Beispiel #1
0
  private User authenticate(HttpServletRequest request, HttpServletResponse response)
      throws java.io.IOException {
    // First try to validate the principial if passed from the servlet engine
    Principal principal = request.getUserPrincipal();

    if (principal instanceof XmldbPrincipal) {
      String username = ((XmldbPrincipal) principal).getName();
      String password = ((XmldbPrincipal) principal).getPassword();

      LOG.info("Validating Principle: " + principal.getName());
      User user = pool.getSecurityManager().getUser(username);

      if (user != null) {
        if (password.equalsIgnoreCase(user.getPassword())) {
          LOG.info("Valid User: " + user.getName());
          return user;
        } else {
          LOG.info("Password invalid for user: " + username);
        }
        LOG.info("User not found: " + principal.getName());
      }
    }

    String auth = request.getHeader("Authorization");
    if (auth == null && defaultUser != null) {
      return defaultUser;
    }
    return authenticator.authenticate(request, response);
  }
 @Override
 public void updateUser(User user) throws XMLDBException {
   final Account account = new UserAider(user.getName());
   account.setPassword(user.getPassword());
   // TODO: groups
   updateAccount(account);
 }
  /**
   * evaluate the call to the xquery function, it is really the main entry point of this class
   *
   * @param args arguments from the function call
   * @param contextSequence the Context Sequence to operate on (not used here internally!)
   * @return A sequence representing the result of the function call
   * @see org.exist.xquery.BasicFunction#eval(org.exist.xquery.value.Sequence[],
   *     org.exist.xquery.value.Sequence)
   */
  public Sequence eval(Sequence[] args, Sequence contextSequence) throws XPathException {
    String resource = args[0].getStringValue();
    String cronExpression = args[1].getStringValue();

    User user = context.getUser();

    // Check if the user is a DBA
    if (!user.hasDbaRole()) {
      return (BooleanValue.FALSE);
    }

    Object job = null;

    // scheule-xquery-cron-job
    if (isCalledAs("schedule-xquery-cron-job")) {
      job = new UserXQueryJob(null, resource, user);
    }

    // schedule-java-cron-job
    else if (isCalledAs("schedule-java-cron-job")) {
      try {
        // Check if the Class is a UserJob
        Class jobClass = Class.forName(resource);
        job = jobClass.newInstance();
        if (!(job instanceof UserJavaJob)) {
          LOG.error(
              "Cannot Schedule job. Class "
                  + resource
                  + " is not an instance of org.exist.scheduler.UserJavaJob");
          return (BooleanValue.FALSE);
        }
      } catch (ClassNotFoundException cnfe) {
        LOG.error(cnfe);
        return (BooleanValue.FALSE);
      } catch (IllegalAccessException iae) {
        LOG.error(iae);
        return (BooleanValue.FALSE);
      } catch (InstantiationException ie) {
        LOG.error(ie);
        return (BooleanValue.FALSE);
      }
    }

    if (job != null) {
      // schedule the job
      if (scheduler.createCronJob(cronExpression, (UserJob) job, null)) {
        return (BooleanValue.TRUE);
      } else {
        return (BooleanValue.FALSE);
      }
    } else {
      return (BooleanValue.FALSE);
    }
  }
Beispiel #4
0
 private User getDefaultUser() {
   if (defaultUsername != null) {
     User user = pool.getSecurityManager().getUser(defaultUsername);
     if (user != null) {
       if (!user.validate(defaultPassword)) {
         return null;
       }
     }
     return user;
   }
   return null;
 }
Beispiel #5
0
 public Sequence eval(Sequence contextSequence, Item contextItem) throws XPathException {
   Sequence userSeq = getArgument(0).eval(contextSequence, contextItem);
   Sequence passwdSeq = getArgument(1).eval(contextSequence, contextItem);
   if (userSeq.isEmpty()) throw new XPathException(getASTNode(), "No user specified");
   String userName = userSeq.getStringValue();
   String passwd = passwdSeq.getStringValue();
   org.exist.security.SecurityManager security =
       context.getBroker().getBrokerPool().getSecurityManager();
   User user = security.getUser(userName);
   if (user == null) throw new XPathException(getASTNode(), "Authentication failed");
   if (user.validate(passwd)) {
     User oldUser = context.getBroker().getUser();
     try {
       context.getBroker().setUser(user);
       return getArgument(2).eval(contextSequence, contextItem);
     } finally {
       context.getBroker().setUser(oldUser);
     }
   } else throw new XPathException(getASTNode(), "Authentication failed");
 }
Beispiel #6
0
  protected void service(HttpServletRequest request, HttpServletResponse response)
      throws ServletException {
    try {
      // Get the path
      String path = request.getPathInfo();

      if (path == null) {
        response.sendError(
            HttpServletResponse.SC_BAD_REQUEST, "URL has no extra path information specified.");
        return;
      }

      int firstSlash = path.indexOf('/', 1);
      if (firstSlash < 0 && path.length() == 1) {
        response.sendError(400, "Module not specified.");
        return;
      }
      String moduleName = firstSlash < 0 ? path.substring(1) : path.substring(1, firstSlash);
      path = firstSlash < 0 ? "" : path.substring(firstSlash);

      AtomModule module = (AtomModule) modules.get(moduleName);
      if (module == null) {
        response.sendError(400, "Module " + moduleName + " not found.");
        return;
      }

      User user = null;
      if (noAuth.get(moduleName) == null) {
        // Authenticate
        user = authenticate(request, response);
        if (user == null) {
          // You now get a challenge if there is no user
          return;
        }
      }

      final Principal principal = new UserXmldbPrincipal(WebDAV.BASIC_AUTH, user);
      HttpServletRequest wrappedRequest =
          new HttpServletRequestWrapper(request) {
            public Principal getUserPrincipal() {
              return principal;
            }
          };

      // Handle the resource
      DBBroker broker = null;
      try {
        broker = pool.get(user);
        module.process(
            broker,
            new HttpRequestMessage(request, path, '/' + moduleName),
            new HttpResponseMessage(response));
      } catch (NotFoundException ex) {
        LOG.info("Resource " + path + " not found by " + moduleName, ex);
        response.sendError(404, ex.getMessage());
      } catch (PermissionDeniedException ex) {
        LOG.info(
            "Permission denied to " + path + " by " + moduleName + " for " + user.getName(), ex);
        response.sendError(401, ex.getMessage());
      } catch (BadRequestException ex) {
        LOG.info("Bad request throw from module " + moduleName, ex);
        response.sendError(400, ex.getMessage());
      } catch (EXistException ex) {
        LOG.fatal("Exception getting broker from pool for user " + user.getName(), ex);
        response.sendError(500, "Service is not available.");
      } finally {
        pool.release(broker);
      }
    } catch (IOException ex) {
      LOG.fatal("I/O exception on request.", ex);
      try {
        response.sendError(500, "Service is not available.");
      } catch (IOException finalEx) {
        LOG.fatal("Cannot return 500 on exception.", ex);
      }
    }
  }
Beispiel #7
0
 public boolean hasRole(String role) {
   return user.hasGroup(role);
 }
Beispiel #8
0
 public String getPassword() {
   return authMethod == WebDAV.BASIC_AUTH ? user.getPassword() : user.getDigestPassword();
 }
Beispiel #9
0
 public String getName() {
   return user.getName();
 }
 @Override
 public void lockResource(Resource res, User u) throws XMLDBException {
   final Account account = new UserAider(u.getName());
   lockResource(res, account);
 }
 @Override
 public void addUser(User user) throws XMLDBException {
   final Account account = new UserAider(user.getName());
   addAccount(account);
 }