Search in sources :

Example 36 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method cannotCreateXmlResourceWithoutWritePermissionOnParentCollection.

@Test(expected = XMLDBException.class)
public void cannotCreateXmlResourceWithoutWritePermissionOnParentCollection() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    ums.chmod("--x------");
    test.close();
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final Resource resource = test.createResource("other.xml", XMLResource.RESOURCE_TYPE);
    resource.setContent("<other/>");
    test.storeResource(resource);
}
Also used : BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 37 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method canReadXmlResourceWithOnlyReadPermission.

@Test
public void canReadXmlResourceWithOnlyReadPermission() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    Resource resource = test.getResource("test.xml");
    ums.chmod(resource, "r--------");
    test.close();
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    resource = test.getResource("test.xml");
    assertEquals("<test/>", resource.getContent());
}
Also used : BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 38 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method ownerAndGroupMemberChownGidResource.

/**
 * Owner can change the owner gid of a resource
 * to a group of which they are a member
 *
 * As the user 'test1' (who is the owner and
 * who is in the group 'extusers')
 * attempt to change ownership gid of /db/securityTest1/test.xml
 * to the group 'extusers'
 */
@Test
public void ownerAndGroupMemberChownGidResource() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final Resource resource = test.getResource("test.xml");
    final UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // attempt to take gid ownership of /db/securityTest1
    ums.chgrp(resource, "extusers");
    final Permission perms = ums.getPermissions(resource);
    assertEquals("extusers", perms.getGroup().getName());
}
Also used : BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) Test(org.junit.Test)

Example 39 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class XMLDBSecurityTest method nonSetUidXQueryCannotWriteRestrictedCollection.

@Test(expected = XMLDBException.class)
public void nonSetUidXQueryCannotWriteRestrictedCollection() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    final long timestamp = System.currentTimeMillis();
    final String content = "<not_setuid>" + timestamp + "</not_setuid>";
    // create an XQuery /db/securityTest1/not_setuid.xquery
    final String xquery = "xmldb:store('/db/securityTest1/forSetUidWrite', 'not_setuid.xml', " + content + ")";
    Resource xqueryResource = test.createResource("not_setuid.xquery", "BinaryResource");
    xqueryResource.setContent(xquery);
    test.storeResource(xqueryResource);
    // set the xquery to be owned by 'test1' and do NOT set it 'setuid', and do set it 'rx' by 'users' group so 'test2' can execute it!
    UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    xqueryResource = test.getResource("not_setuid.xquery");
    // NOT SETUID
    ums.chmod(xqueryResource, 00750);
    // create a collection for the XQuery to write into
    final CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
    final Collection colForSetUid = cms.createCollection("forSetUidWrite");
    // only allow the user 'test1' to write into the collection
    ums = (UserManagementService) colForSetUid.getService("UserManagementService", "1.0");
    ums.chmod(0700);
    // execute the XQuery as the 'test2' user... it should become 'setuid' of 'test1' and succeed.
    final Collection test2 = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
    final EXistXPathQueryService queryService = (EXistXPathQueryService) test2.getService("XPathQueryService", "1.0");
    final ResourceSet result = queryService.executeStoredQuery("/db/securityTest1/not_setuid.xquery");
    assertFalse("/db/securityTest1/forSetUidWrite/not_setuid.xml".equals(result.getResource(0).getContent()));
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) EXistXPathQueryService(org.exist.xmldb.EXistXPathQueryService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) ResourceSet(org.xmldb.api.base.ResourceSet) Test(org.junit.Test)

Example 40 with Resource

use of org.xmldb.api.base.Resource in project exist by eXist-db.

the class TestCase method catchError.

public Exception catchError(Sequence result) {
    try {
        for (SequenceIterator i = result.iterate(); i.hasNext(); ) {
            Resource xmldbResource = getResource(i.nextItem());
            xmldbResource.getContent().toString();
        }
    } catch (Exception e) {
        return e;
    }
    return null;
}
Also used : SequenceIterator(org.exist.xquery.value.SequenceIterator) LocalXMLResource(org.exist.xmldb.LocalXMLResource) Resource(org.xmldb.api.base.Resource) XMLDBException(org.xmldb.api.base.XMLDBException) IOException(java.io.IOException) SAXException(org.xml.sax.SAXException)

Aggregations

Resource (org.xmldb.api.base.Resource)173 XMLResource (org.xmldb.api.modules.XMLResource)126 Collection (org.xmldb.api.base.Collection)111 BinaryResource (org.xmldb.api.modules.BinaryResource)86 Test (org.junit.Test)77 UserManagementService (org.exist.xmldb.UserManagementService)52 ResourceSet (org.xmldb.api.base.ResourceSet)46 XMLDBException (org.xmldb.api.base.XMLDBException)38 EXistCollectionManagementService (org.exist.xmldb.EXistCollectionManagementService)32 EXistResource (org.exist.xmldb.EXistResource)27 CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)25 XPathQueryService (org.xmldb.api.modules.XPathQueryService)18 EXistXPathQueryService (org.exist.xmldb.EXistXPathQueryService)16 Path (java.nio.file.Path)11 Database (org.xmldb.api.base.Database)11 XPathException (org.exist.xquery.XPathException)10 InputStream (java.io.InputStream)9 Source (javax.xml.transform.Source)9 BuildException (org.apache.tools.ant.BuildException)9 Diff (org.xmlunit.diff.Diff)9