Search in sources :

Example 16 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method canExecuteXQueryWithOnlyExecutePermissionOnParentCollection.

@Test
public void canExecuteXQueryWithOnlyExecutePermissionOnParentCollection() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    final String xquery = "<xquery>{ 1 + 1 }</xquery>";
    Resource xqueryResource = test.createResource("test.xquery", BinaryResource.RESOURCE_TYPE);
    xqueryResource.setContent(xquery);
    test.storeResource(xqueryResource);
    ums.chmod("--x------");
    // set execute bit on xquery (its off by default!)
    ums.chmod(xqueryResource, "rwx------");
    test.close();
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    xqueryResource = test.getResource("test.xquery");
    assertEquals(xquery, new String((byte[]) xqueryResource.getContent()));
    // execute the stored XQuery
    final EXistXPathQueryService queryService = (EXistXPathQueryService) test.getService("XPathQueryService", "1.0");
    final ResourceSet result = queryService.executeStoredQuery("/db/securityTest1/test.xquery");
    assertEquals("<xquery>2</xquery>", result.getResource(0).getContent());
}
Also used : EXistXPathQueryService(org.exist.xmldb.EXistXPathQueryService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) ResourceSet(org.xmldb.api.base.ResourceSet) Test(org.junit.Test)

Example 17 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method ownerAndGroupMemberChownGidCollection.

/**
 * Owner can change the owner gid of a collection
 * to a group of which they are a member
 *
 * As the user 'test1' (who is the owner and
 * who is in the group 'extusers')
 * attempt to change ownership gid of /db/securityTest1
 * to the group 'extusers'
 */
@Test
public void ownerAndGroupMemberChownGidCollection() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to take gid ownership of /db/securityTest1
    ums.chgrp("extusers");
    final Permission perms = ums.getPermissions(test);
    assertEquals("extusers", perms.getGroup().getName());
}
Also used : Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 18 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method copyCollectionWithResources_destResourceExists_destResourceIsNotWritable.

/**
 * As the 'test1' user, creates the collection and resource:
 *
 *  test1:users /db/securityTest3/source
 *  test1:users /db/securityTest3/source/source1.xml
 *  test1:users /db/securityTest3/source/source2.xml
 *
 * We then also create the Collection
 *  test1:users /db/securityTest3/copy-of-source (0777)
 * so that the destination (for the copy we are about
 * to do) already exists and is writable.
 * We then create the resource
 *  test1:users /db/securityTest/copy-of-source/source1.xml
 * and set it so that it is not accessible by anyone
 * apart from 'test1' user...
 *
 * As the 'test3' user, copy the collection:
 *
 *  /db/securityTest3/source
 *      -> /db/securityTest3/copy-of-source
 *
 * The test should prove that during a copy, existing
 * documents in the dest are replaced as long as the
 * dest collection has write permission and that the
 * permissions on the dest resource must also be writable
 */
@Test(expected = XMLDBException.class)
public void copyCollectionWithResources_destResourceExists_destResourceIsNotWritable() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test1", "test1");
    EXistCollectionManagementService cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    // create collection owned by "test1", and group "users" in /db/securityTest3
    Collection source = cms.createCollection("source");
    // create resource owned by "test1", and group "users" in /db/securityTest3/source
    Resource resSource = source.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
    resSource.setContent("<test1/>");
    source.storeResource(resSource);
    resSource = source.createResource("source2.xml", XMLResource.RESOURCE_TYPE);
    resSource.setContent("<test2/>");
    source.storeResource(resSource);
    // pre-create the destination and set writable by all
    final Collection dest = cms.createCollection("copy-of-source");
    UserManagementService ums = (UserManagementService) dest.getService("UserManagementService", "1.0");
    ums.chmod(0777);
    // pre-create a destination resource and set no access to group and others
    Resource resDestSource1 = dest.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
    resDestSource1.setContent("<old/>");
    dest.storeResource(resDestSource1);
    ums.chmod(resDestSource1, 0700);
    // as the 'test3' user copy the collection
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test3", "test3");
    cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    cms.copy("/db/securityTest3/source", "/db/securityTest3", "copy-of-source");
    final Collection copyOfSource = test.getChildCollection("copy-of-source");
    assertNotNull(copyOfSource);
    assertEquals(2, copyOfSource.listResources().length);
    final Resource resCopyOfSource1 = copyOfSource.getResource("source1.xml");
    assertEquals("<test1/>", resCopyOfSource1.getContent().toString());
    final Resource resCopyOfSource2 = copyOfSource.getResource("source2.xml");
    assertEquals("<test2/>", resCopyOfSource2.getContent().toString());
// TODO check perms are/areNot preserved? on the replaced resource
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 19 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method ownerChownGidCollection.

/**
 * Owner can NOT change the owner gid of a collection
 * to a group of which they are not a member
 *
 * As the user 'test1' attempt to change the
 * ownership gid of /db/securityTest1
 * to 'guest' group
 */
@Test(expected = XMLDBException.class)
public void ownerChownGidCollection() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to change gid ownership of /db/securityTest1 to the guest group
    ums.chgrp("guest");
}
Also used : Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 20 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method dbaChownGidCollection.

/**
 * DBA can change the owner gid of a collection
 *
 * As the user 'admin' (who is a DBA) attempt to change the
 * ownership gid of /db/securityTest1
 * to 'guest' group
 */
@Test
public void dbaChownGidCollection() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "admin", "");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to change uid ownership of /db/securityTest1 to the guest group
    ums.chgrp("guest");
}
Also used : Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Aggregations

UserManagementService (org.exist.xmldb.UserManagementService)106 Collection (org.xmldb.api.base.Collection)91 Test (org.junit.Test)79 BinaryResource (org.xmldb.api.modules.BinaryResource)55 Resource (org.xmldb.api.base.Resource)52 XMLResource (org.xmldb.api.modules.XMLResource)51 EXistCollectionManagementService (org.exist.xmldb.EXistCollectionManagementService)26 XMLDBException (org.xmldb.api.base.XMLDBException)15 CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)14 UserAider (org.exist.security.internal.aider.UserAider)9 GroupAider (org.exist.security.internal.aider.GroupAider)8 ResourceSet (org.xmldb.api.base.ResourceSet)8 EXistXPathQueryService (org.exist.xmldb.EXistXPathQueryService)7 EXistResource (org.exist.xmldb.EXistResource)6 Account (org.exist.security.Account)5 Before (org.junit.Before)3 BeforeClass (org.junit.BeforeClass)3 URISyntaxException (java.net.URISyntaxException)2 ExtendedResource (org.exist.xmldb.ExtendedResource)2 WindowAdapter (java.awt.event.WindowAdapter)1