Search in sources :

Example 21 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class AuthorizationManagerTest method testInheritedAclPermissions.

@Test
public void testInheritedAclPermissions() throws Exception {
    // Create test page & attachment
    String src = "[{ALLOW view Alice}] ";
    m_engine.saveText("Test", src);
    File f = m_engine.makeAttachmentFile();
    Attachment att = new Attachment(m_engine, "Test", "test1.txt");
    att.setAuthor("FirstPost");
    m_engine.getAttachmentManager().storeAttachment(att, f);
    Attachment p = (Attachment) m_engine.getPage("Test/test1.txt");
    Permission view = PermissionFactory.getPagePermission(p, "view");
    Permission edit = PermissionFactory.getPagePermission(p, "edit");
    // Create session with user 'Alice', who can read (in ACL)
    WikiSession session;
    session = WikiSessionTest.authenticatedSession(m_engine, Users.ALICE, Users.ALICE_PASS);
    Assert.assertTrue("Foo view Test", m_auth.checkPermission(session, view));
    Assert.assertFalse("Foo !edit Test", m_auth.checkPermission(session, edit));
    // Create session with user 'Bob', who can't read or edit (not in ACL)
    session = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
    Assert.assertFalse("Bar !view Test", m_auth.checkPermission(session, view));
    Assert.assertFalse("Bar !edit Test", m_auth.checkPermission(session, view));
    // Delete test page & attachment
    m_engine.getAttachmentManager().deleteAttachment(att);
    m_engine.deletePage("Test");
}
Also used : WikiSession(org.apache.wiki.WikiSession) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) PagePermission(org.apache.wiki.auth.permissions.PagePermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) Attachment(org.apache.wiki.attachment.Attachment) File(java.io.File) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 22 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class AuthorizationManagerTest method testGetRoles.

@Test
public void testGetRoles() throws Exception {
    WikiSession session;
    Principal[] principals;
    // Create a new "asserted" session for Bob
    session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
    // Set up a group without Bob in it
    Group test = m_groupMgr.parseGroup("Test", "Alice \n Charlie", true);
    m_groupMgr.setGroup(m_session, test);
    // Bob should have two roles: ASSERTED and ALL
    principals = session.getRoles();
    Assert.assertTrue("Bob in ALL", ArrayUtils.contains(principals, Role.ALL));
    Assert.assertTrue("Bob in ASSERTED", ArrayUtils.contains(principals, Role.ASSERTED));
    Assert.assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(principals, Role.ANONYMOUS));
    Assert.assertFalse("Bob not in Test", ArrayUtils.contains(principals, test.getPrincipal()));
    // Re-save group "Test" with Bob as a member
    test = m_groupMgr.parseGroup("Test", "Alice \n Bob \nCharlie", true);
    m_groupMgr.setGroup(m_session, test);
    // Bob not authenticated: should still have only two romes
    principals = session.getRoles();
    Assert.assertTrue("Bob in ALL", ArrayUtils.contains(principals, Role.ALL));
    Assert.assertTrue("Bob in ASSERTED", ArrayUtils.contains(principals, Role.ASSERTED));
    Assert.assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(principals, Role.ANONYMOUS));
    Assert.assertFalse("Bob in Test", ArrayUtils.contains(principals, test.getPrincipal()));
    // Elevate Bob to "authenticated" status
    session = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
    // Re-save the group; Bob should possess the role now
    test = m_groupMgr.parseGroup("Test", "Alice \n Bob \n Charlie", true);
    m_groupMgr.setGroup(m_session, test);
    principals = session.getRoles();
    Assert.assertTrue("Bob in ALL", ArrayUtils.contains(principals, Role.ALL));
    Assert.assertFalse("Bob in ASSERTED", ArrayUtils.contains(principals, Role.ASSERTED));
    Assert.assertFalse("Bob not in ANONYMOUS", ArrayUtils.contains(principals, Role.ANONYMOUS));
    Assert.assertTrue("Bob in Test", ArrayUtils.contains(principals, test.getPrincipal()));
    // Cleanup
    m_groupMgr.removeGroup("Test");
}
Also used : WikiSession(org.apache.wiki.WikiSession) Group(org.apache.wiki.auth.authorize.Group) Principal(java.security.Principal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 23 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class AuthorizationManagerTest method testPrincipalAcl.

@Test
public void testPrincipalAcl() throws Exception {
    // Create test page & attachment
    String src = "[{ALLOW edit Alice}] ";
    m_engine.saveText("Test", src);
    WikiPage p = m_engine.getPage("Test");
    Permission view = PermissionFactory.getPagePermission(p, "view");
    Permission edit = PermissionFactory.getPagePermission(p, "edit");
    // Create session with authenticated user 'Alice', who can read & edit (in ACL)
    WikiSession session;
    session = WikiSessionTest.authenticatedSession(m_engine, Users.ALICE, Users.ALICE_PASS);
    Assert.assertTrue("Alice view Test", m_auth.checkPermission(session, view));
    Assert.assertTrue("Alice edit Test", m_auth.checkPermission(session, edit));
    // Create session with authenticated user 'Bob', who can't read or edit (not in ACL)
    session = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
    Assert.assertFalse("Bob !view Test", m_auth.checkPermission(session, view));
    Assert.assertFalse("Bob !edit Test", m_auth.checkPermission(session, edit));
    // Cleanup
    try {
        m_engine.deletePage("Test");
    } catch (ProviderException e) {
        Assert.fail("Could not delete page");
    }
}
Also used : WikiSession(org.apache.wiki.WikiSession) ProviderException(org.apache.wiki.api.exceptions.ProviderException) WikiPage(org.apache.wiki.WikiPage) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) PagePermission(org.apache.wiki.auth.permissions.PagePermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 24 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class AuthorizationManagerTest method testIsUserInRole.

@Test
public void testIsUserInRole() throws Exception {
    // Create new user Alice and 2 sample roles
    Principal alice = new WikiPrincipal(Users.ALICE);
    Role it = new Role("IT");
    Role finance = new Role("Finance");
    // Create Group1 with Alice in it, Group2 without
    WikiSession session = WikiSessionTest.adminSession(m_engine);
    Group g1 = m_groupMgr.parseGroup("Group1", "Alice", true);
    m_groupMgr.setGroup(session, g1);
    Principal group1 = g1.getPrincipal();
    Group g2 = m_groupMgr.parseGroup("Group2", "Bob", true);
    m_groupMgr.setGroup(session, g2);
    Principal group2 = g2.getPrincipal();
    // Create anonymous session; not in ANY custom roles or groups
    session = WikiSessionTest.anonymousSession(m_engine);
    Assert.assertTrue("Anon anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
    Assert.assertFalse("Anon not asserted", m_auth.isUserInRole(session, Role.ASSERTED));
    Assert.assertFalse("Anon not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
    Assert.assertFalse("Anon not in Ernie", m_auth.isUserInRole(session, alice));
    Assert.assertFalse("Anon not in IT", m_auth.isUserInRole(session, it));
    Assert.assertFalse("Anon not in Finance", m_auth.isUserInRole(session, finance));
    Assert.assertFalse("Anon not in Group1", m_auth.isUserInRole(session, group1));
    Assert.assertFalse("Anon not in Group2", m_auth.isUserInRole(session, group2));
    // Create asserted session with 1 GroupPrincipal & 1 custom Role
    // Alice is asserted, and thus not in ANY custom roles or groups
    session = WikiSessionTest.assertedSession(m_engine, Users.ALICE, new Principal[] { it });
    Assert.assertFalse("Alice not anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
    Assert.assertTrue("Alice asserted", m_auth.isUserInRole(session, Role.ASSERTED));
    Assert.assertFalse("Alice not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
    Assert.assertFalse("Alice not in Alice", m_auth.isUserInRole(session, alice));
    Assert.assertFalse("Alice not in IT", m_auth.isUserInRole(session, it));
    Assert.assertFalse("Alice not in Finance", m_auth.isUserInRole(session, finance));
    Assert.assertFalse("Alice not in Group1", m_auth.isUserInRole(session, group1));
    Assert.assertFalse("Alice not in Group2", m_auth.isUserInRole(session, group2));
    // Create authenticated session with 1 GroupPrincipal & 1 custom Role
    // Ernie is authenticated, and thus part of custom roles and groups
    session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.ALICE, new Principal[] { it });
    Assert.assertFalse("Alice not anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
    Assert.assertFalse("Alice not asserted", m_auth.isUserInRole(session, Role.ASSERTED));
    Assert.assertTrue("Alice not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
    Assert.assertFalse("Alice not in Alice", m_auth.isUserInRole(session, alice));
    Assert.assertTrue("Alice in IT", m_auth.isUserInRole(session, it));
    Assert.assertFalse("Alice not in Finance", m_auth.isUserInRole(session, finance));
    Assert.assertTrue("Alice in Group1", m_auth.isUserInRole(session, group1));
    Assert.assertFalse("Alice not in Group2", m_auth.isUserInRole(session, group2));
    // Clean up
    m_groupMgr.removeGroup("Group1");
    m_groupMgr.removeGroup("Group2");
}
Also used : Role(org.apache.wiki.auth.authorize.Role) WikiSession(org.apache.wiki.WikiSession) Group(org.apache.wiki.auth.authorize.Group) Principal(java.security.Principal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 25 with WikiSession

use of org.apache.wiki.WikiSession in project jspwiki by apache.

the class AuthorizationManagerTest method testAdminView2.

@Test
public void testAdminView2() throws Exception {
    m_engine.saveText("TestDefaultPage", "Foo [{ALLOW view FooBar}]");
    WikiSession session = WikiSessionTest.adminSession(m_engine);
    Assert.assertTrue("Alice has AllPermission", m_auth.checkPermission(session, new AllPermission(m_engine.getApplicationName())));
    Assert.assertTrue("Alice cannot read", m_auth.checkPermission(session, new PagePermission("TestDefaultPage", "view")));
}
Also used : WikiSession(org.apache.wiki.WikiSession) AllPermission(org.apache.wiki.auth.permissions.AllPermission) PagePermission(org.apache.wiki.auth.permissions.PagePermission) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Aggregations

WikiSession (org.apache.wiki.WikiSession)40 WikiSessionTest (org.apache.wiki.WikiSessionTest)23 Test (org.junit.Test)23 Principal (java.security.Principal)15 UserProfile (org.apache.wiki.auth.user.UserProfile)9 AllPermission (org.apache.wiki.auth.permissions.AllPermission)8 PagePermission (org.apache.wiki.auth.permissions.PagePermission)8 Group (org.apache.wiki.auth.authorize.Group)7 Permission (java.security.Permission)6 UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)6 WikiPermission (org.apache.wiki.auth.permissions.WikiPermission)6 WikiPage (org.apache.wiki.WikiPage)5 Role (org.apache.wiki.auth.authorize.Role)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 Collection (java.util.Collection)3 HttpSession (javax.servlet.http.HttpSession)3 ProviderException (org.apache.wiki.api.exceptions.ProviderException)3 Attachment (org.apache.wiki.attachment.Attachment)3 GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)3 File (java.io.File)2