Example 1 with WikiSession
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class AuthenticationManagerTest method testLoginCustom.
@Test
public void testLoginCustom() throws Exception {
WikiSession session = WikiSessionTest.authenticatedSession(m_engine, Users.JANNE, Users.JANNE_PASS);
Assert.assertTrue(session.hasPrincipal(Role.ALL));
Assert.assertTrue(session.hasPrincipal(Role.AUTHENTICATED));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal(Users.JANNE, WikiPrincipal.LOGIN_NAME)));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("Janne Jalkanen", WikiPrincipal.FULL_NAME)));
}
Also used :
WikiSession(org.apache.wiki.WikiSession)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.Test)
Example 2 with WikiSession
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class AuthenticationManagerTest method testLoginCustomWithGroup.
@Test
public void testLoginCustomWithGroup() throws Exception {
// perhaps)
try {
m_groupMgr.removeGroup("Test1");
m_groupMgr.removeGroup("Test2");
} catch (NoSuchPrincipalException e) {
}
// Log in 'janne' and verify there are 5 principals in the subject
// (ALL, AUTHENTICATED, login, fullname, wikiname Principals)
WikiSession session = WikiSession.guestSession(m_engine);
m_auth.login(session, null, Users.JANNE, Users.JANNE_PASS);
Assert.assertEquals(3, session.getPrincipals().length);
Assert.assertEquals(2, session.getRoles().length);
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
// Listen for any manager group-add events
GroupManager manager = m_engine.getGroupManager();
SecurityEventTrap trap = new SecurityEventTrap();
manager.addWikiEventListener(trap);
// Create two groups; one with Janne in it, and one without
Group groupTest1 = m_groupMgr.parseGroup("Test1", "JanneJalkanen \n Bob \n Charlie", true);
m_groupMgr.setGroup(m_session, groupTest1);
groupTest1 = m_groupMgr.getGroup("Test1");
Principal principalTest1 = groupTest1.getPrincipal();
Group groupTest2 = m_groupMgr.parseGroup("Test2", "Alice \n Bob \n Charlie", true);
m_groupMgr.setGroup(m_session, groupTest2);
groupTest2 = m_groupMgr.getGroup("Test2");
Principal principalTest2 = groupTest2.getPrincipal();
// We should see two security events (one for each group create)
// We should also see a GroupPrincipal for group Test1, but not Test2
Assert.assertEquals(2, trap.events().length);
Assert.assertTrue(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// If we remove Test1, the GroupPrincipal should disappear
m_groupMgr.removeGroup("Test1");
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// Now, add 'JanneJalkanen' to Test2 group manually; we should see the
// GroupPrincipal
groupTest2.add(new WikiPrincipal("JanneJalkanen"));
m_groupMgr.setGroup(session, groupTest2);
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertTrue(session.hasPrincipal(principalTest2));
// Remove 'JanneJalkenen' manually; the GroupPrincipal should disappear
groupTest2.remove(new WikiPrincipal("JanneJalkanen"));
m_groupMgr.setGroup(session, groupTest2);
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// Clean up
m_groupMgr.removeGroup("Test2");
}
Also used :
WikiSession(org.apache.wiki.WikiSession)
Group(org.apache.wiki.auth.authorize.Group)
GroupManager(org.apache.wiki.auth.authorize.GroupManager)
Principal(java.security.Principal)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.Test)
Example 3 with WikiSession
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class UserBean method doPost.
public String doPost(WikiContext context) {
HttpServletRequest request = context.getHttpRequest();
WikiSession session = context.getWikiSession();
UserManager mgr = context.getEngine().getUserManager();
String loginid = request.getParameter("loginid");
String loginname = request.getParameter("loginname");
String fullname = request.getParameter("fullname");
String password = request.getParameter("password");
String password2 = request.getParameter("password2");
String email = request.getParameter("email");
if (request.getParameter("action").equalsIgnoreCase("remove")) {
try {
mgr.getUserDatabase().deleteByLoginName(loginid);
session.addMessage("User profile " + loginid + " (" + fullname + ") has been deleted");
} catch (NoSuchPrincipalException e) {
session.addMessage("User profile has already been removed");
} catch (WikiSecurityException e) {
session.addMessage("Security problem: " + e);
}
return "";
}
if (password != null && password.length() > 0 && !password.equals(password2)) {
session.addMessage("Passwords do not match!");
return "";
}
UserProfile p;
if (loginid.equals("--New--")) {
// Create new user
p = mgr.getUserDatabase().newProfile();
p.setCreated(new Date());
} else {
try {
p = mgr.getUserDatabase().findByLoginName(loginid);
} catch (NoSuchPrincipalException e) {
session.addMessage("I could not find user profile " + loginid);
return "";
}
}
p.setEmail(email);
p.setFullname(fullname);
if (password != null && password.length() > 0)
p.setPassword(password);
p.setLoginName(loginname);
try {
mgr.getUserDatabase().save(p);
} catch (WikiSecurityException e) {
session.addMessage("Unable to save " + e.getMessage());
}
session.addMessage("User profile has been updated");
return "";
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WikiSession(org.apache.wiki.WikiSession)
WikiSecurityException(org.apache.wiki.auth.WikiSecurityException)
UserProfile(org.apache.wiki.auth.user.UserProfile)
UserManager(org.apache.wiki.auth.UserManager)
NoSuchPrincipalException(org.apache.wiki.auth.NoSuchPrincipalException)
Date(java.util.Date)
Example 4 with WikiSession
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class UserCheckTag method doWikiStartTag.
/**
* {@inheritDoc}
* @see org.apache.wiki.tags.WikiTagBase#doWikiStartTag()
*/
@Override
public final int doWikiStartTag() throws IOException {
WikiSession session = m_wikiContext.getWikiSession();
String status = session.getStatus();
AuthenticationManager mgr = m_wikiContext.getEngine().getAuthenticationManager();
boolean containerAuth = mgr.isContainerAuthenticated();
boolean cookieAssertions = mgr.allowsCookieAssertions();
if (m_status != null) {
if (ANONYMOUS.equals(m_status)) {
if (status.equals(WikiSession.ANONYMOUS)) {
return EVAL_BODY_INCLUDE;
}
} else if (AUTHENTICATED.equals(m_status)) {
if (status.equals(WikiSession.AUTHENTICATED)) {
return EVAL_BODY_INCLUDE;
}
} else if (ASSERTED.equals(m_status)) {
if (status.equals(WikiSession.ASSERTED)) {
return EVAL_BODY_INCLUDE;
}
} else if (ASSERTIONS_ALLOWED.equals(m_status)) {
if (cookieAssertions) {
return EVAL_BODY_INCLUDE;
}
return SKIP_BODY;
} else if (ASSERTIONS_NOT_ALLOWED.equals(m_status)) {
if (!cookieAssertions) {
return EVAL_BODY_INCLUDE;
}
return SKIP_BODY;
} else if (CONTAINER_AUTH.equals(m_status)) {
if (containerAuth) {
return EVAL_BODY_INCLUDE;
}
return SKIP_BODY;
} else if (CUSTOM_AUTH.equals(m_status)) {
if (!containerAuth) {
return EVAL_BODY_INCLUDE;
}
return SKIP_BODY;
} else if (KNOWN.equals(m_status)) {
if (!session.isAnonymous()) {
return EVAL_BODY_INCLUDE;
}
return SKIP_BODY;
} else if (NOT_AUTHENTICATED.equals(m_status)) {
if (!status.equals(WikiSession.AUTHENTICATED)) {
return EVAL_BODY_INCLUDE;
}
}
}
return SKIP_BODY;
}
Also used :
AuthenticationManager(org.apache.wiki.auth.AuthenticationManager)
WikiSession(org.apache.wiki.WikiSession)
Example 5 with WikiSession
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class PermissionTag method checkPermission.
/**
* Checks a single permission.
*
* @param permission
* @return true if granted, false if not
*/
private boolean checkPermission(String permission) {
WikiSession session = m_wikiContext.getWikiSession();
WikiPage page = m_wikiContext.getPage();
AuthorizationManager mgr = m_wikiContext.getEngine().getAuthorizationManager();
boolean gotPermission = false;
if (CREATE_GROUPS.equals(permission) || CREATE_PAGES.equals(permission) || EDIT_PREFERENCES.equals(permission) || EDIT_PROFILE.equals(permission) || LOGIN.equals(permission)) {
gotPermission = mgr.checkPermission(session, new WikiPermission(page.getWiki(), permission));
} else if (VIEW_GROUP.equals(permission) || EDIT_GROUP.equals(permission) || DELETE_GROUP.equals(permission)) {
Command command = m_wikiContext.getCommand();
gotPermission = false;
if (command instanceof GroupCommand && command.getTarget() != null) {
GroupPrincipal group = (GroupPrincipal) command.getTarget();
String groupName = group.getName();
String action = "view";
if (EDIT_GROUP.equals(permission)) {
action = "edit";
} else if (DELETE_GROUP.equals(permission)) {
action = "delete";
}
gotPermission = mgr.checkPermission(session, new GroupPermission(groupName, action));
}
} else if (ALL_PERMISSION.equals(permission)) {
gotPermission = mgr.checkPermission(session, new AllPermission(m_wikiContext.getEngine().getApplicationName()));
} else if (page != null) {
//
if (EDIT.equals(permission)) {
WikiPage latest = m_wikiContext.getEngine().getPage(page.getName());
if (page.getVersion() != WikiProvider.LATEST_VERSION && latest.getVersion() != page.getVersion()) {
return false;
}
}
Permission p = PermissionFactory.getPagePermission(page, permission);
gotPermission = mgr.checkPermission(session, p);
}
return gotPermission;
}
Also used :
WikiSession(org.apache.wiki.WikiSession)
GroupCommand(org.apache.wiki.ui.GroupCommand)
Command(org.apache.wiki.ui.Command)
GroupCommand(org.apache.wiki.ui.GroupCommand)
GroupPrincipal(org.apache.wiki.auth.GroupPrincipal)
WikiPage(org.apache.wiki.WikiPage)
WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
Permission(java.security.Permission)
GroupPermission(org.apache.wiki.auth.permissions.GroupPermission)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
GroupPermission(org.apache.wiki.auth.permissions.GroupPermission)
AuthorizationManager(org.apache.wiki.auth.AuthorizationManager)
WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)
Aggregations
WikiSession (org.apache.wiki.WikiSession)40
WikiSessionTest (org.apache.wiki.WikiSessionTest)23
Test (org.junit.Test)23
Principal (java.security.Principal)15
UserProfile (org.apache.wiki.auth.user.UserProfile)9
AllPermission (org.apache.wiki.auth.permissions.AllPermission)8
PagePermission (org.apache.wiki.auth.permissions.PagePermission)8
Group (org.apache.wiki.auth.authorize.Group)7
Permission (java.security.Permission)6
UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)6
WikiPermission (org.apache.wiki.auth.permissions.WikiPermission)6
WikiPage (org.apache.wiki.WikiPage)5
Role (org.apache.wiki.auth.authorize.Role)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
Collection (java.util.Collection)3
HttpSession (javax.servlet.http.HttpSession)3
ProviderException (org.apache.wiki.api.exceptions.ProviderException)3
Attachment (org.apache.wiki.attachment.Attachment)3
GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)3
File (java.io.File)2
