Search in sources :

Example 1 with GroupManager

use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.

the class AuthenticationManagerTest method testLoginCustomWithGroup.

@Test
public void testLoginCustomWithGroup() throws Exception {
    // perhaps)
    try {
        m_groupMgr.removeGroup("Test1");
        m_groupMgr.removeGroup("Test2");
    } catch (NoSuchPrincipalException e) {
    }
    // Log in 'janne' and verify there are 5 principals in the subject
    // (ALL, AUTHENTICATED, login, fullname, wikiname Principals)
    WikiSession session = WikiSession.guestSession(m_engine);
    m_auth.login(session, null, Users.JANNE, Users.JANNE_PASS);
    Assert.assertEquals(3, session.getPrincipals().length);
    Assert.assertEquals(2, session.getRoles().length);
    Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
    // Listen for any manager group-add events
    GroupManager manager = m_engine.getGroupManager();
    SecurityEventTrap trap = new SecurityEventTrap();
    manager.addWikiEventListener(trap);
    // Create two groups; one with Janne in it, and one without
    Group groupTest1 = m_groupMgr.parseGroup("Test1", "JanneJalkanen \n Bob \n Charlie", true);
    m_groupMgr.setGroup(m_session, groupTest1);
    groupTest1 = m_groupMgr.getGroup("Test1");
    Principal principalTest1 = groupTest1.getPrincipal();
    Group groupTest2 = m_groupMgr.parseGroup("Test2", "Alice \n Bob \n Charlie", true);
    m_groupMgr.setGroup(m_session, groupTest2);
    groupTest2 = m_groupMgr.getGroup("Test2");
    Principal principalTest2 = groupTest2.getPrincipal();
    // We should see two security events (one for each group create)
    // We should also see a GroupPrincipal for group Test1, but not Test2
    Assert.assertEquals(2, trap.events().length);
    Assert.assertTrue(session.hasPrincipal(principalTest1));
    Assert.assertFalse(session.hasPrincipal(principalTest2));
    // If we remove Test1, the GroupPrincipal should disappear
    m_groupMgr.removeGroup("Test1");
    Assert.assertFalse(session.hasPrincipal(principalTest1));
    Assert.assertFalse(session.hasPrincipal(principalTest2));
    // Now, add 'JanneJalkanen' to Test2 group manually; we should see the
    // GroupPrincipal
    groupTest2.add(new WikiPrincipal("JanneJalkanen"));
    m_groupMgr.setGroup(session, groupTest2);
    Assert.assertFalse(session.hasPrincipal(principalTest1));
    Assert.assertTrue(session.hasPrincipal(principalTest2));
    // Remove 'JanneJalkenen' manually; the GroupPrincipal should disappear
    groupTest2.remove(new WikiPrincipal("JanneJalkanen"));
    m_groupMgr.setGroup(session, groupTest2);
    Assert.assertFalse(session.hasPrincipal(principalTest1));
    Assert.assertFalse(session.hasPrincipal(principalTest2));
    // Clean up
    m_groupMgr.removeGroup("Test2");
}
Also used : WikiSession(org.apache.wiki.WikiSession) Group(org.apache.wiki.auth.authorize.Group) GroupManager(org.apache.wiki.auth.authorize.GroupManager) Principal(java.security.Principal) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 2 with GroupManager

use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.

the class Installer method createAdministrator.

/**
 * Creates an administrative user and returns the new password.
 * If the admin user exists, the password will be <code>null</code>.
 * @return the password
 * @throws WikiSecurityException
 */
public String createAdministrator() throws WikiSecurityException {
    if (!m_validated) {
        throw new WikiSecurityException("Cannot create administrator because one or more of the installation settings are invalid.");
    }
    if (adminExists()) {
        return null;
    }
    // See if the admin user exists already
    UserManager userMgr = m_engine.getUserManager();
    UserDatabase userDb = userMgr.getUserDatabase();
    String password = null;
    try {
        userDb.findByLoginName(ADMIN_ID);
    } catch (NoSuchPrincipalException e) {
        // Create a random 12-character password
        password = TextUtil.generateRandomPassword();
        UserProfile profile = userDb.newProfile();
        profile.setLoginName(ADMIN_ID);
        profile.setFullname(ADMIN_NAME);
        profile.setPassword(password);
        userDb.save(profile);
    }
    // Create a new admin group
    GroupManager groupMgr = m_engine.getGroupManager();
    Group group = null;
    try {
        group = groupMgr.getGroup(ADMIN_GROUP);
        group.add(new WikiPrincipal(ADMIN_NAME));
    } catch (NoSuchPrincipalException e) {
        group = groupMgr.parseGroup(ADMIN_GROUP, ADMIN_NAME, true);
    }
    groupMgr.setGroup(m_session, group);
    return password;
}
Also used : WikiSecurityException(org.apache.wiki.auth.WikiSecurityException) Group(org.apache.wiki.auth.authorize.Group) UserProfile(org.apache.wiki.auth.user.UserProfile) WikiPrincipal(org.apache.wiki.auth.WikiPrincipal) UserManager(org.apache.wiki.auth.UserManager) UserDatabase(org.apache.wiki.auth.user.UserDatabase) NoSuchPrincipalException(org.apache.wiki.auth.NoSuchPrincipalException) GroupManager(org.apache.wiki.auth.authorize.GroupManager)

Example 3 with GroupManager

use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.

the class SecurityVerifier method verifyGroupDatabase.

/**
 * Verifies that the group datbase was initialized properly, and that
 * user add and delete operations work as they should.
 */
protected void verifyGroupDatabase() {
    GroupManager mgr = m_engine.getGroupManager();
    GroupDatabase db = null;
    try {
        db = m_engine.getGroupManager().getGroupDatabase();
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_GROUPS, "Could not retrieve GroupManager: " + e.getMessage());
    }
    // Check for obvious error conditions
    if (mgr == null || db == null) {
        if (mgr == null) {
            m_session.addMessage(ERROR_GROUPS, "GroupManager is null; JSPWiki could not " + "initialize it. Check the error logs.");
        }
        if (db == null) {
            m_session.addMessage(ERROR_GROUPS, "GroupDatabase is null; JSPWiki could not " + "initialize it. Check the error logs.");
        }
        return;
    }
    // Everything initialized OK...
    // Tell user what class of database this is.
    m_session.addMessage(INFO_GROUPS, "GroupDatabase is of type '" + db.getClass().getName() + "'. It appears to be initialized properly.");
    // Now, see how many groups we have.
    int oldGroupCount = 0;
    try {
        Group[] groups = db.groups();
        oldGroupCount = groups.length;
        m_session.addMessage(INFO_GROUPS, "The group database contains " + oldGroupCount + " groups.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_GROUPS, "Could not obtain a list of current groups: " + e.getMessage());
        return;
    }
    // Try adding a bogus group with random name
    String name = "TestGroup" + System.currentTimeMillis();
    Group group = null;
    try {
        // Create dummy test group
        group = mgr.parseGroup(name, "", true);
        Principal user = new WikiPrincipal("TestUser");
        group.add(user);
        db.save(group, new WikiPrincipal("SecurityVerifier"));
        // Make sure the group saved successfully
        if (db.groups().length == oldGroupCount) {
            m_session.addMessage(ERROR_GROUPS, "Could not add a test group to the database.");
            return;
        }
        m_session.addMessage(INFO_GROUPS, "The group database allows new groups to be created, as it should.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_GROUPS, "Could not add a group to the database: " + e.getMessage());
        return;
    }
    // Now delete the group; should be back to old count
    try {
        db.delete(group);
        if (db.groups().length != oldGroupCount) {
            m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database.");
            return;
        }
        m_session.addMessage(INFO_GROUPS, "The group database allows groups to be deleted, as it should.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database: " + e.getMessage());
        return;
    }
    m_session.addMessage(INFO_GROUPS, "The group database configuration looks fine.");
}
Also used : Group(org.apache.wiki.auth.authorize.Group) GroupDatabase(org.apache.wiki.auth.authorize.GroupDatabase) GroupManager(org.apache.wiki.auth.authorize.GroupManager) Principal(java.security.Principal)

Example 4 with GroupManager

use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.

the class UserManagerTest method testSetRenamedUserProfile.

@Test
public void testSetRenamedUserProfile() throws Exception {
    // First, count the number of users, groups, and pages
    int oldUserCount = m_db.getWikiNames().length;
    GroupManager groupManager = m_engine.getGroupManager();
    PageManager pageManager = m_engine.getPageManager();
    AuthorizationManager authManager = m_engine.getAuthorizationManager();
    int oldGroupCount = groupManager.getRoles().length;
    int oldPageCount = pageManager.getTotalPageCount();
    // Setup Step 1: create a new user with random name
    WikiSession session = m_engine.guestSession();
    long now = System.currentTimeMillis();
    String oldLogin = "TestLogin" + now;
    String oldName = "Test User " + now;
    String newLogin = "RenamedLogin" + now;
    String newName = "Renamed User " + now;
    UserProfile profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(oldLogin);
    profile.setFullname(oldName);
    profile.setPassword("password");
    m_mgr.setUserProfile(session, profile);
    // 1a. Make sure the profile saved successfully and that we're logged in
    profile = m_mgr.getUserProfile(session);
    Assert.assertEquals(oldLogin, profile.getLoginName());
    Assert.assertEquals(oldName, profile.getFullname());
    Assert.assertEquals(oldUserCount + 1, m_db.getWikiNames().length);
    Assert.assertTrue(session.isAuthenticated());
    // Setup Step 2: create a new group with our test user in it
    Group group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
    groupManager.setGroup(session, group);
    // 2a. Make sure the group is created with the user in it, and the role is added to the Subject
    Assert.assertEquals(oldGroupCount + 1, groupManager.getRoles().length);
    Assert.assertTrue(group.isMember(new WikiPrincipal(oldLogin)));
    Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
    Assert.assertTrue(groupManager.isUserInRole(session, group.getPrincipal()));
    // Setup Step 3: create a new page with our test user in the ACL
    String pageName = "TestPage" + now;
    m_engine.saveText(pageName, "Test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
    // 3a. Make sure the page got saved, and that ONLY our test user has permission to read it.
    WikiPage p = m_engine.getPage(pageName);
    Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
    Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
    WikiSession bobSession = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
    Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
    // Setup Step 4: change the user name in the profile and see what happens
    profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(oldLogin);
    profile.setFullname(newName);
    profile.setPassword("password");
    m_mgr.setUserProfile(session, profile);
    // Test 1: the wiki session should have the new wiki name in Subject
    Principal[] principals = session.getPrincipals();
    Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
    Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
    Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
    Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
    // Test 2: our group should not contain the old name OR login name any more
    // (the full name is always used)
    group = groupManager.getGroup(m_groupName);
    Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(oldName)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
    Assert.assertTrue(group.isMember(new WikiPrincipal(newName)));
    // Test 3: our page should not contain the old wiki name OR login name
    // in the ACL any more (the full name is always used)
    p = m_engine.getPage(pageName);
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
    Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
    Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
    // Test 4: our page text should have been re-written
    // (The new full name should be in the ACL, but the login name should have been removed)
    String expectedText = "[{ALLOW view Alice," + newName + "}]\nTest text.  More text.\r\n";
    String actualText = m_engine.getText(pageName);
    Assert.assertEquals(expectedText, actualText);
    // Remove our test page
    m_engine.deletePage(pageName);
    // Setup Step 6: re-create the group with our old test user names in it
    group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
    groupManager.setGroup(session, group);
    // Setup Step 7: Save a new page with the old login/wiki names in the ACL again
    // The test user should still be able to see the page (because the login name matches...)
    pageName = "TestPage2" + now;
    m_engine.saveText(pageName, "More test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
    p = m_engine.getPage(pageName);
    Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
    Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
    Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
    // Setup Step 8: re-save the profile with the new login name
    profile = m_db.newProfile();
    profile.setEmail("jspwiki.tests@mailinator.com");
    profile.setLoginName(newLogin);
    profile.setFullname(oldName);
    profile.setPassword("password");
    m_mgr.setUserProfile(session, profile);
    // Test 5: the wiki session should have the new login name in Subject
    principals = session.getPrincipals();
    Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
    Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
    Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
    Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
    // Test 6: our group should not contain the old name OR login name any more
    // (the full name is always used)
    group = groupManager.getGroup(m_groupName);
    Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
    Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
    Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
    // Test 7: our page should not contain the old wiki name OR login name
    // in the ACL any more (the full name is always used)
    p = m_engine.getPage(pageName);
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
    Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
    Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
    Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
    Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
    // Test 8: our page text should have been re-written
    // (The new full name should be in the ACL, but the login name should have been removed)
    expectedText = "[{ALLOW view Alice," + oldName + "}]\nMore test text.  More text.\r\n";
    actualText = m_engine.getText(pageName);
    Assert.assertEquals(expectedText, actualText);
    // CLEANUP: delete the profile; user and page; should be back to old counts
    m_db.deleteByLoginName(newLogin);
    Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
    groupManager.removeGroup(group.getName());
    Assert.assertEquals(oldGroupCount, groupManager.getRoles().length);
    m_engine.deletePage(pageName);
    Assert.assertEquals(oldPageCount, pageManager.getTotalPageCount());
}
Also used : Group(org.apache.wiki.auth.authorize.Group) UserProfile(org.apache.wiki.auth.user.UserProfile) WikiPage(org.apache.wiki.WikiPage) GroupManager(org.apache.wiki.auth.authorize.GroupManager) WikiSession(org.apache.wiki.WikiSession) PageManager(org.apache.wiki.PageManager) Principal(java.security.Principal) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 5 with GroupManager

use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.

the class Groups method execute.

/**
 *  {@inheritDoc}
 */
public String execute(WikiContext context, Map<String, String> params) throws PluginException {
    // Retrieve groups, and sort by name
    WikiEngine engine = context.getEngine();
    GroupManager groupMgr = engine.getGroupManager();
    Principal[] groups = groupMgr.getRoles();
    Arrays.sort(groups, COMPARATOR);
    StringBuilder s = new StringBuilder();
    for (int i = 0; i < groups.length; i++) {
        String name = groups[i].getName();
        // Make URL
        String url = engine.getURLConstructor().makeURL(WikiContext.VIEW_GROUP, name, false, null);
        // Create hyperlink
        s.append("<a href=\"");
        s.append(url);
        s.append("\">");
        s.append(name);
        s.append("</a>");
        // If not the last one, add a comma and space
        if (i < (groups.length - 1)) {
            s.append(',');
            s.append(' ');
        }
    }
    return s.toString();
}
Also used : WikiEngine(org.apache.wiki.WikiEngine) GroupManager(org.apache.wiki.auth.authorize.GroupManager) Principal(java.security.Principal)

Aggregations

GroupManager (org.apache.wiki.auth.authorize.GroupManager)8 Principal (java.security.Principal)5 Group (org.apache.wiki.auth.authorize.Group)4 WikiSession (org.apache.wiki.WikiSession)2 WikiSessionTest (org.apache.wiki.WikiSessionTest)2 UserManager (org.apache.wiki.auth.UserManager)2 UserProfile (org.apache.wiki.auth.user.UserProfile)2 Test (org.junit.Test)2 File (java.io.File)1 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 Date (java.util.Date)1 PageManager (org.apache.wiki.PageManager)1 WikiEngine (org.apache.wiki.WikiEngine)1 WikiPage (org.apache.wiki.WikiPage)1 AdminBeanManager (org.apache.wiki.api.engine.AdminBeanManager)1 FilterManager (org.apache.wiki.api.engine.FilterManager)1 PluginManager (org.apache.wiki.api.engine.PluginManager)1 FilterException (org.apache.wiki.api.exceptions.FilterException)1 NoSuchVariableException (org.apache.wiki.api.exceptions.NoSuchVariableException)1