Examples with Session org.apache.wiki.api.core.Session used on opensource projects

Search in sources :

Example 16 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class AuthenticationManagerTest method testLoginCustomWithGroup.

@Test
public void testLoginCustomWithGroup() throws Exception {
    // Flush any pre-existing groups (left over from previous Assertions.failures, perhaps)
    try {
        m_groupMgr.removeGroup("Test1");
        m_groupMgr.removeGroup("Test2");
    } catch (final NoSuchPrincipalException e) {
    }
    // Log in 'janne' and verify there are 5 principals in the subject
    // (ALL, AUTHENTICATED, login, fullname, wikiname Principals)
    final Session session = WikiSession.guestSession(m_engine);
    m_auth.login(session, null, Users.JANNE, Users.JANNE_PASS);
    Assertions.assertEquals(3, session.getPrincipals().length);
    Assertions.assertEquals(2, session.getRoles().length);
    Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
    // Listen for any manager group-add events
    final GroupManager manager = m_engine.getManager(GroupManager.class);
    final SecurityEventTrap trap = new SecurityEventTrap();
    manager.addWikiEventListener(trap);
    // Create two groups; one with Janne in it, and one without
    Group groupTest1 = m_groupMgr.parseGroup("Test1", "JanneJalkanen \n Bob \n Charlie", true);
    m_groupMgr.setGroup(m_session, groupTest1);
    groupTest1 = m_groupMgr.getGroup("Test1");
    final Principal principalTest1 = groupTest1.getPrincipal();
    Group groupTest2 = m_groupMgr.parseGroup("Test2", "Alice \n Bob \n Charlie", true);
    m_groupMgr.setGroup(m_session, groupTest2);
    groupTest2 = m_groupMgr.getGroup("Test2");
    final Principal principalTest2 = groupTest2.getPrincipal();
    // We should see two security events (one for each group create)
    // We should also see a GroupPrincipal for group Test1, but not Test2
    Assertions.assertEquals(2, trap.events().length);
    Assertions.assertTrue(session.hasPrincipal(principalTest1));
    Assertions.assertFalse(session.hasPrincipal(principalTest2));
    // If we remove Test1, the GroupPrincipal should disappear
    m_groupMgr.removeGroup("Test1");
    Assertions.assertFalse(session.hasPrincipal(principalTest1));
    Assertions.assertFalse(session.hasPrincipal(principalTest2));
    // Now, add 'JanneJalkanen' to Test2 group manually; we should see the
    // GroupPrincipal
    groupTest2.add(new WikiPrincipal("JanneJalkanen"));
    m_groupMgr.setGroup(session, groupTest2);
    Assertions.assertFalse(session.hasPrincipal(principalTest1));
    Assertions.assertTrue(session.hasPrincipal(principalTest2));
    // Remove 'JanneJalkenen' manually; the GroupPrincipal should disappear
    groupTest2.remove(new WikiPrincipal("JanneJalkanen"));
    m_groupMgr.setGroup(session, groupTest2);
    Assertions.assertFalse(session.hasPrincipal(principalTest1));
    Assertions.assertFalse(session.hasPrincipal(principalTest2));
    // Clean up
    m_groupMgr.removeGroup("Test2");
}
Also used : Group(org.apache.wiki.auth.authorize.Group) GroupManager(org.apache.wiki.auth.authorize.GroupManager) Principal(java.security.Principal) WikiSession(org.apache.wiki.WikiSession) Session(org.apache.wiki.api.core.Session) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.jupiter.api.Test)

Example 17 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class AuthenticationManagerTest method testLoginCustom.

@Test
public void testLoginCustom() throws Exception {
    final Session session = WikiSessionTest.authenticatedSession(m_engine, Users.JANNE, Users.JANNE_PASS);
    Assertions.assertTrue(session.hasPrincipal(Role.ALL));
    Assertions.assertTrue(session.hasPrincipal(Role.AUTHENTICATED));
    Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal(Users.JANNE, WikiPrincipal.LOGIN_NAME)));
    Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
    Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal("Janne Jalkanen", WikiPrincipal.FULL_NAME)));
}
Also used : WikiSession(org.apache.wiki.WikiSession) Session(org.apache.wiki.api.core.Session) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.jupiter.api.Test)

Example 18 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class AuthorizationManagerTest method testUserPolicy.

@Test
public void testUserPolicy() throws Exception {
    final Properties props = TestEngine.getTestProperties();
    // Make sure we are using the default security policy file jspwiki.policy
    props.put(AuthorizationManager.POLICY, "jspwiki-testUserPolicy.policy");
    // Initialize the test engine
    m_engine = new TestEngine(props);
    m_auth = m_engine.getManager(AuthorizationManager.class);
    m_groupMgr = m_engine.getManager(GroupManager.class);
    m_session = WikiSessionTest.adminSession(m_engine);
    Session s = WikiSessionTest.anonymousSession(m_engine);
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.VIEW), "Anonymous view");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.EDIT), "Anonymous edit");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.COMMENT), "Anonymous comment");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.MODIFY), "Anonymous modify");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.UPLOAD), "Anonymous upload");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.RENAME), "Anonymous rename");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.DELETE), "Anonymous delete");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PREFERENCES), "Anonymous prefs");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PROFILE), "Anonymous profile");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_PAGES), "Anonymous pages");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_GROUPS), "Anonymous groups");
    s = WikiSessionTest.assertedSession(m_engine, "Jack Sparrow");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.VIEW), "Asserted view");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.EDIT), "Asserted edit");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.COMMENT), "Asserted comment");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.MODIFY), "Asserted modify");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.UPLOAD), "Asserted upload");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.RENAME), "Asserted rename");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.DELETE), "Asserted delete");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PREFERENCES), "Asserted prefs");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PROFILE), "Asserted profile");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_PAGES), "Asserted pages");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_GROUPS), "Asserted groups");
    s = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.VIEW), "Bob view");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.EDIT), "Bob edit");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.COMMENT), "Bob comment");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.MODIFY), "Bob modify");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.UPLOAD), "Bob upload");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.RENAME), "Bob rename");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.DELETE), "Bob delete");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PREFERENCES), "Bob prefs");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PROFILE), "Bob profile");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_PAGES), "Bob pages");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_GROUPS), "Bob groups");
    s = WikiSessionTest.authenticatedSession(m_engine, Users.JANNE, Users.JANNE_PASS);
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.VIEW), "Janne view");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.EDIT), "Janne edit");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.COMMENT), "Janne comment");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.MODIFY), "Janne modify");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.UPLOAD), "Janne upload");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.RENAME), "Janne rename");
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.DELETE), "Janne delete");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PREFERENCES), "Janne prefs");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PROFILE), "Janne profile");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_PAGES), "Janne pages");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_GROUPS), "Janne groups");
    s = WikiSessionTest.adminSession(m_engine);
    Assertions.assertTrue(m_auth.checkStaticPermission(s, PagePermission.VIEW), "Admin view");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.EDIT), "Admin edit");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.COMMENT), "Admin comment");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.MODIFY), "Admin modify");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.UPLOAD), "Admin upload");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.RENAME), "Admin rename");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, PagePermission.DELETE), "Admin delete");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PREFERENCES), "Admin prefs");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.EDIT_PROFILE), "Admin profile");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_PAGES), "Admin pages");
    Assertions.assertFalse(m_auth.checkStaticPermission(s, WikiPermission.CREATE_GROUPS), "Admin groups");
}
Also used : TestEngine(org.apache.wiki.TestEngine) Properties(java.util.Properties) GroupManager(org.apache.wiki.auth.authorize.GroupManager) Session(org.apache.wiki.api.core.Session) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.jupiter.api.Test)

Example 19 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class AuthorizationManagerTest method testRoleAcl.

@Test
public void testRoleAcl() throws Exception {
    // Create test page & attachment
    final String src = "[{ALLOW edit Authenticated}] ";
    m_engine.saveText("Test", src);
    final Page p = m_engine.getManager(PageManager.class).getPage("Test");
    final Permission view = PermissionFactory.getPagePermission(p, "view");
    final Permission edit = PermissionFactory.getPagePermission(p, "edit");
    // Create session with authenticated user 'Alice', who can read & edit
    Session session = WikiSessionTest.authenticatedSession(m_engine, Users.ALICE, Users.ALICE_PASS);
    Assertions.assertTrue(m_auth.checkPermission(session, view), "Alice view Test");
    Assertions.assertTrue(m_auth.checkPermission(session, edit), "Alice edit Test");
    // Create session with asserted user 'Bob', who can't read or edit (not in ACL)
    session = WikiSessionTest.assertedSession(m_engine, Users.BOB);
    Assertions.assertFalse(m_auth.checkPermission(session, view), "Bob !view Test");
    Assertions.assertFalse(m_auth.checkPermission(session, edit), "Bob !edit Test");
    // Cleanup
    try {
        m_engine.getManager(PageManager.class).deletePage("Test");
    } catch (final ProviderException e) {
        Assertions.fail(e.getMessage());
    }
}
Also used : PageManager(org.apache.wiki.pages.PageManager) ProviderException(org.apache.wiki.api.exceptions.ProviderException) WikiPermission(org.apache.wiki.auth.permissions.WikiPermission) PagePermission(org.apache.wiki.auth.permissions.PagePermission) AllPermission(org.apache.wiki.auth.permissions.AllPermission) Permission(java.security.Permission) Page(org.apache.wiki.api.core.Page) Session(org.apache.wiki.api.core.Session) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.jupiter.api.Test)

Example 20 with Session

use of org.apache.wiki.api.core.Session in project jspwiki by apache.

the class AuthorizationManagerTest method testAssertedSession.

@Test
public void testAssertedSession() throws Exception {
    // Create Alice and her roles
    final Principal alice = new WikiPrincipal(Users.ALICE);
    final Role it = new Role("IT");
    final Role engineering = new Role("Engineering");
    final Role finance = new Role("Finance");
    final Principal admin = new GroupPrincipal("Admin");
    final Session session = WikiSessionTest.assertedSession(m_engine, Users.ALICE, new Principal[] { it, engineering, admin });
    // Create two groups: Alice should be part of group Bar, but not Foo
    final Group fooGroup = m_groupMgr.parseGroup("Foo", "", true);
    final Group barGroup = m_groupMgr.parseGroup("Bar", "", true);
    barGroup.add(alice);
    m_groupMgr.setGroup(m_session, fooGroup);
    m_groupMgr.setGroup(m_session, barGroup);
    // Test user principal posession: Alice isn't considered to
    // have the "Alice" principal because she's not authenticated
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.ALICE)), "Alice has Alice");
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.ALICE)), "Alice has Alice");
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.BOB)), "Alice not has Bob");
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.BOB)), "Alice not has Bob");
    // Built-in role memberships
    Assertions.assertTrue(m_auth.hasRoleOrPrincipal(session, Role.ALL), "Alice in ALL");
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS), "Alice not in ANONYMOUS");
    Assertions.assertTrue(m_auth.hasRoleOrPrincipal(session, Role.ASSERTED), "Alice in ASSERTED");
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED), "Alice not in AUTHENTICATED");
    // Custom roles should be FALSE because Alice is asserted
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, it), "Alice not in IT");
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, engineering), "Alice not in Engineering");
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, finance), "Alice not in Finance");
    // Group memberships should be FALSE because Alice is asserted
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, fooGroup.getPrincipal()), "Alice not in Foo");
    Assertions.assertFalse(m_auth.hasRoleOrPrincipal(session, barGroup.getPrincipal()), "Alice not in Bar");
    // Clean up
    m_groupMgr.removeGroup("Foo");
    m_groupMgr.removeGroup("Bar");
}
Also used : Role(org.apache.wiki.auth.authorize.Role) Group(org.apache.wiki.auth.authorize.Group) Principal(java.security.Principal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal) Session(org.apache.wiki.api.core.Session) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.jupiter.api.Test)

Aggregations

Session (org.apache.wiki.api.core.Session)51 Test (org.junit.jupiter.api.Test)25 WikiSessionTest (org.apache.wiki.WikiSessionTest)19 Principal (java.security.Principal)18 MockHttpServletRequest (net.sourceforge.stripes.mock.MockHttpServletRequest)11 AllPermission (org.apache.wiki.auth.permissions.AllPermission)9 PageManager (org.apache.wiki.pages.PageManager)9 HttpSession (javax.servlet.http.HttpSession)8 Group (org.apache.wiki.auth.authorize.Group)8 PagePermission (org.apache.wiki.auth.permissions.PagePermission)8 Permission (java.security.Permission)7 Page (org.apache.wiki.api.core.Page)7 AuthenticationManager (org.apache.wiki.auth.AuthenticationManager)7 WikiPermission (org.apache.wiki.auth.permissions.WikiPermission)7 UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)6 UserProfile (org.apache.wiki.auth.user.UserProfile)6 GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)5 WikiPrincipal (org.apache.wiki.auth.WikiPrincipal)5 Role (org.apache.wiki.auth.authorize.Role)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial