Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2013-09-18 02:30:57 -0400
committerEike Stepper2013-09-18 03:13:54 -0400
commit20e19f399621f269e44e135fd9fcf62ff99a8201 (patch)
tree66033bcfb6bd52beaa0c2595917a3d09942d8ca6
parent8e90a7d8a6b2f13b97a11f5f5e999fc4ff6acdff (diff)
downloadcdo-20e19f399621f269e44e135fd9fcf62ff99a8201.tar.gz
cdo-20e19f399621f269e44e135fd9fcf62ff99a8201.tar.xz
cdo-20e19f399621f269e44e135fd9fcf62ff99a8201.zip
[417469] [Security] Provide console command to change user passwords
https://bugs.eclipse.org/bugs/show_bug.cgi?id=417469
-rw-r--r--plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml2
-rw-r--r--plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java22
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters17
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/plugin.xml6
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java44
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java96
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java71
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java4
-rw-r--r--plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java43
9 files changed, 173 insertions, 132 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml b/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml
index ce6a0fad9d..81b3817609 100644
--- a/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml
+++ b/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml
@@ -24,7 +24,7 @@
<factory
productGroup="org.eclipse.emf.cdo.server.commands"
type="exporthbm"
- class="org.eclipse.emf.cdo.server.hibernate.internal.teneo.bundle.ExportHbmCommand$Factory"/>
+ class="org.eclipse.emf.cdo.server.hibernate.internal.teneo.bundle.ExportHbmCommand"/>
</extension>
</plugin>
diff --git a/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java b/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java
index 5563ceb569..856d1173d4 100644
--- a/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java
+++ b/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java
@@ -14,7 +14,6 @@ import org.eclipse.emf.cdo.server.internal.hibernate.HibernateStore;
import org.eclipse.emf.cdo.spi.server.CDOCommand;
import org.eclipse.emf.cdo.spi.server.InternalRepository;
-import org.eclipse.net4j.util.factory.ProductCreationException;
import org.eclipse.net4j.util.io.IOUtil;
import java.io.FileOutputStream;
@@ -25,11 +24,9 @@ import java.io.OutputStream;
*/
public class ExportHbmCommand extends CDOCommand.WithRepository
{
- public static final String NAME = "exporthbm";
-
public ExportHbmCommand()
{
- super(NAME, "export generated hibernate mapping to a file", parameter("export-file"));
+ super("exporthbm", "export generated hibernate mapping to a file", parameter("export-file"));
}
@Override
@@ -53,21 +50,4 @@ public class ExportHbmCommand extends CDOCommand.WithRepository
IOUtil.close(out);
}
}
-
- /**
- * @author Eike Stepper
- */
- public static class Factory extends CDOCommand.Factory
- {
- public Factory()
- {
- super(NAME);
- }
-
- @Override
- public CDOCommand create(String description) throws ProductCreationException
- {
- return new ExportHbmCommand();
- }
- }
}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters
index 56e0dd3b62..a7e521255c 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters
+++ b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters
@@ -1,5 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<component id="org.eclipse.emf.cdo.server.security" version="2">
+ <resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager">
+ <filter id="574668824">
+ <message_arguments>
+ <message_argument value="InternalSecurityManager"/>
+ <message_argument value="SecurityManager"/>
+ <message_argument value="SecurityItemContainer"/>
+ </message_arguments>
+ </filter>
+ </resource>
<resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager$PermissionManager">
<filter id="574619656">
<message_arguments>
@@ -8,4 +17,12 @@
</message_arguments>
</filter>
</resource>
+ <resource path="src/org/eclipse/emf/cdo/server/security/ISecurityManager.java" type="org.eclipse.emf.cdo.server.security.ISecurityManager">
+ <filter id="571473929">
+ <message_arguments>
+ <message_argument value="SecurityItemContainer"/>
+ <message_argument value="ISecurityManager"/>
+ </message_arguments>
+ </filter>
+ </resource>
</component>
diff --git a/plugins/org.eclipse.emf.cdo.server.security/plugin.xml b/plugins/org.eclipse.emf.cdo.server.security/plugin.xml
index 9e2912e0c1..d514df05bf 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/plugin.xml
+++ b/plugins/org.eclipse.emf.cdo.server.security/plugin.xml
@@ -29,7 +29,11 @@
<factory
productGroup="org.eclipse.emf.cdo.server.commands"
type="adduser"
- class="org.eclipse.emf.cdo.server.internal.security.bundle.AddUserCommand$Factory"/>
+ class="org.eclipse.emf.cdo.server.internal.security.SecurityManagerCommand$AddUser"/>
+ <factory
+ productGroup="org.eclipse.emf.cdo.server.commands"
+ type="setpassword"
+ class="org.eclipse.emf.cdo.server.internal.security.SecurityManagerCommand$SetPassword"/>
</extension>
</plugin>
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 6e924f5c5c..56a34600f3 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -12,7 +12,6 @@ package org.eclipse.emf.cdo.server.internal.security;
import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
import org.eclipse.emf.cdo.common.commit.CDOCommitInfo;
-import org.eclipse.emf.cdo.common.model.EMFUtil;
import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -24,7 +23,6 @@ import org.eclipse.emf.cdo.net4j.CDONet4jSession;
import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration;
import org.eclipse.emf.cdo.net4j.CDONet4jUtil;
import org.eclipse.emf.cdo.security.Access;
-import org.eclipse.emf.cdo.security.ClassPermission;
import org.eclipse.emf.cdo.security.Directory;
import org.eclipse.emf.cdo.security.Group;
import org.eclipse.emf.cdo.security.Permission;
@@ -65,7 +63,6 @@ import org.eclipse.net4j.util.om.monitor.OMMonitor;
import org.eclipse.net4j.util.security.IAuthenticator;
import org.eclipse.emf.common.util.EList;
-import org.eclipse.emf.ecore.EClass;
import java.util.ArrayList;
import java.util.Arrays;
@@ -257,6 +254,20 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
return result[0];
}
+ public User setPassword(final String id, final String password)
+ {
+ final User[] result = { null };
+ modify(new RealmOperation()
+ {
+ public void execute(Realm realm)
+ {
+ result[0] = realm.setPassword(id, password);
+ }
+ });
+
+ return result[0];
+ }
+
public Role removeRole(final String id)
{
final Role[] result = { null };
@@ -471,7 +482,9 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
protected Realm createRealm()
{
- Realm realm = SecurityFactory.eINSTANCE.createRealm("Security Realm");
+ final SecurityFactory factory = SecurityFactory.eINSTANCE;
+
+ Realm realm = factory.createRealm("Security Realm");
realm.setDefaultRoleDirectory(addDirectory(realm, "Roles"));
realm.setDefaultGroupDirectory(addDirectory(realm, "Groups"));
realm.setDefaultUserDirectory(addDirectory(realm, "Users"));
@@ -479,28 +492,26 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
// Create roles
Role allReaderRole = realm.addRole("All Objects Reader");
- allReaderRole.getPermissions().add(SecurityFactory.eINSTANCE.createResourcePermission(".*", Access.READ));
+ allReaderRole.getPermissions().add(factory.createFilterPermission(Access.READ, factory.createResourceFilter(".*")));
Role allWriterRole = realm.addRole("All Objects Writer");
- allWriterRole.getPermissions().add(SecurityFactory.eINSTANCE.createResourcePermission(".*", Access.WRITE));
+ allWriterRole.getPermissions()
+ .add(factory.createFilterPermission(Access.WRITE, factory.createResourceFilter(".*")));
Role treeReaderRole = realm.addRole("Resource Tree Reader");
treeReaderRole.getPermissions().add(
- SecurityFactory.eINSTANCE.createPackagePermission(EresourcePackage.eINSTANCE, Access.READ));
+ factory.createFilterPermission(Access.READ, factory.createPackageFilter(EresourcePackage.eINSTANCE)));
Role treeWriterRole = realm.addRole("Resource Tree Writer");
treeWriterRole.getPermissions().add(
- SecurityFactory.eINSTANCE.createPackagePermission(EresourcePackage.eINSTANCE, Access.WRITE));
+ factory.createFilterPermission(Access.WRITE, factory.createPackageFilter(EresourcePackage.eINSTANCE)));
Role adminRole = realm.addRole("Administration");
- for (EClass eClass : EMFUtil.getConcreteClasses(SecurityPackage.eINSTANCE))
- {
- if (eClass != SecurityPackage.Literals.USER_PASSWORD)
- {
- ClassPermission permission = SecurityFactory.eINSTANCE.createClassPermission(eClass, Access.WRITE);
- adminRole.getPermissions().add(permission);
- }
- }
+ adminRole.getPermissions().add(
+ factory.createFilterPermission(
+ Access.WRITE,
+ factory.createAndFilter(factory.createResourceFilter(realmPath),
+ factory.createNotFilter(factory.createClassFilter(SecurityPackage.Literals.USER_PASSWORD)))));
// Create groups
@@ -516,6 +527,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
User adminUser = realm.addUser("Administrator", "0000");
adminUser.getGroups().add(adminsGroup);
+ OM.LOG.info("Security realm " + realmPath + " created");
return realm;
}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java
new file mode 100644
index 0000000000..a76324acc9
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.cdo.server.internal.security;
+
+import org.eclipse.emf.cdo.server.security.ISecurityManager;
+import org.eclipse.emf.cdo.server.security.SecurityManagerUtil;
+import org.eclipse.emf.cdo.spi.server.CDOCommand;
+import org.eclipse.emf.cdo.spi.server.InternalRepository;
+
+/**
+ * @author Eike Stepper
+ */
+public abstract class SecurityManagerCommand extends CDOCommand.WithRepository
+{
+ public SecurityManagerCommand(String name, String description, CommandParameter... parameters)
+ {
+ super(name, description, parameters);
+ }
+
+ public SecurityManagerCommand(String name, String description)
+ {
+ super(name, description);
+ }
+
+ @Override
+ public void execute(InternalRepository repository, String[] args) throws Exception
+ {
+ ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(repository);
+ if (securityManager == null)
+ {
+ throw new CommandException("Security manager not found for " + repository);
+ }
+
+ execute(securityManager, args);
+ }
+
+ protected abstract void execute(ISecurityManager securityManager, String[] args);
+
+ /**
+ * @author Eike Stepper
+ */
+ public static final class AddUser extends SecurityManagerCommand
+ {
+ public AddUser()
+ {
+ super("adduser", "adds a user to the security realm of a repository", parameter("username"), optional("password"));
+ }
+
+ @Override
+ protected void execute(ISecurityManager securityManager, String[] args)
+ {
+ String username = args[0];
+ String password = args[1];
+ if (password != null)
+ {
+ securityManager.addUser(username, password);
+ }
+ else
+ {
+ securityManager.addUser(username);
+ }
+
+ println("User " + username + " added");
+ }
+ }
+
+ /**
+ * @author Eike Stepper
+ */
+ public static final class SetPassword extends SecurityManagerCommand
+ {
+ public SetPassword()
+ {
+ super("setpassword", "sets or unsets the password of a repository user", parameter("username"),
+ optional("password"));
+ }
+
+ @Override
+ protected void execute(ISecurityManager securityManager, String[] args)
+ {
+ String username = args[0];
+ String password = args[1];
+ securityManager.setPassword(username, password);
+
+ println("Password of user " + username + (password != null ? " set" : " unset"));
+ }
+ }
+}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java
deleted file mode 100644
index 902b635a35..0000000000
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- * Eike Stepper - initial API and implementation
- */
-package org.eclipse.emf.cdo.server.internal.security.bundle;
-
-import org.eclipse.emf.cdo.server.security.ISecurityManager;
-import org.eclipse.emf.cdo.server.security.SecurityManagerUtil;
-import org.eclipse.emf.cdo.spi.server.CDOCommand;
-import org.eclipse.emf.cdo.spi.server.InternalRepository;
-
-import org.eclipse.net4j.util.factory.ProductCreationException;
-
-/**
- * @author Eike Stepper
- */
-public class AddUserCommand extends CDOCommand.WithRepository
-{
- public static final String NAME = "adduser";
-
- public AddUserCommand()
- {
- super(NAME, "adds a user to the security realm of a repository", parameter("username"), optional("password"));
- }
-
- @Override
- public void execute(InternalRepository repository, String[] args) throws Exception
- {
- ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(repository);
- if (securityManager == null)
- {
- throw new CommandException("Security manager not found for " + repository);
- }
-
- String username = args[0];
- String password = args[1];
- if (password != null)
- {
- securityManager.addUser(username, password);
- }
- else
- {
- securityManager.addUser(username);
- }
-
- println("User " + username + " added");
- }
-
- /**
- * @author Eike Stepper
- */
- public static class Factory extends CDOCommand.Factory
- {
- public Factory()
- {
- super(NAME);
- }
-
- @Override
- public CDOCommand create(String description) throws ProductCreationException
- {
- return new AddUserCommand();
- }
- }
-}
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java
index 374528b2c5..4dbf55d284 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java
@@ -358,7 +358,7 @@ public class CDOCommandProvider implements CommandProvider
try
{
- for (String name : IPluginContainer.INSTANCE.getFactoryTypes(CDOCommand.Factory.PRODUCT_GROUP))
+ for (String name : IPluginContainer.INSTANCE.getFactoryTypes(CDOCommand.PRODUCT_GROUP))
{
try
{
@@ -381,7 +381,7 @@ public class CDOCommandProvider implements CommandProvider
protected CDOCommand createCommand(String name)
{
- return (CDOCommand)IPluginContainer.INSTANCE.getElement(CDOCommand.Factory.PRODUCT_GROUP, name, null);
+ return (CDOCommand)IPluginContainer.INSTANCE.getElement(CDOCommand.PRODUCT_GROUP, name, null);
}
private void addCommand(Map<String, CDOCommand> commands, CDOCommand command)
diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java
index 61a6c49dfd..2186fc0553 100644
--- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java
+++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java
@@ -27,14 +27,14 @@ import java.util.Dictionary;
* @author Eike Stepper
* @since 4.3
*/
-public abstract class CDOCommand
+public abstract class CDOCommand extends org.eclipse.net4j.util.factory.Factory
{
+ public static final String PRODUCT_GROUP = "org.eclipse.emf.cdo.server.commands";
+
public static final String INDENT = " "; //$NON-NLS-1$
private static final CommandParameter[] NO_PARAMETERS = new CommandParameter[0];
- private final String name;
-
private final String description;
private final CommandParameter[] parameters;
@@ -43,7 +43,7 @@ public abstract class CDOCommand
public CDOCommand(String name, String description, CommandParameter... parameters)
{
- this.name = name;
+ super(PRODUCT_GROUP, name);
this.description = description;
this.parameters = parameters == null ? NO_PARAMETERS : parameters;
}
@@ -53,6 +53,11 @@ public abstract class CDOCommand
this(name, description, NO_PARAMETERS);
}
+ public final CDOCommand create(String description) throws ProductCreationException
+ {
+ return this;
+ }
+
public final CommandInterpreter getInterpreter()
{
return interpreter;
@@ -65,7 +70,7 @@ public abstract class CDOCommand
public final String getName()
{
- return name;
+ return getType();
}
public final String getDescription()
@@ -82,7 +87,7 @@ public abstract class CDOCommand
{
StringBuilder builder = new StringBuilder();
builder.append("cdo ");
- builder.append(name);
+ builder.append(getName());
for (CommandParameter parameter : parameters)
{
@@ -341,18 +346,16 @@ public abstract class CDOCommand
}
}
- /**
- * @author Eike Stepper
- */
- public static abstract class Factory extends org.eclipse.net4j.util.factory.Factory
- {
- public static final String PRODUCT_GROUP = "org.eclipse.emf.cdo.server.commands";
-
- public Factory(String type)
- {
- super(PRODUCT_GROUP, type);
- }
-
- public abstract CDOCommand create(String description) throws ProductCreationException;
- }
+ // /**
+ // * @author Eike Stepper
+ // */
+ // public static abstract class Factory extends org.eclipse.net4j.util.factory.Factory
+ // {
+ // public Factory(String type)
+ // {
+ // super(CDOCommand.PRODUCT_GROUP, type);
+ // }
+ //
+ // public abstract CDOCommand create(String description) throws ProductCreationException;
+ // }
}

Back to the top