), Optional.ofNullable(elem.getAttribute("group")), p));
            });
            // check that if there were permissions then we were able to parse them, a failure would be related to the mode string
            if (permissions.isPresent() && !requestedPerms.isPresent()) {
                final String mode = permissions.map(elem -> elem.getAttribute("mode")).orElse(null);
                throw new PackageException("Bad format for mode attribute in <permissions>: " + mode);
            }
            // run the pre-setup query if present
            final Optional<ElementImpl> preSetup = findElement(repoXML, PRE_SETUP_ELEMENT);
            final Optional<String> preSetupPath = preSetup.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());
            if (preSetupPath.isPresent()) {
                runQuery(broker, targetCollection, packageDir, preSetupPath.get(), pkgName, QueryPurpose.PREINSTALL);
            }
            // TODO: if the user already exists, check and ensure the user is assigned to the specified group
            if (requestedPerms.isPresent()) {
                checkUserSettings(broker, requestedPerms.get());
            }
            final InMemoryNodeSet resources = findElements(repoXML, RESOURCES_ELEMENT);
            // store all package contents into database, using the user/group/mode in the permissions element. however:
            // 1. repo.xml is excluded for now, since it may contain the default user's password in the clear
            // 2. contents of directories identified in the path attribute of any <resource path=""/> element are stored as binary
            final List<String> errors = scanDirectory(broker, transaction, packageDir, targetCollection, resources, true, false, requestedPerms);
            // store repo.xml, filtering out the default user's password
            storeRepoXML(broker, transaction, repoXML, targetCollection, requestedPerms);
            // run the post-setup query if present
            final Optional<ElementImpl> postSetup = findElement(repoXML, POST_SETUP_ELEMENT);
            final Optional<String> postSetupPath = postSetup.map(ElementImpl::getStringValue).filter(s -> !s.isEmpty());
            if (postSetupPath.isPresent()) {
                runQuery(broker, targetCollection, packageDir, postSetupPath.get(), pkgName, QueryPurpose.POSTINSTALL);
            }
            if (!errors.isEmpty()) {
                throw new PackageException("Deployment incomplete, " + errors.size() + " issues found: " + String.join("; ", errors));
            }
            return Optional.ofNullable(targetCollection.getCollectionPath());
        }
    } catch (final XPathException e) {
        throw new PackageException("Error found while processing repo.xml: " + e.getMessage(), e);
    }
}
Also used : Path(java.nio.file.Path) DependencyVersion(org.expath.pkg.repo.deps.DependencyVersion) Txn(org.exist.storage.txn.Txn) java.util(java.util) BufferedInputStream(java.io.BufferedInputStream) QName(org.exist.dom.QName) SequenceIterator(org.exist.xquery.value.SequenceIterator) PermissionDeniedException(org.exist.security.PermissionDeniedException) org.exist.xquery(org.exist.xquery) DirectoryStream(java.nio.file.DirectoryStream) JarEntry(java.util.jar.JarEntry) org.exist.dom.memtree(org.exist.dom.memtree) Collection(org.exist.collections.Collection) UnixStylePermission(org.exist.security.UnixStylePermission) XmldbURI(org.exist.xmldb.XmldbURI) Attributes(org.xml.sax.Attributes) JarInputStream(java.util.jar.JarInputStream) EXistException(org.exist.EXistException) DocUtils(org.exist.xquery.util.DocUtils) DateTimeValue(org.exist.xquery.value.DateTimeValue) SystemProperties(org.exist.SystemProperties) Path(java.nio.file.Path) Permission(org.exist.security.Permission) Nullable(javax.annotation.Nullable) BatchUserInteraction(org.expath.pkg.repo.tui.BatchUserInteraction) PermissionFactory(org.exist.security.PermissionFactory) InputSource(org.xml.sax.InputSource) Files(java.nio.file.Files) GroupAider(org.exist.security.internal.aider.GroupAider) Type(org.exist.xquery.value.Type) FileSource(org.exist.source.FileSource) IOException(java.io.IOException) UserAider(org.exist.security.internal.aider.UserAider) Either(com.evolvedbinary.j8fu.Either) org.expath.pkg.repo(org.expath.pkg.repo) Logger(org.apache.logging.log4j.Logger) Element(org.w3c.dom.Element) Stream(java.util.stream.Stream) DBBroker(org.exist.storage.DBBroker) SAXException(org.xml.sax.SAXException) org.exist.util(org.exist.util) Sequence(org.exist.xquery.value.Sequence) TriggerException(org.exist.collections.triggers.TriggerException) LogManager(org.apache.logging.log4j.LogManager) Package(org.expath.pkg.repo.Package) AttrList(org.exist.util.serializer.AttrList) InputStream(java.io.InputStream) Either(com.evolvedbinary.j8fu.Either) Package(org.expath.pkg.repo.Package) XmldbURI(org.exist.xmldb.XmldbURI)

Aggregations

DBBroker (org.exist.storage.DBBroker)468 BrokerPool (org.exist.storage.BrokerPool)304 Txn (org.exist.storage.txn.Txn)219 Sequence (org.exist.xquery.value.Sequence)185 Test (org.junit.Test)170 XQuery (org.exist.xquery.XQuery)108 Collection (org.exist.collections.Collection)93 TransactionManager (org.exist.storage.txn.TransactionManager)70 EXistException (org.exist.EXistException)66 StringInputSource (org.exist.util.StringInputSource)66 PermissionDeniedException (org.exist.security.PermissionDeniedException)44 Source (org.exist.source.Source)42 StringSource (org.exist.source.StringSource)41 XmldbURI (org.exist.xmldb.XmldbURI)41 CompiledXQuery (org.exist.xquery.CompiledXQuery)39 IOException (java.io.IOException)38 QName (org.exist.dom.QName)37 LockedDocument (org.exist.dom.persistent.LockedDocument)36 Database (org.exist.Database)35 XPathException (org.exist.xquery.XPathException)30