Example 41 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class AuthorizationManagerTest method testAdminView2.
@Test
public void testAdminView2() throws Exception {
m_engine.saveText("TestDefaultPage", "Foo [{ALLOW view FooBar}]");
final Session session = WikiSessionTest.adminSession(m_engine);
Assertions.assertTrue(m_auth.checkPermission(session, new AllPermission(m_engine.getApplicationName())), "Alice has AllPermission");
Assertions.assertTrue(m_auth.checkPermission(session, new PagePermission("TestDefaultPage", "view")), "Alice cannot read");
}
Also used :
AllPermission(org.apache.wiki.auth.permissions.AllPermission)
PagePermission(org.apache.wiki.auth.permissions.PagePermission)
Session(org.apache.wiki.api.core.Session)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.jupiter.api.Test)
Example 42 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class AclImplTest method setUp.
/**
* We setup the following rules: Alice = may view Bob = may view, may edit
* Charlie = may view Dave = may view, may comment groupAcl: FooGroup =
* Alice, Bob - may edit BarGroup = Bob, Charlie - may view
*/
@BeforeEach
public void setUp() throws Exception {
final Session m_session = WikiSessionTest.adminSession(engine);
m_acl = Wiki.acls().acl();
m_aclGroup = Wiki.acls().acl();
m_groups = new HashMap<>();
final Principal uAlice = new WikiPrincipal("Alice");
final Principal uBob = new WikiPrincipal("Bob");
final Principal uCharlie = new WikiPrincipal("Charlie");
final Principal uDave = new WikiPrincipal("Dave");
// Alice can view
final AclEntry ae = Wiki.acls().entry();
ae.addPermission(PagePermission.VIEW);
ae.setPrincipal(uAlice);
// Charlie can view
final AclEntry ae2 = Wiki.acls().entry();
ae2.addPermission(PagePermission.VIEW);
ae2.setPrincipal(uCharlie);
// Bob can view and edit (and by implication, comment)
final AclEntry ae3 = Wiki.acls().entry();
ae3.addPermission(PagePermission.VIEW);
ae3.addPermission(PagePermission.EDIT);
ae3.setPrincipal(uBob);
// Dave can view and comment
final AclEntry ae4 = Wiki.acls().entry();
ae4.addPermission(PagePermission.VIEW);
ae4.addPermission(PagePermission.COMMENT);
ae4.setPrincipal(uDave);
// Create ACL with Alice, Bob, Charlie, Dave
m_acl.addEntry(ae);
m_acl.addEntry(ae2);
m_acl.addEntry(ae3);
m_acl.addEntry(ae4);
// Foo group includes Alice and Bob
final Group foo = m_groupMgr.parseGroup("FooGroup", "", true);
m_groupMgr.setGroup(m_session, foo);
foo.add(uAlice);
foo.add(uBob);
final AclEntry ag1 = Wiki.acls().entry();
ag1.setPrincipal(foo.getPrincipal());
ag1.addPermission(PagePermission.EDIT);
m_aclGroup.addEntry(ag1);
m_groups.put("FooGroup", foo);
// Bar group includes Bob and Charlie
final Group bar = m_groupMgr.parseGroup("BarGroup", "", true);
m_groupMgr.setGroup(m_session, bar);
bar.add(uBob);
bar.add(uCharlie);
final AclEntry ag2 = Wiki.acls().entry();
ag2.setPrincipal(bar.getPrincipal());
ag2.addPermission(PagePermission.VIEW);
m_aclGroup.addEntry(ag2);
m_groups.put("BarGroup", bar);
}
Also used :
Group(org.apache.wiki.auth.authorize.Group)
WikiPrincipal(org.apache.wiki.auth.WikiPrincipal)
AclEntry(org.apache.wiki.api.core.AclEntry)
WikiPrincipal(org.apache.wiki.auth.WikiPrincipal)
Principal(java.security.Principal)
GroupPrincipal(org.apache.wiki.auth.GroupPrincipal)
Session(org.apache.wiki.api.core.Session)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 43 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class TestEngine method saveText.
/**
* Convenience method that saves a wiki page by constructing a fake WikiContext and HttpServletRequest. We always want to do this
* using a WikiContext whose subject contains Role.ADMIN. Note: the WikiPage author will have the default value of "Guest".
*
* @param pageName page name
* @param content page content
* @throws WikiException associated login operation or page save had some trouble
*/
public void saveText(final String pageName, final String content) throws WikiException {
// Build new request and associate our admin session
final MockHttpServletRequest request = newHttpRequest();
final Session wikiSession = SessionMonitor.getInstance(this).find(request.getSession());
this.getManager(AuthenticationManager.class).login(wikiSession, request, Users.ADMIN, Users.ADMIN_PASS);
// Create page and wiki context
final Page page = Wiki.contents().page(this, pageName);
final Context context = Wiki.context().create(this, request, page);
getManager(PageManager.class).saveText(context, content);
}
Also used :
AuthenticationManager(org.apache.wiki.auth.AuthenticationManager)
Context(org.apache.wiki.api.core.Context)
MockServletContext(net.sourceforge.stripes.mock.MockServletContext)
ServletContext(javax.servlet.ServletContext)
PageManager(org.apache.wiki.pages.PageManager)
MockHttpServletRequest(net.sourceforge.stripes.mock.MockHttpServletRequest)
Page(org.apache.wiki.api.core.Page)
MockHttpSession(net.sourceforge.stripes.mock.MockHttpSession)
Session(org.apache.wiki.api.core.Session)
Example 44 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class AuthenticationManagerTest method testCustomAuthorizer.
/**
* Tests a dummy WebAuthorizer that is guaranteed to return true for one role for each of the two <code>isInRole</code> methods.
*
* @throws Exception
*/
@Test
public void testCustomAuthorizer() throws Exception {
final Properties props = TestEngine.getTestProperties();
props.put(AuthorizationManager.PROP_AUTHORIZER, "org.apache.wiki.auth.AuthenticationManagerTest$DummyAuthorizer");
m_engine = new TestEngine(props);
// Start a session without any container roles: DummyAuthorizer should ALWAYS allow AuthorizerRole
Session session = WikiSessionTest.authenticatedSession(m_engine, Users.JANNE, Users.JANNE_PASS);
Assertions.assertTrue(session.hasPrincipal(Role.ALL));
Assertions.assertTrue(session.hasPrincipal(Role.AUTHENTICATED));
Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal(Users.JANNE, WikiPrincipal.LOGIN_NAME)));
Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal("Janne Jalkanen", WikiPrincipal.FULL_NAME)));
Assertions.assertTrue(session.hasPrincipal(new Role("AuthorizerRole")));
Assertions.assertFalse(session.hasPrincipal(new Role("ContainerRole")));
Assertions.assertFalse(session.hasPrincipal(new Role("DummyRole")));
// Try again with a container-authenticated session: DummyAuthorizer should ALSO allow ContainerRole
session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.JANNE, new Principal[0]);
Assertions.assertTrue(session.hasPrincipal(Role.ALL));
Assertions.assertTrue(session.hasPrincipal(Role.AUTHENTICATED));
Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal(Users.JANNE, WikiPrincipal.LOGIN_NAME)));
Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
Assertions.assertTrue(session.hasPrincipal(new WikiPrincipal("Janne Jalkanen", WikiPrincipal.FULL_NAME)));
Assertions.assertTrue(session.hasPrincipal(new Role("AuthorizerRole")));
Assertions.assertTrue(session.hasPrincipal(new Role("ContainerRole")));
Assertions.assertFalse(session.hasPrincipal(new Role("DummyRole")));
}
Also used :
Role(org.apache.wiki.auth.authorize.Role)
TestEngine(org.apache.wiki.TestEngine)
Properties(java.util.Properties)
Principal(java.security.Principal)
WikiSession(org.apache.wiki.WikiSession)
Session(org.apache.wiki.api.core.Session)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.jupiter.api.Test)
Example 45 with Session
use of org.apache.wiki.api.core.Session in project jspwiki by apache.
the class WikiSessionTest method testRoles.
@Test
public void testRoles() throws Exception {
Session session;
Principal[] principals;
// Test roles for guest session
session = Wiki.session().guest(m_engine);
principals = session.getRoles();
Assertions.assertTrue(session.isAnonymous());
Assertions.assertFalse(session.isAuthenticated());
Assertions.assertTrue(ArrayUtils.contains(principals, Role.ALL));
Assertions.assertTrue(ArrayUtils.contains(principals, Role.ANONYMOUS));
Assertions.assertFalse(ArrayUtils.contains(principals, Role.ASSERTED));
Assertions.assertFalse(ArrayUtils.contains(principals, Role.AUTHENTICATED));
// Test roles for anonymous session
session = anonymousSession(m_engine);
principals = session.getRoles();
Assertions.assertTrue(session.isAnonymous());
Assertions.assertFalse(session.isAuthenticated());
Assertions.assertTrue(ArrayUtils.contains(principals, Role.ALL));
Assertions.assertTrue(ArrayUtils.contains(principals, Role.ANONYMOUS));
Assertions.assertFalse(ArrayUtils.contains(principals, Role.ASSERTED));
Assertions.assertFalse(ArrayUtils.contains(principals, Role.AUTHENTICATED));
// Test roles for authenticated session
session = authenticatedSession(m_engine, Users.JANNE, Users.JANNE_PASS);
principals = session.getRoles();
Assertions.assertFalse(session.isAnonymous());
Assertions.assertTrue(session.isAuthenticated());
Assertions.assertTrue(ArrayUtils.contains(principals, Role.ALL));
Assertions.assertFalse(ArrayUtils.contains(principals, Role.ANONYMOUS));
Assertions.assertFalse(ArrayUtils.contains(principals, Role.ASSERTED));
Assertions.assertTrue(ArrayUtils.contains(principals, Role.AUTHENTICATED));
// Test roles for admin session
session = adminSession(m_engine);
principals = session.getRoles();
Assertions.assertFalse(session.isAnonymous());
Assertions.assertTrue(session.isAuthenticated());
Assertions.assertTrue(ArrayUtils.contains(principals, Role.ALL));
Assertions.assertFalse(ArrayUtils.contains(principals, Role.ANONYMOUS));
Assertions.assertFalse(ArrayUtils.contains(principals, Role.ASSERTED));
Assertions.assertTrue(ArrayUtils.contains(principals, Role.AUTHENTICATED));
}
Also used :
WikiPrincipal(org.apache.wiki.auth.WikiPrincipal)
Principal(java.security.Principal)
Session(org.apache.wiki.api.core.Session)
Test(org.junit.jupiter.api.Test)
Aggregations
Session (org.apache.wiki.api.core.Session)51
Test (org.junit.jupiter.api.Test)25
WikiSessionTest (org.apache.wiki.WikiSessionTest)19
Principal (java.security.Principal)18
MockHttpServletRequest (net.sourceforge.stripes.mock.MockHttpServletRequest)11
AllPermission (org.apache.wiki.auth.permissions.AllPermission)9
PageManager (org.apache.wiki.pages.PageManager)9
HttpSession (javax.servlet.http.HttpSession)8
Group (org.apache.wiki.auth.authorize.Group)8
PagePermission (org.apache.wiki.auth.permissions.PagePermission)8
Permission (java.security.Permission)7
Page (org.apache.wiki.api.core.Page)7
AuthenticationManager (org.apache.wiki.auth.AuthenticationManager)7
WikiPermission (org.apache.wiki.auth.permissions.WikiPermission)7
UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)6
UserProfile (org.apache.wiki.auth.user.UserProfile)6
GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)5
WikiPrincipal (org.apache.wiki.auth.WikiPrincipal)5
Role (org.apache.wiki.auth.authorize.Role)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
