Search in sources :

Example 6 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class SessionMonitor method sessionDestroyed.

/**
 * Removes the user's WikiSession from the internal session cache when the web
 * container destroys an HTTP session.
 * @param se the HTTP session event
 */
public void sessionDestroyed(HttpSessionEvent se) {
    HttpSession session = se.getSession();
    Iterator<SessionMonitor> it = c_monitors.values().iterator();
    while (it.hasNext()) {
        SessionMonitor monitor = it.next();
        WikiSession storedSession = monitor.findSession(session);
        monitor.remove(session);
        log.debug("Removed session " + session.getId() + ".");
        if (storedSession != null) {
            fireEvent(WikiSecurityEvent.SESSION_EXPIRED, storedSession.getLoginPrincipal(), storedSession);
        }
    }
}
Also used : WikiSession(org.apache.wiki.WikiSession) HttpSession(javax.servlet.http.HttpSession)

Example 7 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class SessionMonitor method userPrincipals.

/**
 * <p>Returns the current wiki users as a sorted array of
 * Principal objects. The principals are those returned by
 * each WikiSession's {@link WikiSession#getUserPrincipal()}'s
 * method.</p>
 * <p>To obtain the list of current WikiSessions, we iterate
 * through our session Map and obtain the list of values,
 * which are WikiSessions wrapped in {@link java.lang.ref.WeakReference}
 * objects. Those <code>WeakReference</code>s whose <code>get()</code>
 * method returns non-<code>null</code> values are valid
 * sessions.</p>
 * @return the array of user principals
 */
public final Principal[] userPrincipals() {
    Collection<Principal> principals = new ArrayList<Principal>();
    synchronized (m_sessions) {
        for (WikiSession session : m_sessions.values()) {
            principals.add(session.getUserPrincipal());
        }
    }
    Principal[] p = principals.toArray(new Principal[principals.size()]);
    Arrays.sort(p, m_comparator);
    return p;
}
Also used : WikiSession(org.apache.wiki.WikiSession) ArrayList(java.util.ArrayList) Principal(java.security.Principal)

Example 8 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class SessionMonitor method findSession.

/**
 *  Just looks for a WikiSession; does not create a new one.
 * This method may return <code>null</code>, <em>and
 * callers should check for this value</em>.
 *
 *  @param session the user's HTTP session
 *  @return the WikiSession, if found
 */
private WikiSession findSession(HttpSession session) {
    WikiSession wikiSession = null;
    String sid = (session == null) ? "(null)" : session.getId();
    WikiSession storedSession = m_sessions.get(sid);
    // If the weak reference returns a wiki session, return it
    if (storedSession != null) {
        if (log.isDebugEnabled()) {
            log.debug("Looking up WikiSession for session ID=" + sid + "... found it");
        }
        wikiSession = storedSession;
    }
    return wikiSession;
}
Also used : WikiSession(org.apache.wiki.WikiSession)

Example 9 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class AuthorizationManagerTest method testDefaultPermissions.

/**
 * Tests the default policy. Anonymous users can read, Authenticated can
 * edit, etc. Uses the default tests/etc/jspwiki.policy file installed by
 * the JRE at startup.
 * @throws Exception
 */
@Test
public void testDefaultPermissions() throws Exception {
    // Save a page without an ACL
    m_engine.saveText("TestDefaultPage", "Foo");
    Permission view = PermissionFactory.getPagePermission("*:TestDefaultPage", "view");
    Permission edit = PermissionFactory.getPagePermission("*:TestDefaultPage", "edit");
    WikiSession session;
    // Alice is asserted
    session = WikiSessionTest.assertedSession(m_engine, Users.ALICE);
    Assert.assertTrue("Alice view", m_auth.checkPermission(session, view));
    Assert.assertTrue("Alice edit", m_auth.checkPermission(session, edit));
    // Bob is logged in
    session = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
    Assert.assertTrue("Bob view", m_auth.checkPermission(session, view));
    Assert.assertTrue("Bob edit", m_auth.checkPermission(session, edit));
    // Delete the test page
    try {
        m_engine.deletePage("TestDefaultPage");
    } catch (ProviderException e) {
        Assert.assertTrue(false);
    }
}
Also used : WikiSession(org.apache.wiki.WikiSession) ProviderException(org.apache.wiki.api.exceptions.ProviderException) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) PagePermission(org.apache.wiki.auth.permissions.PagePermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 10 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class AuthorizationManagerTest method testRoleAcl.

@Test
public void testRoleAcl() throws Exception {
    // Create test page & attachment
    String src = "[{ALLOW edit Authenticated}] ";
    m_engine.saveText("Test", src);
    WikiPage p = m_engine.getPage("Test");
    Permission view = PermissionFactory.getPagePermission(p, "view");
    Permission edit = PermissionFactory.getPagePermission(p, "edit");
    // Create session with authenticated user 'Alice', who can read & edit
    WikiSession session;
    session = WikiSessionTest.authenticatedSession(m_engine, Users.ALICE, Users.ALICE_PASS);
    Assert.assertTrue("Alice view Test", m_auth.checkPermission(session, view));
    Assert.assertTrue("Alice edit Test", m_auth.checkPermission(session, edit));
    // Create session with asserted user 'Bob', who can't read or edit (not in ACL)
    session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
    Assert.assertFalse("Bob !view Test", m_auth.checkPermission(session, view));
    Assert.assertFalse("Bob !edit Test", m_auth.checkPermission(session, edit));
    // Cleanup
    try {
        m_engine.deletePage("Test");
    } catch (ProviderException e) {
        Assert.assertTrue(false);
    }
}
Also used : WikiSession(org.apache.wiki.WikiSession) ProviderException(org.apache.wiki.api.exceptions.ProviderException) WikiPage(org.apache.wiki.WikiPage) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) PagePermission(org.apache.wiki.auth.permissions.PagePermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Aggregations

WikiSession (org.apache.wiki.WikiSession)40 WikiSessionTest (org.apache.wiki.WikiSessionTest)23 Test (org.junit.Test)23 Principal (java.security.Principal)15 UserProfile (org.apache.wiki.auth.user.UserProfile)9 AllPermission (org.apache.wiki.auth.permissions.AllPermission)8 PagePermission (org.apache.wiki.auth.permissions.PagePermission)8 Group (org.apache.wiki.auth.authorize.Group)7 Permission (java.security.Permission)6 UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)6 WikiPermission (org.apache.wiki.auth.permissions.WikiPermission)6 WikiPage (org.apache.wiki.WikiPage)5 Role (org.apache.wiki.auth.authorize.Role)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 Collection (java.util.Collection)3 HttpSession (javax.servlet.http.HttpSession)3 ProviderException (org.apache.wiki.api.exceptions.ProviderException)3 Attachment (org.apache.wiki.attachment.Attachment)3 GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)3 File (java.io.File)2