Search in sources :

Example 51 with Permission

use of java.security.Permission in project jspwiki by apache.

the class PageManager method changeAcl.

/**
 * For a single wiki page, replaces all Acl entries matching a supplied array of Principals
 * with a new Principal.
 *
 * @param page          the wiki page whose Acl is to be modified
 * @param oldPrincipals an array of Principals to replace; all AclEntry objects whose
 *                      {@link AclEntry#getPrincipal()} method returns one of these Principals will be replaced
 * @param newPrincipal  the Principal that should receive the old Principals' permissions
 * @return <code>true</code> if the Acl was actually changed; <code>false</code> otherwise
 */
protected boolean changeAcl(WikiPage page, Principal[] oldPrincipals, Principal newPrincipal) {
    Acl acl = page.getAcl();
    boolean pageChanged = false;
    if (acl != null) {
        Enumeration<AclEntry> entries = acl.entries();
        Collection<AclEntry> entriesToAdd = new ArrayList<AclEntry>();
        Collection<AclEntry> entriesToRemove = new ArrayList<AclEntry>();
        while (entries.hasMoreElements()) {
            AclEntry entry = entries.nextElement();
            if (ArrayUtils.contains(oldPrincipals, entry.getPrincipal())) {
                // Create new entry
                AclEntry newEntry = new AclEntryImpl();
                newEntry.setPrincipal(newPrincipal);
                Enumeration<Permission> permissions = entry.permissions();
                while (permissions.hasMoreElements()) {
                    Permission permission = permissions.nextElement();
                    newEntry.addPermission(permission);
                }
                pageChanged = true;
                entriesToRemove.add(entry);
                entriesToAdd.add(newEntry);
            }
        }
        for (Iterator<AclEntry> ix = entriesToRemove.iterator(); ix.hasNext(); ) {
            AclEntry entry = ix.next();
            acl.removeEntry(entry);
        }
        for (Iterator<AclEntry> ix = entriesToAdd.iterator(); ix.hasNext(); ) {
            AclEntry entry = ix.next();
            acl.addEntry(entry);
        }
    }
    return pageChanged;
}
Also used : AclEntry(org.apache.wiki.auth.acl.AclEntry) ArrayList(java.util.ArrayList) Permission(java.security.Permission) AclEntryImpl(org.apache.wiki.auth.acl.AclEntryImpl) Acl(org.apache.wiki.auth.acl.Acl)

Example 52 with Permission

use of java.security.Permission in project jspwiki by apache.

the class SecurityVerifier method policyRoleTable.

/**
 * Formats and returns an HTML table containing sample permissions and what
 * roles are allowed to have them. This method will throw an
 * {@link IllegalStateException} if the authorizer is not of type
 * {@link org.apache.wiki.auth.authorize.WebContainerAuthorizer}
 * @return the formatted HTML table containing the result of the tests
 */
public String policyRoleTable() {
    Principal[] roles = m_policyPrincipals;
    String wiki = m_engine.getApplicationName();
    String[] pages = new String[] { "Main", "Index", "GroupTest", "GroupAdmin" };
    String[] pageActions = new String[] { "view", "edit", "modify", "rename", "delete" };
    String[] groups = new String[] { "Admin", "TestGroup", "Foo" };
    String[] groupActions = new String[] { "view", "edit", null, null, "delete" };
    // Calculate column widths
    String colWidth;
    if (pageActions.length > 0 && roles.length > 0) {
        colWidth = (67f / (pageActions.length * roles.length)) + "%";
    } else {
        colWidth = "67%";
    }
    StringBuilder s = new StringBuilder();
    // Write the table header
    s.append("<table class=\"wikitable\" border=\"1\">\n");
    s.append("  <colgroup span=\"1\" width=\"33%\"/>\n");
    s.append("  <colgroup span=\"" + pageActions.length * roles.length + "\" width=\"" + colWidth + "\" align=\"center\"/>\n");
    s.append("  <tr>\n");
    s.append("    <th rowspan=\"2\" valign=\"bottom\">Permission</th>\n");
    for (int i = 0; i < roles.length; i++) {
        s.append("    <th colspan=\"" + pageActions.length + "\" title=\"" + roles[i].getClass().getName() + "\">" + roles[i].getName() + "</th>\n");
    }
    s.append("  </tr>\n");
    // Print a column for each role
    s.append("  <tr>\n");
    for (int i = 0; i < roles.length; i++) {
        for (String pageAction : pageActions) {
            String action = pageAction.substring(0, 1);
            s.append("    <th title=\"" + pageAction + "\">" + action + "</th>\n");
        }
    }
    s.append("  </tr>\n");
    // Write page permission tests first
    for (String page : pages) {
        s.append("  <tr>\n");
        s.append("    <td>PagePermission \"" + wiki + ":" + page + "\"</td>\n");
        for (Principal role : roles) {
            for (String pageAction : pageActions) {
                Permission permission = PermissionFactory.getPagePermission(wiki + ":" + page, pageAction);
                s.append(printPermissionTest(permission, role, 1));
            }
        }
        s.append("  </tr>\n");
    }
    // Now do the group tests
    for (String group : groups) {
        s.append("  <tr>\n");
        s.append("    <td>GroupPermission \"" + wiki + ":" + group + "\"</td>\n");
        for (Principal role : roles) {
            for (String groupAction : groupActions) {
                Permission permission = null;
                if (groupAction != null) {
                    permission = new GroupPermission(wiki + ":" + group, groupAction);
                }
                s.append(printPermissionTest(permission, role, 1));
            }
        }
        s.append("  </tr>\n");
    }
    // Now check the wiki-wide permissions
    String[] wikiPerms = new String[] { "createGroups", "createPages", "login", "editPreferences", "editProfile" };
    for (String wikiPerm : wikiPerms) {
        s.append("  <tr>\n");
        s.append("    <td>WikiPermission \"" + wiki + "\",\"" + wikiPerm + "\"</td>\n");
        for (Principal role : roles) {
            Permission permission = new WikiPermission(wiki, wikiPerm);
            s.append(printPermissionTest(permission, role, pageActions.length));
        }
        s.append("  </tr>\n");
    }
    // Lastly, check for AllPermission
    s.append("  <tr>\n");
    s.append("    <td>AllPermission \"" + wiki + "\"</td>\n");
    for (Principal role : roles) {
        Permission permission = new AllPermission(wiki);
        s.append(printPermissionTest(permission, role, pageActions.length));
    }
    s.append("  </tr>\n");
    // We're done!
    s.append("</table>");
    return s.toString();
}
Also used : WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) GroupPermission(org.apache.wiki.auth.permissions.GroupPermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) GroupPermission(org.apache.wiki.auth.permissions.GroupPermission) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) Principal(java.security.Principal)

Example 53 with Permission

use of java.security.Permission in project jspwiki by apache.

the class AclImpl method toString.

/**
 * Returns a string representation of the contents of this Acl.
 * @return the string representation
 */
public String toString() {
    StringBuilder sb = new StringBuilder();
    for (AclEntry entry : m_entries) {
        Principal pal = entry.getPrincipal();
        if (pal != null)
            sb.append("  user = " + pal.getName() + ": ");
        else
            sb.append("  user = null: ");
        sb.append("(");
        for (Enumeration<Permission> perms = entry.permissions(); perms.hasMoreElements(); ) {
            Permission perm = perms.nextElement();
            sb.append(perm.toString());
        }
        sb.append(")\n");
    }
    return sb.toString();
}
Also used : Permission(java.security.Permission) Principal(java.security.Principal)

Example 54 with Permission

use of java.security.Permission in project jspwiki by apache.

the class AclImpl method findPrincipals.

/**
 * Returns all Principal objects assigned a given Permission in the access
 * control list. The Principals returned are those that have been granted
 * either the supplied permission, or a permission implied by the supplied
 * permission. Principals are not "expanded" if they are a role or group.
 * @param permission the permission to search for
 * @return an array of Principals possessing the permission
 */
public Principal[] findPrincipals(Permission permission) {
    Vector<Principal> principals = new Vector<Principal>();
    Enumeration<AclEntry> entries = entries();
    while (entries.hasMoreElements()) {
        AclEntry entry = entries.nextElement();
        Enumeration<Permission> permissions = entry.permissions();
        while (permissions.hasMoreElements()) {
            Permission perm = permissions.nextElement();
            if (perm.implies(permission)) {
                principals.add(entry.getPrincipal());
            }
        }
    }
    return principals.toArray(new Principal[principals.size()]);
}
Also used : Permission(java.security.Permission) Vector(java.util.Vector) Principal(java.security.Principal)

Example 55 with Permission

use of java.security.Permission in project jspwiki by apache.

the class AuthorizationManagerTest method testDefaultPermissions.

/**
 * Tests the default policy. Anonymous users can read, Authenticated can
 * edit, etc. Uses the default tests/etc/jspwiki.policy file installed by
 * the JRE at startup.
 * @throws Exception
 */
@Test
public void testDefaultPermissions() throws Exception {
    // Save a page without an ACL
    m_engine.saveText("TestDefaultPage", "Foo");
    Permission view = PermissionFactory.getPagePermission("*:TestDefaultPage", "view");
    Permission edit = PermissionFactory.getPagePermission("*:TestDefaultPage", "edit");
    WikiSession session;
    // Alice is asserted
    session = WikiSessionTest.assertedSession(m_engine, Users.ALICE);
    Assert.assertTrue("Alice view", m_auth.checkPermission(session, view));
    Assert.assertTrue("Alice edit", m_auth.checkPermission(session, edit));
    // Bob is logged in
    session = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
    Assert.assertTrue("Bob view", m_auth.checkPermission(session, view));
    Assert.assertTrue("Bob edit", m_auth.checkPermission(session, edit));
    // Delete the test page
    try {
        m_engine.deletePage("TestDefaultPage");
    } catch (ProviderException e) {
        Assert.assertTrue(false);
    }
}
Also used : WikiSession(org.apache.wiki.WikiSession) ProviderException(org.apache.wiki.api.exceptions.ProviderException) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) PagePermission(org.apache.wiki.auth.permissions.PagePermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Aggregations

Permission (java.security.Permission)236 Test (org.junit.Test)55 PermissionCollection (java.security.PermissionCollection)39 FilePermission (java.io.FilePermission)38 Permissions (java.security.Permissions)31 ProtectionDomain (java.security.ProtectionDomain)27 IOException (java.io.IOException)20 AllPermission (java.security.AllPermission)20 QuickTest (com.hazelcast.test.annotation.QuickTest)17 File (java.io.File)17 URL (java.net.URL)16 AccessControlException (java.security.AccessControlException)14 Principal (java.security.Principal)14 PropertyPermission (java.util.PropertyPermission)14 Policy (java.security.Policy)13 MBeanPermission (javax.management.MBeanPermission)13 AccessControlContext (java.security.AccessControlContext)12 CodeSource (java.security.CodeSource)11 SecurityPermission (java.security.SecurityPermission)11 ArrayList (java.util.ArrayList)10