Example 26 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class UserProfileTag method doWikiStartTag.
@Override
public final int doWikiStartTag() throws IOException {
final UserManager manager = m_wikiContext.getEngine().getManager(UserManager.class);
final UserProfile profile = manager.getUserProfile(m_wikiContext.getWikiSession());
String result = null;
if (EXISTS.equals(m_prop) || NOT_NEW.equals(m_prop)) {
return profile.isNew() ? SKIP_BODY : EVAL_BODY_INCLUDE;
} else if (NEW.equals(m_prop) || NOT_EXISTS.equals(m_prop)) {
return profile.isNew() ? EVAL_BODY_INCLUDE : SKIP_BODY;
} else if (CREATED.equals(m_prop) && profile.getCreated() != null) {
result = profile.getCreated().toString();
} else if (EMAIL.equals(m_prop)) {
result = profile.getEmail();
} else if (FULLNAME.equals(m_prop)) {
result = profile.getFullname();
} else if (GROUPS.equals(m_prop)) {
result = printGroups(m_wikiContext);
} else if (LOGINNAME.equals(m_prop)) {
result = profile.getLoginName();
} else if (MODIFIED.equals(m_prop) && profile.getLastModified() != null) {
result = profile.getLastModified().toString();
} else if (ROLES.equals(m_prop)) {
result = printRoles(m_wikiContext);
} else if (WIKINAME.equals(m_prop)) {
result = profile.getWikiName();
if (result == null) {
//
// Default back to the declared user name
//
final Engine engine = this.m_wikiContext.getEngine();
final Session wikiSession = Wiki.session().find(engine, (HttpServletRequest) pageContext.getRequest());
final Principal user = wikiSession.getUserPrincipal();
if (user != null) {
result = user.getName();
}
}
} else if (CHANGE_PASSWORD.equals(m_prop) || CHANGE_LOGIN_NAME.equals(m_prop)) {
final AuthenticationManager authMgr = m_wikiContext.getEngine().getManager(AuthenticationManager.class);
if (!authMgr.isContainerAuthenticated()) {
return EVAL_BODY_INCLUDE;
}
} else if (NOT_CHANGE_PASSWORD.equals(m_prop) || NOT_CHANGE_LOGIN_NAME.equals(m_prop)) {
final AuthenticationManager authMgr = m_wikiContext.getEngine().getManager(AuthenticationManager.class);
if (authMgr.isContainerAuthenticated()) {
return EVAL_BODY_INCLUDE;
}
}
if (result != null) {
pageContext.getOut().print(TextUtil.replaceEntities(result));
}
return SKIP_BODY;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthenticationManager(org.apache.wiki.auth.AuthenticationManager)
UserProfile(org.apache.wiki.auth.user.UserProfile)
UserManager(org.apache.wiki.auth.UserManager)
Engine(org.apache.wiki.api.core.Engine)
Principal(java.security.Principal)
GroupPrincipal(org.apache.wiki.auth.GroupPrincipal)
Session(org.apache.wiki.api.core.Session)
Example 27 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class UserNameTag method doWikiStartTag.
@Override
public final int doWikiStartTag() throws IOException {
final Engine engine = m_wikiContext.getEngine();
final Session wikiSession = Wiki.session().find(engine, (HttpServletRequest) pageContext.getRequest());
final Principal user = wikiSession.getUserPrincipal();
if (user != null) {
if (VALID_USER_NAME_PATTERN.matcher(user.getName()).matches()) {
pageContext.getOut().print(TextUtil.replaceEntities(user.getName()));
} else {
pageContext.getOut().print(Preferences.getBundle(m_wikiContext, InternationalizationManager.CORE_BUNDLE).getString("security.user.fullname.invalid"));
}
}
return SKIP_BODY;
}Example 28 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class DefaultAuthenticationManager method logout.
/**
* {@inheritDoc}
*/
@Override
public void logout(final HttpServletRequest request) {
if (request == null) {
log.error("No HTTP reqest provided; cannot log out.");
return;
}
final HttpSession session = request.getSession();
final String sid = (session == null) ? "(null)" : session.getId();
log.debug("Invalidating Session for session ID= {}", sid);
// Retrieve the associated Session and clear the Principal set
final Session wikiSession = Wiki.session().find(m_engine, request);
final Principal originalPrincipal = wikiSession.getLoginPrincipal();
wikiSession.invalidate();
// Remove the wikiSession from the WikiSession cache
Wiki.session().remove(m_engine, request);
// We need to flush the HTTP session too
if (session != null) {
session.invalidate();
}
// Log the event
fireEvent(WikiSecurityEvent.LOGOUT, originalPrincipal, null);
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
Principal(java.security.Principal)
Session(org.apache.wiki.api.core.Session)
HttpSession(javax.servlet.http.HttpSession)
Example 29 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class DefaultUserManager method setUserProfile.
/**
* {@inheritDoc}
*/
@Override
public void setUserProfile(final Context context, final UserProfile profile) throws DuplicateUserException, WikiException {
final Session session = context.getWikiSession();
// Verify user is allowed to save profile!
final Permission p = new WikiPermission(m_engine.getApplicationName(), WikiPermission.EDIT_PROFILE_ACTION);
if (!m_engine.getManager(AuthorizationManager.class).checkPermission(session, p)) {
throw new WikiSecurityException("You are not allowed to save wiki profiles.");
}
// Check if profile is new, and see if container allows creation
final boolean newProfile = profile.isNew();
// Check if another user profile already has the fullname or loginname
final UserProfile oldProfile = getUserProfile(session);
final boolean nameChanged = (oldProfile != null && oldProfile.getFullname() != null) && !(oldProfile.getFullname().equals(profile.getFullname()) && oldProfile.getLoginName().equals(profile.getLoginName()));
UserProfile otherProfile;
try {
otherProfile = getUserDatabase().findByLoginName(profile.getLoginName());
if (otherProfile != null && !otherProfile.equals(oldProfile)) {
throw new DuplicateUserException("security.error.login.taken", profile.getLoginName());
}
} catch (final NoSuchPrincipalException e) {
}
try {
otherProfile = getUserDatabase().findByFullName(profile.getFullname());
if (otherProfile != null && !otherProfile.equals(oldProfile)) {
throw new DuplicateUserException("security.error.fullname.taken", profile.getFullname());
}
} catch (final NoSuchPrincipalException e) {
}
// For new accounts, create approval workflow for user profile save.
if (newProfile && oldProfile != null && oldProfile.isNew()) {
startUserProfileCreationWorkflow(context, profile);
try {
final AuthenticationManager mgr = m_engine.getManager(AuthenticationManager.class);
if (!mgr.isContainerAuthenticated()) {
mgr.login(session, null, profile.getLoginName(), profile.getPassword());
}
} catch (final WikiException e) {
throw new WikiSecurityException(e.getMessage(), e);
}
// Alert all listeners that the profile changed...
// ...this will cause credentials to be reloaded in the wiki session
fireEvent(WikiSecurityEvent.PROFILE_SAVE, session, profile);
} else {
// If login name changed, rename it first
if (nameChanged && !oldProfile.getLoginName().equals(profile.getLoginName())) {
getUserDatabase().rename(oldProfile.getLoginName(), profile.getLoginName());
}
// Now, save the profile (userdatabase will take care of timestamps for us)
getUserDatabase().save(profile);
if (nameChanged) {
// Fire an event if the login name or full name changed
final UserProfile[] profiles = new UserProfile[] { oldProfile, profile };
fireEvent(WikiSecurityEvent.PROFILE_NAME_CHANGED, session, profiles);
} else {
// Fire an event that says we have new a new profile (new principals)
fireEvent(WikiSecurityEvent.PROFILE_SAVE, session, profile);
}
}
}
Also used :
WikiException(org.apache.wiki.api.exceptions.WikiException)
UserProfile(org.apache.wiki.auth.user.UserProfile)
WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)
Permission(java.security.Permission)
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
WikiPermission(org.apache.wiki.auth.permissions.WikiPermission)
DuplicateUserException(org.apache.wiki.auth.user.DuplicateUserException)
Session(org.apache.wiki.api.core.Session)
Example 30 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class SessionMonitor method find.
/**
* <p>Looks up the wiki session associated with a user's Http session and adds it to the session cache. This method will return the
* "guest session" as constructed by {@link org.apache.wiki.api.spi.SessionSPI#guest(Engine)} if the HttpSession is not currently
* associated with a WikiSession. This method is guaranteed to return a non-<code>null</code> WikiSession.</p>
* <p>Internally, the session is stored in a HashMap; keys are the HttpSession objects, while the values are
* {@link java.lang.ref.WeakReference}-wrapped WikiSessions.</p>
*
* @param session the HTTP session
* @return the wiki session
*/
public final Session find(final HttpSession session) {
final Session wikiSession = findSession(session);
final String sid = (session == null) ? "(null)" : session.getId();
if (wikiSession == null) {
return createGuestSessionFor(sid);
}
return wikiSession;
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
Session(org.apache.wiki.api.core.Session)
Aggregations
Session (org.apache.wiki.api.core.Session)51
Test (org.junit.jupiter.api.Test)25
WikiSessionTest (org.apache.wiki.WikiSessionTest)19
Principal (java.security.Principal)18
MockHttpServletRequest (net.sourceforge.stripes.mock.MockHttpServletRequest)11
AllPermission (org.apache.wiki.auth.permissions.AllPermission)9
PageManager (org.apache.wiki.pages.PageManager)9
HttpSession (javax.servlet.http.HttpSession)8
Group (org.apache.wiki.auth.authorize.Group)8
PagePermission (org.apache.wiki.auth.permissions.PagePermission)8
Permission (java.security.Permission)7
Page (org.apache.wiki.api.core.Page)7
AuthenticationManager (org.apache.wiki.auth.AuthenticationManager)7
WikiPermission (org.apache.wiki.auth.permissions.WikiPermission)7
UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)6
UserProfile (org.apache.wiki.auth.user.UserProfile)6
GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)5
WikiPrincipal (org.apache.wiki.auth.WikiPrincipal)5
Role (org.apache.wiki.auth.authorize.Role)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
