Examples of org.exist.security.Subject

org.exist.security.Subject
@author Dmitriy Shabanov

            // map's the path if a mapping is specified in the descriptor
            path = descriptor.mapPath(path);
        }


        // third, authenticate the user
        final Subject user = authenticate(request, response);
        if (user == null) {
            // You now get a challenge if there is no user
            // response.sendError(HttpServletResponse.SC_FORBIDDEN,
            // "Permission denied: unknown user " + "or password");
            return;
        }


        // fourth, process the request
        DBBroker broker = null;
        try {
            broker = getPool().get(user);
            srvREST.doHead(broker, request, response, path);
        } catch (final BadRequestException e) {
            if (response.isCommitted()) {
                throw new ServletException(e.getMessage(), e);
            }
            response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());


        } catch (final PermissionDeniedException e) {
            // If the current user is the Default User and they do not have permission
            // then send a challenge request to prompt the client for a username/password.
            // Else return a FORBIDDEN Error
            if (user != null && user.equals(getDefaultUser())) {
                getAuthenticator().sendChallenge(request, response);
            } else {
                response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
            }
        } catch (final NotFoundException e) {

View Full Code Here

            // map's the path if a mapping is specified in the descriptor
            path = descriptor.mapPath(path);
        }


        // third, authenticate the user
        final Subject user = authenticate(request, response);
        if (user == null) {
            // You now get a challenge if there is no user
            // response.sendError(HttpServletResponse.SC_FORBIDDEN,
            // "Permission denied: unknown user " + "or password");
            return;
        }


        // fourth, process the request
        DBBroker broker = null;
        try {
            broker = getPool().get(user);
            srvREST.doDelete(broker, path, request, response);
        } catch (final PermissionDeniedException e) {
            // If the current user is the Default User and they do not have permission
            // then send a challenge request to prompt the client for a username/password.
            // Else return a FORBIDDEN Error
            if (user != null && user.equals(getDefaultUser())) {
                getAuthenticator().sendChallenge(request, response);
            } else {
                response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
            }
        } catch (final NotFoundException e) {

View Full Code Here

            // map's the path if a mapping is specified in the descriptor
            path = descriptor.mapPath(path);
        }


        // third, authenticate the user
        final Subject user = authenticate(request, response);
        if (user == null) {
            // You now get a challenge if there is no user
            // response.sendError(HttpServletResponse.SC_FORBIDDEN,
            // "Permission denied: unknown user " + "or password");
            return;
        }


        // fourth, process the request
        DBBroker broker = null;
        try {
            broker = getPool().get(user);


            // Route the request
            if (path.indexOf(SOAPServer.WEBSERVICE_MODULE_EXTENSION) > -1) {
                // SOAP Server
                srvSOAP.doPost(broker, request, response, path);
            } else {
                // REST Server
                srvREST.doPost(broker, request, response, path);
            }
        } catch (final PermissionDeniedException e) {
            // If the current user is the Default User and they do not have permission
            // then send a challenge request to prompt the client for a username/password.
            // Else return a FORBIDDEN Error
            if (user != null && user.equals(getDefaultUser())) {
                getAuthenticator().sendChallenge(request, response);
            } else {
                response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
            }
        } catch (final EXistException e) {

View Full Code Here

      pool = BrokerPool.getInstance();
    } catch (final EXistException e) {
      throw new ServletException(e.getMessage(), e);
    }


    Subject user = pool.getSecurityManager().getGuestSubject();


    Subject requestUser = HttpAccount.getUserFromServletRequest(request);
        if (requestUser != null)
          {user = requestUser;}


        // Retrieve username / password from HTTP request attributes
        final String userParam = (String) request.getAttribute("xslt.user");

View Full Code Here

        String resourcePath = null;
        
        final DatabaseResources databaseResources = new DatabaseResources(brokerPool);
        
        //UNDERSTAND: why using guest account, it can be disabled 
        final Subject user = brokerPool.getSecurityManager().getGuestSubject();
        
        if( xri.getNamespace() !=null ){
            
            // XML Schema search
            LOG.debug("Searching namespace '"+xri.getNamespace()+"' in database from "+collection+"...");

View Full Code Here

            return;
        }


        synchronized (waitingSystemTasks) {
            DBBroker broker = null;
            Subject oldUser = null;
            try {
                broker = pool.get(null);
                oldUser = broker.getSubject();
                broker.setSubject(pool.getSecurityManager().getSystemSubject());
                while (!waitingSystemTasks.isEmpty()) {

View Full Code Here

        
        final Sequence password = getArgument(1).eval(contextSequence, contextItem);
        final String username = usernameResult.getStringValue();
        
        final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
        Subject user;
        try {
            user = sm.authenticate(username, password.getStringValue());
        } catch(final AuthenticationException e) {
            final XPathException exception = new XPathException(this, "Authentication failed", e);
            logger.error("Authentication failed for [" + username + "] because of [" + e.getMessage() + "].", exception);
            throw exception;
        }


        final Subject oldUser = context.getEffectiveUser();
        try {
            logger.info("Setting the effective user to: [" + username + "]");
            broker.setSubject(user);
            return getArgument(2).eval(contextSequence, contextItem);
        } finally {
            logger.info("Returning the effective user to: [" + oldUser.getName() + "]");
            broker.setSubject(oldUser);
        }
    }

View Full Code Here

            //START TEMP - Whilst we can remove the group from the user
            //we cannot update the user because we do not have sufficient permissions
            //in the real world we should not be able to do either. The modelling of group
            //membership as a concern of user data is wrong! Should follow Unix approach.
            //see XMLDBAddUserToGroup also
            final Subject currentSubject = context.getBroker().getSubject();
            try {
                //escalate
                context.getBroker().setSubject(sm.getSystemSubject());


                //perform action

View Full Code Here

    public Sequence eval(Sequence args[], Sequence contextSequence) throws XPathException {


        final String groupName = args[0].getStringValue();


        final DBBroker broker = context.getBroker();
        final Subject currentUser = broker.getSubject();


        if(currentUser.hasGroup(groupName)) {
            return BooleanValue.TRUE;
        } else if(currentUser.hasDbaRole()) {
            final SecurityManager sm = broker.getBrokerPool().getSecurityManager();
            final Group group = sm.getGroup(groupName);
            return BooleanValue.valueOf(group != null);
        } else {
            throw new XPathException("You do not have permission to determine if the group exists");

View Full Code Here

        FullXmldbURI fullURI = null;
        final BrokerPool pool = broker.getBrokerPool();
        final TransactionManager transact = pool.getTransactionManager();
        Txn txn = null;
        LOG.info("Storing configuration " + collection.getURI() + "/" + uri);
        final Subject currentUser = broker.getSubject();
        
        try {
            broker.setSubject(pool.getSecurityManager().getSystemSubject());
            txn = transact.beginTransaction();
            txn.acquireLock(collection.getLock(), Lock.WRITE_LOCK);

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.exist.security.Subject

org.exist.atom.http.AtomServlet

org.exist.backup.SystemImport

org.exist.collections.CollectionRemovalTest

org.exist.config.Configurator

org.exist.deadlocks.GetReleaseBrokerDeadlocks$EnterServiceMode

org.exist.deadlocks.GetReleaseBrokerDeadlocks$GetRelease

org.exist.dom.DocumentImplTest

org.exist.extensions.exquery.restxq.impl.RestXqServlet

org.exist.http.AuditTrailSessionListener

org.exist.http.servlets.BasicAuthenticator

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.