Examples with UserManagementService org.exist.xmldb.UserManagementService used on opensource projects

Search in sources :

Example 76 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method setup.

// TODO need tests for
// 4) CopyingCollections to dests where permission is denied!
// 5) What about move Document, move Collection?
/**
 * 1) Sets '/db' to rwxr-xr-x (0755)
 * 2) Adds the Group 'users'
 * 3) Adds the User 'test1' with password 'test1' and set's their primary group to 'users'
 * 4) Creates the group 'extusers' and adds 'test1' to it
 * 5) Adds the User 'test2' with password 'test2' and set's their primary group to 'users'
 * 6) Creates the group 'test2-only` and adds 'test2' to it
 * 7) Adds the User 'test3' with password 'test3' and set's their primary group to 'guest'
 * 8) Creates the Collection '/db/securityTest1' owned by 'test1':'users' with permissions rwxrwx--- (0770)
 * 9) Creates the XML resource '/db/securityTest1/test.xml' owned by 'test1':'users' with permissions rwxrwx--- (0770)
 * 10) Creates the Binary resource '/db/securityTest1/test.bin' owned by 'test1':'users' with permissions rwxrwx--- (0770)
 * 11) Creates the Collection '/db/securityTest2' owned by 'test1':'users' with permissions rwxrwxr-x (0775)
 * 12) Creates the Collection '/db/securityTest3' owned by 'test3':'guest' with permissions rwxrwxrwx (0777)
 */
@Before
public void setup() throws XMLDBException {
    final Collection root = DatabaseManager.getCollection(getBaseUri() + "/db", TestUtils.ADMIN_DB_USER, TestUtils.ADMIN_DB_PWD);
    UserManagementService ums = (UserManagementService) root.getService("UserManagementService", "1.0");
    // ensure /db is always 755
    ums.chmod("rwxr-xr-x");
    // remove accounts 'test1', 'test2' and 'test3'
    removeAccounts(ums, new String[] { "test1", "test2", "test3" });
    // remove group 'users'
    removeGroups(ums, new String[] { "users" });
    final Group group = new GroupAider("exist", "users");
    ums.addGroup(group);
    UserAider user = new UserAider("test1", group);
    user.setPassword("test1");
    ums.addAccount(user);
    final Group extGroup = new GroupAider("exist", "extusers");
    ums.addGroup(extGroup);
    ums.addAccountToGroup("test1", "extusers");
    user = new UserAider("test2", group);
    user.setPassword("test2");
    ums.addAccount(user);
    final Group test2OnlyGroup = new GroupAider("exist", "test2-only");
    ums.addGroup(test2OnlyGroup);
    ums.addAccountToGroup("test2", "test2-only");
    user = new UserAider("test3", ums.getGroup("guest"));
    user.setPassword("test3");
    ums.addAccount(user);
    // create a collection /db/securityTest1 as owned by "test1:users" and mode 0770
    CollectionManagementService cms = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
    Collection test = cms.createCollection("securityTest1");
    ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // change ownership to test1
    final Account test1 = ums.getAccount("test1");
    ums.chown(test1, "users");
    // full permissions for user and group, none for world
    ums.chmod(0770);
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    // create a resource /db/securityTest1/test.xml owned by "test1:users" and mode 0770
    Resource resource = test.createResource("test.xml", XMLResource.RESOURCE_TYPE);
    resource.setContent("<test/>");
    test.storeResource(resource);
    ums.chmod(resource, 0770);
    resource = test.createResource("test.bin", BinaryResource.RESOURCE_TYPE);
    resource.setContent("binary-test".getBytes());
    test.storeResource(resource);
    ums.chmod(resource, 0770);
    // create a collection /db/securityTest2 as user "test1"
    cms = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
    Collection testCol2 = cms.createCollection("securityTest2");
    ums = (UserManagementService) testCol2.getService("UserManagementService", "1.0");
    // change ownership to test1
    ums.chown(test1, "users");
    // full permissions for user and group, none for world
    ums.chmod(0775);
    // create a collection /db/securityTest3 as user "test3"
    cms = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
    Collection testCol3 = cms.createCollection("securityTest3");
    ums = (UserManagementService) testCol3.getService("UserManagementService", "1.0");
    // change ownership to test3
    final Account test3 = ums.getAccount("test3");
    ums.chown(test3, "users");
    // full permissions for all
    ums.chmod(0777);
    // create a sub-collection /db/securityTest1/sub1 as user "test1"
    cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
    Collection sub1 = cms.createCollection("sub1");
    ums = (UserManagementService) sub1.getService("UserManagementService", "1.0");
    // change ownership to test1
    ums.chown(test1, "users");
    // full permissions for all
    ums.chmod(0777);
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) GroupAider(org.exist.security.internal.aider.GroupAider) UserAider(org.exist.security.internal.aider.UserAider) Before(org.junit.Before)

Example 77 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method setGidXQueryCanWriteRestrictedCollection.

@Test
public void setGidXQueryCanWriteRestrictedCollection() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test1", "test1");
    final long timestamp = System.currentTimeMillis();
    final String content = "<setgid>" + timestamp + "</setgid>";
    // create an XQuery /db/securityTest1/setuid.xquery
    final String xquery = "xmldb:store('/db/securityTest2/forSetGidWrite', 'setgid.xml', " + content + ")";
    Resource xqueryResource = test.createResource("setgid.xquery", "BinaryResource");
    xqueryResource.setContent(xquery);
    test.storeResource(xqueryResource);
    // set the xquery to be owned by 'test1':'users' and set it 'setgid', and set it 'rx' by ohers, so 'test3' can execute it!
    UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    xqueryResource = test.getResource("setgid.xquery");
    ums.chown(xqueryResource, ums.getAccount("test1"), "users");
    // setgid
    ums.chmod(xqueryResource, 02705);
    // create a collection for the XQuery to write into
    final CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
    final Collection colForSetUid = cms.createCollection("forSetGidWrite");
    // only allow the group 'users' to write into the collection
    ums = (UserManagementService) colForSetUid.getService("UserManagementService", "1.0");
    ums.chmod(0570);
    // execute the XQuery as the 'test3' user... it should become 'setgid' of 'users' and succeed.
    final Collection test3 = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test3", "test3");
    final EXistXPathQueryService queryService = (EXistXPathQueryService) test3.getService("XPathQueryService", "1.0");
    final ResourceSet result = queryService.executeStoredQuery("/db/securityTest2/setgid.xquery");
    assertEquals("/db/securityTest2/forSetGidWrite/setgid.xml", result.getResource(0).getContent());
    // check the written content
    final Resource writtenXmlResource = colForSetUid.getResource("setgid.xml");
    assertEquals(content, writtenXmlResource.getContent());
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) EXistXPathQueryService(org.exist.xmldb.EXistXPathQueryService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) ResourceSet(org.xmldb.api.base.ResourceSet) Test(org.junit.Test)

Example 78 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method cannotReadXmlResourceWithoutReadPermission.

@Test(expected = XMLDBException.class)
public void cannotReadXmlResourceWithoutReadPermission() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    Resource resource = test.getResource("test.xml");
    ums.chmod(resource, "-wx------");
    test.close();
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    resource = test.getResource("test.xml");
    assertEquals("<test/>", resource.getContent());
}
Also used : BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 79 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method dbaChownGidResource.

/**
 * DBA can change the owner gid of a resource
 *
 * As the user 'admin' (who is a DBA) attempt to change the
 * ownership gid of /db/securityTest1/test1.xml
 * to 'guest' group
 */
@Test
public void dbaChownGidResource() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "admin", "");
    final Resource resource = test.getResource("test.xml");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to change uid ownership of /db/securityTest1/test.xml to the guest group
    ums.chgrp(resource, "guest");
}
Also used : BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 80 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method groupMemberChownUidResource.

/**
 * Group member can NOT change the owner uid of a resource
 *
 * As the user 'test2' attempt to change the
 * ownership uid of /db/securityTest1/test.xml
 * to ourselves
 */
@Test(expected = XMLDBException.class)
public void groupMemberChownUidResource() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
    final Resource resource = test.getResource("test.xml");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to take uid ownership of /db/securityTest1/test.xml
    final Account test2 = ums.getAccount("test2");
    ums.chown(resource, test2);
}
Also used : BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Aggregations

UserManagementService (org.exist.xmldb.UserManagementService)106 Collection (org.xmldb.api.base.Collection)91 Test (org.junit.Test)79 BinaryResource (org.xmldb.api.modules.BinaryResource)55 Resource (org.xmldb.api.base.Resource)52 XMLResource (org.xmldb.api.modules.XMLResource)51 EXistCollectionManagementService (org.exist.xmldb.EXistCollectionManagementService)26 XMLDBException (org.xmldb.api.base.XMLDBException)15 CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)14 UserAider (org.exist.security.internal.aider.UserAider)9 GroupAider (org.exist.security.internal.aider.GroupAider)8 ResourceSet (org.xmldb.api.base.ResourceSet)8 EXistXPathQueryService (org.exist.xmldb.EXistXPathQueryService)7 EXistResource (org.exist.xmldb.EXistResource)6 Account (org.exist.security.Account)5 Before (org.junit.Before)3 BeforeClass (org.junit.BeforeClass)3 URISyntaxException (java.net.URISyntaxException)2 ExtendedResource (org.exist.xmldb.ExtendedResource)2 WindowAdapter (java.awt.event.WindowAdapter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial