diff options
author | Eike Stepper | 2013-09-18 06:30:57 +0000 |
---|---|---|
committer | Eike Stepper | 2013-09-18 07:13:54 +0000 |
commit | 20e19f399621f269e44e135fd9fcf62ff99a8201 (patch) | |
tree | 66033bcfb6bd52beaa0c2595917a3d09942d8ca6 /plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo | |
parent | 8e90a7d8a6b2f13b97a11f5f5e999fc4ff6acdff (diff) | |
download | cdo-20e19f399621f269e44e135fd9fcf62ff99a8201.tar.gz cdo-20e19f399621f269e44e135fd9fcf62ff99a8201.tar.xz cdo-20e19f399621f269e44e135fd9fcf62ff99a8201.zip |
[417469] [Security] Provide console command to change user passwords
https://bugs.eclipse.org/bugs/show_bug.cgi?id=417469
Diffstat (limited to 'plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo')
3 files changed, 124 insertions, 87 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java index 6e924f5c5c..56a34600f3 100644 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java @@ -12,7 +12,6 @@ package org.eclipse.emf.cdo.server.internal.security; import org.eclipse.emf.cdo.common.branch.CDOBranchPoint; import org.eclipse.emf.cdo.common.commit.CDOCommitInfo; -import org.eclipse.emf.cdo.common.model.EMFUtil; import org.eclipse.emf.cdo.common.revision.CDORevision; import org.eclipse.emf.cdo.common.revision.CDORevisionProvider; import org.eclipse.emf.cdo.common.security.CDOPermission; @@ -24,7 +23,6 @@ import org.eclipse.emf.cdo.net4j.CDONet4jSession; import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration; import org.eclipse.emf.cdo.net4j.CDONet4jUtil; import org.eclipse.emf.cdo.security.Access; -import org.eclipse.emf.cdo.security.ClassPermission; import org.eclipse.emf.cdo.security.Directory; import org.eclipse.emf.cdo.security.Group; import org.eclipse.emf.cdo.security.Permission; @@ -65,7 +63,6 @@ import org.eclipse.net4j.util.om.monitor.OMMonitor; import org.eclipse.net4j.util.security.IAuthenticator; import org.eclipse.emf.common.util.EList; -import org.eclipse.emf.ecore.EClass; import java.util.ArrayList; import java.util.Arrays; @@ -257,6 +254,20 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage return result[0]; } + public User setPassword(final String id, final String password) + { + final User[] result = { null }; + modify(new RealmOperation() + { + public void execute(Realm realm) + { + result[0] = realm.setPassword(id, password); + } + }); + + return result[0]; + } + public Role removeRole(final String id) { final Role[] result = { null }; @@ -471,7 +482,9 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage protected Realm createRealm() { - Realm realm = SecurityFactory.eINSTANCE.createRealm("Security Realm"); + final SecurityFactory factory = SecurityFactory.eINSTANCE; + + Realm realm = factory.createRealm("Security Realm"); realm.setDefaultRoleDirectory(addDirectory(realm, "Roles")); realm.setDefaultGroupDirectory(addDirectory(realm, "Groups")); realm.setDefaultUserDirectory(addDirectory(realm, "Users")); @@ -479,28 +492,26 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage // Create roles Role allReaderRole = realm.addRole("All Objects Reader"); - allReaderRole.getPermissions().add(SecurityFactory.eINSTANCE.createResourcePermission(".*", Access.READ)); + allReaderRole.getPermissions().add(factory.createFilterPermission(Access.READ, factory.createResourceFilter(".*"))); Role allWriterRole = realm.addRole("All Objects Writer"); - allWriterRole.getPermissions().add(SecurityFactory.eINSTANCE.createResourcePermission(".*", Access.WRITE)); + allWriterRole.getPermissions() + .add(factory.createFilterPermission(Access.WRITE, factory.createResourceFilter(".*"))); Role treeReaderRole = realm.addRole("Resource Tree Reader"); treeReaderRole.getPermissions().add( - SecurityFactory.eINSTANCE.createPackagePermission(EresourcePackage.eINSTANCE, Access.READ)); + factory.createFilterPermission(Access.READ, factory.createPackageFilter(EresourcePackage.eINSTANCE))); Role treeWriterRole = realm.addRole("Resource Tree Writer"); treeWriterRole.getPermissions().add( - SecurityFactory.eINSTANCE.createPackagePermission(EresourcePackage.eINSTANCE, Access.WRITE)); + factory.createFilterPermission(Access.WRITE, factory.createPackageFilter(EresourcePackage.eINSTANCE))); Role adminRole = realm.addRole("Administration"); - for (EClass eClass : EMFUtil.getConcreteClasses(SecurityPackage.eINSTANCE)) - { - if (eClass != SecurityPackage.Literals.USER_PASSWORD) - { - ClassPermission permission = SecurityFactory.eINSTANCE.createClassPermission(eClass, Access.WRITE); - adminRole.getPermissions().add(permission); - } - } + adminRole.getPermissions().add( + factory.createFilterPermission( + Access.WRITE, + factory.createAndFilter(factory.createResourceFilter(realmPath), + factory.createNotFilter(factory.createClassFilter(SecurityPackage.Literals.USER_PASSWORD))))); // Create groups @@ -516,6 +527,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage User adminUser = realm.addUser("Administrator", "0000"); adminUser.getGroups().add(adminsGroup); + OM.LOG.info("Security realm " + realmPath + " created"); return realm; } diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java new file mode 100644 index 0000000000..a76324acc9 --- /dev/null +++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Eike Stepper - initial API and implementation + */ +package org.eclipse.emf.cdo.server.internal.security; + +import org.eclipse.emf.cdo.server.security.ISecurityManager; +import org.eclipse.emf.cdo.server.security.SecurityManagerUtil; +import org.eclipse.emf.cdo.spi.server.CDOCommand; +import org.eclipse.emf.cdo.spi.server.InternalRepository; + +/** + * @author Eike Stepper + */ +public abstract class SecurityManagerCommand extends CDOCommand.WithRepository +{ + public SecurityManagerCommand(String name, String description, CommandParameter... parameters) + { + super(name, description, parameters); + } + + public SecurityManagerCommand(String name, String description) + { + super(name, description); + } + + @Override + public void execute(InternalRepository repository, String[] args) throws Exception + { + ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(repository); + if (securityManager == null) + { + throw new CommandException("Security manager not found for " + repository); + } + + execute(securityManager, args); + } + + protected abstract void execute(ISecurityManager securityManager, String[] args); + + /** + * @author Eike Stepper + */ + public static final class AddUser extends SecurityManagerCommand + { + public AddUser() + { + super("adduser", "adds a user to the security realm of a repository", parameter("username"), optional("password")); + } + + @Override + protected void execute(ISecurityManager securityManager, String[] args) + { + String username = args[0]; + String password = args[1]; + if (password != null) + { + securityManager.addUser(username, password); + } + else + { + securityManager.addUser(username); + } + + println("User " + username + " added"); + } + } + + /** + * @author Eike Stepper + */ + public static final class SetPassword extends SecurityManagerCommand + { + public SetPassword() + { + super("setpassword", "sets or unsets the password of a repository user", parameter("username"), + optional("password")); + } + + @Override + protected void execute(ISecurityManager securityManager, String[] args) + { + String username = args[0]; + String password = args[1]; + securityManager.setPassword(username, password); + + println("Password of user " + username + (password != null ? " set" : " unset")); + } + } +} diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java deleted file mode 100644 index 902b635a35..0000000000 --- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others. - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - * - * Contributors: - * Eike Stepper - initial API and implementation - */ -package org.eclipse.emf.cdo.server.internal.security.bundle; - -import org.eclipse.emf.cdo.server.security.ISecurityManager; -import org.eclipse.emf.cdo.server.security.SecurityManagerUtil; -import org.eclipse.emf.cdo.spi.server.CDOCommand; -import org.eclipse.emf.cdo.spi.server.InternalRepository; - -import org.eclipse.net4j.util.factory.ProductCreationException; - -/** - * @author Eike Stepper - */ -public class AddUserCommand extends CDOCommand.WithRepository -{ - public static final String NAME = "adduser"; - - public AddUserCommand() - { - super(NAME, "adds a user to the security realm of a repository", parameter("username"), optional("password")); - } - - @Override - public void execute(InternalRepository repository, String[] args) throws Exception - { - ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(repository); - if (securityManager == null) - { - throw new CommandException("Security manager not found for " + repository); - } - - String username = args[0]; - String password = args[1]; - if (password != null) - { - securityManager.addUser(username, password); - } - else - { - securityManager.addUser(username); - } - - println("User " + username + " added"); - } - - /** - * @author Eike Stepper - */ - public static class Factory extends CDOCommand.Factory - { - public Factory() - { - super(NAME); - } - - @Override - public CDOCommand create(String description) throws ProductCreationException - { - return new AddUserCommand(); - } - } -} |