Examples with UserManagementService org.exist.xmldb.UserManagementService used on opensource projects

Example 41 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method canOpenRootCollectionWithExecute.

@Test
public void canOpenRootCollectionWithExecute() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db", "admin", "");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    ums.chmod("--x--x--x");
    test.close();
    DatabaseManager.getCollection(getBaseUri() + "/db", "test1", "test1");
}

Example 42 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method canReadXmlResourceWithOnlyReadPermission.

@Test
public void canReadXmlResourceWithOnlyReadPermission() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    Resource resource = test.getResource("test.xml");
    ums.chmod(resource, "r--------");
    test.close();
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    resource = test.getResource("test.xml");
    assertEquals("<test/>", resource.getContent());
}

Example 43 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method ownerAndGroupMemberChownGidResource.

/**
 * Owner can change the owner gid of a resource
 * to a group of which they are a member
 *
 * As the user 'test1' (who is the owner and
 * who is in the group 'extusers')
 * attempt to change ownership gid of /db/securityTest1/test.xml
 * to the group 'extusers'
 */
@Test
public void ownerAndGroupMemberChownGidResource() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final Resource resource = test.getResource("test.xml");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to take gid ownership of /db/securityTest1
    ums.chgrp(resource, "extusers");
    final Permission perms = ums.getPermissions(resource);
    assertEquals("extusers", perms.getGroup().getName());
}

Example 44 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method nonSetUidXQueryCannotWriteRestrictedCollection.

@Test(expected = XMLDBException.class)
public void nonSetUidXQueryCannotWriteRestrictedCollection() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final long timestamp = System.currentTimeMillis();
    final String content = "<not_setuid>" + timestamp + "</not_setuid>";
    // create an XQuery /db/securityTest1/not_setuid.xquery
    final String xquery = "xmldb:store('/db/securityTest1/forSetUidWrite', 'not_setuid.xml', " + content + ")";
    Resource xqueryResource = test.createResource("not_setuid.xquery", "BinaryResource");
    xqueryResource.setContent(xquery);
    test.storeResource(xqueryResource);
    // set the xquery to be owned by 'test1' and do NOT set it 'setuid', and do set it 'rx' by 'users' group so 'test2' can execute it!
    UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    xqueryResource = test.getResource("not_setuid.xquery");
    // NOT SETUID
    ums.chmod(xqueryResource, 00750);
    // create a collection for the XQuery to write into
    final CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
    final Collection colForSetUid = cms.createCollection("forSetUidWrite");
    // only allow the user 'test1' to write into the collection
    ums = (UserManagementService) colForSetUid.getService("UserManagementService", "1.0");
    ums.chmod(0700);
    // execute the XQuery as the 'test2' user... it should become 'setuid' of 'test1' and succeed.
    final Collection test2 = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
    final EXistXPathQueryService queryService = (EXistXPathQueryService) test2.getService("XPathQueryService", "1.0");
    final ResourceSet result = queryService.executeStoredQuery("/db/securityTest1/not_setuid.xquery");
    assertFalse("/db/securityTest1/forSetUidWrite/not_setuid.xml".equals(result.getResource(0).getContent()));
}

Example 45 with UserManagementService

use of org.exist.xmldb.UserManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method canOpenCollectionWithExecute.

@Test
public void canOpenCollectionWithExecute() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    ums.chmod("--x--x--x");
    test.close();
    DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
}