use of org.exist.storage.DBBroker in project exist by eXist-db.
the class FnCollectionSecurityTest method cannotAccessCollectionInCollectionHierarchyWithDeniedExecute.
@Test(expected = PermissionDeniedException.class)
public void cannotAccessCollectionInCollectionHierarchyWithDeniedExecute() throws EXistException, AuthenticationException, PermissionDeniedException, XPathException {
// as docTestUser1 user
final String query = "fn:collection('" + TEST_SUB_COLLECTION_1_1 + "')";
final BrokerPool pool = server.getBrokerPool();
final SecurityManager securityManager = pool.getSecurityManager();
final Subject testUser1 = securityManager.authenticate(TEST_USER_1, TEST_USER_1);
try (final DBBroker broker = pool.get(Optional.of(testUser1));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final XQuery xqueryService = pool.getXQueryService();
final Sequence result = xqueryService.execute(broker, query, null);
fail("Expected PermissionDeniedException via XPathException");
transaction.commit();
} catch (final XPathException e) {
if (e.getCause() != null && e.getCause() instanceof PermissionDeniedException) {
throw (PermissionDeniedException) e.getCause();
} else {
throw e;
}
}
}
use of org.exist.storage.DBBroker in project exist by eXist-db.
the class FnCollectionSecurityTest method cannotAccessCollectionInCollectionHierarchyWithDeniedReadAndExecuteAce.
@Test(expected = PermissionDeniedException.class)
public void cannotAccessCollectionInCollectionHierarchyWithDeniedReadAndExecuteAce() throws EXistException, AuthenticationException, PermissionDeniedException, XPathException {
// as docTestUser1 user
final String query = "fn:collection('" + TEST_SUB_COLLECTION_2_2 + "')";
final BrokerPool pool = server.getBrokerPool();
final SecurityManager securityManager = pool.getSecurityManager();
final Subject testUser1 = securityManager.authenticate(TEST_USER_1, TEST_USER_1);
try (final DBBroker broker = pool.get(Optional.of(testUser1));
final Txn transaction = pool.getTransactionManager().beginTransaction()) {
final XQuery xqueryService = pool.getXQueryService();
final Sequence result = xqueryService.execute(broker, query, null);
fail("Expected PermissionDeniedException via XPathException");
transaction.commit();
} catch (final XPathException e) {
if (e.getCause() != null && e.getCause() instanceof PermissionDeniedException) {
throw (PermissionDeniedException) e.getCause();
} else {
throw e;
}
}
}
use of org.exist.storage.DBBroker in project exist by eXist-db.
the class SimpleACLPermissionTest method modify.
@Test
public void modify() throws PermissionDeniedException {
final SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
final Database mockDatabase = EasyMock.createMock(Database.class);
final Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
final DBBroker mockBroker = EasyMock.createMock(DBBroker.class);
expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(3);
expect(mockDatabase.getActiveBroker()).andReturn(mockBroker).times(3);
expect(mockBroker.getCurrentSubject()).andReturn(mockCurrentSubject).times(3);
expect(mockCurrentSubject.hasDbaRole()).andReturn(true).times(3);
replay(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject);
SimpleACLPermission permission = new SimpleACLPermission(mockSecurityManager);
assertEquals(0, permission.getACECount());
final int userId = 1;
final int mode = Permission.READ;
final ACE_ACCESS_TYPE access_type = ACE_ACCESS_TYPE.ALLOWED;
permission.addUserACE(access_type, userId, mode);
assertEquals(1, permission.getACECount());
assertEquals(userId, permission.getACEId(0));
assertEquals(access_type, permission.getACEAccessType(0));
assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
assertEquals(mode, permission.getACEMode(0));
permission.modifyACE(0, access_type, Permission.WRITE);
assertEquals(1, permission.getACECount());
assertEquals(userId, permission.getACEId(0));
assertEquals(access_type, permission.getACEAccessType(0));
assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
assertEquals(Permission.WRITE, permission.getACEMode(0));
permission.modifyACE(0, ACE_ACCESS_TYPE.DENIED, Permission.READ | Permission.WRITE);
assertEquals(1, permission.getACECount());
assertEquals(userId, permission.getACEId(0));
assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
assertEquals(ACE_ACCESS_TYPE.DENIED, permission.getACEAccessType(0));
assertEquals(Permission.READ | Permission.WRITE, permission.getACEMode(0));
verify(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject);
}
use of org.exist.storage.DBBroker in project exist by eXist-db.
the class SimpleACLPermissionTest method addACE_ForUserWithModeString.
@Test
public void addACE_ForUserWithModeString() throws PermissionDeniedException {
final SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
final Database mockDatabase = EasyMock.createMock(Database.class);
final DBBroker mockBroker = EasyMock.createMock(DBBroker.class);
final Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
final Account mockAccount = EasyMock.createMock(Account.class);
SimpleACLPermission permission = new SimpleACLPermission(mockSecurityManager);
assertEquals(0, permission.getACECount());
final int userId = 1112;
final String userName = "aretter";
final String mode = "rwx";
expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase);
expect(mockDatabase.getActiveBroker()).andReturn(mockBroker);
expect(mockBroker.getCurrentSubject()).andReturn(mockCurrentSubject);
expect(mockCurrentSubject.hasDbaRole()).andReturn(true);
expect(mockSecurityManager.getAccount(userName)).andReturn(mockAccount);
expect(mockAccount.getId()).andReturn(userId);
replay(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject, mockAccount);
permission.addACE(ACE_ACCESS_TYPE.ALLOWED, ACE_TARGET.USER, userName, mode);
verify(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject, mockAccount);
assertEquals(1, permission.getACECount());
assertEquals(userId, permission.getACEId(0));
assertEquals(ACE_ACCESS_TYPE.ALLOWED, permission.getACEAccessType(0));
assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
assertEquals(ALL, permission.getACEMode(0));
}
use of org.exist.storage.DBBroker in project exist by eXist-db.
the class SimpleACLPermissionTest method remove_firstACE.
@Test
public void remove_firstACE() throws PermissionDeniedException {
final SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
final Database mockDatabase = EasyMock.createMock(Database.class);
final DBBroker mockBroker = EasyMock.createMock(DBBroker.class);
final Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(3);
expect(mockDatabase.getActiveBroker()).andReturn(mockBroker).times(3);
expect(mockBroker.getCurrentSubject()).andReturn(mockCurrentSubject).times(3);
expect(mockCurrentSubject.hasDbaRole()).andReturn(true).times(3);
replay(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject);
SimpleACLPermission permission = new SimpleACLPermission(mockSecurityManager);
assertEquals(0, permission.getACECount());
permission.addUserACE(ACE_ACCESS_TYPE.ALLOWED, 1, ALL);
final int secondUserId = 2;
permission.addUserACE(ACE_ACCESS_TYPE.ALLOWED, secondUserId, ALL);
assertEquals(2, permission.getACECount());
permission.removeACE(0);
assertEquals(1, permission.getACECount());
assertEquals(ACE_ACCESS_TYPE.ALLOWED, permission.getACEAccessType(0));
assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
assertEquals(secondUserId, permission.getACEId(0));
verify(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject);
}
Aggregations