Package org.exist.security

Examples of org.exist.security.PermissionDeniedException

131
132
133
134
135
136
137
138
139
140
141
            ElementImpl parent;
            for (int i = 0; i < ql.length; i++) {
                final StoredNode node = ql[i];
                final DocumentImpl doc = (DocumentImpl)node.getOwnerDocument();
                if (!doc.getPermissions().validate(context.getUser(), Permission.WRITE)) {
                        throw new PermissionDeniedException("User '" + context.getSubject().getName() + "' does not have permission to write to the document '" + doc.getDocumentURI() + "'!");
                }
                doc.getMetadata().setIndexListener(listener);
               
                //update the document
                parent = (ElementImpl) node.getParentStoredNode();
View Full Code Here
142
143
144
145
146
147
148
149
150
151
152
                final NodeList contentList = seq2nodeList(contentSeq);
                for (int i = 0; i < ql.length; i++) {
                    final StoredNode node = ql[i];
                    final DocumentImpl doc = (DocumentImpl)node.getOwnerDocument();
                    if (!doc.getPermissions().validate(context.getUser(), Permission.WRITE)) {
                        throw new PermissionDeniedException("User '" + context.getSubject().getName() + "' does not have permission to write to the document '" + doc.getDocumentURI() + "'!");
                    }
                    doc.getMetadata().setIndexListener(listener);
                   
                    //update the document
            if (mode == INSERT_APPEND) {
View Full Code Here
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
        // Must be a collection
        final Collection collection = broker.getCollection(pathUri);
        if (collection != null) {
          if (!collection.getPermissionsNoLock().validate(
              broker.getSubject(), Permission.READ)) {
            throw new PermissionDeniedException(
                "Not allowed to read collection");
          }

          final DocumentImpl feedDoc = collection.getDocument(broker,
              FEED_DOCUMENT_URI);
          if (feedDoc == null) {
            throw new BadRequestException("Collection "
                + request.getPath() + " is not an Atom feed.");
          }

          // Return the collection feed
          // String charset = getContext().getDefaultCharset();
          if (returnContent) {
            if (id == null) {
              response.setStatusCode(200);
              getFeed(broker, request.getPath(), response);
            } else {
              response.setStatusCode(200);
              getEntryById(broker, request.getPath(), id,
                  response);
            }
          } else {
            response.setStatusCode(204);
          }

        } else {
          throw new NotFoundException("Resource " + request.getPath()
              + " not found");
        }

      } else {
        // Do we have permission to read the resource
        if (!resource.getPermissions().validate(broker.getSubject(),
            Permission.READ)) {
          throw new PermissionDeniedException(
              "Not allowed to read resource");
        }

        if (returnContent) {
          response.setStatusCode(200);
View Full Code Here
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
                    final int responseCode = ((URLSource) source).getResponseCode();
                    if (responseCode == HttpURLConnection.HTTP_NOT_FOUND) {
                        // Special case: '404'
                        return Sequence.EMPTY_SEQUENCE;
                    } else if (responseCode != HttpURLConnection.HTTP_OK) {
                        throw new PermissionDeniedException("Server returned code " + responseCode);
                    }
                }

                //TODO : process pseudo-protocols URLs more efficiently.
                org.exist.memtree.DocumentImpl memtreeDoc = null;
                // we use eXist's in-memory DOM implementation
                reader = context.getBroker().getBrokerPool().getParserPool().borrowXMLReader();
                //TODO : we should be able to cope with context.getBaseURI()
                final InputSource src = new InputSource(istream);
                final SAXAdapter adapter = new SAXAdapter();
                reader.setContentHandler(adapter);
                reader.parse(src);
                final Document doc = adapter.getDocument();
                memtreeDoc = (org.exist.memtree.DocumentImpl)doc;
                memtreeDoc.setContext(context);
                memtreeDoc.setDocumentURI(path);
                document = memtreeDoc;

            } catch(final ConnectException e) {
                // prevent long stacktraces
                throw new XPathException(e.getMessage()+ " ("+path+")");

            } catch(final MalformedURLException e) {
                throw new XPathException(e.getMessage(), e);

            } catch(final SAXException e) {
                throw new XPathException("An error occurred while parsing " + path + ": " + e.getMessage(), e);
            }
            catch(final IOException e) {
                // Special case: FileNotFoundException
                if(e instanceof FileNotFoundException)
                {
                    return Sequence.EMPTY_SEQUENCE;
                }
                else
                {
                    throw new XPathException("An error occurred while parsing " + path + ": " + e.getMessage(), e);
                }
            } finally {
                if (reader != null)
                    {context.getBroker().getBrokerPool().getParserPool().returnXMLReader(reader);}
            }
    }
    else
    {
      /* Database documents */

      // check if the loaded documents should remain locked
      boolean lockOnLoad = context.lockDocumentsOnLoad();
            final int lockType = lockOnLoad ? Lock.WRITE_LOCK : Lock.READ_LOCK;
      DocumentImpl doc = null;
      try
      {
        XmldbURI pathUri = XmldbURI.xmldbUriFor(path, false);
       
        final XmldbURI baseURI = context.getBaseURI().toXmldbURI();
        if (baseURI != null && !(baseURI.equals("") || baseURI.equals("/db"))) {
          // relative collection Path: add the current base URI
          pathUri = baseURI.resolveCollectionPath(pathUri);
        }

        // relative collection Path: add the current module call URI
        try {
          pathUri = XmldbURI.xmldbUriFor(context.getModuleLoadPath()).resolveCollectionPath(pathUri);
        } catch (final Exception e) {
          //workaround: ignore Windows issue
        }

        // try to open the document and acquire a lock
        doc = context.getBroker().getXMLResource(pathUri, lockType);
        if(doc != null)
        {
          if(!doc.getPermissions().validate(context.getSubject(), Permission.READ))
          {
            doc.getUpdateLock().release(lockType);
            throw new PermissionDeniedException("Insufficient privileges to read resource " + path);
          }
         
                    if(doc.getResourceType() == DocumentImpl.BINARY_FILE)
                    {
                        throw new XPathException("Document " + path + " is a binary resource, not an XML document. Please consider using the function util:binary-doc() to retrieve a reference to it.");
View Full Code Here
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
                public Void withBroker(final DBBroker broker) throws XMLDBException, LockException, PermissionDeniedException, IOException, EXistException, TriggerException, SyntaxException {
                    return modifyResource(broker, resource, new DatabaseItemModifier<DocumentImpl, Void>(){
                        @Override
                        public Void modify(DocumentImpl document) throws PermissionDeniedException, SyntaxException, LockException {
                            if(!document.getPermissions().validate(user, Permission.WRITE)) {
                                throw new PermissionDeniedException("User is not allowed to lock resource " + resourceId);
                            }

                            final SecurityManager manager = broker.getBrokerPool().getSecurityManager();
                            if(!(user.equals(u) || manager.hasAdminPrivileges(user))) {
                                throw new PermissionDeniedException("User " + user.getName() + " is not allowed to lock resource '" + resourceId + "' for user " + u.getName());
                            }

                            final Account lockOwner = document.getUserLock();

                            if(lockOwner != null) {
                                if(lockOwner.equals(u)) {
                                    return null;
                                } else if(!manager.hasAdminPrivileges(user)) {
                                    throw new PermissionDeniedException("Resource '" + resourceId + "' is already locked by user " + lockOwner.getName());
                                }
                            }

                            document.setUserLock(u);
View Full Code Here
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
                public Void withBroker(final DBBroker broker) throws XMLDBException, LockException, PermissionDeniedException, IOException, EXistException, TriggerException, SyntaxException {
                    return modifyResource(broker, resource, new DatabaseItemModifier<DocumentImpl, Void>(){
                        @Override
                        public Void modify(DocumentImpl document) throws PermissionDeniedException, SyntaxException, LockException {
                            if(!document.getPermissions().validate(user, Permission.WRITE)) {
        throw new PermissionDeniedException("User is not allowed to lock resource '" + resourceId + "'");
                            }
     
                           
                            final Account lockOwner = document.getUserLock();
     
                            final SecurityManager manager = broker.getBrokerPool().getSecurityManager();
                            if(lockOwner != null && !(lockOwner.equals(user) || manager.hasAdminPrivileges(user))) {
                                throw new PermissionDeniedException("Resource '" + resourceId + "' is already locked by user " + lockOwner.getName());
                            }
                           
                            document.setUserLock(null);
                           
                            return null;
View Full Code Here
500
501
502
503
504
505
506
507
508
509
510
                throw new ResourceError("XInclude: no document found at URI: " + externalUri.toString());
            }
            else if(httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK)
            {
                //TODO : return another type
                throw new PermissionDeniedException("Server returned code " + httpConnection.getResponseCode());
            }
        }

        // we use eXist's in-memory DOM implementation
        final SAXParserFactory factory = SAXParserFactory.newInstance();
View Full Code Here
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
     * @throws IOException
     */
    public void read(final DBBroker broker, final VariableByteInput istream) throws IOException, PermissionDeniedException {
        collectionId = istream.readInt();
        if (collectionId < 0) {
            throw new PermissionDeniedException("Internal error reading collection: invalid collection id");
        }
        final int collLen = istream.readInt();
        subCollections = new ObjectHashSet<XmldbURI>(collLen == 0 ? 19 : collLen); //TODO what is this number 19?
        for (int i = 0; i < collLen; i++) {
            subCollections.add(XmldbURI.create(istream.readUTF()));
        }
       
        permissions.read(istream);

        created = istream.readLong();
       
        if(!permissions.validate(broker.getSubject(), Permission.EXECUTE)) {
            throw new PermissionDeniedException("Permission denied to open the Collection " + path);
        }
       
        final Collection col = this;
        broker.getCollectionResources(new InternalAccess() {
            @Override
View Full Code Here
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
     *
     * @param  name  Description of the Parameter
     */
    public void removeCollection(final DBBroker broker, final XmldbURI name) throws LockException, PermissionDeniedException {
        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.WRITE)) {
            throw new PermissionDeniedException("Permission denied to read collection: " + path);
        }
       
        try {
            getLock().acquire(Lock.WRITE_LOCK);
            subCollections.remove(name);
View Full Code Here
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
     * @param  docUri
     */
    public void removeXMLResource(final Txn transaction, final DBBroker broker, final XmldbURI docUri) throws PermissionDeniedException, TriggerException, LockException {
       
        if(!getPermissionsNoLock().validate(broker.getSubject(), Permission.WRITE)) {
            throw new PermissionDeniedException("Permission denied to write collection: " + path);
        }
       
        DocumentImpl doc = null;
       
        final BrokerPool db = broker.getBrokerPool();
View Full Code Here
TOP

Related Classes of org.exist.security.PermissionDeniedException

  • org.exist.atom.modules.AtomFeeds
  • org.exist.atom.modules.AtomProtocol
  • org.exist.collections.Collection
  • org.exist.http.RESTServer
  • org.exist.security.internal.aider.UserAider
  • org.exist.security.internal.RealmImpl
  • org.exist.security.realm.ldap.LDAPRealm
  • org.exist.security.realm.oauth.OAuthRealm
  • org.exist.security.xacml.ExistPDP
  • org.exist.soap.AdminSoapBindingImpl
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.