Examples with WikiSecurityException org.apache.wiki.auth.WikiSecurityException used on opensource projects

Example 1 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class MetaWeblogHandler method checkPermissions.

/**
 *  Does a quick check against the current user
 *  and does he have permissions to do the stuff
 *  that he really wants to.
 *  <p>
 *  If there is no authentication enabled, returns normally.
 *
 *  @throw XmlRpcException with the correct error message, if auth fails.
 */
private void checkPermissions(WikiPage page, String username, String password, String permission) throws XmlRpcException {
    try {
        AuthenticationManager amm = m_context.getEngine().getAuthenticationManager();
        AuthorizationManager mgr = m_context.getEngine().getAuthorizationManager();
        if (amm.login(m_context.getWikiSession(), m_context.getHttpRequest(), username, password)) {
            if (!mgr.checkPermission(m_context.getWikiSession(), PermissionFactory.getPagePermission(page, permission))) {
                throw new XmlRpcException(1, "No permission");
            }
        } else {
            throw new XmlRpcException(1, "Unknown login");
        }
    } catch (WikiSecurityException e) {
        throw new XmlRpcException(1, e.getMessage(), e);
    }
    return;
}

Example 2 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class Installer method createAdministrator.

/**
 * Creates an administrative user and returns the new password.
 * If the admin user exists, the password will be <code>null</code>.
 * @return the password
 * @throws WikiSecurityException
 */
public String createAdministrator() throws WikiSecurityException {
    if (!m_validated) {
        throw new WikiSecurityException("Cannot create administrator because one or more of the installation settings are invalid.");
    }
    if (adminExists()) {
        return null;
    }
    // See if the admin user exists already
    UserManager userMgr = m_engine.getUserManager();
    UserDatabase userDb = userMgr.getUserDatabase();
    String password = null;
    try {
        userDb.findByLoginName(ADMIN_ID);
    } catch (NoSuchPrincipalException e) {
        // Create a random 12-character password
        password = TextUtil.generateRandomPassword();
        UserProfile profile = userDb.newProfile();
        profile.setLoginName(ADMIN_ID);
        profile.setFullname(ADMIN_NAME);
        profile.setPassword(password);
        userDb.save(profile);
    }
    // Create a new admin group
    GroupManager groupMgr = m_engine.getGroupManager();
    Group group = null;
    try {
        group = groupMgr.getGroup(ADMIN_GROUP);
        group.add(new WikiPrincipal(ADMIN_NAME));
    } catch (NoSuchPrincipalException e) {
        group = groupMgr.parseGroup(ADMIN_GROUP, ADMIN_NAME, true);
    }
    groupMgr.setGroup(m_session, group);
    return password;
}

Example 3 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class UserBean method doPost.

public String doPost(WikiContext context) {
    HttpServletRequest request = context.getHttpRequest();
    WikiSession session = context.getWikiSession();
    UserManager mgr = context.getEngine().getUserManager();
    String loginid = request.getParameter("loginid");
    String loginname = request.getParameter("loginname");
    String fullname = request.getParameter("fullname");
    String password = request.getParameter("password");
    String password2 = request.getParameter("password2");
    String email = request.getParameter("email");
    if (request.getParameter("action").equalsIgnoreCase("remove")) {
        try {
            mgr.getUserDatabase().deleteByLoginName(loginid);
            session.addMessage("User profile " + loginid + " (" + fullname + ") has been deleted");
        } catch (NoSuchPrincipalException e) {
            session.addMessage("User profile has already been removed");
        } catch (WikiSecurityException e) {
            session.addMessage("Security problem: " + e);
        }
        return "";
    }
    if (password != null && password.length() > 0 && !password.equals(password2)) {
        session.addMessage("Passwords do not match!");
        return "";
    }
    UserProfile p;
    if (loginid.equals("--New--")) {
        // Create new user
        p = mgr.getUserDatabase().newProfile();
        p.setCreated(new Date());
    } else {
        try {
            p = mgr.getUserDatabase().findByLoginName(loginid);
        } catch (NoSuchPrincipalException e) {
            session.addMessage("I could not find user profile " + loginid);
            return "";
        }
    }
    p.setEmail(email);
    p.setFullname(fullname);
    if (password != null && password.length() > 0)
        p.setPassword(password);
    p.setLoginName(loginname);
    try {
        mgr.getUserDatabase().save(p);
    } catch (WikiSecurityException e) {
        session.addMessage("Unable to save " + e.getMessage());
    }
    session.addMessage("User profile has been updated");
    return "";
}

Example 4 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class AccessRuleLinkNodePostProcessorState method process.

/**
 * {@inheritDoc}
 *
 * @see NodePostProcessorState#process(NodeTracker, JSPWikiLink)
 */
@Override
public void process(final NodeTracker state, final JSPWikiLink link) {
    String ruleLine = NodePostProcessorStateCommonOperations.inlineLinkTextOnWysiwyg(state, link, m_wysiwygEditorMode);
    if (wikiContext.getEngine().getRenderingManager().getParser(wikiContext, link.getUrl().toString()).isParseAccessRules()) {
        final WikiPage page = wikiContext.getRealPage();
        if (ruleLine.startsWith("{")) {
            ruleLine = ruleLine.substring(1);
        }
        if (ruleLine.endsWith("}")) {
            ruleLine = ruleLine.substring(0, ruleLine.length() - 1);
        }
        LOG.debug("page=" + page.getName() + ", ACL = " + ruleLine);
        try {
            final Acl acl = wikiContext.getEngine().getAclManager().parseAcl(page, ruleLine);
            page.setAcl(acl);
            link.unlink();
            state.nodeRemoved(link);
            LOG.debug(acl.toString());
        } catch (final WikiSecurityException wse) {
            NodePostProcessorStateCommonOperations.makeError(state, link, wse.getMessage());
        }
    }
}

Example 5 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class DefaultAclManager method setPermissions.

/**
 * Sets the access control list for the page and persists it by prepending
 * it to the wiki page markup and saving the page. When this method is
 * called, all other ACL markup in the page is removed. This method will forcibly
 * expire locks on the wiki page if they exist. Any ProviderExceptions will be
 * re-thrown as WikiSecurityExceptions.
 *
 * @param page the wiki page
 * @param acl  the access control list
 * @throws WikiSecurityException of the Acl cannot be set
 * @since 2.5
 */
public void setPermissions(WikiPage page, Acl acl) throws WikiSecurityException {
    PageManager pageManager = m_engine.getPageManager();
    // Forcibly expire any page locks
    PageLock lock = pageManager.getCurrentLock(page);
    if (lock != null) {
        pageManager.unlockPage(lock);
    }
    // Remove all of the existing ACLs.
    String pageText = m_engine.getPureText(page);
    Matcher matcher = DefaultAclManager.ACL_PATTERN.matcher(pageText);
    String cleansedText = matcher.replaceAll("");
    String newText = DefaultAclManager.printAcl(page.getAcl()) + cleansedText;
    try {
        pageManager.putPageText(page, newText);
    } catch (ProviderException e) {
        throw new WikiSecurityException("Could not set Acl. Reason: ProviderExcpetion " + e.getMessage(), e);
    }
}