Example 6 with Acl
use of org.apache.wiki.api.core.Acl in project jspwiki by apache.
the class DefaultAuthorizationManager method checkPermission.
/**
* {@inheritDoc}
*/
@Override
public boolean checkPermission(final Session session, final Permission permission) {
// A slight sanity check.
if (session == null || permission == null) {
fireEvent(WikiSecurityEvent.ACCESS_DENIED, null, permission);
return false;
}
final Principal user = session.getLoginPrincipal();
// Always allow the action if user has AllPermission
final Permission allPermission = new AllPermission(m_engine.getApplicationName());
final boolean hasAllPermission = checkStaticPermission(session, allPermission);
if (hasAllPermission) {
fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
return true;
}
// If the user doesn't have *at least* the permission granted by policy, return false.
final boolean hasPolicyPermission = checkStaticPermission(session, permission);
if (!hasPolicyPermission) {
fireEvent(WikiSecurityEvent.ACCESS_DENIED, user, permission);
return false;
}
// If this isn't a PagePermission, it's allowed
if (!(permission instanceof PagePermission)) {
fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
return true;
}
// If the page or ACL is null, it's allowed.
final String pageName = ((PagePermission) permission).getPage();
final Page page = m_engine.getManager(PageManager.class).getPage(pageName);
final Acl acl = (page == null) ? null : m_engine.getManager(AclManager.class).getPermissions(page);
if (page == null || acl == null || acl.isEmpty()) {
fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
return true;
}
// Next, iterate through the Principal objects assigned this permission. If the context's subject possesses
// any of these, the action is allowed.
final Principal[] aclPrincipals = acl.findPrincipals(permission);
log.debug("Checking ACL entries...");
log.debug("Acl for this page is: " + acl);
log.debug("Checking for principal: " + Arrays.toString(aclPrincipals));
log.debug("Permission: " + permission);
for (Principal aclPrincipal : aclPrincipals) {
// If the ACL principal we're looking at is unresolved, try to resolve it here & correct the Acl
if (aclPrincipal instanceof UnresolvedPrincipal) {
final AclEntry aclEntry = acl.getAclEntry(aclPrincipal);
aclPrincipal = resolvePrincipal(aclPrincipal.getName());
if (aclEntry != null && !(aclPrincipal instanceof UnresolvedPrincipal)) {
aclEntry.setPrincipal(aclPrincipal);
}
}
if (hasRoleOrPrincipal(session, aclPrincipal)) {
fireEvent(WikiSecurityEvent.ACCESS_ALLOWED, user, permission);
return true;
}
}
fireEvent(WikiSecurityEvent.ACCESS_DENIED, user, permission);
return false;
}
Also used :
PageManager(org.apache.wiki.pages.PageManager)
PagePermission(org.apache.wiki.auth.permissions.PagePermission)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
Permission(java.security.Permission)
AclEntry(org.apache.wiki.api.core.AclEntry)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
Page(org.apache.wiki.api.core.Page)
Acl(org.apache.wiki.api.core.Acl)
Principal(java.security.Principal)
UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal)
PagePermission(org.apache.wiki.auth.permissions.PagePermission)
UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal)
Example 7 with Acl
use of org.apache.wiki.api.core.Acl in project jspwiki by apache.
the class DefaultAclManagerTest method testGetPermissions.
@Test
public void testGetPermissions() {
Page page = m_engine.getManager(PageManager.class).getPage("TestDefaultPage");
Acl acl = m_engine.getManager(AclManager.class).getPermissions(page);
Assertions.assertNotNull(page.getAcl());
Assertions.assertTrue(page.getAcl().isEmpty());
page = m_engine.getManager(PageManager.class).getPage("TestAclPage");
acl = m_engine.getManager(AclManager.class).getPermissions(page);
Assertions.assertNotNull(page.getAcl());
Assertions.assertFalse(page.getAcl().isEmpty());
Principal[] p;
// Charlie is an editor; reading is therefore implied
p = acl.findPrincipals(PermissionFactory.getPagePermission(page, "view"));
Assertions.assertEquals(2, p.length);
Assertions.assertTrue(ArrayUtils.contains(p, new WikiPrincipal("Charlie")));
// Charlie should be in the ACL as an editor
p = acl.findPrincipals(PermissionFactory.getPagePermission(page, "edit"));
Assertions.assertEquals(2, p.length);
Assertions.assertTrue(ArrayUtils.contains(p, new WikiPrincipal("Charlie")));
// Charlie should not be able to delete this page
p = acl.findPrincipals(PermissionFactory.getPagePermission(page, "delete"));
Assertions.assertEquals(0, p.length);
// Herman is an unregistered user and editor; reading is implied
p = acl.findPrincipals(PermissionFactory.getPagePermission(page, "view"));
Assertions.assertEquals(2, p.length);
Assertions.assertTrue(ArrayUtils.contains(p, new UnresolvedPrincipal("Herman")));
// Herman should be in the ACL as an editor
p = acl.findPrincipals(PermissionFactory.getPagePermission(page, "edit"));
Assertions.assertEquals(2, p.length);
Assertions.assertTrue(ArrayUtils.contains(p, new UnresolvedPrincipal("Herman")));
// Herman should not be able to delete this page
p = acl.findPrincipals(PermissionFactory.getPagePermission(page, "delete"));
Assertions.assertEquals(0, p.length);
}
Also used :
PageManager(org.apache.wiki.pages.PageManager)
WikiPrincipal(org.apache.wiki.auth.WikiPrincipal)
Page(org.apache.wiki.api.core.Page)
Acl(org.apache.wiki.api.core.Acl)
WikiPrincipal(org.apache.wiki.auth.WikiPrincipal)
Principal(java.security.Principal)
Test(org.junit.jupiter.api.Test)
Example 8 with Acl
use of org.apache.wiki.api.core.Acl in project jspwiki by apache.
the class JSPWikiMarkupParser method handleAccessRule.
private Element handleAccessRule(String ruleLine) {
if (m_wysiwygEditorMode) {
m_currentElement.addContent("[" + ruleLine + "]");
}
if (!m_parseAccessRules) {
return m_currentElement;
}
final Page page = m_context.getRealPage();
if (ruleLine.startsWith("{")) {
ruleLine = ruleLine.substring(1);
}
if (ruleLine.endsWith("}")) {
ruleLine = ruleLine.substring(0, ruleLine.length() - 1);
}
log.debug("page={}, ACL = {}", page.getName(), ruleLine);
try {
final Acl acl = m_engine.getManager(AclManager.class).parseAcl(page, ruleLine);
page.setAcl(acl);
log.debug(acl.toString());
} catch (final WikiSecurityException wse) {
return makeError(wse.getMessage());
}
return m_currentElement;
}
Also used :
WikiSecurityException(org.apache.wiki.auth.WikiSecurityException)
Page(org.apache.wiki.api.core.Page)
Acl(org.apache.wiki.api.core.Acl)
AclManager(org.apache.wiki.auth.acl.AclManager)
Aggregations
Acl (org.apache.wiki.api.core.Acl)8
Page (org.apache.wiki.api.core.Page)6
AclEntry (org.apache.wiki.api.core.AclEntry)4
PageManager (org.apache.wiki.pages.PageManager)4
Principal (java.security.Principal)3
WikiSecurityException (org.apache.wiki.auth.WikiSecurityException)3
Permission (java.security.Permission)2
WikiPrincipal (org.apache.wiki.auth.WikiPrincipal)2
AclManager (org.apache.wiki.auth.acl.AclManager)2
Test (org.junit.jupiter.api.Test)2
ArrayList (java.util.ArrayList)1
NoSuchElementException (java.util.NoSuchElementException)1
StringTokenizer (java.util.StringTokenizer)1
Attachment (org.apache.wiki.api.core.Attachment)1
Context (org.apache.wiki.api.core.Context)1
UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)1
AllPermission (org.apache.wiki.auth.permissions.AllPermission)1
PagePermission (org.apache.wiki.auth.permissions.PagePermission)1
RenderingManager (org.apache.wiki.render.RenderingManager)1
