Examples with Group org.apache.wiki.auth.authorize.Group used on opensource projects

Example 1 with Group

use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.

the class AuthenticationManagerTest method testLoginCustomWithGroup.

@Test
public void testLoginCustomWithGroup() throws Exception {
    // perhaps)
    try {
        m_groupMgr.removeGroup("Test1");
        m_groupMgr.removeGroup("Test2");
    } catch (NoSuchPrincipalException e) {
    }
    // Log in 'janne' and verify there are 5 principals in the subject
    // (ALL, AUTHENTICATED, login, fullname, wikiname Principals)
    WikiSession session = WikiSession.guestSession(m_engine);
    m_auth.login(session, null, Users.JANNE, Users.JANNE_PASS);
    Assert.assertEquals(3, session.getPrincipals().length);
    Assert.assertEquals(2, session.getRoles().length);
    Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
    // Listen for any manager group-add events
    GroupManager manager = m_engine.getGroupManager();
    SecurityEventTrap trap = new SecurityEventTrap();
    manager.addWikiEventListener(trap);
    // Create two groups; one with Janne in it, and one without
    Group groupTest1 = m_groupMgr.parseGroup("Test1", "JanneJalkanen \n Bob \n Charlie", true);
    m_groupMgr.setGroup(m_session, groupTest1);
    groupTest1 = m_groupMgr.getGroup("Test1");
    Principal principalTest1 = groupTest1.getPrincipal();
    Group groupTest2 = m_groupMgr.parseGroup("Test2", "Alice \n Bob \n Charlie", true);
    m_groupMgr.setGroup(m_session, groupTest2);
    groupTest2 = m_groupMgr.getGroup("Test2");
    Principal principalTest2 = groupTest2.getPrincipal();
    // We should see two security events (one for each group create)
    // We should also see a GroupPrincipal for group Test1, but not Test2
    Assert.assertEquals(2, trap.events().length);
    Assert.assertTrue(session.hasPrincipal(principalTest1));
    Assert.assertFalse(session.hasPrincipal(principalTest2));
    // If we remove Test1, the GroupPrincipal should disappear
    m_groupMgr.removeGroup("Test1");
    Assert.assertFalse(session.hasPrincipal(principalTest1));
    Assert.assertFalse(session.hasPrincipal(principalTest2));
    // Now, add 'JanneJalkanen' to Test2 group manually; we should see the
    // GroupPrincipal
    groupTest2.add(new WikiPrincipal("JanneJalkanen"));
    m_groupMgr.setGroup(session, groupTest2);
    Assert.assertFalse(session.hasPrincipal(principalTest1));
    Assert.assertTrue(session.hasPrincipal(principalTest2));
    // Remove 'JanneJalkenen' manually; the GroupPrincipal should disappear
    groupTest2.remove(new WikiPrincipal("JanneJalkanen"));
    m_groupMgr.setGroup(session, groupTest2);
    Assert.assertFalse(session.hasPrincipal(principalTest1));
    Assert.assertFalse(session.hasPrincipal(principalTest2));
    // Clean up
    m_groupMgr.removeGroup("Test2");
}

Example 2 with Group

use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.

the class Installer method createAdministrator.

/**
 * Creates an administrative user and returns the new password.
 * If the admin user exists, the password will be <code>null</code>.
 * @return the password
 * @throws WikiSecurityException
 */
public String createAdministrator() throws WikiSecurityException {
    if (!m_validated) {
        throw new WikiSecurityException("Cannot create administrator because one or more of the installation settings are invalid.");
    }
    if (adminExists()) {
        return null;
    }
    // See if the admin user exists already
    UserManager userMgr = m_engine.getUserManager();
    UserDatabase userDb = userMgr.getUserDatabase();
    String password = null;
    try {
        userDb.findByLoginName(ADMIN_ID);
    } catch (NoSuchPrincipalException e) {
        // Create a random 12-character password
        password = TextUtil.generateRandomPassword();
        UserProfile profile = userDb.newProfile();
        profile.setLoginName(ADMIN_ID);
        profile.setFullname(ADMIN_NAME);
        profile.setPassword(password);
        userDb.save(profile);
    }
    // Create a new admin group
    GroupManager groupMgr = m_engine.getGroupManager();
    Group group = null;
    try {
        group = groupMgr.getGroup(ADMIN_GROUP);
        group.add(new WikiPrincipal(ADMIN_NAME));
    } catch (NoSuchPrincipalException e) {
        group = groupMgr.parseGroup(ADMIN_GROUP, ADMIN_NAME, true);
    }
    groupMgr.setGroup(m_session, group);
    return password;
}

Example 3 with Group

use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.

the class SecurityVerifier method verifyGroupDatabase.

/**
 * Verifies that the group datbase was initialized properly, and that
 * user add and delete operations work as they should.
 */
protected void verifyGroupDatabase() {
    GroupManager mgr = m_engine.getGroupManager();
    GroupDatabase db = null;
    try {
        db = m_engine.getGroupManager().getGroupDatabase();
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_GROUPS, "Could not retrieve GroupManager: " + e.getMessage());
    }
    // Check for obvious error conditions
    if (mgr == null || db == null) {
        if (mgr == null) {
            m_session.addMessage(ERROR_GROUPS, "GroupManager is null; JSPWiki could not " + "initialize it. Check the error logs.");
        }
        if (db == null) {
            m_session.addMessage(ERROR_GROUPS, "GroupDatabase is null; JSPWiki could not " + "initialize it. Check the error logs.");
        }
        return;
    }
    // Everything initialized OK...
    // Tell user what class of database this is.
    m_session.addMessage(INFO_GROUPS, "GroupDatabase is of type '" + db.getClass().getName() + "'. It appears to be initialized properly.");
    // Now, see how many groups we have.
    int oldGroupCount = 0;
    try {
        Group[] groups = db.groups();
        oldGroupCount = groups.length;
        m_session.addMessage(INFO_GROUPS, "The group database contains " + oldGroupCount + " groups.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_GROUPS, "Could not obtain a list of current groups: " + e.getMessage());
        return;
    }
    // Try adding a bogus group with random name
    String name = "TestGroup" + System.currentTimeMillis();
    Group group = null;
    try {
        // Create dummy test group
        group = mgr.parseGroup(name, "", true);
        Principal user = new WikiPrincipal("TestUser");
        group.add(user);
        db.save(group, new WikiPrincipal("SecurityVerifier"));
        // Make sure the group saved successfully
        if (db.groups().length == oldGroupCount) {
            m_session.addMessage(ERROR_GROUPS, "Could not add a test group to the database.");
            return;
        }
        m_session.addMessage(INFO_GROUPS, "The group database allows new groups to be created, as it should.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_GROUPS, "Could not add a group to the database: " + e.getMessage());
        return;
    }
    // Now delete the group; should be back to old count
    try {
        db.delete(group);
        if (db.groups().length != oldGroupCount) {
            m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database.");
            return;
        }
        m_session.addMessage(INFO_GROUPS, "The group database allows groups to be deleted, as it should.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database: " + e.getMessage());
        return;
    }
    m_session.addMessage(INFO_GROUPS, "The group database configuration looks fine.");
}

Example 4 with Group

use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.

the class AuthorizationManagerTest method testResolveGroups.

@Test
public void testResolveGroups() throws WikiException {
    Group group1 = m_groupMgr.parseGroup("SampleGroup", "", true);
    m_groupMgr.setGroup(m_session, group1);
    Assert.assertEquals(group1.getPrincipal(), m_auth.resolvePrincipal("SampleGroup"));
    m_groupMgr.removeGroup("SampleGroup");
    // We shouldn't be able to spoof a built-in role
    try {
        Group group2 = m_groupMgr.parseGroup("Authenticated", "", true);
        Assert.assertNotSame(group2.getPrincipal(), m_auth.resolvePrincipal("Authenticated"));
    } catch (WikiSecurityException e) {
        Assert.assertTrue("Authenticated not allowed as group name.", true);
    }
    Assert.assertEquals(Role.AUTHENTICATED, m_auth.resolvePrincipal("Authenticated"));
}

Example 5 with Group

use of org.apache.wiki.auth.authorize.Group in project jspwiki by apache.

the class AuthorizationManagerTest method testAssertedSession.

@Test
public void testAssertedSession() throws Exception {
    // Create Alice and her roles
    Principal alice = new WikiPrincipal(Users.ALICE);
    Role it = new Role("IT");
    Role engineering = new Role("Engineering");
    Role finance = new Role("Finance");
    Principal admin = new GroupPrincipal("Admin");
    WikiSession session = WikiSessionTest.assertedSession(m_engine, Users.ALICE, new Principal[] { it, engineering, admin });
    // Create two groups: Alice should be part of group Bar, but not Foo
    Group fooGroup = m_groupMgr.parseGroup("Foo", "", true);
    Group barGroup = m_groupMgr.parseGroup("Bar", "", true);
    barGroup.add(alice);
    m_groupMgr.setGroup(m_session, fooGroup);
    m_groupMgr.setGroup(m_session, barGroup);
    // Test user principal posession: Alice isn't considered to
    // have the "Alice" principal because she's not authenticated
    Assert.assertFalse("Alice has Alice", m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.ALICE)));
    Assert.assertFalse("Alice has Alice", m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.ALICE)));
    Assert.assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.BOB)));
    Assert.assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.BOB)));
    // Built-in role memberships
    Assert.assertTrue("Alice in ALL", m_auth.hasRoleOrPrincipal(session, Role.ALL));
    Assert.assertFalse("Alice not in ANONYMOUS", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
    Assert.assertTrue("Alice in ASSERTED", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
    Assert.assertFalse("Alice not in AUTHENTICATED", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
    // Custom roles should be FALSE because Alice is asserted
    Assert.assertFalse("Alice not in IT", m_auth.hasRoleOrPrincipal(session, it));
    Assert.assertFalse("Alice not in Engineering", m_auth.hasRoleOrPrincipal(session, engineering));
    Assert.assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
    // Group memberships should be FALSE because Alice is asserted
    Assert.assertFalse("Alice not in Foo", m_auth.hasRoleOrPrincipal(session, fooGroup.getPrincipal()));
    Assert.assertFalse("Alice not in Bar", m_auth.hasRoleOrPrincipal(session, barGroup.getPrincipal()));
    // Clean up
    m_groupMgr.removeGroup("Foo");
    m_groupMgr.removeGroup("Bar");
}