diff options
author | Eike Stepper | 2013-09-18 06:30:57 +0000 |
---|---|---|
committer | Eike Stepper | 2013-09-18 07:13:54 +0000 |
commit | 20e19f399621f269e44e135fd9fcf62ff99a8201 (patch) | |
tree | 66033bcfb6bd52beaa0c2595917a3d09942d8ca6 | |
parent | 8e90a7d8a6b2f13b97a11f5f5e999fc4ff6acdff (diff) | |
download | cdo-20e19f399621f269e44e135fd9fcf62ff99a8201.tar.gz cdo-20e19f399621f269e44e135fd9fcf62ff99a8201.tar.xz cdo-20e19f399621f269e44e135fd9fcf62ff99a8201.zip |
[417469] [Security] Provide console command to change user passwords
https://bugs.eclipse.org/bugs/show_bug.cgi?id=417469
9 files changed, 173 insertions, 132 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml b/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml index ce6a0fad9d..81b3817609 100644 --- a/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml +++ b/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/plugin.xml @@ -24,7 +24,7 @@ <factory productGroup="org.eclipse.emf.cdo.server.commands" type="exporthbm" - class="org.eclipse.emf.cdo.server.hibernate.internal.teneo.bundle.ExportHbmCommand$Factory"/> + class="org.eclipse.emf.cdo.server.hibernate.internal.teneo.bundle.ExportHbmCommand"/> </extension> </plugin> diff --git a/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java b/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java index 5563ceb569..856d1173d4 100644 --- a/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java +++ b/plugins/org.eclipse.emf.cdo.server.hibernate.teneo/src/org/eclipse/emf/cdo/server/hibernate/internal/teneo/bundle/ExportHbmCommand.java @@ -14,7 +14,6 @@ import org.eclipse.emf.cdo.server.internal.hibernate.HibernateStore; import org.eclipse.emf.cdo.spi.server.CDOCommand; import org.eclipse.emf.cdo.spi.server.InternalRepository; -import org.eclipse.net4j.util.factory.ProductCreationException; import org.eclipse.net4j.util.io.IOUtil; import java.io.FileOutputStream; @@ -25,11 +24,9 @@ import java.io.OutputStream; */ public class ExportHbmCommand extends CDOCommand.WithRepository { - public static final String NAME = "exporthbm"; - public ExportHbmCommand() { - super(NAME, "export generated hibernate mapping to a file", parameter("export-file")); + super("exporthbm", "export generated hibernate mapping to a file", parameter("export-file")); } @Override @@ -53,21 +50,4 @@ public class ExportHbmCommand extends CDOCommand.WithRepository IOUtil.close(out); } } - - /** - * @author Eike Stepper - */ - public static class Factory extends CDOCommand.Factory - { - public Factory() - { - super(NAME); - } - - @Override - public CDOCommand create(String description) throws ProductCreationException - { - return new ExportHbmCommand(); - } - } } diff --git a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters index 56e0dd3b62..a7e521255c 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters +++ b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters @@ -1,5 +1,14 @@ <?xml version="1.0" encoding="UTF-8" standalone="no"?> <component id="org.eclipse.emf.cdo.server.security" version="2"> + <resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager"> + <filter id="574668824"> + <message_arguments> + <message_argument value="InternalSecurityManager"/> + <message_argument value="SecurityManager"/> + <message_argument value="SecurityItemContainer"/> + </message_arguments> + </filter> + </resource> <resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager$PermissionManager"> <filter id="574619656"> <message_arguments> @@ -8,4 +17,12 @@ </message_arguments> </filter> </resource> + <resource path="src/org/eclipse/emf/cdo/server/security/ISecurityManager.java" type="org.eclipse.emf.cdo.server.security.ISecurityManager"> + <filter id="571473929"> + <message_arguments> + <message_argument value="SecurityItemContainer"/> + <message_argument value="ISecurityManager"/> + </message_arguments> + </filter> + </resource> </component> diff --git a/plugins/org.eclipse.emf.cdo.server.security/plugin.xml b/plugins/org.eclipse.emf.cdo.server.security/plugin.xml index 9e2912e0c1..d514df05bf 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/plugin.xml +++ b/plugins/org.eclipse.emf.cdo.server.security/plugin.xml @@ -29,7 +29,11 @@ <factory productGroup="org.eclipse.emf.cdo.server.commands" type="adduser" - class="org.eclipse.emf.cdo.server.internal.security.bundle.AddUserCommand$Factory"/> + class="org.eclipse.emf.cdo.server.internal.security.SecurityManagerCommand$AddUser"/> + <factory + productGroup="org.eclipse.emf.cdo.server.commands" + type="setpassword" + class="org.eclipse.emf.cdo.server.internal.security.SecurityManagerCommand$SetPassword"/> </extension> </plugin> diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java index 6e924f5c5c..56a34600f3 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java @@ -12,7 +12,6 @@ package org.eclipse.emf.cdo.server.internal.security; import org.eclipse.emf.cdo.common.branch.CDOBranchPoint; import org.eclipse.emf.cdo.common.commit.CDOCommitInfo; -import org.eclipse.emf.cdo.common.model.EMFUtil; import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.revision.CDORevisionProvider; import org.eclipse.emf.cdo.common.security.CDOPermission; @@ -24,7 +23,6 @@ import org.eclipse.emf.cdo.net4j.CDONet4jSession; import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration; import org.eclipse.emf.cdo.net4j.CDONet4jUtil; import org.eclipse.emf.cdo.security.Access; -import org.eclipse.emf.cdo.security.ClassPermission; import org.eclipse.emf.cdo.security.Directory; import org.eclipse.emf.cdo.security.Group; import org.eclipse.emf.cdo.security.Permission; @@ -65,7 +63,6 @@ import org.eclipse.net4j.util.om.monitor.OMMonitor; import org.eclipse.net4j.util.security.IAuthenticator; import org.eclipse.emf.common.util.EList; -import org.eclipse.emf.ecore.EClass; import java.util.ArrayList; import java.util.Arrays; @@ -257,6 +254,20 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage return result[0]; } + public User setPassword(final String id, final String password) + { + final User[] result = { null }; + modify(new RealmOperation() + { + public void execute(Realm realm) + { + result[0] = realm.setPassword(id, password); + } + }); + + return result[0]; + } + public Role removeRole(final String id) { final Role[] result = { null }; @@ -471,7 +482,9 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage protected Realm createRealm() { - Realm realm = SecurityFactory.eINSTANCE.createRealm("Security Realm"); + final SecurityFactory factory = SecurityFactory.eINSTANCE; + + Realm realm = factory.createRealm("Security Realm"); realm.setDefaultRoleDirectory(addDirectory(realm, "Roles")); realm.setDefaultGroupDirectory(addDirectory(realm, "Groups")); realm.setDefaultUserDirectory(addDirectory(realm, "Users")); @@ -479,28 +492,26 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage // Create roles Role allReaderRole = realm.addRole("All Objects Reader"); - allReaderRole.getPermissions().add(SecurityFactory.eINSTANCE.createResourcePermission(".*", Access.READ)); + allReaderRole.getPermissions().add(factory.createFilterPermission(Access.READ, factory.createResourceFilter(".*"))); Role allWriterRole = realm.addRole("All Objects Writer"); - allWriterRole.getPermissions().add(SecurityFactory.eINSTANCE.createResourcePermission(".*", Access.WRITE)); + allWriterRole.getPermissions() + .add(factory.createFilterPermission(Access.WRITE, factory.createResourceFilter(".*"))); Role treeReaderRole = realm.addRole("Resource Tree Reader"); treeReaderRole.getPermissions().add( - SecurityFactory.eINSTANCE.createPackagePermission(EresourcePackage.eINSTANCE, Access.READ)); + factory.createFilterPermission(Access.READ, factory.createPackageFilter(EresourcePackage.eINSTANCE))); Role treeWriterRole = realm.addRole("Resource Tree Writer"); treeWriterRole.getPermissions().add( - SecurityFactory.eINSTANCE.createPackagePermission(EresourcePackage.eINSTANCE, Access.WRITE)); + factory.createFilterPermission(Access.WRITE, factory.createPackageFilter(EresourcePackage.eINSTANCE))); Role adminRole = realm.addRole("Administration"); - for (EClass eClass : EMFUtil.getConcreteClasses(SecurityPackage.eINSTANCE)) - { - if (eClass != SecurityPackage.Literals.USER_PASSWORD) - { - ClassPermission permission = SecurityFactory.eINSTANCE.createClassPermission(eClass, Access.WRITE); - adminRole.getPermissions().add(permission); - } - } + adminRole.getPermissions().add( + factory.createFilterPermission( + Access.WRITE, + factory.createAndFilter(factory.createResourceFilter(realmPath), + factory.createNotFilter(factory.createClassFilter(SecurityPackage.Literals.USER_PASSWORD))))); // Create groups @@ -516,6 +527,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage User adminUser = realm.addUser("Administrator", "0000"); adminUser.getGroups().add(adminsGroup); + OM.LOG.info("Security realm " + realmPath + " created"); return realm; } diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java new file mode 100644 index 0000000000..a76324acc9 --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Eike Stepper - initial API and implementation + */ +package org.eclipse.emf.cdo.server.internal.security; + +import org.eclipse.emf.cdo.server.security.ISecurityManager; +import org.eclipse.emf.cdo.server.security.SecurityManagerUtil; +import org.eclipse.emf.cdo.spi.server.CDOCommand; +import org.eclipse.emf.cdo.spi.server.InternalRepository; + +/** + * @author Eike Stepper + */ +public abstract class SecurityManagerCommand extends CDOCommand.WithRepository +{ + public SecurityManagerCommand(String name, String description, CommandParameter... parameters) + { + super(name, description, parameters); + } + + public SecurityManagerCommand(String name, String description) + { + super(name, description); + } + + @Override + public void execute(InternalRepository repository, String[] args) throws Exception + { + ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(repository); + if (securityManager == null) + { + throw new CommandException("Security manager not found for " + repository); + } + + execute(securityManager, args); + } + + protected abstract void execute(ISecurityManager securityManager, String[] args); + + /** + * @author Eike Stepper + */ + public static final class AddUser extends SecurityManagerCommand + { + public AddUser() + { + super("adduser", "adds a user to the security realm of a repository", parameter("username"), optional("password")); + } + + @Override + protected void execute(ISecurityManager securityManager, String[] args) + { + String username = args[0]; + String password = args[1]; + if (password != null) + { + securityManager.addUser(username, password); + } + else + { + securityManager.addUser(username); + } + + println("User " + username + " added"); + } + } + + /** + * @author Eike Stepper + */ + public static final class SetPassword extends SecurityManagerCommand + { + public SetPassword() + { + super("setpassword", "sets or unsets the password of a repository user", parameter("username"), + optional("password")); + } + + @Override + protected void execute(ISecurityManager securityManager, String[] args) + { + String username = args[0]; + String password = args[1]; + securityManager.setPassword(username, password); + + println("Password of user " + username + (password != null ? " set" : " unset")); + } + } +} diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java deleted file mode 100644 index 902b635a35..0000000000 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Eike Stepper - initial API and implementation - */ -package org.eclipse.emf.cdo.server.internal.security.bundle; - -import org.eclipse.emf.cdo.server.security.ISecurityManager; -import org.eclipse.emf.cdo.server.security.SecurityManagerUtil; -import org.eclipse.emf.cdo.spi.server.CDOCommand; -import org.eclipse.emf.cdo.spi.server.InternalRepository; - -import org.eclipse.net4j.util.factory.ProductCreationException; - -/** - * @author Eike Stepper - */ -public class AddUserCommand extends CDOCommand.WithRepository -{ - public static final String NAME = "adduser"; - - public AddUserCommand() - { - super(NAME, "adds a user to the security realm of a repository", parameter("username"), optional("password")); - } - - @Override - public void execute(InternalRepository repository, String[] args) throws Exception - { - ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(repository); - if (securityManager == null) - { - throw new CommandException("Security manager not found for " + repository); - } - - String username = args[0]; - String password = args[1]; - if (password != null) - { - securityManager.addUser(username, password); - } - else - { - securityManager.addUser(username); - } - - println("User " + username + " added"); - } - - /** - * @author Eike Stepper - */ - public static class Factory extends CDOCommand.Factory - { - public Factory() - { - super(NAME); - } - - @Override - public CDOCommand create(String description) throws ProductCreationException - { - return new AddUserCommand(); - } - } -} diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java index 374528b2c5..4dbf55d284 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/internal/server/bundle/CDOCommandProvider.java @@ -358,7 +358,7 @@ public class CDOCommandProvider implements CommandProvider try { - for (String name : IPluginContainer.INSTANCE.getFactoryTypes(CDOCommand.Factory.PRODUCT_GROUP)) + for (String name : IPluginContainer.INSTANCE.getFactoryTypes(CDOCommand.PRODUCT_GROUP)) { try { @@ -381,7 +381,7 @@ public class CDOCommandProvider implements CommandProvider protected CDOCommand createCommand(String name) { - return (CDOCommand)IPluginContainer.INSTANCE.getElement(CDOCommand.Factory.PRODUCT_GROUP, name, null); + return (CDOCommand)IPluginContainer.INSTANCE.getElement(CDOCommand.PRODUCT_GROUP, name, null); } private void addCommand(Map<String, CDOCommand> commands, CDOCommand command) diff --git a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java index 61a6c49dfd..2186fc0553 100644 --- a/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java +++ b/plugins/org.eclipse.emf.cdo.server/src/org/eclipse/emf/cdo/spi/server/CDOCommand.java @@ -27,14 +27,14 @@ import java.util.Dictionary; * @author Eike Stepper * @since 4.3 */ -public abstract class CDOCommand +public abstract class CDOCommand extends org.eclipse.net4j.util.factory.Factory { + public static final String PRODUCT_GROUP = "org.eclipse.emf.cdo.server.commands"; + public static final String INDENT = " "; //$NON-NLS-1$ private static final CommandParameter[] NO_PARAMETERS = new CommandParameter[0]; - private final String name; - private final String description; private final CommandParameter[] parameters; @@ -43,7 +43,7 @@ public abstract class CDOCommand public CDOCommand(String name, String description, CommandParameter... parameters) { - this.name = name; + super(PRODUCT_GROUP, name); this.description = description; this.parameters = parameters == null ? NO_PARAMETERS : parameters; } @@ -53,6 +53,11 @@ public abstract class CDOCommand this(name, description, NO_PARAMETERS); } + public final CDOCommand create(String description) throws ProductCreationException + { + return this; + } + public final CommandInterpreter getInterpreter() { return interpreter; @@ -65,7 +70,7 @@ public abstract class CDOCommand public final String getName() { - return name; + return getType(); } public final String getDescription() @@ -82,7 +87,7 @@ public abstract class CDOCommand { StringBuilder builder = new StringBuilder(); builder.append("cdo "); - builder.append(name); + builder.append(getName()); for (CommandParameter parameter : parameters) { @@ -341,18 +346,16 @@ public abstract class CDOCommand } } - /** - * @author Eike Stepper - */ - public static abstract class Factory extends org.eclipse.net4j.util.factory.Factory - { - public static final String PRODUCT_GROUP = "org.eclipse.emf.cdo.server.commands"; - - public Factory(String type) - { - super(PRODUCT_GROUP, type); - } - - public abstract CDOCommand create(String description) throws ProductCreationException; - } + // /** + // * @author Eike Stepper + // */ + // public static abstract class Factory extends org.eclipse.net4j.util.factory.Factory + // { + // public Factory(String type) + // { + // super(CDOCommand.PRODUCT_GROUP, type); + // } + // + // public abstract CDOCommand create(String description) throws ProductCreationException; + // } } |