Search in sources :

Example 91 with CollectionManagementService

use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method groupCreateSubColl.

@Test
public void groupCreateSubColl() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test2", "test2");
    final CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
    final Collection newCol = cms.createCollection("createdByTest2");
    assertNotNull(newCol);
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) Collection(org.xmldb.api.base.Collection) Test(org.junit.Test)

Example 92 with CollectionManagementService

use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method copyCollectionWithResources_withSubCollectionWithResource.

@Test
public void copyCollectionWithResources_withSubCollectionWithResource() throws XMLDBException {
    Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test1", "test1");
    EXistCollectionManagementService cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    // create collection owned by "test1", and group "users" in /db/securityTest3
    Collection source = cms.createCollection("source");
    // create resource owned by "test1", and group "users" in /db/securityTest3/source
    Resource resSource = source.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
    resSource.setContent("<test/>");
    source.storeResource(resSource);
    resSource = source.createResource("source2.xml", XMLResource.RESOURCE_TYPE);
    resSource.setContent("<test/>");
    source.storeResource(resSource);
    // create sub-collection "sub" owned by "test1", and group "users" in /db/securityTest3/source
    CollectionManagementService cms1 = (EXistCollectionManagementService) source.getService("CollectionManagementService", "1.0");
    Collection sub = cms1.createCollection("sub");
    // create resource owned by "test1", and group "users" in /db/securityTest3/source/sub1
    Resource resSub = sub.createResource("sub1.xml", XMLResource.RESOURCE_TYPE);
    resSub.setContent("<test-sub/>");
    sub.storeResource(resSub);
    // as the 'test3' user copy the collection
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test3", "test3");
    cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
    cms.copy("/db/securityTest3/source", "/db/securityTest3", "copy-of-source");
    final Collection copyOfSource = test.getChildCollection("copy-of-source");
    assertNotNull(copyOfSource);
    assertEquals(2, copyOfSource.listResources().length);
    final Collection copyOfSub = copyOfSource.getChildCollection("sub");
    assertNotNull(copyOfSub);
    assertEquals(1, copyOfSub.listResources().length);
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) Test(org.junit.Test)

Example 93 with CollectionManagementService

use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method setup.

// TODO need tests for
// 4) CopyingCollections to dests where permission is denied!
// 5) What about move Document, move Collection?
/**
 * 1) Sets '/db' to rwxr-xr-x (0755)
 * 2) Adds the Group 'users'
 * 3) Adds the User 'test1' with password 'test1' and set's their primary group to 'users'
 * 4) Creates the group 'extusers' and adds 'test1' to it
 * 5) Adds the User 'test2' with password 'test2' and set's their primary group to 'users'
 * 6) Creates the group 'test2-only` and adds 'test2' to it
 * 7) Adds the User 'test3' with password 'test3' and set's their primary group to 'guest'
 * 8) Creates the Collection '/db/securityTest1' owned by 'test1':'users' with permissions rwxrwx--- (0770)
 * 9) Creates the XML resource '/db/securityTest1/test.xml' owned by 'test1':'users' with permissions rwxrwx--- (0770)
 * 10) Creates the Binary resource '/db/securityTest1/test.bin' owned by 'test1':'users' with permissions rwxrwx--- (0770)
 * 11) Creates the Collection '/db/securityTest2' owned by 'test1':'users' with permissions rwxrwxr-x (0775)
 * 12) Creates the Collection '/db/securityTest3' owned by 'test3':'guest' with permissions rwxrwxrwx (0777)
 */
@Before
public void setup() throws XMLDBException {
    final Collection root = DatabaseManager.getCollection(getBaseUri() + "/db", TestUtils.ADMIN_DB_USER, TestUtils.ADMIN_DB_PWD);
    UserManagementService ums = (UserManagementService) root.getService("UserManagementService", "1.0");
    // ensure /db is always 755
    ums.chmod("rwxr-xr-x");
    // remove accounts 'test1', 'test2' and 'test3'
    removeAccounts(ums, new String[] { "test1", "test2", "test3" });
    // remove group 'users'
    removeGroups(ums, new String[] { "users" });
    final Group group = new GroupAider("exist", "users");
    ums.addGroup(group);
    UserAider user = new UserAider("test1", group);
    user.setPassword("test1");
    ums.addAccount(user);
    final Group extGroup = new GroupAider("exist", "extusers");
    ums.addGroup(extGroup);
    ums.addAccountToGroup("test1", "extusers");
    user = new UserAider("test2", group);
    user.setPassword("test2");
    ums.addAccount(user);
    final Group test2OnlyGroup = new GroupAider("exist", "test2-only");
    ums.addGroup(test2OnlyGroup);
    ums.addAccountToGroup("test2", "test2-only");
    user = new UserAider("test3", ums.getGroup("guest"));
    user.setPassword("test3");
    ums.addAccount(user);
    // create a collection /db/securityTest1 as owned by "test1:users" and mode 0770
    CollectionManagementService cms = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
    Collection test = cms.createCollection("securityTest1");
    ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    // change ownership to test1
    final Account test1 = ums.getAccount("test1");
    ums.chown(test1, "users");
    // full permissions for user and group, none for world
    ums.chmod(0770);
    test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest1", "test1", "test1");
    // create a resource /db/securityTest1/test.xml owned by "test1:users" and mode 0770
    Resource resource = test.createResource("test.xml", XMLResource.RESOURCE_TYPE);
    resource.setContent("<test/>");
    test.storeResource(resource);
    ums.chmod(resource, 0770);
    resource = test.createResource("test.bin", BinaryResource.RESOURCE_TYPE);
    resource.setContent("binary-test".getBytes());
    test.storeResource(resource);
    ums.chmod(resource, 0770);
    // create a collection /db/securityTest2 as user "test1"
    cms = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
    Collection testCol2 = cms.createCollection("securityTest2");
    ums = (UserManagementService) testCol2.getService("UserManagementService", "1.0");
    // change ownership to test1
    ums.chown(test1, "users");
    // full permissions for user and group, none for world
    ums.chmod(0775);
    // create a collection /db/securityTest3 as user "test3"
    cms = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
    Collection testCol3 = cms.createCollection("securityTest3");
    ums = (UserManagementService) testCol3.getService("UserManagementService", "1.0");
    // change ownership to test3
    final Account test3 = ums.getAccount("test3");
    ums.chown(test3, "users");
    // full permissions for all
    ums.chmod(0777);
    // create a sub-collection /db/securityTest1/sub1 as user "test1"
    cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
    Collection sub1 = cms.createCollection("sub1");
    ums = (UserManagementService) sub1.getService("UserManagementService", "1.0");
    // change ownership to test1
    ums.chown(test1, "users");
    // full permissions for all
    ums.chmod(0777);
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) GroupAider(org.exist.security.internal.aider.GroupAider) UserAider(org.exist.security.internal.aider.UserAider) Before(org.junit.Before)

Example 94 with CollectionManagementService

use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method setGidXQueryCanWriteRestrictedCollection.

@Test
public void setGidXQueryCanWriteRestrictedCollection() throws XMLDBException {
    final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test1", "test1");
    final long timestamp = System.currentTimeMillis();
    final String content = "<setgid>" + timestamp + "</setgid>";
    // create an XQuery /db/securityTest1/setuid.xquery
    final String xquery = "xmldb:store('/db/securityTest2/forSetGidWrite', 'setgid.xml', " + content + ")";
    Resource xqueryResource = test.createResource("setgid.xquery", "BinaryResource");
    xqueryResource.setContent(xquery);
    test.storeResource(xqueryResource);
    // set the xquery to be owned by 'test1':'users' and set it 'setgid', and set it 'rx' by ohers, so 'test3' can execute it!
    UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
    xqueryResource = test.getResource("setgid.xquery");
    ums.chown(xqueryResource, ums.getAccount("test1"), "users");
    // setgid
    ums.chmod(xqueryResource, 02705);
    // create a collection for the XQuery to write into
    final CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
    final Collection colForSetUid = cms.createCollection("forSetGidWrite");
    // only allow the group 'users' to write into the collection
    ums = (UserManagementService) colForSetUid.getService("UserManagementService", "1.0");
    ums.chmod(0570);
    // execute the XQuery as the 'test3' user... it should become 'setgid' of 'users' and succeed.
    final Collection test3 = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test3", "test3");
    final EXistXPathQueryService queryService = (EXistXPathQueryService) test3.getService("XPathQueryService", "1.0");
    final ResourceSet result = queryService.executeStoredQuery("/db/securityTest2/setgid.xquery");
    assertEquals("/db/securityTest2/forSetGidWrite/setgid.xml", result.getResource(0).getContent());
    // check the written content
    final Resource writtenXmlResource = colForSetUid.getResource("setgid.xml");
    assertEquals(content, writtenXmlResource.getContent());
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) EXistXPathQueryService(org.exist.xmldb.EXistXPathQueryService) BinaryResource(org.xmldb.api.modules.BinaryResource) XMLResource(org.xmldb.api.modules.XMLResource) Resource(org.xmldb.api.base.Resource) Collection(org.xmldb.api.base.Collection) UserManagementService(org.exist.xmldb.UserManagementService) ResourceSet(org.xmldb.api.base.ResourceSet) Test(org.junit.Test)

Example 95 with CollectionManagementService

use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.

the class XMLDBSecurityTest method worldRemoveCollection.

// fails since guest has no write permissions
@Test(expected = XMLDBException.class)
public void worldRemoveCollection() throws XMLDBException {
    final Collection root = DatabaseManager.getCollection(getBaseUri() + "/db", "guest", "guest");
    final CollectionManagementService cms = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
    cms.removeCollection("securityTest1");
}
Also used : EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService) CollectionManagementService(org.xmldb.api.modules.CollectionManagementService) Collection(org.xmldb.api.base.Collection) Test(org.junit.Test)

Aggregations

CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)148 Collection (org.xmldb.api.base.Collection)84 XMLResource (org.xmldb.api.modules.XMLResource)33 Resource (org.xmldb.api.base.Resource)25 Before (org.junit.Before)23 EXistCollectionManagementService (org.exist.xmldb.EXistCollectionManagementService)21 After (org.junit.After)21 Test (org.junit.Test)19 UserManagementService (org.exist.xmldb.UserManagementService)14 ResourceSet (org.xmldb.api.base.ResourceSet)14 BinaryResource (org.xmldb.api.modules.BinaryResource)13 XPathQueryService (org.xmldb.api.modules.XPathQueryService)9 Account (org.exist.security.Account)7 IndexQueryService (org.exist.xmldb.IndexQueryService)6 AfterClass (org.junit.AfterClass)6 Database (org.xmldb.api.base.Database)6 XMLDBException (org.xmldb.api.base.XMLDBException)6 Path (java.nio.file.Path)5 BeforeClass (org.junit.BeforeClass)5 InputStream (java.io.InputStream)4