Examples of org.exist.security.SecurityManager

org.exist.security.SecurityManager
SecurityManager is responsible for managing users and groups. There's only one SecurityManager for each database instance, which may be obtained by {@link BrokerPool#getSecurityManager()}.

    public void copyOf_calls_metadata_copyOf() {
        BrokerPool mockBrokerPool = EasyMock.createMock(BrokerPool.class);
        Database mockDatabase = EasyMock.createMock(Database.class);
        Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
        Group mockCurrentSubjectGroup= EasyMock.createMock(Group.class);
        SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
        PermissionFactory.sm = mockSecurityManager;


        //test values
        final TestableDocumentMetadata docMetadata = new TestableDocumentMetadata();
        final DocumentMetadata otherMetadata = new DocumentMetadata();


        //expectations
        expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(2);
        expect(mockDatabase.getSubject()).andReturn(mockCurrentSubject).times(2);
        expect(mockCurrentSubject.getUserMask()).andReturn(Permission.DEFAULT_UMASK).times(2);
        expect(mockCurrentSubject.getId()).andReturn(RealmImpl.SYSTEM_ACCOUNT_ID).times(2);
        expect(mockCurrentSubject.getDefaultGroup()).andReturn(mockCurrentSubjectGroup).times(2);
        expect(mockCurrentSubjectGroup.getId()).andReturn(RealmImpl.DBA_GROUP_ID).times(2);

View Full Code Here

    public void copyOf_updates_metadata_created_and_lastModified() {
        BrokerPool mockBrokerPool = EasyMock.createMock(BrokerPool.class);
        Database mockDatabase = EasyMock.createMock(Database.class);
        Subject mockCurrentSubject = EasyMock.createMock(Subject.class);
        Group mockCurrentSubjectGroup= EasyMock.createMock(Group.class);
        SecurityManager mockSecurityManager = EasyMock.createMock(SecurityManager.class);
        PermissionFactory.sm = mockSecurityManager;


        //test values
        final DocumentMetadata docMetadata = new TestableDocumentMetadata();
        final DocumentMetadata otherMetadata = new DocumentMetadata();
        final long otherCreated = System.currentTimeMillis() - 2000;
        final long otherLastModified = System.currentTimeMillis() - 1000;


        //expectations
        expect(mockSecurityManager.getDatabase()).andReturn(mockDatabase).times(2);
        expect(mockDatabase.getSubject()).andReturn(mockCurrentSubject).times(2);
        expect(mockCurrentSubject.getUserMask()).andReturn(Permission.DEFAULT_UMASK).times(2);
        expect(mockCurrentSubject.getId()).andReturn(RealmImpl.SYSTEM_ACCOUNT_ID).times(2);
        expect(mockCurrentSubject.getDefaultGroup()).andReturn(mockCurrentSubjectGroup).times(2);
        expect(mockCurrentSubjectGroup.getId()).andReturn(RealmImpl.DBA_GROUP_ID).times(2);

View Full Code Here

        manager.getScheduler().createCronJob(cronExpression, jobDescription, null, true);
    }


    private Subject getSubject() {
        final Subject subject;
        final SecurityManager sm = manager.getDatabase().getSecurityManager();
        if(account == null || account.isEmpty()) {
            subject = manager.getDatabase().getSecurityManager().getGuestSubject();
        } else {
            final AbstractAccount acc = (AbstractAccount) sm.getAccount(account);
            if(acc == null) {
                //UNDERSTAND: error better here?
                subject = sm.getGuestSubject();
            } else {
                subject = new SubjectAccreditedImpl(acc, this);
            }
        }
        return subject;

View Full Code Here

    final DBBroker broker = context.getBroker();
    final Subject currentUser = broker.getSubject();


    try {


      final SecurityManager sm = broker.getBrokerPool().getSecurityManager();


      // add the current user as a group manager
      group.addManager(currentUser);


      if (args.length == 2) {
        // add the additional group managers, this also makes sure they
        // all exist first!
        for (final SequenceIterator i = args[1].iterate(); i.hasNext();) {
          final String groupManager = i.nextItem().getStringValue();


          final Account groupManagerAccount = sm.getAccount(groupManager);
          if (groupManagerAccount == null) {
            logger.error("Could not find the user: " + groupManager);
            // throw exception is better -shabanovd
            return BooleanValue.FALSE;
          }
          group.addManager(groupManagerAccount);
        }
      }


      // create the group
      group = sm.addGroup(group);


            //TEMP - ESCALATE TO DBA :-(
            //START TEMP - we also need to make every manager a member of the group otherwise
            //they do not show up as group members automatically - this is a design problem because group
            //membership is managed on the user and not the group, this needs to be fixed!
            //see XMLDBAddUserToGroup and XMLDBRemoveUserFromGroup also
            final Subject currentSubject = context.getBroker().getSubject();
            try {
                //escalate
                context.getBroker().setSubject(sm.getSystemSubject());


                //perform action
                for(final Account manager : group.getManagers()) {
                    manager.addGroup(group);
                    sm.updateAccount(manager);
                }
            } finally {
                context.getBroker().setSubject(currentSubject);
            }
            //END TEMP

View Full Code Here

            if (conf != null) {
                conf.checkForUpdates((ElementAtExist) document.getDocumentElement());
            }
            if (documentPath.toString().equals(ConverterFrom1_0.LEGACY_USERS_DOCUMENT_PATH)) {
                try {
                  final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
                    ConverterFrom1_0.convert(sm, document);
                } catch (final PermissionDeniedException pde) {
                    LOG.error(pde.getMessage(), pde);
                    //TODO : raise exception ? -pb
                } catch (final EXistException ee) {

View Full Code Here

        }


        //TODO : use XmldbURI methos ! not String.equals()
        if (uri.toString().equals(ConverterFrom1_0.LEGACY_USERS_DOCUMENT_PATH)) {
            try {
              final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
                ConverterFrom1_0.convert(sm, document);
            } catch (final PermissionDeniedException pde) {
                LOG.error(pde.getMessage(), pde);
                //TODO : raise exception ? -pb
            } catch (final EXistException ee) {

View Full Code Here


        //if needed, update old style id to new style id
        final AttributesImpl attrs = new AttributesImpl(migrateIdAttribute(start.attributes, principalType));


        //check if there is a name collision, i.e. another principal with the same name
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        final String principalName = findName();
        final Principal existingPrincipleByName = principalName != null ? principalType.getPrincipal(sm, principalName) : null;


        final int newId;
        if(existingPrincipleByName != null) {

View Full Code Here

                result = getAllGroupMetadataKeys();
            } else {
                throw new XPathException("Unknown function");
            }
        } else {
            final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
            final String strPrincipal = args[0].getStringValue();
            final Principal principal;
            if(isCalledAs(qnGetAccountMetadataKeys.getLocalName()) || isCalledAs(qnGetAccountMetadata.getLocalName())) {
                if(!currentUser.hasDbaRole() && !currentUser.getUsername().equals(strPrincipal)) {
                    throw new XPathException("You must be a DBA to retrieve metadata about other users, otherwise you may only retrieve metadata about yourself.");
                }
                principal = securityManager.getAccount(strPrincipal);
            } else if(isCalledAs(qnGetGroupMetadataKeys.getLocalName()) || isCalledAs(qnGetGroupMetadata.getLocalName())) {
                if(!currentUser.hasDbaRole() && !currentUser.hasGroup(strPrincipal)) {
                    throw new XPathException("You must be a DBA to retrieve metadata about other groups, otherwise you may only retrieve metadata about groups you are a member of.");
                }
                principal = securityManager.getGroup(strPrincipal);
            } else {
                throw new XPathException("Unknown function");
            }
            
            if(isCalledAs(qnGetAccountMetadataKeys.getLocalName()) || isCalledAs(qnGetGroupMetadataKeys.getLocalName())) {

View Full Code Here

    public Sequence eval(Sequence[] args, Sequence contextSequence) throws XPathException {


        final DBBroker broker = getContext().getBroker();
        final Subject currentUser = broker.getSubject();


        final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
        
        final Sequence result;
        
        if(isCalledAs(qnListUsers.getLocalName())) {
            result = new ValueSequence();
            if(currentUser.getName().equals(SecurityManager.GUEST_USER)) {
                result.add(new StringValue(SecurityManager.GUEST_USER));
            } else {
                addUserNamesToSequence(securityManager.findAllUserNames(), result);
            }
        } else {
        
            if(currentUser.getName().equals(SecurityManager.GUEST_USER)) {
                throw new XPathException("You must be an authenticated user");
            }
            
            if(isCalledAs(qnUserExists.getLocalName())) {
                 final String username = args[0].getStringValue();
                 result = BooleanValue.valueOf(securityManager.hasAccount(username));
            } else {
                result = new ValueSequence();
                final String startsWith = args[0].getStringValue();


                final List<String> usernames;
                if(isCalledAs(qnFindUsersByUsername.getLocalName())) {
                    usernames = securityManager.findUsernamesWhereUsernameStarts(startsWith);
                } else if(isCalledAs(qnFindUsersByName.getLocalName())) {
                    usernames = securityManager.findUsernamesWhereNameStarts(startsWith);
                } else if(isCalledAs(qnFindUsersByNamePart.getLocalName())) {
                    usernames = securityManager.findUsernamesWhereNamePartStarts(startsWith);
                } else {
                    throw new XPathException("Unknown function");
                }


                addUserNamesToSequence(usernames, result);

View Full Code Here

            throw new XPathException("Unknown function");
        }
    }
    
    private IntegerValue getUMask(final DBBroker broker, final String username) {
       final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
       final Account account = securityManager.getAccount(username);
       return new IntegerValue(account.getUserMask());
    }

View Full Code Here

0 1 2 3 4 5 6

TOP

Related Classes of org.exist.security.SecurityManager

org.exist.config.ConfigurationDocumentTrigger

org.exist.dom.DocumentImpl

org.exist.dom.DocumentImplTest

org.exist.http.servlets.BasicAuthenticator

org.exist.http.servlets.DigestAuthenticator

org.exist.protocolhandler.embedded.EmbeddedUser

org.exist.scheduler.Job

org.exist.security.realm.ldap.xquery.AccountFunctions

org.exist.webdav.ExistResource

org.exist.xmldb.DatabaseImpl

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.