Exemple #1
0
 public static void rollbackTransaction() {
   OGraphDatabase db = getConnection();
   if (isInTransaction()) {
     Logger.trace("Rollback transaction");
     db.rollback();
   }
 }
Exemple #2
0
 public static void requestTransaction() {
   OGraphDatabase db = getConnection();
   if (!isInTransaction()) {
     Logger.trace("Begin transaction");
     db.begin();
   }
 }
Exemple #3
0
 public static void commitTransaction() {
   OGraphDatabase db = getConnection();
   if (isInTransaction()) {
     Logger.trace("Commit transaction");
     db.commit();
   }
 }
Exemple #4
0
 public static void dropOrientDefault() {
   Logger.trace("Method Start");
   OGraphDatabase db = DbHelper.getConnection();
   db.getMetadata().getSecurity().dropUser("reader");
   db.getMetadata().getSecurity().dropUser("writer");
   db.getMetadata().getSecurity().dropRole("reader");
   db.getMetadata().getSecurity().dropRole("writer");
   Logger.trace("Method End");
 }
Exemple #5
0
  @Test
  public void multipleDatabasesSameThread() throws IOException {
    OGraphDatabase db1 = OGraphDatabasePool.global().acquire(DB_URL, "admin", "admin");
    ODocument doc1 = db1.createVertex();

    doc1.field("key", "value");
    doc1.save();
    db1.close();

    OGraphDatabase db2 = OGraphDatabasePool.global().acquire(DB_URL, "admin", "admin");

    ODocument doc2 = db2.createVertex();
    doc2.field("key", "value");
    doc2.save();
    db2.close();

    db1 = OGraphDatabasePool.global().acquire(DB_URL, "admin", "admin");

    final List<?> result =
        db1.query(
            new OSQLSynchQuery<ODocument>(
                "select out[weight=3].size() from V where out.size() > 0"));

    doc1 = db1.createVertex();
    doc1.field("newkey", "newvalue");
    doc1.save();
    db1.close();
  }
Exemple #6
0
 public static void createDefaultUsers() throws Exception {
   Logger.trace("Method Start");
   // the baasbox default user used to connect to the DB like anonymous user
   String username = BBConfiguration.getBaasBoxUsername();
   String password = BBConfiguration.getBaasBoxPassword();
   UserService.signUp(
       username, password, DefaultRoles.ANONYMOUS_USER.toString(), null, null, null, null);
   OGraphDatabase db = DbHelper.getConnection();
   OUser admin = db.getMetadata().getSecurity().getUser("admin");
   admin.setPassword(BBConfiguration.configuration.getString(BBConfiguration.ADMIN_PASSWORD));
   admin.save();
   Logger.trace("Method End");
 }
Exemple #7
0
 public static OCommandRequest selectCommandBuilder(
     String from, boolean count, QueryParams criteria) throws SqlInjectionException {
   OGraphDatabase db = DbHelper.getConnection();
   OCommandRequest command =
       db.command(
           new OSQLSynchQuery<ODocument>(selectQueryBuilder(from, count, criteria))
               .setFetchPlan(fetchPlan.replace("?", criteria.getDepth().toString())));
   if (!command.isIdempotent()) throw new SqlInjectionException();
   Logger.debug("commandBuilder: ");
   Logger.debug("  " + criteria.toString());
   Logger.debug("  " + command.toString());
   return command;
 }
  @Test
  public void testQueryIsolation() {
    OGraphDatabase db = new OGraphDatabase(url);
    db.open("admin", "admin");

    try {
      db.begin();

      ODocument v1 = db.createVertex();
      v1.field("purpose", "testQueryIsolation");
      v1.save();

      if (!url.startsWith("remote")) {
        List<OIdentifiable> result =
            db.query(
                new OSQLSynchQuery<Object>("select from V where purpose = 'testQueryIsolation'"));
        Assert.assertEquals(result.size(), 1);
      }

      db.commit();

      List<OIdentifiable> result =
          db.query(
              new OSQLSynchQuery<Object>("select from V where purpose = 'testQueryIsolation'"));
      Assert.assertEquals(result.size(), 1);

    } finally {
      db.close();
    }
  }
Exemple #9
0
  public static void populateDB(OGraphDatabase db) throws IOException {
    Logger.info("Populating the db...");
    InputStream is;
    if (Play.application().isProd()) is = Play.application().resourceAsStream(SCRIPT_FILE_NAME);
    else is = new FileInputStream(Play.application().getFile("conf/" + SCRIPT_FILE_NAME));
    List<String> script = IOUtils.readLines(is, "UTF-8");
    is.close();

    for (String line : script) {
      Logger.debug(line);
      if (!line.startsWith("--") && !line.trim().isEmpty()) { // skip comments
        db.command(new OCommandSQL(line.replace(';', ' '))).execute();
      }
    }
    Logger.info("...done");
  }
  @Test
  public void deletesWithinTransactionArentWorking() throws IOException {
    OGraphDatabase db = new OGraphDatabase(url);
    db.open("admin", "admin");

    try {
      if (db.getVertexType("Foo") == null) db.createVertexType("Foo");
      if (db.getVertexType("Bar") == null) db.createVertexType("Bar");
      if (db.getVertexType("Sees") == null) db.createEdgeType("Sees");

      // Commenting out the transaction will result in the test succeeding.
      db.begin(TXTYPE.OPTIMISTIC);
      ODocument foo = (ODocument) db.createVertex("Foo").field("prop", "test1").save();

      // Comment out these two lines and the test will succeed. The issue appears to be related to
      // an edge
      // connecting a deleted vertex during a transaction
      ODocument bar = (ODocument) db.createVertex("Bar").field("prop", "test1").save();
      ODocument sees = db.createEdge(foo, bar, "Sees");
      db.commit();

      List<ODocument> foos = db.query(new OSQLSynchQuery("select * from Foo"));
      Assert.assertEquals(foos.size(), 1);

      db.begin(TXTYPE.OPTIMISTIC);
      db.removeVertex(foos.get(0));
      db.commit();

    } finally {
      db.close();
    }
  }
  @Test
  public void testConsistencyOnDelete() {
    OGraphDatabase db = new OGraphDatabase(url);
    db.open("admin", "admin");

    if (db.getVertexType("Foo") == null) db.createVertexType("Foo");

    try {
      // Step 1
      // Create several foo's
      db.createVertex("Foo").field("address", "test1").save();
      db.createVertex("Foo").field("address", "test2").save();
      db.createVertex("Foo").field("address", "test3").save();

      // just show what is there
      List<ODocument> result = db.query(new OSQLSynchQuery<ODocument>("select * from Foo"));

      for (ODocument d : result) {
        System.out.println("Vertex: " + d);
      }

      // remove those foos in a transaction
      // Step 2
      db.begin(TXTYPE.OPTIMISTIC);

      // Step 3a
      result = db.query(new OSQLSynchQuery<ODocument>("select * from Foo where address = 'test1'"));
      Assert.assertEquals(1, result.size());
      // Step 4a
      db.removeVertex(result.get(0));

      // Step 3b
      result = db.query(new OSQLSynchQuery<ODocument>("select * from Foo where address = 'test2'"));
      Assert.assertEquals(1, result.size());
      // Step 4b
      db.removeVertex(result.get(0));

      // Step 3c
      result = db.query(new OSQLSynchQuery<ODocument>("select * from Foo where address = 'test3'"));
      Assert.assertEquals(1, result.size());
      // Step 4c
      db.removeVertex(result.get(0));

      // Step 6
      db.commit();

      // just show what is there
      result = db.query(new OSQLSynchQuery<ODocument>("select * from Foo"));

      for (ODocument d : result) {
        System.out.println("Vertex: " + d);
      }

    } finally {
      db.close();
    }
  }
Exemple #12
0
  /**
   * * Login the user. parameters: username password appcode: the App Code (API KEY) login_data:
   * json serialized string containing info related to the device used by the user. In particular,
   * for push notification, must by supplied: deviceId os: (android|ios)
   *
   * @return
   * @throws SqlInjectionException
   */
  @With({NoUserCredentialWrapFilter.class})
  @BodyParser.Of(BodyParser.FormUrlEncoded.class)
  public static Result login() throws SqlInjectionException {
    Map<String, String[]> body = request().body().asFormUrlEncoded();
    if (body == null) return badRequest("missing data: is the body x-www-form-urlencoded?");
    String username = "";
    String password = "";
    String appcode = "";
    String loginData = null;
    if (body.get("username") == null) return badRequest("The 'username' field is missing");
    else username = body.get("username")[0];
    if (body.get("password") == null) return badRequest("The 'password' field is missing");
    else password = body.get("password")[0];
    if (body.get("appcode") == null) return badRequest("The 'appcode' field is missing");
    else appcode = body.get("appcode")[0];
    Logger.debug("Username " + username);
    Logger.debug("Password " + password);
    Logger.debug("Appcode" + appcode);
    if (username.equalsIgnoreCase(BBConfiguration.getBaasBoxAdminUsername())
        || username.equalsIgnoreCase(BBConfiguration.getBaasBoxAdminUsername()))
      return forbidden(username + " cannot login");

    if (body.get("login_data") != null) loginData = body.get("login_data")[0];
    Logger.debug("LoginData" + loginData);

    /* other useful parameter to receive and to store...*/
    // validate user credentials
    OGraphDatabase db = null;
    try {
      db = DbHelper.open(appcode, username, password);
      if (loginData != null) {
        JsonNode loginInfo = null;
        try {
          loginInfo = Json.parse(loginData);
        } catch (Exception e) {
          Logger.debug("Error parsong login_data field");
          Logger.debug(ExceptionUtils.getFullStackTrace(e));
          return badRequest("login_data field is not a valid json string");
        }
        Iterator<Entry<String, JsonNode>> it = loginInfo.getFields();
        HashMap<String, Object> data = new HashMap<String, Object>();
        while (it.hasNext()) {
          Entry<String, JsonNode> element = it.next();
          String key = element.getKey();
          Object value = element.getValue().asText();
          data.put(key, value);
        }
        UserService.registerDevice(data);
      }
    } catch (OSecurityAccessException e) {
      Logger.debug("UserLogin: "******"user " + username + " unauthorized");
    } catch (InvalidAppCodeException e) {
      Logger.debug("UserLogin: "******"user " + username + " unauthorized");
    } finally {
      if (db != null && !db.isClosed()) db.close();
    }
    ImmutableMap<SessionKeys, ? extends Object> sessionObject =
        SessionTokenProvider.getSessionTokenProvider().setSession(appcode, username, password);
    response()
        .setHeader(SessionKeys.TOKEN.toString(), (String) sessionObject.get(SessionKeys.TOKEN));
    ObjectNode result = Json.newObject();
    result.put(SessionKeys.TOKEN.toString(), (String) sessionObject.get(SessionKeys.TOKEN));
    return ok(result);
  }
Exemple #13
0
 public static boolean isInTransaction() {
   OGraphDatabase db = getConnection();
   return !(db.getTransaction() instanceof OTransactionNoTx);
 }
Exemple #14
0
  public static void createDefaultRoles() {
    Logger.trace("Method Start");
    OGraphDatabase db = DbHelper.getConnection();
    final ORole anonymousUserRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.ANONYMOUS_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    anonymousUserRole.save();
    final ORole registeredUserRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.REGISTERED_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    registeredUserRole.save();

    final ORole backOfficeRole =
        db.getMetadata()
            .getSecurity()
            .createRole(DefaultRoles.BACKOFFICE_USER.toString(), ORole.ALLOW_MODES.DENY_ALL_BUT);
    backOfficeRole.save();

    registeredUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.SCHEMA,
        ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    registeredUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
    registeredUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);

    backOfficeRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.SCHEMA,
        ORole.PERMISSION_READ + ORole.PERMISSION_CREATE + ORole.PERMISSION_UPDATE);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_ALL);
    backOfficeRole.addRule(
        ODatabaseSecurityResources.BYPASS_RESTRICTED,
        ORole.PERMISSION_ALL); // the backoffice users can access and manipulate all records

    anonymousUserRole.addRule(ODatabaseSecurityResources.DATABASE, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.SCHEMA, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(
        ODatabaseSecurityResources.CLUSTER + "." + OMetadata.CLUSTER_INTERNAL_NAME,
        ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".orole", ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.CLUSTER + ".ouser", ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLASSES, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.ALL_CLUSTERS, 7);
    anonymousUserRole.addRule(ODatabaseSecurityResources.COMMAND, ORole.PERMISSION_READ);
    anonymousUserRole.addRule(ODatabaseSecurityResources.RECORD_HOOK, ORole.PERMISSION_READ);

    anonymousUserRole.save();
    registeredUserRole.save();
    Logger.trace("Method End");
  }