Search in sources :

Example 21 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class FnCollectionSecurityTest method cannotAccessCollectionInCollectionHierarchyWithDeniedExecute.

@Test(expected = PermissionDeniedException.class)
public void cannotAccessCollectionInCollectionHierarchyWithDeniedExecute() throws EXistException, AuthenticationException, PermissionDeniedException, XPathException {
    // as docTestUser1 user
    final String query = "fn:collection('" + TEST_SUB_COLLECTION_1_1 + "')";
    final BrokerPool pool = server.getBrokerPool();
    final SecurityManager securityManager = pool.getSecurityManager();
    final Subject testUser1 = securityManager.authenticate(TEST_USER_1, TEST_USER_1);
    try (final DBBroker broker = pool.get(Optional.of(testUser1));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final XQuery xqueryService = pool.getXQueryService();
        final Sequence result = xqueryService.execute(broker, query, null);
        fail("Expected PermissionDeniedException via XPathException");
        transaction.commit();
    } catch (final XPathException e) {
        if (e.getCause() != null && e.getCause() instanceof PermissionDeniedException) {
            throw (PermissionDeniedException) e.getCause();
        } else {
            throw e;
        }
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) XPathException(org.exist.xquery.XPathException) XQuery(org.exist.xquery.XQuery) Txn(org.exist.storage.txn.Txn) Sequence(org.exist.xquery.value.Sequence) BrokerPool(org.exist.storage.BrokerPool) Test(org.junit.Test)

Example 22 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class FnCollectionSecurityTest method cannotAccessCollectionInCollectionHierarchyWithDeniedReadAndExecuteAce.

@Test(expected = PermissionDeniedException.class)
public void cannotAccessCollectionInCollectionHierarchyWithDeniedReadAndExecuteAce() throws EXistException, AuthenticationException, PermissionDeniedException, XPathException {
    // as docTestUser1 user
    final String query = "fn:collection('" + TEST_SUB_COLLECTION_2_2 + "')";
    final BrokerPool pool = server.getBrokerPool();
    final SecurityManager securityManager = pool.getSecurityManager();
    final Subject testUser1 = securityManager.authenticate(TEST_USER_1, TEST_USER_1);
    try (final DBBroker broker = pool.get(Optional.of(testUser1));
        final Txn transaction = pool.getTransactionManager().beginTransaction()) {
        final XQuery xqueryService = pool.getXQueryService();
        final Sequence result = xqueryService.execute(broker, query, null);
        fail("Expected PermissionDeniedException via XPathException");
        transaction.commit();
    } catch (final XPathException e) {
        if (e.getCause() != null && e.getCause() instanceof PermissionDeniedException) {
            throw (PermissionDeniedException) e.getCause();
        } else {
            throw e;
        }
    }
}
Also used : DBBroker(org.exist.storage.DBBroker) XPathException(org.exist.xquery.XPathException) XQuery(org.exist.xquery.XQuery) Txn(org.exist.storage.txn.Txn) Sequence(org.exist.xquery.value.Sequence) BrokerPool(org.exist.storage.BrokerPool) Test(org.junit.Test)

Example 23 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class SimpleACLPermissionTest method modify.

@Test
public void modify() throws PermissionDeniedException {
    final SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
    final Database mockDatabase = EasyMock.createMock(Database.class);
    final Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
    final DBBroker mockBroker = EasyMock.createMock(DBBroker.class);
    expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(3);
    expect(mockDatabase.getActiveBroker()).andReturn(mockBroker).times(3);
    expect(mockBroker.getCurrentSubject()).andReturn(mockCurrentSubject).times(3);
    expect(mockCurrentSubject.hasDbaRole()).andReturn(true).times(3);
    replay(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject);
    SimpleACLPermission permission = new SimpleACLPermission(mockSecurityManager);
    assertEquals(0, permission.getACECount());
    final int userId = 1;
    final int mode = Permission.READ;
    final ACE_ACCESS_TYPE access_type = ACE_ACCESS_TYPE.ALLOWED;
    permission.addUserACE(access_type, userId, mode);
    assertEquals(1, permission.getACECount());
    assertEquals(userId, permission.getACEId(0));
    assertEquals(access_type, permission.getACEAccessType(0));
    assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
    assertEquals(mode, permission.getACEMode(0));
    permission.modifyACE(0, access_type, Permission.WRITE);
    assertEquals(1, permission.getACECount());
    assertEquals(userId, permission.getACEId(0));
    assertEquals(access_type, permission.getACEAccessType(0));
    assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
    assertEquals(Permission.WRITE, permission.getACEMode(0));
    permission.modifyACE(0, ACE_ACCESS_TYPE.DENIED, Permission.READ | Permission.WRITE);
    assertEquals(1, permission.getACECount());
    assertEquals(userId, permission.getACEId(0));
    assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
    assertEquals(ACE_ACCESS_TYPE.DENIED, permission.getACEAccessType(0));
    assertEquals(Permission.READ | Permission.WRITE, permission.getACEMode(0));
    verify(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject);
}
Also used : DBBroker(org.exist.storage.DBBroker) ACE_ACCESS_TYPE(org.exist.security.ACLPermission.ACE_ACCESS_TYPE) Database(org.exist.Database) Test(org.junit.Test)

Example 24 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class SimpleACLPermissionTest method addACE_ForUserWithModeString.

@Test
public void addACE_ForUserWithModeString() throws PermissionDeniedException {
    final SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
    final Database mockDatabase = EasyMock.createMock(Database.class);
    final DBBroker mockBroker = EasyMock.createMock(DBBroker.class);
    final Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
    final Account mockAccount = EasyMock.createMock(Account.class);
    SimpleACLPermission permission = new SimpleACLPermission(mockSecurityManager);
    assertEquals(0, permission.getACECount());
    final int userId = 1112;
    final String userName = "aretter";
    final String mode = "rwx";
    expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase);
    expect(mockDatabase.getActiveBroker()).andReturn(mockBroker);
    expect(mockBroker.getCurrentSubject()).andReturn(mockCurrentSubject);
    expect(mockCurrentSubject.hasDbaRole()).andReturn(true);
    expect(mockSecurityManager.getAccount(userName)).andReturn(mockAccount);
    expect(mockAccount.getId()).andReturn(userId);
    replay(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject, mockAccount);
    permission.addACE(ACE_ACCESS_TYPE.ALLOWED, ACE_TARGET.USER, userName, mode);
    verify(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject, mockAccount);
    assertEquals(1, permission.getACECount());
    assertEquals(userId, permission.getACEId(0));
    assertEquals(ACE_ACCESS_TYPE.ALLOWED, permission.getACEAccessType(0));
    assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
    assertEquals(ALL, permission.getACEMode(0));
}
Also used : DBBroker(org.exist.storage.DBBroker) Database(org.exist.Database) Test(org.junit.Test)

Example 25 with DBBroker

use of org.exist.storage.DBBroker in project exist by eXist-db.

the class SimpleACLPermissionTest method remove_firstACE.

@Test
public void remove_firstACE() throws PermissionDeniedException {
    final SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
    final Database mockDatabase = EasyMock.createMock(Database.class);
    final DBBroker mockBroker = EasyMock.createMock(DBBroker.class);
    final Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
    expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(3);
    expect(mockDatabase.getActiveBroker()).andReturn(mockBroker).times(3);
    expect(mockBroker.getCurrentSubject()).andReturn(mockCurrentSubject).times(3);
    expect(mockCurrentSubject.hasDbaRole()).andReturn(true).times(3);
    replay(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject);
    SimpleACLPermission permission = new SimpleACLPermission(mockSecurityManager);
    assertEquals(0, permission.getACECount());
    permission.addUserACE(ACE_ACCESS_TYPE.ALLOWED, 1, ALL);
    final int secondUserId = 2;
    permission.addUserACE(ACE_ACCESS_TYPE.ALLOWED, secondUserId, ALL);
    assertEquals(2, permission.getACECount());
    permission.removeACE(0);
    assertEquals(1, permission.getACECount());
    assertEquals(ACE_ACCESS_TYPE.ALLOWED, permission.getACEAccessType(0));
    assertEquals(ACE_TARGET.USER, permission.getACETarget(0));
    assertEquals(secondUserId, permission.getACEId(0));
    verify(mockSecurityManager, mockDatabase, mockBroker, mockCurrentSubject);
}
Also used : DBBroker(org.exist.storage.DBBroker) Database(org.exist.Database) Test(org.junit.Test)

Aggregations

DBBroker (org.exist.storage.DBBroker)468 BrokerPool (org.exist.storage.BrokerPool)304 Txn (org.exist.storage.txn.Txn)219 Sequence (org.exist.xquery.value.Sequence)185 Test (org.junit.Test)170 XQuery (org.exist.xquery.XQuery)108 Collection (org.exist.collections.Collection)93 TransactionManager (org.exist.storage.txn.TransactionManager)70 EXistException (org.exist.EXistException)66 StringInputSource (org.exist.util.StringInputSource)66 PermissionDeniedException (org.exist.security.PermissionDeniedException)44 Source (org.exist.source.Source)42 StringSource (org.exist.source.StringSource)41 XmldbURI (org.exist.xmldb.XmldbURI)41 CompiledXQuery (org.exist.xquery.CompiledXQuery)39 IOException (java.io.IOException)38 QName (org.exist.dom.QName)37 LockedDocument (org.exist.dom.persistent.LockedDocument)36 Database (org.exist.Database)35 XPathException (org.exist.xquery.XPathException)30