use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class AuthenticationManagerTest method testLoginCustomWithGroup.
@Test
public void testLoginCustomWithGroup() throws Exception {
// perhaps)
try {
m_groupMgr.removeGroup("Test1");
m_groupMgr.removeGroup("Test2");
} catch (NoSuchPrincipalException e) {
}
// Log in 'janne' and verify there are 5 principals in the subject
// (ALL, AUTHENTICATED, login, fullname, wikiname Principals)
WikiSession session = WikiSession.guestSession(m_engine);
m_auth.login(session, null, Users.JANNE, Users.JANNE_PASS);
Assert.assertEquals(3, session.getPrincipals().length);
Assert.assertEquals(2, session.getRoles().length);
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
// Listen for any manager group-add events
GroupManager manager = m_engine.getGroupManager();
SecurityEventTrap trap = new SecurityEventTrap();
manager.addWikiEventListener(trap);
// Create two groups; one with Janne in it, and one without
Group groupTest1 = m_groupMgr.parseGroup("Test1", "JanneJalkanen \n Bob \n Charlie", true);
m_groupMgr.setGroup(m_session, groupTest1);
groupTest1 = m_groupMgr.getGroup("Test1");
Principal principalTest1 = groupTest1.getPrincipal();
Group groupTest2 = m_groupMgr.parseGroup("Test2", "Alice \n Bob \n Charlie", true);
m_groupMgr.setGroup(m_session, groupTest2);
groupTest2 = m_groupMgr.getGroup("Test2");
Principal principalTest2 = groupTest2.getPrincipal();
// We should see two security events (one for each group create)
// We should also see a GroupPrincipal for group Test1, but not Test2
Assert.assertEquals(2, trap.events().length);
Assert.assertTrue(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// If we remove Test1, the GroupPrincipal should disappear
m_groupMgr.removeGroup("Test1");
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// Now, add 'JanneJalkanen' to Test2 group manually; we should see the
// GroupPrincipal
groupTest2.add(new WikiPrincipal("JanneJalkanen"));
m_groupMgr.setGroup(session, groupTest2);
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertTrue(session.hasPrincipal(principalTest2));
// Remove 'JanneJalkenen' manually; the GroupPrincipal should disappear
groupTest2.remove(new WikiPrincipal("JanneJalkanen"));
m_groupMgr.setGroup(session, groupTest2);
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// Clean up
m_groupMgr.removeGroup("Test2");
}
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class Installer method createAdministrator.
/**
* Creates an administrative user and returns the new password.
* If the admin user exists, the password will be <code>null</code>.
* @return the password
* @throws WikiSecurityException
*/
public String createAdministrator() throws WikiSecurityException {
if (!m_validated) {
throw new WikiSecurityException("Cannot create administrator because one or more of the installation settings are invalid.");
}
if (adminExists()) {
return null;
}
// See if the admin user exists already
UserManager userMgr = m_engine.getUserManager();
UserDatabase userDb = userMgr.getUserDatabase();
String password = null;
try {
userDb.findByLoginName(ADMIN_ID);
} catch (NoSuchPrincipalException e) {
// Create a random 12-character password
password = TextUtil.generateRandomPassword();
UserProfile profile = userDb.newProfile();
profile.setLoginName(ADMIN_ID);
profile.setFullname(ADMIN_NAME);
profile.setPassword(password);
userDb.save(profile);
}
// Create a new admin group
GroupManager groupMgr = m_engine.getGroupManager();
Group group = null;
try {
group = groupMgr.getGroup(ADMIN_GROUP);
group.add(new WikiPrincipal(ADMIN_NAME));
} catch (NoSuchPrincipalException e) {
group = groupMgr.parseGroup(ADMIN_GROUP, ADMIN_NAME, true);
}
groupMgr.setGroup(m_session, group);
return password;
}
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class SecurityVerifier method verifyGroupDatabase.
/**
* Verifies that the group datbase was initialized properly, and that
* user add and delete operations work as they should.
*/
protected void verifyGroupDatabase() {
GroupManager mgr = m_engine.getGroupManager();
GroupDatabase db = null;
try {
db = m_engine.getGroupManager().getGroupDatabase();
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_GROUPS, "Could not retrieve GroupManager: " + e.getMessage());
}
// Check for obvious error conditions
if (mgr == null || db == null) {
if (mgr == null) {
m_session.addMessage(ERROR_GROUPS, "GroupManager is null; JSPWiki could not " + "initialize it. Check the error logs.");
}
if (db == null) {
m_session.addMessage(ERROR_GROUPS, "GroupDatabase is null; JSPWiki could not " + "initialize it. Check the error logs.");
}
return;
}
// Everything initialized OK...
// Tell user what class of database this is.
m_session.addMessage(INFO_GROUPS, "GroupDatabase is of type '" + db.getClass().getName() + "'. It appears to be initialized properly.");
// Now, see how many groups we have.
int oldGroupCount = 0;
try {
Group[] groups = db.groups();
oldGroupCount = groups.length;
m_session.addMessage(INFO_GROUPS, "The group database contains " + oldGroupCount + " groups.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_GROUPS, "Could not obtain a list of current groups: " + e.getMessage());
return;
}
// Try adding a bogus group with random name
String name = "TestGroup" + System.currentTimeMillis();
Group group = null;
try {
// Create dummy test group
group = mgr.parseGroup(name, "", true);
Principal user = new WikiPrincipal("TestUser");
group.add(user);
db.save(group, new WikiPrincipal("SecurityVerifier"));
// Make sure the group saved successfully
if (db.groups().length == oldGroupCount) {
m_session.addMessage(ERROR_GROUPS, "Could not add a test group to the database.");
return;
}
m_session.addMessage(INFO_GROUPS, "The group database allows new groups to be created, as it should.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_GROUPS, "Could not add a group to the database: " + e.getMessage());
return;
}
// Now delete the group; should be back to old count
try {
db.delete(group);
if (db.groups().length != oldGroupCount) {
m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database.");
return;
}
m_session.addMessage(INFO_GROUPS, "The group database allows groups to be deleted, as it should.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database: " + e.getMessage());
return;
}
m_session.addMessage(INFO_GROUPS, "The group database configuration looks fine.");
}
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class UserManagerTest method testSetRenamedUserProfile.
@Test
public void testSetRenamedUserProfile() throws Exception {
// First, count the number of users, groups, and pages
int oldUserCount = m_db.getWikiNames().length;
GroupManager groupManager = m_engine.getGroupManager();
PageManager pageManager = m_engine.getPageManager();
AuthorizationManager authManager = m_engine.getAuthorizationManager();
int oldGroupCount = groupManager.getRoles().length;
int oldPageCount = pageManager.getTotalPageCount();
// Setup Step 1: create a new user with random name
WikiSession session = m_engine.guestSession();
long now = System.currentTimeMillis();
String oldLogin = "TestLogin" + now;
String oldName = "Test User " + now;
String newLogin = "RenamedLogin" + now;
String newName = "Renamed User " + now;
UserProfile profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(oldLogin);
profile.setFullname(oldName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// 1a. Make sure the profile saved successfully and that we're logged in
profile = m_mgr.getUserProfile(session);
Assert.assertEquals(oldLogin, profile.getLoginName());
Assert.assertEquals(oldName, profile.getFullname());
Assert.assertEquals(oldUserCount + 1, m_db.getWikiNames().length);
Assert.assertTrue(session.isAuthenticated());
// Setup Step 2: create a new group with our test user in it
Group group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
groupManager.setGroup(session, group);
// 2a. Make sure the group is created with the user in it, and the role is added to the Subject
Assert.assertEquals(oldGroupCount + 1, groupManager.getRoles().length);
Assert.assertTrue(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
Assert.assertTrue(groupManager.isUserInRole(session, group.getPrincipal()));
// Setup Step 3: create a new page with our test user in the ACL
String pageName = "TestPage" + now;
m_engine.saveText(pageName, "Test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
// 3a. Make sure the page got saved, and that ONLY our test user has permission to read it.
WikiPage p = m_engine.getPage(pageName);
Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
WikiSession bobSession = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Setup Step 4: change the user name in the profile and see what happens
profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(oldLogin);
profile.setFullname(newName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// Test 1: the wiki session should have the new wiki name in Subject
Principal[] principals = session.getPrincipals();
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
// Test 2: our group should not contain the old name OR login name any more
// (the full name is always used)
group = groupManager.getGroup(m_groupName);
Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(newName)));
// Test 3: our page should not contain the old wiki name OR login name
// in the ACL any more (the full name is always used)
p = m_engine.getPage(pageName);
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Test 4: our page text should have been re-written
// (The new full name should be in the ACL, but the login name should have been removed)
String expectedText = "[{ALLOW view Alice," + newName + "}]\nTest text. More text.\r\n";
String actualText = m_engine.getText(pageName);
Assert.assertEquals(expectedText, actualText);
// Remove our test page
m_engine.deletePage(pageName);
// Setup Step 6: re-create the group with our old test user names in it
group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
groupManager.setGroup(session, group);
// Setup Step 7: Save a new page with the old login/wiki names in the ACL again
// The test user should still be able to see the page (because the login name matches...)
pageName = "TestPage2" + now;
m_engine.saveText(pageName, "More test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
p = m_engine.getPage(pageName);
Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Setup Step 8: re-save the profile with the new login name
profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(newLogin);
profile.setFullname(oldName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// Test 5: the wiki session should have the new login name in Subject
principals = session.getPrincipals();
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
// Test 6: our group should not contain the old name OR login name any more
// (the full name is always used)
group = groupManager.getGroup(m_groupName);
Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
// Test 7: our page should not contain the old wiki name OR login name
// in the ACL any more (the full name is always used)
p = m_engine.getPage(pageName);
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Test 8: our page text should have been re-written
// (The new full name should be in the ACL, but the login name should have been removed)
expectedText = "[{ALLOW view Alice," + oldName + "}]\nMore test text. More text.\r\n";
actualText = m_engine.getText(pageName);
Assert.assertEquals(expectedText, actualText);
// CLEANUP: delete the profile; user and page; should be back to old counts
m_db.deleteByLoginName(newLogin);
Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
groupManager.removeGroup(group.getName());
Assert.assertEquals(oldGroupCount, groupManager.getRoles().length);
m_engine.deletePage(pageName);
Assert.assertEquals(oldPageCount, pageManager.getTotalPageCount());
}
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class Groups method execute.
/**
* {@inheritDoc}
*/
public String execute(WikiContext context, Map<String, String> params) throws PluginException {
// Retrieve groups, and sort by name
WikiEngine engine = context.getEngine();
GroupManager groupMgr = engine.getGroupManager();
Principal[] groups = groupMgr.getRoles();
Arrays.sort(groups, COMPARATOR);
StringBuilder s = new StringBuilder();
for (int i = 0; i < groups.length; i++) {
String name = groups[i].getName();
// Make URL
String url = engine.getURLConstructor().makeURL(WikiContext.VIEW_GROUP, name, false, null);
// Create hyperlink
s.append("<a href=\"");
s.append(url);
s.append("\">");
s.append(name);
s.append("</a>");
// If not the last one, add a comma and space
if (i < (groups.length - 1)) {
s.append(',');
s.append(' ');
}
}
return s.toString();
}
Aggregations