Search in sources :

Example 36 with Collection

use of org.xmldb.api.base.Collection in project exist by eXist-db.

the class XMLDBSecurityTest method noSetGid_copyResource_resourceGroupIsUsersPrimaryGroup.

@Test
public void noSetGid_copyResource_resourceGroupIsUsersPrimaryGroup() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test1", "test1");
    EXistCollectionManagementService cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    // create the /db/securityTest2/test.xml resource
    Resource resource = test.createResource("test.xml", XMLResource.RESOURCE_TYPE);
    resource.setContent("<test/>");
    test.storeResource(resource);
    // create /db/securityTest2/parentCollection with owner "test1:users" and mode "rwxrwxrwx"
    Collection parentCollection = cms.createCollection("parentCollection");
    UserManagementService ums = (UserManagementService) parentCollection.getService("UserManagementService", "1.0");
    ums.chmod("rwxrwxrwx");
    // now copy /db/securityTest2/test.xml to /db/securityTest2/parentCollection/test.xml
    // as user3, it should have it's group set to the primary group of user3 i.e. 'guest'
    // as the collection is NOT setGid and it should not have the setGid bit
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test3", "test3");
    cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    cms.copyResource("test.xml", "/db/securityTest2/parentCollection", "test.xml");
    ums = (UserManagementService) parentCollection.getService("UserManagementService", "1.0");
    parentCollection = test.getChildCollection("parentCollection");
    resource = parentCollection.getResource("test.xml");
    final Permission permissions = ums.getPermissions(resource);
    assertEquals("guest", permissions.getGroup().getName());
    assertFalse(permissions.isSetGid());
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 37 with Collection

use of org.xmldb.api.base.Collection in project exist by eXist-db.

the class XMLDBSecurityTest method worldChmodResource.

// fails since guest has no write permissions
@Test(expected = XMLDBException.class)
public void worldChmodResource() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "guest", "guest");
    final Resource resource = test.getResource("test.xml");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // grant myself all rights ;-)
    ums.chmod(resource, 0777);
}
Also used : BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 38 with Collection

use of org.xmldb.api.base.Collection in project exist by eXist-db.

the class XMLDBSecurityTest method nonSetGidXQueryCannotWriteRestrictedCollection.

@Test(expected = XMLDBException.class)
public void nonSetGidXQueryCannotWriteRestrictedCollection() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test1", "test1");
    final long timestamp = System.currentTimeMillis();
    final String content = "<not_setgid>" + timestamp + "</not_setgid>";
    // create an XQuery /db/securityTest1/not_setgid.xquery
    final String xquery = "xmldb:store('/db/securityTest2/forSetGidWrite', 'not_setgid.xml', " + content + ")";
    Resource xqueryResource = test.createResource("not_setgid.xquery", "BinaryResource");
    xqueryResource.setContent(xquery);
    test.storeResource(xqueryResource);
    // set the xquery to be owned by 'test1':'users' and set it 'setgid', and set it 'rx' by ohers, so 'test3' can execute it!
    UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    xqueryResource = test.getResource("not_setgid.xquery");
    // NOT setgid
    ums.chmod(xqueryResource, 00705);
    // create a collection for the XQuery to write into
    final CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
    final Collection colForSetUid = cms.createCollection("forSetGidWrite");
    // only allow the group 'users' to write into the collection
    ums = (UserManagementService) colForSetUid.getService("UserManagementService", "1.0");
    ums.chmod(0070);
    // execute the XQuery as the 'test3' user... it should become 'setgid' of 'users' and succeed.
    final Collection test3 = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test3", "test3");
    final EXistXPathQueryService queryService = (EXistXPathQueryService) test3.getService("XPathQueryService", "1.0");
    final ResourceSet result = queryService.executeStoredQuery("/db/securityTest2/not_setgid.xquery");
    assertFalse("/db/securityTest2/forSetGidWrite/not_setgid.xml".equals(result.getResource(0).getContent()));
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) EXistXPathQueryService(org.exist.xmldb.EXistXPathQueryService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) ResourceSet(org.xmldb.api.base.ResourceSet) Test(org.junit.Test)

Example 39 with Collection

use of org.xmldb.api.base.Collection in project exist by eXist-db.

the class XMLDBSecurityTest method groupChmodResource_asNotOwnerAndNotDBA.

@Test(expected = XMLDBException.class)
public void groupChmodResource_asNotOwnerAndNotDBA() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
    final Resource resource = test.getResource("test.xml");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // grant myself all rights ;-)
    ums.chmod(resource, 0777);
}
Also used : BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 40 with Collection

use of org.xmldb.api.base.Collection in project exist by eXist-db.

the class XMLDBSecurityTest method copyCollection_doesPreservePermissionsOfSubCollections.

@Test
public void copyCollection_doesPreservePermissionsOfSubCollections() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    EXistCollectionManagementService cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    cms.copy(XmldbURI.create("/db/securityTest1"), XmldbURI.create("/db/securityTest3"), XmldbURI.create("copy-of-securityTest1"));
    final Collection testCopy = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3/copy-of-securityTest1", "test1", "test1");
    final Collection sub1 = testCopy.getChildCollection("sub1");
    final UserManagementService ums = (UserManagementService) sub1.getService("UserManagementService", "1.0");
    final Permission permissions = ums.getPermissions(sub1);
    assertEquals("test1", permissions.getOwner().getName());
    assertEquals("users", permissions.getGroup().getName());
    assertEquals(0777, permissions.getMode());
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Aggregations

Collection (org.xmldb.api.base.Collection)352 XMLResource (org.xmldb.api.modules.XMLResource)140 Test (org.junit.Test)115 Resource (org.xmldb.api.base.Resource)114 UserManagementService (org.exist.xmldb.UserManagementService)91 CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)85 BinaryResource (org.xmldb.api.modules.BinaryResource)80 XMLDBException (org.xmldb.api.base.XMLDBException)73 ResourceSet (org.xmldb.api.base.ResourceSet)55 EXistCollectionManagementService (org.exist.xmldb.EXistCollectionManagementService)48 XPathQueryService (org.xmldb.api.modules.XPathQueryService)31 EXistResource (org.exist.xmldb.EXistResource)28 EXistXPathQueryService (org.exist.xmldb.EXistXPathQueryService)20 Before (org.junit.Before)20 URISyntaxException (java.net.URISyntaxException)18 Path (java.nio.file.Path)18 InputStream (java.io.InputStream)17 BuildException (org.apache.tools.ant.BuildException)14 XmldbURI (org.exist.xmldb.XmldbURI)13 Account (org.exist.security.Account)10