Example 6 with CollectionManagementService
use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method nonSetGidXQueryCannotWriteRestrictedCollection.
@Test(expected = XMLDBException.class)
public void nonSetGidXQueryCannotWriteRestrictedCollection() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test1", "test1");
final long timestamp = System.currentTimeMillis();
final String content = "<not_setgid>" + timestamp + "</not_setgid>";
// create an XQuery /db/securityTest1/not_setgid.xquery
final String xquery = "xmldb:store('/db/securityTest2/forSetGidWrite', 'not_setgid.xml', " + content + ")";
Resource xqueryResource = test.createResource("not_setgid.xquery", "BinaryResource");
xqueryResource.setContent(xquery);
test.storeResource(xqueryResource);
// set the xquery to be owned by 'test1':'users' and set it 'setgid', and set it 'rx' by ohers, so 'test3' can execute it!
UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
xqueryResource = test.getResource("not_setgid.xquery");
// NOT setgid
ums.chmod(xqueryResource, 00705);
// create a collection for the XQuery to write into
final CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
final Collection colForSetUid = cms.createCollection("forSetGidWrite");
// only allow the group 'users' to write into the collection
ums = (UserManagementService) colForSetUid.getService("UserManagementService", "1.0");
ums.chmod(0070);
// execute the XQuery as the 'test3' user... it should become 'setgid' of 'users' and succeed.
final Collection test3 = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test3", "test3");
final EXistXPathQueryService queryService = (EXistXPathQueryService) test3.getService("XPathQueryService", "1.0");
final ResourceSet result = queryService.executeStoredQuery("/db/securityTest2/not_setgid.xquery");
assertFalse("/db/securityTest2/forSetGidWrite/not_setgid.xml".equals(result.getResource(0).getContent()));
}
Also used :
EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService)
CollectionManagementService(org.xmldb.api.modules.CollectionManagementService)
EXistXPathQueryService(org.exist.xmldb.EXistXPathQueryService)
BinaryResource(org.xmldb.api.modules.BinaryResource)
XMLResource(org.xmldb.api.modules.XMLResource)
Resource(org.xmldb.api.base.Resource)
Collection(org.xmldb.api.base.Collection)
UserManagementService(org.exist.xmldb.UserManagementService)
ResourceSet(org.xmldb.api.base.ResourceSet)
Test(org.junit.Test)
Example 7 with CollectionManagementService
use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method setGid_createResource_resourceGroupInheritedFromParent.
@Test
public void setGid_createResource_resourceGroupInheritedFromParent() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test1", "test1");
CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
// create /db/securityTest2/parentCollection with owner "test1:users" and mode "rwxrwsrwx"
Collection parentCollection = cms.createCollection("parentCollection");
UserManagementService ums = (UserManagementService) parentCollection.getService("UserManagementService", "1.0");
ums.chmod("rwxrwsrwx");
// now as "test3:guest" create the sub-resource /db/securityTest2/parentCollection/test.xml
// it should inherit the group ownership 'users' from the parent which is setGid
// but it should not inherit the setGid bit as it is a resource
parentCollection = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2/parentCollection", "test3", "test3");
ums = (UserManagementService) parentCollection.getService("UserManagementService", "1.0");
Resource resource = parentCollection.createResource("test.xml", XMLResource.RESOURCE_TYPE);
resource.setContent("<test/>");
parentCollection.storeResource(resource);
final Permission permissions = ums.getPermissions(resource);
assertEquals("users", permissions.getGroup().getName());
assertFalse(permissions.isSetGid());
}
Also used :
EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService)
CollectionManagementService(org.xmldb.api.modules.CollectionManagementService)
BinaryResource(org.xmldb.api.modules.BinaryResource)
XMLResource(org.xmldb.api.modules.XMLResource)
Resource(org.xmldb.api.base.Resource)
Collection(org.xmldb.api.base.Collection)
UserManagementService(org.exist.xmldb.UserManagementService)
Test(org.junit.Test)
Example 8 with CollectionManagementService
use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method groupRemoveCollection_canWriteParent.
@Test
public void groupRemoveCollection_canWriteParent() throws XMLDBException {
final Collection root = DatabaseManager.getCollection(getBaseUri() + "/db", "admin", "");
final CollectionManagementService cms = (CollectionManagementService) root.getService("CollectionManagementService", "1.0");
cms.removeCollection("securityTest1");
}
Also used :
EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService)
CollectionManagementService(org.xmldb.api.modules.CollectionManagementService)
Collection(org.xmldb.api.base.Collection)
Test(org.junit.Test)
Example 9 with CollectionManagementService
use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method copyCollectionWithResources_withSubCollectionWithResource_doesNotPreservePermissions.
/**
* As the 'test1' user, creates the collection and resource:
*
* test1:users /db/securityTest3/source
* test1:users /db/securityTest3/source/source1.xml
* test1:users /db/securityTest3/source/source2.xml
* test1:users /db/securityTest3/source/sub
* test1:users /db/securityTest3/source/sub/sub1.xml
*
* As the 'test3' user, copy the collection:
*
* /db/securityTest3/source
* -> /db/securityTest3/copy-of-source
*/
@Test
public void copyCollectionWithResources_withSubCollectionWithResource_doesNotPreservePermissions() throws XMLDBException {
Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test1", "test1");
EXistCollectionManagementService cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
// create collection owned by "test1", and group "users" in /db/securityTest3
Collection source = cms.createCollection("source");
// create resource owned by "test1", and group "users" in /db/securityTest3/source
Resource resSource = source.createResource("source1.xml", XMLResource.RESOURCE_TYPE);
resSource.setContent("<test/>");
source.storeResource(resSource);
resSource = source.createResource("source2.xml", XMLResource.RESOURCE_TYPE);
resSource.setContent("<test/>");
source.storeResource(resSource);
// create sub-collection "sub" owned by "test1", and group "users" in /db/securityTest3/source
CollectionManagementService cms1 = (EXistCollectionManagementService) source.getService("CollectionManagementService", "1.0");
Collection sub = cms1.createCollection("sub");
// create resource owned by "test1", and group "users" in /db/securityTest3/source/sub1
Resource resSub = sub.createResource("sub1.xml", XMLResource.RESOURCE_TYPE);
resSub.setContent("<test-sub/>");
sub.storeResource(resSub);
// as the 'test3' user copy the collection
test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest3", "test3", "test3");
cms = (EXistCollectionManagementService) test.getService("CollectionManagementService", "1.0");
cms.copy("/db/securityTest3/source", "/db/securityTest3", "copy-of-source");
final Collection copyOfSource = test.getChildCollection("copy-of-source");
assertNotNull(copyOfSource);
assertEquals(2, copyOfSource.listResources().length);
final Collection copyOfSub = copyOfSource.getChildCollection("sub");
assertNotNull(copyOfSub);
assertEquals(1, copyOfSub.listResources().length);
// collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source
UserManagementService ums = (UserManagementService) test.getService("UserManagementService", "1.0");
Permission permissions = ums.getPermissions(copyOfSource);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
// resource in collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/source1.xml
ums = (UserManagementService) copyOfSource.getService("UserManagementService", "1.0");
final Resource resCopyOfSource1 = copyOfSource.getResource("source1.xml");
permissions = ums.getPermissions(resCopyOfSource1);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
// resource in collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/source2.xml
final Resource resCopyOfSource2 = copyOfSource.getResource("source2.xml");
permissions = ums.getPermissions(resCopyOfSource2);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
// sub-collection should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/sub
ums = (UserManagementService) copyOfSub.getService("UserManagementService", "1.0");
permissions = ums.getPermissions(copyOfSub);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
// sub-collection/resource should be owned by test3:guest, i.e. permissions were not preserved from the test1 users doc /db/securityTest3/source/sub/sub1.xml
final Resource resCopyOfSub1 = copyOfSub.getResource("sub1.xml");
permissions = ums.getPermissions(resCopyOfSub1);
assertEquals("test3", permissions.getOwner().getName());
assertEquals("guest", permissions.getGroup().getName());
}
Also used :
EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService)
CollectionManagementService(org.xmldb.api.modules.CollectionManagementService)
EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService)
BinaryResource(org.xmldb.api.modules.BinaryResource)
XMLResource(org.xmldb.api.modules.XMLResource)
Resource(org.xmldb.api.base.Resource)
Collection(org.xmldb.api.base.Collection)
UserManagementService(org.exist.xmldb.UserManagementService)
Test(org.junit.Test)
Example 10 with CollectionManagementService
use of org.xmldb.api.modules.CollectionManagementService in project exist by eXist-db.
the class XMLDBSecurityTest method noSetGid_createResource_resourceGroupIsUsersPrimaryGroup.
@Test
public void noSetGid_createResource_resourceGroupIsUsersPrimaryGroup() throws XMLDBException {
final Collection test = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2", "test1", "test1");
CollectionManagementService cms = (CollectionManagementService) test.getService("CollectionManagementService", "1.0");
// create /db/securityTest2/parentCollection with owner "test1:users" and mode "rwxrwxrwx"
Collection parentCollection = cms.createCollection("parentCollection");
UserManagementService ums = (UserManagementService) parentCollection.getService("UserManagementService", "1.0");
ums.chmod("rwxrwxrwx");
// now create the sub-resource /db/securityTest2/parentCollection/test.xml
// as "user3:guest", it should have it's group set to the primary group of user3 i.e. 'guest'
// as the collection is NOT setGid, the file should NOT have the setGid bit set
parentCollection = DatabaseManager.getCollection(getBaseUri() + "/db/securityTest2/parentCollection", "test3", "test3");
ums = (UserManagementService) parentCollection.getService("UserManagementService", "1.0");
Resource resource = parentCollection.createResource("test.xml", XMLResource.RESOURCE_TYPE);
resource.setContent("<test/>");
parentCollection.storeResource(resource);
final Permission permissions = ums.getPermissions(resource);
assertEquals("guest", permissions.getGroup().getName());
assertFalse(permissions.isSetGid());
}
Also used :
EXistCollectionManagementService(org.exist.xmldb.EXistCollectionManagementService)
CollectionManagementService(org.xmldb.api.modules.CollectionManagementService)
BinaryResource(org.xmldb.api.modules.BinaryResource)
XMLResource(org.xmldb.api.modules.XMLResource)
Resource(org.xmldb.api.base.Resource)
Collection(org.xmldb.api.base.Collection)
UserManagementService(org.exist.xmldb.UserManagementService)
Test(org.junit.Test)
Aggregations
CollectionManagementService (org.xmldb.api.modules.CollectionManagementService)148
Collection (org.xmldb.api.base.Collection)84
XMLResource (org.xmldb.api.modules.XMLResource)33
Resource (org.xmldb.api.base.Resource)25
Before (org.junit.Before)23
EXistCollectionManagementService (org.exist.xmldb.EXistCollectionManagementService)21
After (org.junit.After)21
Test (org.junit.Test)19
UserManagementService (org.exist.xmldb.UserManagementService)14
ResourceSet (org.xmldb.api.base.ResourceSet)14
BinaryResource (org.xmldb.api.modules.BinaryResource)13
XPathQueryService (org.xmldb.api.modules.XPathQueryService)9
Account (org.exist.security.Account)7
IndexQueryService (org.exist.xmldb.IndexQueryService)6
AfterClass (org.junit.AfterClass)6
Database (org.xmldb.api.base.Database)6
XMLDBException (org.xmldb.api.base.XMLDBException)6
Path (java.nio.file.Path)5
BeforeClass (org.junit.BeforeClass)5
InputStream (java.io.InputStream)4
