Package org.exist.security

Examples of org.exist.security.Subject

361
362
363
364
365
366
367
368
369
370
371
   * @see org.exist.xmldb.EXistResource#getLastModificationTime()
   */
  public Date getLastModificationTime() throws XMLDBException {
        if (isNewResource)
            {throw new XMLDBException(ErrorCodes.INVALID_RESOURCE, "The resource has not yet been stored");}
    final Subject preserveSubject = pool.getSubject();
    DBBroker broker = null;
    try {
      broker = pool.get(user);
      final BinaryDocument blob = (BinaryDocument)getDocument(broker, Lock.NO_LOCK);
      return new Date(blob.getMetadata().getLastModified());
View Full Code Here
381
382
383
384
385
386
387
388
389
390
391
     * @see org.exist.xmldb.AbstractEXistResource#getMimeType()
     */
    public String getMimeType() throws XMLDBException {
        if (isNewResource)
            {return mimeType;}
    final Subject preserveSubject = pool.getSubject();
        DBBroker broker = null;
        try {
            broker = pool.get(user);
            final BinaryDocument blob = (BinaryDocument)getDocument(broker, Lock.NO_LOCK);
            mimeType = blob.getMetadata().getMimeType();
View Full Code Here
402
403
404
405
406
407
408
409
410
411
412
   * @see org.exist.xmldb.EXistResource#getMode()
   */
  public Permission getPermissions() throws XMLDBException {
        if (isNewResource)
            {throw new XMLDBException(ErrorCodes.INVALID_RESOURCE, "The resource has not yet been stored");}
    final Subject preserveSubject = pool.getSubject();
      DBBroker broker = null;
      try {
          broker = pool.get(user);
        final DocumentImpl document = getDocument(broker, Lock.NO_LOCK);
      return document != null ? document.getPermissions() : null;
View Full Code Here
422
423
424
425
426
427
428
429
430
431
432
   * @see org.exist.xmldb.EXistResource#getContentLength()
   */
  public long getContentLength() throws XMLDBException {
        if (isNewResource)
            {throw new XMLDBException(ErrorCodes.INVALID_RESOURCE, "The resource has not yet been stored");}
    final Subject preserveSubject = pool.getSubject();
    DBBroker broker = null;
    try {
      broker = pool.get(user);
      final DocumentImpl document = getDocument(broker, Lock.NO_LOCK);
      return document.getContentLength();
View Full Code Here
99
100
101
102
103
104
105
106
107
108
109
            final Account account = sm.getAccount(userName);
            if(account != null) {
                account.addGroup(group);
               
                //TEMP - ESCALATE TO DBA :-(
                /**
                 * Security Manager has a fundamental flaw
                 * Group Membership is stored in the Account XML: so you cannot
                 * add a user to a group without modifying the users XML
                 * this is a security issue as if you are not that user
                 * you have to escalate to DBA - must redesign
View Full Code Here
140
141
142
143
144
145
146
147
148
149
150
    }

    if (ldapUser) {
      AbstractAccount account = (AbstractAccount) getAccount(username);
      if (account == null) {
        Subject currentSubject = getDatabase().getSubject();
                DBBroker broker = null;
        try {
                    broker = getDatabase().get(null);

                    //elevate to system privs
View Full Code Here
434
435
436
437
438
439
440
441
442
443
444
        }
        if(modeStr.indexOf(Permission.EXECUTE_CHAR) > -1) {
            mode |= Permission.EXECUTE;
        }
       
        final Subject effectiveSubject = context.getEffectiveUser();
        try {
            final boolean hasAccess = getPermissions(pathUri).validate(effectiveSubject, mode);
            return BooleanValue.valueOf(hasAccess);
        } catch(final XPathException xpe) {
            LOG.error(xpe.getMessage(), xpe);
View Full Code Here
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
    }
   
    @Override
    public Sequence eval(final Sequence[] args, final Sequence contextSequence) throws XPathException {
        final DBBroker broker = getContext().getBroker();
        final Subject currentUser = broker.getSubject();
        final SecurityManager securityManager = broker.getBrokerPool().getSecurityManager();
       
        final String username = args[0].getStringValue();
       
        if(isCalledAs(qnIsAccountEnabled.getLocalName())) {
            if(!currentUser.hasDbaRole() && !currentUser.getName().equals(username)) {
                throw new XPathException("You must be a DBA or be enquiring about your own account!");
            }
            final Account account = securityManager.getAccount(username);
            return new BooleanValue(account.isEnabled());
        } else if(isCalledAs(qnSetAccountEnabled.getLocalName())) {
            if(!currentUser.hasDbaRole()) {
                throw new XPathException("You must be a DBA to change the status of an account!");
            }
           
            final boolean enable = args[1].effectiveBooleanValue();
           
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
            // map's the path if a mapping is specified in the descriptor
            path = descriptor.mapPath(path);
        }

        // third, authenticate the user
        final Subject user = authenticate(request, response);
        if (user == null) {
            // You now get a challenge if there is no user
            // response.sendError(HttpServletResponse.SC_FORBIDDEN,
            // "Permission denied: unknown user or password");
            return;
        }

        DBBroker broker = null;
        try {
            final XmldbURI dbpath = XmldbURI.create(path);
            broker = getPool().get(user);
            final Collection collection = broker.getCollection(dbpath);
            if (collection != null) {
                response.sendError(400, "A PUT request is not allowed against a plain collection path.");
                return;
            }
            srvREST.doPut(broker, dbpath, request, response);

        } catch (final BadRequestException e) {
            if (response.isCommitted()) {
                throw new ServletException(e.getMessage(), e);
            }
            response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
        } catch (final PermissionDeniedException e) {
            // If the current user is the Default User and they do not have permission
            // then send a challenge request to prompt the client for a username/password.
            // Else return a FORBIDDEN Error
            if (user != null && user.equals(getDefaultUser())) {
                getAuthenticator().sendChallenge(request, response);
            } else {
                response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
            }
        } catch (final EXistException e) {
View Full Code Here
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
            // map's the path if a mapping is specified in the descriptor
            path = descriptor.mapPath(path);
        }

        // third, authenticate the user
        final Subject user = authenticate(request, response);
        if (user == null) {
            // You now get a challenge if there is no user
            // response.sendError(HttpServletResponse.SC_FORBIDDEN,
            // "Permission denied: unknown user " + "or password");
            return;
        }

        // fourth, process the request
        DBBroker broker = null;
        try {
            broker = getPool().get(user);

            // Route the request
            if (path.indexOf(SOAPServer.WEBSERVICE_MODULE_EXTENSION) > -1) {
                // SOAP Server
                srvSOAP.doGet(broker, request, response, path);
            } else {
                // REST Server
                srvREST.doGet(broker, request, response, path);
            }
           
        } catch (final BadRequestException e) {
            if (response.isCommitted()) {
                throw new ServletException(e.getMessage());
            }
            response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());

        } catch (final PermissionDeniedException e) {
            // If the current user is the Default User and they do not have permission
            // then send a challenge request to prompt the client for a username/password.
            // Else return a FORBIDDEN Error
            if (user != null && user.equals(getDefaultUser())) {
                getAuthenticator().sendChallenge(request, response);
            } else {
                response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
            }
        } catch (final NotFoundException e) {
View Full Code Here
TOP

Related Classes of org.exist.security.Subject

  • org.exist.atom.http.AtomServlet
  • org.exist.backup.SystemImport
  • org.exist.collections.CollectionRemovalTest
  • org.exist.config.Configurator
  • org.exist.deadlocks.GetReleaseBrokerDeadlocks$EnterServiceMode
  • org.exist.deadlocks.GetReleaseBrokerDeadlocks$GetRelease
  • org.exist.dom.DocumentImplTest
  • org.exist.extensions.exquery.restxq.impl.RestXqServlet
  • org.exist.http.AuditTrailSessionListener
  • org.exist.http.servlets.BasicAuthenticator
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.