private User authenticate(HttpServletRequest request, HttpServletResponse response)
throws java.io.IOException {
// First try to validate the principial if passed from the servlet engine
Principal principal = request.getUserPrincipal();
if (principal instanceof XmldbPrincipal) {
String username = ((XmldbPrincipal) principal).getName();
String password = ((XmldbPrincipal) principal).getPassword();
LOG.info("Validating Principle: " + principal.getName());
User user = pool.getSecurityManager().getUser(username);
if (user != null) {
if (password.equalsIgnoreCase(user.getPassword())) {
LOG.info("Valid User: "******"Password invalid for user: "******"User not found: " + principal.getName());
}
}
String auth = request.getHeader("Authorization");
if (auth == null && defaultUser != null) {
return defaultUser;
}
return authenticator.authenticate(request, response);
}
@Override
public void addGroup(final Group group) throws XMLDBException {
final SecurityManager manager = pool.getSecurityManager();
if (!manager.hasAdminPrivileges(user)) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, " you are not allowed to add role");
}
if (manager.hasGroup(group.getName())) {
throw new XMLDBException(ErrorCodes.VENDOR_ERROR, "group '" + group.getName() + "' exists");
}
try {
executeWithBroker(
new BrokerOperation<Void>() {
@Override
public Void withBroker(DBBroker broker)
throws XMLDBException, LockException, PermissionDeniedException, IOException,
EXistException, TriggerException {
manager.addGroup(group);
return null;
}
});
} catch (final Exception e) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
}
}
@Override
public void setUserPrimaryGroup(final String username, final String groupName)
throws XMLDBException {
final SecurityManager manager = pool.getSecurityManager();
if (!manager.hasGroup(groupName)) {
throw new XMLDBException(
ErrorCodes.PERMISSION_DENIED, "Group '" + groupName + "' does not exist!");
}
if (!manager.hasAdminPrivileges(user)) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, "Not allowed to modify user");
}
try {
executeWithBroker(
new BrokerOperation<Void>() {
@Override
public Void withBroker(final DBBroker broker)
throws XMLDBException, LockException, PermissionDeniedException, IOException,
EXistException, TriggerException {
final Account account = manager.getAccount(username);
final Group group = manager.getGroup(groupName);
account.setPrimaryGroup(group);
manager.updateAccount(account);
return null;
}
});
} catch (final Exception e) {
throw new XMLDBException(ErrorCodes.PERMISSION_DENIED, e.getMessage(), e);
}
}
private User getDefaultUser() {
if (defaultUsername != null) {
User user = pool.getSecurityManager().getUser(defaultUsername);
if (user != null) {
if (!user.validate(defaultPassword)) {
return null;
}
}
return user;
}
return null;
}
@BeforeClass
public static void setUp() throws Exception {
TransactionManager transact = null;
Txn transaction = null;
try {
pool = startDB();
broker = pool.get(pool.getSecurityManager().getSystemSubject());
transact = pool.getTransactionManager();
transaction = transact.beginTransaction();
root =
broker.getOrCreateCollection(
transaction, XmldbURI.create(XmldbURI.ROOT_COLLECTION + "/test"));
broker.saveCollection(transaction, root);
String existHome = System.getProperty("exist.home");
File existDir = existHome == null ? new File(".") : new File(existHome);
String directory = "samples/shakespeare";
File dir = new File(existDir, directory);
// store some documents.
for (File f : dir.listFiles(new XMLFilenameFilter())) {
IndexInfo info =
root.validateXMLResource(
transaction,
broker,
XmldbURI.create(f.getName()),
new InputSource(f.toURI().toASCIIString()));
root.store(transaction, broker, info, new InputSource(f.toURI().toASCIIString()), false);
}
IndexInfo info =
root.validateXMLResource(transaction, broker, XmldbURI.create("nested.xml"), NESTED_XML);
root.store(transaction, broker, info, NESTED_XML, false);
transact.commit(transaction);
// for the tests
docs = root.allDocs(broker, new DefaultDocumentSet(), true);
seqSpeech = executeQuery(broker, "//SPEECH", 2628, null);
} catch (Exception e) {
if (pool != null) {
pool.release(broker);
BrokerPool.stopAll(false);
pool = null;
root = null;
}
throw e;
}
}
