Examples with Session org.apache.wiki.api.core.Session used on opensource projects

Example 6 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class DefaultGroupManager method actionPerformed.

/**
 * {@inheritDoc}
 */
@Override
public void actionPerformed(final WikiEvent event) {
    if (!(event instanceof WikiSecurityEvent)) {
        return;
    }
    final WikiSecurityEvent se = (WikiSecurityEvent) event;
    if (se.getType() == WikiSecurityEvent.PROFILE_NAME_CHANGED) {
        final Session session = se.getSrc();
        final UserProfile[] profiles = (UserProfile[]) se.getTarget();
        final Principal[] oldPrincipals = new Principal[] { new WikiPrincipal(profiles[0].getLoginName()), new WikiPrincipal(profiles[0].getFullname()), new WikiPrincipal(profiles[0].getWikiName()) };
        final Principal newPrincipal = new WikiPrincipal(profiles[1].getFullname());
        // Examine each group
        int groupsChanged = 0;
        try {
            for (final Group group : m_groupDatabase.groups()) {
                boolean groupChanged = false;
                for (final Principal oldPrincipal : oldPrincipals) {
                    if (group.isMember(oldPrincipal)) {
                        group.remove(oldPrincipal);
                        group.add(newPrincipal);
                        groupChanged = true;
                    }
                }
                if (groupChanged) {
                    setGroup(session, group);
                    groupsChanged++;
                }
            }
        } catch (final WikiException e) {
            // Oooo! This is really bad...
            log.error("Could not change user name in Group lists because of GroupDatabase error:" + e.getMessage());
        }
        log.info("Profile name change for '" + newPrincipal + "' caused " + groupsChanged + " groups to change also.");
    }
}

Example 7 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class PermissionTag method checkPermission.

/**
 *  Checks a single permission.
 *
 *  @param permission permission to check for
 *  @return true if granted, false if not
 */
private boolean checkPermission(final String permission) {
    final Session session = m_wikiContext.getWikiSession();
    final Page page = m_wikiContext.getPage();
    final AuthorizationManager mgr = m_wikiContext.getEngine().getManager(AuthorizationManager.class);
    boolean gotPermission = false;
    if (CREATE_GROUPS.equals(permission) || CREATE_PAGES.equals(permission) || EDIT_PREFERENCES.equals(permission) || EDIT_PROFILE.equals(permission) || LOGIN.equals(permission)) {
        gotPermission = mgr.checkPermission(session, new WikiPermission(page.getWiki(), permission));
    } else if (VIEW_GROUP.equals(permission) || EDIT_GROUP.equals(permission) || DELETE_GROUP.equals(permission)) {
        final Command command = m_wikiContext.getCommand();
        gotPermission = false;
        if (command instanceof GroupCommand && command.getTarget() != null) {
            final GroupPrincipal group = (GroupPrincipal) command.getTarget();
            final String groupName = group.getName();
            String action = "view";
            if (EDIT_GROUP.equals(permission)) {
                action = "edit";
            } else if (DELETE_GROUP.equals(permission)) {
                action = "delete";
            }
            gotPermission = mgr.checkPermission(session, new GroupPermission(groupName, action));
        }
    } else if (ALL_PERMISSION.equals(permission)) {
        gotPermission = mgr.checkPermission(session, new AllPermission(m_wikiContext.getEngine().getApplicationName()));
    } else if (page != null) {
        // 
        if (EDIT.equals(permission)) {
            final Page latest = m_wikiContext.getEngine().getManager(PageManager.class).getPage(page.getName());
            if (page.getVersion() != WikiProvider.LATEST_VERSION && latest.getVersion() != page.getVersion()) {
                return false;
            }
        }
        final Permission p = PermissionFactory.getPagePermission(page, permission);
        gotPermission = mgr.checkPermission(session, p);
    }
    return gotPermission;
}

Example 8 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class UserCheckTag method doWikiStartTag.

/**
 * {@inheritDoc}
 * @see org.apache.wiki.tags.WikiTagBase#doWikiStartTag()
 */
@Override
public final int doWikiStartTag() {
    final Session session = m_wikiContext.getWikiSession();
    final String status = session.getStatus();
    final AuthenticationManager mgr = m_wikiContext.getEngine().getManager(AuthenticationManager.class);
    final boolean containerAuth = mgr.isContainerAuthenticated();
    final boolean cookieAssertions = mgr.allowsCookieAssertions();
    if (m_status != null) {
        switch(m_status) {
            case ANONYMOUS:
                if (status.equals(Session.ANONYMOUS)) {
                    return EVAL_BODY_INCLUDE;
                }
                break;
            case AUTHENTICATED:
                if (status.equals(Session.AUTHENTICATED)) {
                    return EVAL_BODY_INCLUDE;
                }
                break;
            case ASSERTED:
                if (status.equals(Session.ASSERTED)) {
                    return EVAL_BODY_INCLUDE;
                }
                break;
            case ASSERTIONS_ALLOWED:
                if (cookieAssertions) {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            case ASSERTIONS_NOT_ALLOWED:
                if (!cookieAssertions) {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            case CONTAINER_AUTH:
                if (containerAuth) {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            case CUSTOM_AUTH:
                if (!containerAuth) {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            case KNOWN:
                if (!session.isAnonymous()) {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            case NOT_AUTHENTICATED:
                if (!status.equals(Session.AUTHENTICATED)) {
                    return EVAL_BODY_INCLUDE;
                }
                break;
        }
    }
    return SKIP_BODY;
}

Example 9 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class WikiSession method staticGuestSession.

/**
 *  Returns a static guest session, which is available for this thread only.  This guest session is used internally whenever
 *  there is no HttpServletRequest involved, but the request is done e.g. when embedding JSPWiki code.
 *
 *  @param engine Engine for this session
 *  @return A static WikiSession which is shared by all in this same Thread.
 */
// FIXME: Should really use WeakReferences to clean away unused sessions.
private static Session staticGuestSession(final Engine engine) {
    Session session = c_guestSession.get();
    if (session == null) {
        session = guestSession(engine);
        c_guestSession.set(session);
    }
    return session;
}

Example 10 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class DefaultAuthenticationManager method login.

/**
 * {@inheritDoc}
 */
@Override
public boolean login(final HttpServletRequest request) throws WikiSecurityException {
    final HttpSession httpSession = request.getSession();
    final Session session = SessionMonitor.getInstance(m_engine).find(httpSession);
    final AuthenticationManager authenticationMgr = m_engine.getManager(AuthenticationManager.class);
    final AuthorizationManager authorizationMgr = m_engine.getManager(AuthorizationManager.class);
    CallbackHandler handler = null;
    final Map<String, String> options = EMPTY_MAP;
    // If user not authenticated, check if container logged them in, or if there's an authentication cookie
    if (!session.isAuthenticated()) {
        // Create a callback handler
        handler = new WebContainerCallbackHandler(m_engine, request);
        // Execute the container login module, then (if that fails) the cookie auth module
        Set<Principal> principals = authenticationMgr.doJAASLogin(WebContainerLoginModule.class, handler, options);
        if (principals.size() == 0 && authenticationMgr.allowsCookieAuthentication()) {
            principals = authenticationMgr.doJAASLogin(CookieAuthenticationLoginModule.class, handler, options);
        }
        // If the container logged the user in successfully, tell the Session (and add all the Principals)
        if (principals.size() > 0) {
            fireEvent(WikiSecurityEvent.LOGIN_AUTHENTICATED, getLoginPrincipal(principals), session);
            for (final Principal principal : principals) {
                fireEvent(WikiSecurityEvent.PRINCIPAL_ADD, principal, session);
            }
            // Add all appropriate Authorizer roles
            injectAuthorizerRoles(session, authorizationMgr.getAuthorizer(), request);
        }
    }
    // If user still not authenticated, check if assertion cookie was supplied
    if (!session.isAuthenticated() && authenticationMgr.allowsCookieAssertions()) {
        // Execute the cookie assertion login module
        final Set<Principal> principals = authenticationMgr.doJAASLogin(CookieAssertionLoginModule.class, handler, options);
        if (principals.size() > 0) {
            fireEvent(WikiSecurityEvent.LOGIN_ASSERTED, getLoginPrincipal(principals), session);
        }
    }
    // If user still anonymous, use the remote address
    if (session.isAnonymous()) {
        final Set<Principal> principals = authenticationMgr.doJAASLogin(AnonymousLoginModule.class, handler, options);
        if (principals.size() > 0) {
            fireEvent(WikiSecurityEvent.LOGIN_ANONYMOUS, getLoginPrincipal(principals), session);
            return true;
        }
    }
    // If by some unusual turn of events the Anonymous login module doesn't work, login failed!
    return false;
}