use of java.security.Permission in project jspwiki by apache.
the class PageManager method changeAcl.
/**
* For a single wiki page, replaces all Acl entries matching a supplied array of Principals
* with a new Principal.
*
* @param page the wiki page whose Acl is to be modified
* @param oldPrincipals an array of Principals to replace; all AclEntry objects whose
* {@link AclEntry#getPrincipal()} method returns one of these Principals will be replaced
* @param newPrincipal the Principal that should receive the old Principals' permissions
* @return <code>true</code> if the Acl was actually changed; <code>false</code> otherwise
*/
protected boolean changeAcl(WikiPage page, Principal[] oldPrincipals, Principal newPrincipal) {
Acl acl = page.getAcl();
boolean pageChanged = false;
if (acl != null) {
Enumeration<AclEntry> entries = acl.entries();
Collection<AclEntry> entriesToAdd = new ArrayList<AclEntry>();
Collection<AclEntry> entriesToRemove = new ArrayList<AclEntry>();
while (entries.hasMoreElements()) {
AclEntry entry = entries.nextElement();
if (ArrayUtils.contains(oldPrincipals, entry.getPrincipal())) {
// Create new entry
AclEntry newEntry = new AclEntryImpl();
newEntry.setPrincipal(newPrincipal);
Enumeration<Permission> permissions = entry.permissions();
while (permissions.hasMoreElements()) {
Permission permission = permissions.nextElement();
newEntry.addPermission(permission);
}
pageChanged = true;
entriesToRemove.add(entry);
entriesToAdd.add(newEntry);
}
}
for (Iterator<AclEntry> ix = entriesToRemove.iterator(); ix.hasNext(); ) {
AclEntry entry = ix.next();
acl.removeEntry(entry);
}
for (Iterator<AclEntry> ix = entriesToAdd.iterator(); ix.hasNext(); ) {
AclEntry entry = ix.next();
acl.addEntry(entry);
}
}
return pageChanged;
}
use of java.security.Permission in project jspwiki by apache.
the class SecurityVerifier method policyRoleTable.
/**
* Formats and returns an HTML table containing sample permissions and what
* roles are allowed to have them. This method will throw an
* {@link IllegalStateException} if the authorizer is not of type
* {@link org.apache.wiki.auth.authorize.WebContainerAuthorizer}
* @return the formatted HTML table containing the result of the tests
*/
public String policyRoleTable() {
Principal[] roles = m_policyPrincipals;
String wiki = m_engine.getApplicationName();
String[] pages = new String[] { "Main", "Index", "GroupTest", "GroupAdmin" };
String[] pageActions = new String[] { "view", "edit", "modify", "rename", "delete" };
String[] groups = new String[] { "Admin", "TestGroup", "Foo" };
String[] groupActions = new String[] { "view", "edit", null, null, "delete" };
// Calculate column widths
String colWidth;
if (pageActions.length > 0 && roles.length > 0) {
colWidth = (67f / (pageActions.length * roles.length)) + "%";
} else {
colWidth = "67%";
}
StringBuilder s = new StringBuilder();
// Write the table header
s.append("<table class=\"wikitable\" border=\"1\">\n");
s.append(" <colgroup span=\"1\" width=\"33%\"/>\n");
s.append(" <colgroup span=\"" + pageActions.length * roles.length + "\" width=\"" + colWidth + "\" align=\"center\"/>\n");
s.append(" <tr>\n");
s.append(" <th rowspan=\"2\" valign=\"bottom\">Permission</th>\n");
for (int i = 0; i < roles.length; i++) {
s.append(" <th colspan=\"" + pageActions.length + "\" title=\"" + roles[i].getClass().getName() + "\">" + roles[i].getName() + "</th>\n");
}
s.append(" </tr>\n");
// Print a column for each role
s.append(" <tr>\n");
for (int i = 0; i < roles.length; i++) {
for (String pageAction : pageActions) {
String action = pageAction.substring(0, 1);
s.append(" <th title=\"" + pageAction + "\">" + action + "</th>\n");
}
}
s.append(" </tr>\n");
// Write page permission tests first
for (String page : pages) {
s.append(" <tr>\n");
s.append(" <td>PagePermission \"" + wiki + ":" + page + "\"</td>\n");
for (Principal role : roles) {
for (String pageAction : pageActions) {
Permission permission = PermissionFactory.getPagePermission(wiki + ":" + page, pageAction);
s.append(printPermissionTest(permission, role, 1));
}
}
s.append(" </tr>\n");
}
// Now do the group tests
for (String group : groups) {
s.append(" <tr>\n");
s.append(" <td>GroupPermission \"" + wiki + ":" + group + "\"</td>\n");
for (Principal role : roles) {
for (String groupAction : groupActions) {
Permission permission = null;
if (groupAction != null) {
permission = new GroupPermission(wiki + ":" + group, groupAction);
}
s.append(printPermissionTest(permission, role, 1));
}
}
s.append(" </tr>\n");
}
// Now check the wiki-wide permissions
String[] wikiPerms = new String[] { "createGroups", "createPages", "login", "editPreferences", "editProfile" };
for (String wikiPerm : wikiPerms) {
s.append(" <tr>\n");
s.append(" <td>WikiPermission \"" + wiki + "\",\"" + wikiPerm + "\"</td>\n");
for (Principal role : roles) {
Permission permission = new WikiPermission(wiki, wikiPerm);
s.append(printPermissionTest(permission, role, pageActions.length));
}
s.append(" </tr>\n");
}
// Lastly, check for AllPermission
s.append(" <tr>\n");
s.append(" <td>AllPermission \"" + wiki + "\"</td>\n");
for (Principal role : roles) {
Permission permission = new AllPermission(wiki);
s.append(printPermissionTest(permission, role, pageActions.length));
}
s.append(" </tr>\n");
// We're done!
s.append("</table>");
return s.toString();
}
use of java.security.Permission in project jspwiki by apache.
the class AclImpl method toString.
/**
* Returns a string representation of the contents of this Acl.
* @return the string representation
*/
public String toString() {
StringBuilder sb = new StringBuilder();
for (AclEntry entry : m_entries) {
Principal pal = entry.getPrincipal();
if (pal != null)
sb.append(" user = " + pal.getName() + ": ");
else
sb.append(" user = null: ");
sb.append("(");
for (Enumeration<Permission> perms = entry.permissions(); perms.hasMoreElements(); ) {
Permission perm = perms.nextElement();
sb.append(perm.toString());
}
sb.append(")\n");
}
return sb.toString();
}
use of java.security.Permission in project jspwiki by apache.
the class AclImpl method findPrincipals.
/**
* Returns all Principal objects assigned a given Permission in the access
* control list. The Principals returned are those that have been granted
* either the supplied permission, or a permission implied by the supplied
* permission. Principals are not "expanded" if they are a role or group.
* @param permission the permission to search for
* @return an array of Principals possessing the permission
*/
public Principal[] findPrincipals(Permission permission) {
Vector<Principal> principals = new Vector<Principal>();
Enumeration<AclEntry> entries = entries();
while (entries.hasMoreElements()) {
AclEntry entry = entries.nextElement();
Enumeration<Permission> permissions = entry.permissions();
while (permissions.hasMoreElements()) {
Permission perm = permissions.nextElement();
if (perm.implies(permission)) {
principals.add(entry.getPrincipal());
}
}
}
return principals.toArray(new Principal[principals.size()]);
}
use of java.security.Permission in project jspwiki by apache.
the class AuthorizationManagerTest method testDefaultPermissions.
/**
* Tests the default policy. Anonymous users can read, Authenticated can
* edit, etc. Uses the default tests/etc/jspwiki.policy file installed by
* the JRE at startup.
* @throws Exception
*/
@Test
public void testDefaultPermissions() throws Exception {
// Save a page without an ACL
m_engine.saveText("TestDefaultPage", "Foo");
Permission view = PermissionFactory.getPagePermission("*:TestDefaultPage", "view");
Permission edit = PermissionFactory.getPagePermission("*:TestDefaultPage", "edit");
WikiSession session;
// Alice is asserted
session = WikiSessionTest.assertedSession(m_engine, Users.ALICE);
Assert.assertTrue("Alice view", m_auth.checkPermission(session, view));
Assert.assertTrue("Alice edit", m_auth.checkPermission(session, edit));
// Bob is logged in
session = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
Assert.assertTrue("Bob view", m_auth.checkPermission(session, view));
Assert.assertTrue("Bob edit", m_auth.checkPermission(session, edit));
// Delete the test page
try {
m_engine.deletePage("TestDefaultPage");
} catch (ProviderException e) {
Assert.assertTrue(false);
}
}
Aggregations