use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class SessionMonitor method sessionDestroyed.
/**
* Removes the user's WikiSession from the internal session cache when the web
* container destroys an HTTP session.
* @param se the HTTP session event
*/
public void sessionDestroyed(HttpSessionEvent se) {
HttpSession session = se.getSession();
Iterator<SessionMonitor> it = c_monitors.values().iterator();
while (it.hasNext()) {
SessionMonitor monitor = it.next();
WikiSession storedSession = monitor.findSession(session);
monitor.remove(session);
log.debug("Removed session " + session.getId() + ".");
if (storedSession != null) {
fireEvent(WikiSecurityEvent.SESSION_EXPIRED, storedSession.getLoginPrincipal(), storedSession);
}
}
}
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class SessionMonitor method userPrincipals.
/**
* <p>Returns the current wiki users as a sorted array of
* Principal objects. The principals are those returned by
* each WikiSession's {@link WikiSession#getUserPrincipal()}'s
* method.</p>
* <p>To obtain the list of current WikiSessions, we iterate
* through our session Map and obtain the list of values,
* which are WikiSessions wrapped in {@link java.lang.ref.WeakReference}
* objects. Those <code>WeakReference</code>s whose <code>get()</code>
* method returns non-<code>null</code> values are valid
* sessions.</p>
* @return the array of user principals
*/
public final Principal[] userPrincipals() {
Collection<Principal> principals = new ArrayList<Principal>();
synchronized (m_sessions) {
for (WikiSession session : m_sessions.values()) {
principals.add(session.getUserPrincipal());
}
}
Principal[] p = principals.toArray(new Principal[principals.size()]);
Arrays.sort(p, m_comparator);
return p;
}
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class SessionMonitor method findSession.
/**
* Just looks for a WikiSession; does not create a new one.
* This method may return <code>null</code>, <em>and
* callers should check for this value</em>.
*
* @param session the user's HTTP session
* @return the WikiSession, if found
*/
private WikiSession findSession(HttpSession session) {
WikiSession wikiSession = null;
String sid = (session == null) ? "(null)" : session.getId();
WikiSession storedSession = m_sessions.get(sid);
// If the weak reference returns a wiki session, return it
if (storedSession != null) {
if (log.isDebugEnabled()) {
log.debug("Looking up WikiSession for session ID=" + sid + "... found it");
}
wikiSession = storedSession;
}
return wikiSession;
}
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class AuthorizationManagerTest method testDefaultPermissions.
/**
* Tests the default policy. Anonymous users can read, Authenticated can
* edit, etc. Uses the default tests/etc/jspwiki.policy file installed by
* the JRE at startup.
* @throws Exception
*/
@Test
public void testDefaultPermissions() throws Exception {
// Save a page without an ACL
m_engine.saveText("TestDefaultPage", "Foo");
Permission view = PermissionFactory.getPagePermission("*:TestDefaultPage", "view");
Permission edit = PermissionFactory.getPagePermission("*:TestDefaultPage", "edit");
WikiSession session;
// Alice is asserted
session = WikiSessionTest.assertedSession(m_engine, Users.ALICE);
Assert.assertTrue("Alice view", m_auth.checkPermission(session, view));
Assert.assertTrue("Alice edit", m_auth.checkPermission(session, edit));
// Bob is logged in
session = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
Assert.assertTrue("Bob view", m_auth.checkPermission(session, view));
Assert.assertTrue("Bob edit", m_auth.checkPermission(session, edit));
// Delete the test page
try {
m_engine.deletePage("TestDefaultPage");
} catch (ProviderException e) {
Assert.assertTrue(false);
}
}
use of org.apache.wiki.WikiSession in project jspwiki by apache.
the class AuthorizationManagerTest method testRoleAcl.
@Test
public void testRoleAcl() throws Exception {
// Create test page & attachment
String src = "[{ALLOW edit Authenticated}] ";
m_engine.saveText("Test", src);
WikiPage p = m_engine.getPage("Test");
Permission view = PermissionFactory.getPagePermission(p, "view");
Permission edit = PermissionFactory.getPagePermission(p, "edit");
// Create session with authenticated user 'Alice', who can read & edit
WikiSession session;
session = WikiSessionTest.authenticatedSession(m_engine, Users.ALICE, Users.ALICE_PASS);
Assert.assertTrue("Alice view Test", m_auth.checkPermission(session, view));
Assert.assertTrue("Alice edit Test", m_auth.checkPermission(session, edit));
// Create session with asserted user 'Bob', who can't read or edit (not in ACL)
session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
Assert.assertFalse("Bob !view Test", m_auth.checkPermission(session, view));
Assert.assertFalse("Bob !edit Test", m_auth.checkPermission(session, edit));
// Cleanup
try {
m_engine.deletePage("Test");
} catch (ProviderException e) {
Assert.assertTrue(false);
}
}
Aggregations