Exemple #1
0
 private void startup(Configuration configuration) throws ServletException {
   if (configuration == null) {
     throw new ServletException("database has not been configured");
   }
   LOG.info("configuring eXist instance");
   try {
     if (!BrokerPool.isConfigured()) {
       BrokerPool.configure(1, 5, configuration);
     }
   } catch (EXistException e) {
     throw new ServletException(e.getMessage());
   } catch (DatabaseConfigurationException e) {
     throw new ServletException(e.getMessage());
   }
   try {
     LOG.info("registering XMLDB driver");
     Class clazz = Class.forName("org.exist.xmldb.DatabaseImpl");
     Database database = (Database) clazz.newInstance();
     DatabaseManager.registerDatabase(database);
   } catch (ClassNotFoundException e) {
     LOG.info("ERROR", e);
   } catch (InstantiationException e) {
     LOG.info("ERROR", e);
   } catch (IllegalAccessException e) {
     LOG.info("ERROR", e);
   } catch (XMLDBException e) {
     LOG.info("ERROR", e);
   }
 }
  @AfterClass
  public static void tearDown() {

    TransactionManager transact = null;
    Txn transaction = null;
    try {
      transact = pool.getTransactionManager();
      transaction = transact.beginTransaction();
      root =
          broker.getOrCreateCollection(
              transaction, XmldbURI.create(XmldbURI.ROOT_COLLECTION + "/test"));
      //          broker.removeCollection(transaction, root);

      transact.commit(transaction);
    } catch (Exception e) {
      if (transaction != null) {
        transact.abort(transaction);
      }
    } finally {
      if (pool != null) pool.release(broker);
    }
    BrokerPool.stopAll(false);
    pool = null;
    root = null;
  }
Exemple #3
0
  /* (non-Javadoc)
   * @see javax.xml.xquery.XQConnection#close()
   */
  public void close() throws XQException {
    try {
      BrokerPool pool = BrokerPool.getInstance();

      pool.release(broker);
      broker = null;
    } catch (EXistException ee) {
      throw new XQException("Unable to return broker to pool");
    }
  }
  private static BrokerPool startDB() throws DatabaseConfigurationException, EXistException {
    String home, file = "conf.xml";
    home = System.getProperty("exist.home");
    if (home == null) {
      home = System.getProperty("user.dir");
    }

    Configuration config = new Configuration(file, home);
    BrokerPool.configure(1, 5, config);
    return BrokerPool.getInstance();
  }
  @BeforeClass
  public static void setUp() throws Exception {
    TransactionManager transact = null;
    Txn transaction = null;
    try {
      pool = startDB();
      broker = pool.get(pool.getSecurityManager().getSystemSubject());
      transact = pool.getTransactionManager();
      transaction = transact.beginTransaction();

      root =
          broker.getOrCreateCollection(
              transaction, XmldbURI.create(XmldbURI.ROOT_COLLECTION + "/test"));
      broker.saveCollection(transaction, root);

      String existHome = System.getProperty("exist.home");
      File existDir = existHome == null ? new File(".") : new File(existHome);
      String directory = "samples/shakespeare";
      File dir = new File(existDir, directory);

      // store some documents.
      for (File f : dir.listFiles(new XMLFilenameFilter())) {
        IndexInfo info =
            root.validateXMLResource(
                transaction,
                broker,
                XmldbURI.create(f.getName()),
                new InputSource(f.toURI().toASCIIString()));
        root.store(transaction, broker, info, new InputSource(f.toURI().toASCIIString()), false);
      }

      IndexInfo info =
          root.validateXMLResource(transaction, broker, XmldbURI.create("nested.xml"), NESTED_XML);
      root.store(transaction, broker, info, NESTED_XML, false);
      transact.commit(transaction);

      // for the tests
      docs = root.allDocs(broker, new DefaultDocumentSet(), true);
      seqSpeech = executeQuery(broker, "//SPEECH", 2628, null);

    } catch (Exception e) {
      if (pool != null) {
        pool.release(broker);
        BrokerPool.stopAll(false);
        pool = null;
        root = null;
      }
      throw e;
    }
  }
Exemple #6
0
  private User authenticate(HttpServletRequest request, HttpServletResponse response)
      throws java.io.IOException {
    // First try to validate the principial if passed from the servlet engine
    Principal principal = request.getUserPrincipal();

    if (principal instanceof XmldbPrincipal) {
      String username = ((XmldbPrincipal) principal).getName();
      String password = ((XmldbPrincipal) principal).getPassword();

      LOG.info("Validating Principle: " + principal.getName());
      User user = pool.getSecurityManager().getUser(username);

      if (user != null) {
        if (password.equalsIgnoreCase(user.getPassword())) {
          LOG.info("Valid User: "******"Password invalid for user: "******"User not found: " + principal.getName());
      }
    }

    String auth = request.getHeader("Authorization");
    if (auth == null && defaultUser != null) {
      return defaultUser;
    }
    return authenticator.authenticate(request, response);
  }
  @Override
  public void addGroup(final Group group) throws XMLDBException {
    final SecurityManager manager = pool.getSecurityManager();

    if (!manager.hasAdminPrivileges(user)) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, " you are not allowed to add role");
    }

    if (manager.hasGroup(group.getName())) {
      throw new XMLDBException(ErrorCodes.VENDOR_ERROR, "group '" + group.getName() + "' exists");
    }

    try {
      executeWithBroker(
          new BrokerOperation<Void>() {
            @Override
            public Void withBroker(DBBroker broker)
                throws XMLDBException, LockException, PermissionDeniedException, IOException,
                    EXistException, TriggerException {
              manager.addGroup(group);
              return null;
            }
          });
    } catch (final Exception e) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
    }
  }
  @Override
  public void setUserPrimaryGroup(final String username, final String groupName)
      throws XMLDBException {
    final SecurityManager manager = pool.getSecurityManager();

    if (!manager.hasGroup(groupName)) {
      throw new XMLDBException(
          ErrorCodes.PERMISSION_DENIED, "Group '" + groupName + "' does not exist!");
    }

    if (!manager.hasAdminPrivileges(user)) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, "Not allowed to modify user");
    }

    try {
      executeWithBroker(
          new BrokerOperation<Void>() {
            @Override
            public Void withBroker(final DBBroker broker)
                throws XMLDBException, LockException, PermissionDeniedException, IOException,
                    EXistException, TriggerException {
              final Account account = manager.getAccount(username);
              final Group group = manager.getGroup(groupName);
              account.setPrimaryGroup(group);
              manager.updateAccount(account);
              return null;
            }
          });
    } catch (final Exception e) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
    }
  }
  private <R> R executeWithBroker(BrokerOperation<R> brokerOperation)
      throws XMLDBException, LockException, PermissionDeniedException, IOException, EXistException,
          TriggerException, SyntaxException {
    final Subject preserveSubject = pool.getSubject();
    DBBroker broker = null;
    try {
      broker = pool.get(user);

      return brokerOperation.withBroker(broker);

    } finally {
      if (broker != null) {
        pool.release(broker);
      }

      if (preserveSubject != null) {
        pool.setSubject(preserveSubject);
      }
    }
  }
Exemple #10
0
 private User getDefaultUser() {
   if (defaultUsername != null) {
     User user = pool.getSecurityManager().getUser(defaultUsername);
     if (user != null) {
       if (!user.validate(defaultPassword)) {
         return null;
       }
     }
     return user;
   }
   return null;
 }
Exemple #11
0
  /**
   * Setup Validator object with brokerpool as db connection.
   *
   * @param pool Brokerpool
   */
  public Validator(BrokerPool pool) {
    logger.info("Initializing Validator.");

    if (brokerPool == null) {
      this.brokerPool = pool;
    }

    // Get configuration
    config = brokerPool.getConfiguration();

    // Check xerces version
    StringBuilder xmlLibMessage = new StringBuilder();
    if (!XmlLibraryChecker.hasValidParser(xmlLibMessage)) {
      logger.error(xmlLibMessage);
    }

    // setup grammar brokerPool
    grammarPool = (GrammarPool) config.getProperty(XMLReaderObjectFactory.GRAMMER_POOL);

    // setup system wide catalog resolver
    systemCatalogResolver =
        (eXistXMLCatalogResolver) config.getProperty(XMLReaderObjectFactory.CATALOG_RESOLVER);
  }
Exemple #12
0
 /* (non-Javadoc)
  * @see javax.servlet.GenericServlet#destroy()
  */
 public void destroy() {
   super.destroy();
   BrokerPool.stopAll(false);
 }
Exemple #13
0
  protected void service(HttpServletRequest request, HttpServletResponse response)
      throws ServletException {
    try {
      // Get the path
      String path = request.getPathInfo();

      if (path == null) {
        response.sendError(
            HttpServletResponse.SC_BAD_REQUEST, "URL has no extra path information specified.");
        return;
      }

      int firstSlash = path.indexOf('/', 1);
      if (firstSlash < 0 && path.length() == 1) {
        response.sendError(400, "Module not specified.");
        return;
      }
      String moduleName = firstSlash < 0 ? path.substring(1) : path.substring(1, firstSlash);
      path = firstSlash < 0 ? "" : path.substring(firstSlash);

      AtomModule module = (AtomModule) modules.get(moduleName);
      if (module == null) {
        response.sendError(400, "Module " + moduleName + " not found.");
        return;
      }

      User user = null;
      if (noAuth.get(moduleName) == null) {
        // Authenticate
        user = authenticate(request, response);
        if (user == null) {
          // You now get a challenge if there is no user
          return;
        }
      }

      final Principal principal = new UserXmldbPrincipal(WebDAV.BASIC_AUTH, user);
      HttpServletRequest wrappedRequest =
          new HttpServletRequestWrapper(request) {
            public Principal getUserPrincipal() {
              return principal;
            }
          };

      // Handle the resource
      DBBroker broker = null;
      try {
        broker = pool.get(user);
        module.process(
            broker,
            new HttpRequestMessage(request, path, '/' + moduleName),
            new HttpResponseMessage(response));
      } catch (NotFoundException ex) {
        LOG.info("Resource " + path + " not found by " + moduleName, ex);
        response.sendError(404, ex.getMessage());
      } catch (PermissionDeniedException ex) {
        LOG.info(
            "Permission denied to " + path + " by " + moduleName + " for " + user.getName(), ex);
        response.sendError(401, ex.getMessage());
      } catch (BadRequestException ex) {
        LOG.info("Bad request throw from module " + moduleName, ex);
        response.sendError(400, ex.getMessage());
      } catch (EXistException ex) {
        LOG.fatal("Exception getting broker from pool for user " + user.getName(), ex);
        response.sendError(500, "Service is not available.");
      } finally {
        pool.release(broker);
      }
    } catch (IOException ex) {
      LOG.fatal("I/O exception on request.", ex);
      try {
        response.sendError(500, "Service is not available.");
      } catch (IOException finalEx) {
        LOG.fatal("Cannot return 500 on exception.", ex);
      }
    }
  }
Exemple #14
0
  /* (non-Javadoc)
   * @see javax.servlet.GenericServlet#init(javax.servlet.ServletConfig)
   */
  public void init(ServletConfig config) throws ServletException {
    super.init(config);

    // Configure BrokerPool
    try {
      if (BrokerPool.isConfigured()) {
        LOG.debug("Database already started. Skipping configuration ...");
      } else {
        // The database isn't started, so we'll start it
        String confFile = config.getInitParameter("configuration");
        String dbHome = config.getInitParameter("basedir");
        String start = config.getInitParameter("start");

        if (confFile == null) {
          confFile = "conf.xml";
        }
        dbHome =
            (dbHome == null)
                ? config.getServletContext().getRealPath(".")
                : config.getServletContext().getRealPath(dbHome);

        LOG.debug("AtomServlet: exist.home=" + dbHome);

        File f = new File(dbHome + File.separator + confFile);
        LOG.debug("reading configuration from " + f.getAbsolutePath());

        if (!f.canRead()) {
          throw new ServletException(
              "configuration file " + confFile + " not found or not readable");
        }
        Configuration configuration = new Configuration(confFile, dbHome);
        if (start != null && start.equals("true")) {
          startup(configuration);
        }
      }
      pool = BrokerPool.getInstance();

      // The default user is used when there is no authentication
      String option = config.getInitParameter("use-default-user");
      boolean useDefaultUser = true;
      if (option != null) {
        useDefaultUser = option.trim().equals("true");
      }
      if (useDefaultUser) {
        option = config.getInitParameter("user");
        if (option != null) {
          defaultUsername = option;
        }
        option = config.getInitParameter("password");
        if (option != null) {
          defaultPassword = option;
        }
        defaultUser = getDefaultUser();
        if (defaultUser != null) {
          LOG.info("Using default user " + defaultUsername + " for all unauthorized requests.");
        } else {
          LOG.error(
              "Default user "
                  + defaultUsername
                  + " cannot be found.  A BASIC AUTH challenge will be the default.");
        }
      } else {
        LOG.info(
            "No default user.  All requires must be authorized or will result in a BASIC AUTH challenge.");
        defaultUser = null;
      }

      // Currently, we only support basic authentication
      authenticator = new BasicAuthenticator(pool);
    } catch (EXistException e) {
      throw new ServletException("No database instance available");
    } catch (DatabaseConfigurationException e) {
      throw new ServletException("Unable to configure database instance: " + e.getMessage(), e);
    }

    // get form and container encoding's
    formEncoding = config.getInitParameter("form-encoding");
    if (formEncoding == null) {
      formEncoding = DEFAULT_ENCODING;
    }
    String containerEncoding = config.getInitParameter("container-encoding");
    if (containerEncoding == null) {
      containerEncoding = DEFAULT_ENCODING;
    }

    // Load all the modules
    // modules = new HashMap<String,AtomModule>();
    modules = new HashMap();
    noAuth = new HashMap();

    String configFileOpt = config.getInitParameter("config-file");
    File dbHome = pool.getConfiguration().getExistHome();
    File atomConf;
    if (configFileOpt == null) atomConf = new File(dbHome, "atom-services.xml");
    else atomConf = new File(config.getServletContext().getRealPath(configFileOpt));
    config
        .getServletContext()
        .log("Checking for atom configuration in " + atomConf.getAbsolutePath());
    if (atomConf.exists()) {
      config.getServletContext().log("Loading configuration " + atomConf.getAbsolutePath());
      DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
      docFactory.setNamespaceAware(true);
      DocumentBuilder docBuilder = null;
      Document confDoc = null;
      InputStream is = null;
      try {
        is = new FileInputStream(atomConf);
        InputSource src = new InputSource(new InputStreamReader(is, formEncoding));
        URI docBaseURI = atomConf.toURI();
        src.setSystemId(docBaseURI.toString());
        docBuilder = docFactory.newDocumentBuilder();
        confDoc = docBuilder.parse(src);

        confDoc.getDocumentElement();

        // Add all the modules
        NodeList moduleConfList = confDoc.getElementsByTagNameNS(CONF_NS, "module");
        for (int i = 0; i < moduleConfList.getLength(); i++) {
          Element moduleConf = (Element) moduleConfList.item(i);
          String name = moduleConf.getAttribute("name");
          if (modules.get(name) != null) {
            throw new ServletException(
                "Module '" + name + "' is configured more than once ( child # " + (i + 1));
          }
          if ("false".equals(moduleConf.getAttribute("authenticate"))) {
            noAuth.put(name, Boolean.TRUE);
          }
          String className = moduleConf.getAttribute("class");
          if (className != null && className.length() > 0) {
            try {
              Class moduleClass = Class.forName(className);
              AtomModule amodule = (AtomModule) moduleClass.newInstance();
              modules.put(name, amodule);
              amodule.init(new ModuleContext(config, name, atomConf.getParent()));
            } catch (Exception ex) {
              throw new ServletException(
                  "Cannot instantiate class "
                      + className
                      + " for module '"
                      + name
                      + "' due to exception: "
                      + ex.getMessage(),
                  ex);
            }
          } else {
            // no class means query
            Query query = new Query();
            modules.put(name, query);

            String allowQueryPost = moduleConf.getAttribute("query-by-post");
            if ("true".equals(allowQueryPost)) {
              query.setQueryByPost(true);
            }

            NodeList methodList = moduleConf.getElementsByTagNameNS(CONF_NS, "method");
            for (int m = 0; m < methodList.getLength(); m++) {
              Element methodConf = (Element) methodList.item(m);
              String type = methodConf.getAttribute("type");
              if (type == null) {
                LOG.warn("No type specified for method in module " + name);
                continue;
              }
              // What I want but can't have because of JDK 1.4
              // URI baseURI = URI.create(methodConf.getBaseURI());
              URI baseURI = docBaseURI;
              String queryRef = methodConf.getAttribute("query");
              if (queryRef == null) {
                LOG.warn("No query specified for method " + type + " in module " + name);
                continue;
              }
              boolean fromClasspath = "true".equals(methodConf.getAttribute("from-classpath"));
              Query.MethodConfiguration mconf = query.getMethodConfiguration(type);
              if (mconf == null) {
                LOG.warn("Unknown method " + type + " in module " + name);
                continue;
              }
              String responseContentType = methodConf.getAttribute("content-type");
              if (responseContentType != null && responseContentType.trim().length() != 0) {
                mconf.setContentType(responseContentType);
              }

              URL queryURI = null;
              if (fromClasspath) {
                LOG.debug(
                    "Nope. Attempting to get resource "
                        + queryRef
                        + " from "
                        + Atom.class.getName());
                queryURI = Atom.class.getResource(queryRef);
              } else {
                queryURI = baseURI.resolve(queryRef).toURL();
              }
              LOG.debug(
                  "Loading from module "
                      + name
                      + " method "
                      + type
                      + " from resource "
                      + queryURI
                      + " via classpath("
                      + fromClasspath
                      + ") and ref ("
                      + queryRef
                      + ")");
              if (queryURI == null) {
                throw new ServletException(
                    "Cannot find resource " + queryRef + " for module " + name);
              }
              mconf.setQuerySource(queryURI);
            }
            query.init(new ModuleContext(config, name, atomConf.getParent()));
          }
        }

      } catch (IOException e) {
        LOG.warn(e);
        throw new ServletException(e.getMessage());
      } catch (SAXException e) {
        LOG.warn(e);
        throw new ServletException(e.getMessage());
      } catch (ParserConfigurationException e) {
        LOG.warn(e);
        throw new ServletException(e.getMessage());
      } catch (EXistException e) {
        LOG.warn(e);
        throw new ServletException(e.getMessage());
      } finally {
        if (is != null) {
          try {
            is.close();
          } catch (IOException ex) {
          }
        }
      }
    } else {
      try {
        AtomProtocol protocol = new AtomProtocol();
        modules.put("edit", protocol);
        protocol.init(new ModuleContext(config, "edit", dbHome.getAbsolutePath()));
        AtomFeeds feeds = new AtomFeeds();
        modules.put("content", feeds);
        feeds.init(new ModuleContext(config, "content", dbHome.getAbsolutePath()));
        Query query = new Query();
        query.setQueryByPost(true);
        modules.put("query", query);
        query.init(new ModuleContext(config, "query", dbHome.getAbsolutePath()));
        Query topics = new Query();
        modules.put("topic", topics);
        topics
            .getMethodConfiguration("GET")
            .setQuerySource(topics.getClass().getResource("topic.xq"));
        topics.init(new ModuleContext(config, "topic", dbHome.getAbsolutePath()));
        Query introspect = new Query();
        modules.put("introspect", introspect);
        introspect
            .getMethodConfiguration("GET")
            .setQuerySource(introspect.getClass().getResource("introspect.xq"));
        introspect.init(new ModuleContext(config, "introspect", dbHome.getAbsolutePath()));
      } catch (EXistException ex) {
        throw new ServletException("Exception during module init(): " + ex.getMessage(), ex);
      }
    }

    // XML lib checks....
    StringBuffer xmlLibMessage = new StringBuffer();
    if (XmlLibraryChecker.hasValidParser(xmlLibMessage)) {
      LOG.info(xmlLibMessage);
    } else {
      LOG.warn(xmlLibMessage);
    }
    xmlLibMessage.delete(0, xmlLibMessage.length());
    if (XmlLibraryChecker.hasValidTransformer(xmlLibMessage)) {
      LOG.info(xmlLibMessage);
    } else {
      LOG.warn(xmlLibMessage);
    }
  }