Exemple #1
0
  private User authenticate(HttpServletRequest request, HttpServletResponse response)
      throws java.io.IOException {
    // First try to validate the principial if passed from the servlet engine
    Principal principal = request.getUserPrincipal();

    if (principal instanceof XmldbPrincipal) {
      String username = ((XmldbPrincipal) principal).getName();
      String password = ((XmldbPrincipal) principal).getPassword();

      LOG.info("Validating Principle: " + principal.getName());
      User user = pool.getSecurityManager().getUser(username);

      if (user != null) {
        if (password.equalsIgnoreCase(user.getPassword())) {
          LOG.info("Valid User: "******"Password invalid for user: "******"User not found: " + principal.getName());
      }
    }

    String auth = request.getHeader("Authorization");
    if (auth == null && defaultUser != null) {
      return defaultUser;
    }
    return authenticator.authenticate(request, response);
  }
  @Override
  public void addGroup(final Group group) throws XMLDBException {
    final SecurityManager manager = pool.getSecurityManager();

    if (!manager.hasAdminPrivileges(user)) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, " you are not allowed to add role");
    }

    if (manager.hasGroup(group.getName())) {
      throw new XMLDBException(ErrorCodes.VENDOR_ERROR, "group '" + group.getName() + "' exists");
    }

    try {
      executeWithBroker(
          new BrokerOperation<Void>() {
            @Override
            public Void withBroker(DBBroker broker)
                throws XMLDBException, LockException, PermissionDeniedException, IOException,
                    EXistException, TriggerException {
              manager.addGroup(group);
              return null;
            }
          });
    } catch (final Exception e) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
    }
  }
  @Override
  public void setUserPrimaryGroup(final String username, final String groupName)
      throws XMLDBException {
    final SecurityManager manager = pool.getSecurityManager();

    if (!manager.hasGroup(groupName)) {
      throw new XMLDBException(
          ErrorCodes.PERMISSION_DENIED, "Group '" + groupName + "' does not exist!");
    }

    if (!manager.hasAdminPrivileges(user)) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, "Not allowed to modify user");
    }

    try {
      executeWithBroker(
          new BrokerOperation<Void>() {
            @Override
            public Void withBroker(final DBBroker broker)
                throws XMLDBException, LockException, PermissionDeniedException, IOException,
                    EXistException, TriggerException {
              final Account account = manager.getAccount(username);
              final Group group = manager.getGroup(groupName);
              account.setPrimaryGroup(group);
              manager.updateAccount(account);
              return null;
            }
          });
    } catch (final Exception e) {
      throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
    }
  }
Exemple #4
0
 private User getDefaultUser() {
   if (defaultUsername != null) {
     User user = pool.getSecurityManager().getUser(defaultUsername);
     if (user != null) {
       if (!user.validate(defaultPassword)) {
         return null;
       }
     }
     return user;
   }
   return null;
 }
  @BeforeClass
  public static void setUp() throws Exception {
    TransactionManager transact = null;
    Txn transaction = null;
    try {
      pool = startDB();
      broker = pool.get(pool.getSecurityManager().getSystemSubject());
      transact = pool.getTransactionManager();
      transaction = transact.beginTransaction();

      root =
          broker.getOrCreateCollection(
              transaction, XmldbURI.create(XmldbURI.ROOT_COLLECTION + "/test"));
      broker.saveCollection(transaction, root);

      String existHome = System.getProperty("exist.home");
      File existDir = existHome == null ? new File(".") : new File(existHome);
      String directory = "samples/shakespeare";
      File dir = new File(existDir, directory);

      // store some documents.
      for (File f : dir.listFiles(new XMLFilenameFilter())) {
        IndexInfo info =
            root.validateXMLResource(
                transaction,
                broker,
                XmldbURI.create(f.getName()),
                new InputSource(f.toURI().toASCIIString()));
        root.store(transaction, broker, info, new InputSource(f.toURI().toASCIIString()), false);
      }

      IndexInfo info =
          root.validateXMLResource(transaction, broker, XmldbURI.create("nested.xml"), NESTED_XML);
      root.store(transaction, broker, info, NESTED_XML, false);
      transact.commit(transaction);

      // for the tests
      docs = root.allDocs(broker, new DefaultDocumentSet(), true);
      seqSpeech = executeQuery(broker, "//SPEECH", 2628, null);

    } catch (Exception e) {
      if (pool != null) {
        pool.release(broker);
        BrokerPool.stopAll(false);
        pool = null;
        root = null;
      }
      throw e;
    }
  }