Example 1 with GroupManager
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class AuthenticationManagerTest method testLoginCustomWithGroup.
@Test
public void testLoginCustomWithGroup() throws Exception {
// perhaps)
try {
m_groupMgr.removeGroup("Test1");
m_groupMgr.removeGroup("Test2");
} catch (NoSuchPrincipalException e) {
}
// Log in 'janne' and verify there are 5 principals in the subject
// (ALL, AUTHENTICATED, login, fullname, wikiname Principals)
WikiSession session = WikiSession.guestSession(m_engine);
m_auth.login(session, null, Users.JANNE, Users.JANNE_PASS);
Assert.assertEquals(3, session.getPrincipals().length);
Assert.assertEquals(2, session.getRoles().length);
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
// Listen for any manager group-add events
GroupManager manager = m_engine.getGroupManager();
SecurityEventTrap trap = new SecurityEventTrap();
manager.addWikiEventListener(trap);
// Create two groups; one with Janne in it, and one without
Group groupTest1 = m_groupMgr.parseGroup("Test1", "JanneJalkanen \n Bob \n Charlie", true);
m_groupMgr.setGroup(m_session, groupTest1);
groupTest1 = m_groupMgr.getGroup("Test1");
Principal principalTest1 = groupTest1.getPrincipal();
Group groupTest2 = m_groupMgr.parseGroup("Test2", "Alice \n Bob \n Charlie", true);
m_groupMgr.setGroup(m_session, groupTest2);
groupTest2 = m_groupMgr.getGroup("Test2");
Principal principalTest2 = groupTest2.getPrincipal();
// We should see two security events (one for each group create)
// We should also see a GroupPrincipal for group Test1, but not Test2
Assert.assertEquals(2, trap.events().length);
Assert.assertTrue(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// If we remove Test1, the GroupPrincipal should disappear
m_groupMgr.removeGroup("Test1");
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// Now, add 'JanneJalkanen' to Test2 group manually; we should see the
// GroupPrincipal
groupTest2.add(new WikiPrincipal("JanneJalkanen"));
m_groupMgr.setGroup(session, groupTest2);
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertTrue(session.hasPrincipal(principalTest2));
// Remove 'JanneJalkenen' manually; the GroupPrincipal should disappear
groupTest2.remove(new WikiPrincipal("JanneJalkanen"));
m_groupMgr.setGroup(session, groupTest2);
Assert.assertFalse(session.hasPrincipal(principalTest1));
Assert.assertFalse(session.hasPrincipal(principalTest2));
// Clean up
m_groupMgr.removeGroup("Test2");
}
Also used :
WikiSession(org.apache.wiki.WikiSession)
Group(org.apache.wiki.auth.authorize.Group)
GroupManager(org.apache.wiki.auth.authorize.GroupManager)
Principal(java.security.Principal)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.Test)
Example 2 with GroupManager
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class Installer method createAdministrator.
/**
* Creates an administrative user and returns the new password.
* If the admin user exists, the password will be <code>null</code>.
* @return the password
* @throws WikiSecurityException
*/
public String createAdministrator() throws WikiSecurityException {
if (!m_validated) {
throw new WikiSecurityException("Cannot create administrator because one or more of the installation settings are invalid.");
}
if (adminExists()) {
return null;
}
// See if the admin user exists already
UserManager userMgr = m_engine.getUserManager();
UserDatabase userDb = userMgr.getUserDatabase();
String password = null;
try {
userDb.findByLoginName(ADMIN_ID);
} catch (NoSuchPrincipalException e) {
// Create a random 12-character password
password = TextUtil.generateRandomPassword();
UserProfile profile = userDb.newProfile();
profile.setLoginName(ADMIN_ID);
profile.setFullname(ADMIN_NAME);
profile.setPassword(password);
userDb.save(profile);
}
// Create a new admin group
GroupManager groupMgr = m_engine.getGroupManager();
Group group = null;
try {
group = groupMgr.getGroup(ADMIN_GROUP);
group.add(new WikiPrincipal(ADMIN_NAME));
} catch (NoSuchPrincipalException e) {
group = groupMgr.parseGroup(ADMIN_GROUP, ADMIN_NAME, true);
}
groupMgr.setGroup(m_session, group);
return password;
}
Also used :
WikiSecurityException(org.apache.wiki.auth.WikiSecurityException)
Group(org.apache.wiki.auth.authorize.Group)
UserProfile(org.apache.wiki.auth.user.UserProfile)
WikiPrincipal(org.apache.wiki.auth.WikiPrincipal)
UserManager(org.apache.wiki.auth.UserManager)
UserDatabase(org.apache.wiki.auth.user.UserDatabase)
NoSuchPrincipalException(org.apache.wiki.auth.NoSuchPrincipalException)
GroupManager(org.apache.wiki.auth.authorize.GroupManager)
Example 3 with GroupManager
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class SecurityVerifier method verifyGroupDatabase.
/**
* Verifies that the group datbase was initialized properly, and that
* user add and delete operations work as they should.
*/
protected void verifyGroupDatabase() {
GroupManager mgr = m_engine.getGroupManager();
GroupDatabase db = null;
try {
db = m_engine.getGroupManager().getGroupDatabase();
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_GROUPS, "Could not retrieve GroupManager: " + e.getMessage());
}
// Check for obvious error conditions
if (mgr == null || db == null) {
if (mgr == null) {
m_session.addMessage(ERROR_GROUPS, "GroupManager is null; JSPWiki could not " + "initialize it. Check the error logs.");
}
if (db == null) {
m_session.addMessage(ERROR_GROUPS, "GroupDatabase is null; JSPWiki could not " + "initialize it. Check the error logs.");
}
return;
}
// Everything initialized OK...
// Tell user what class of database this is.
m_session.addMessage(INFO_GROUPS, "GroupDatabase is of type '" + db.getClass().getName() + "'. It appears to be initialized properly.");
// Now, see how many groups we have.
int oldGroupCount = 0;
try {
Group[] groups = db.groups();
oldGroupCount = groups.length;
m_session.addMessage(INFO_GROUPS, "The group database contains " + oldGroupCount + " groups.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_GROUPS, "Could not obtain a list of current groups: " + e.getMessage());
return;
}
// Try adding a bogus group with random name
String name = "TestGroup" + System.currentTimeMillis();
Group group = null;
try {
// Create dummy test group
group = mgr.parseGroup(name, "", true);
Principal user = new WikiPrincipal("TestUser");
group.add(user);
db.save(group, new WikiPrincipal("SecurityVerifier"));
// Make sure the group saved successfully
if (db.groups().length == oldGroupCount) {
m_session.addMessage(ERROR_GROUPS, "Could not add a test group to the database.");
return;
}
m_session.addMessage(INFO_GROUPS, "The group database allows new groups to be created, as it should.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_GROUPS, "Could not add a group to the database: " + e.getMessage());
return;
}
// Now delete the group; should be back to old count
try {
db.delete(group);
if (db.groups().length != oldGroupCount) {
m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database.");
return;
}
m_session.addMessage(INFO_GROUPS, "The group database allows groups to be deleted, as it should.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_GROUPS, "Could not delete a test group from the database: " + e.getMessage());
return;
}
m_session.addMessage(INFO_GROUPS, "The group database configuration looks fine.");
}
Also used :
Group(org.apache.wiki.auth.authorize.Group)
GroupDatabase(org.apache.wiki.auth.authorize.GroupDatabase)
GroupManager(org.apache.wiki.auth.authorize.GroupManager)
Principal(java.security.Principal)
Example 4 with GroupManager
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class UserManagerTest method testSetRenamedUserProfile.
@Test
public void testSetRenamedUserProfile() throws Exception {
// First, count the number of users, groups, and pages
int oldUserCount = m_db.getWikiNames().length;
GroupManager groupManager = m_engine.getGroupManager();
PageManager pageManager = m_engine.getPageManager();
AuthorizationManager authManager = m_engine.getAuthorizationManager();
int oldGroupCount = groupManager.getRoles().length;
int oldPageCount = pageManager.getTotalPageCount();
// Setup Step 1: create a new user with random name
WikiSession session = m_engine.guestSession();
long now = System.currentTimeMillis();
String oldLogin = "TestLogin" + now;
String oldName = "Test User " + now;
String newLogin = "RenamedLogin" + now;
String newName = "Renamed User " + now;
UserProfile profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(oldLogin);
profile.setFullname(oldName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// 1a. Make sure the profile saved successfully and that we're logged in
profile = m_mgr.getUserProfile(session);
Assert.assertEquals(oldLogin, profile.getLoginName());
Assert.assertEquals(oldName, profile.getFullname());
Assert.assertEquals(oldUserCount + 1, m_db.getWikiNames().length);
Assert.assertTrue(session.isAuthenticated());
// Setup Step 2: create a new group with our test user in it
Group group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
groupManager.setGroup(session, group);
// 2a. Make sure the group is created with the user in it, and the role is added to the Subject
Assert.assertEquals(oldGroupCount + 1, groupManager.getRoles().length);
Assert.assertTrue(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
Assert.assertTrue(groupManager.isUserInRole(session, group.getPrincipal()));
// Setup Step 3: create a new page with our test user in the ACL
String pageName = "TestPage" + now;
m_engine.saveText(pageName, "Test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
// 3a. Make sure the page got saved, and that ONLY our test user has permission to read it.
WikiPage p = m_engine.getPage(pageName);
Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
WikiSession bobSession = WikiSessionTest.authenticatedSession(m_engine, Users.BOB, Users.BOB_PASS);
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Setup Step 4: change the user name in the profile and see what happens
profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(oldLogin);
profile.setFullname(newName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// Test 1: the wiki session should have the new wiki name in Subject
Principal[] principals = session.getPrincipals();
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
// Test 2: our group should not contain the old name OR login name any more
// (the full name is always used)
group = groupManager.getGroup(m_groupName);
Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(newName)));
// Test 3: our page should not contain the old wiki name OR login name
// in the ACL any more (the full name is always used)
p = m_engine.getPage(pageName);
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Test 4: our page text should have been re-written
// (The new full name should be in the ACL, but the login name should have been removed)
String expectedText = "[{ALLOW view Alice," + newName + "}]\nTest text. More text.\r\n";
String actualText = m_engine.getText(pageName);
Assert.assertEquals(expectedText, actualText);
// Remove our test page
m_engine.deletePage(pageName);
// Setup Step 6: re-create the group with our old test user names in it
group = groupManager.parseGroup(m_groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true);
groupManager.setGroup(session, group);
// Setup Step 7: Save a new page with the old login/wiki names in the ACL again
// The test user should still be able to see the page (because the login name matches...)
pageName = "TestPage2" + now;
m_engine.saveText(pageName, "More test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text.");
p = m_engine.getPage(pageName);
Assert.assertEquals(oldPageCount + 1, pageManager.getTotalPageCount());
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Setup Step 8: re-save the profile with the new login name
profile = m_db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(newLogin);
profile.setFullname(oldName);
profile.setPassword("password");
m_mgr.setUserProfile(session, profile);
// Test 5: the wiki session should have the new login name in Subject
principals = session.getPrincipals();
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(oldLogin)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(oldName)));
Assert.assertTrue(ArrayUtils.contains(principals, new WikiPrincipal(newLogin)));
Assert.assertFalse(ArrayUtils.contains(principals, new WikiPrincipal(newName)));
// Test 6: our group should not contain the old name OR login name any more
// (the full name is always used)
group = groupManager.getGroup(m_groupName);
Assert.assertFalse(group.isMember(new WikiPrincipal(oldLogin)));
Assert.assertTrue(group.isMember(new WikiPrincipal(oldName)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newLogin)));
Assert.assertFalse(group.isMember(new WikiPrincipal(newName)));
// Test 7: our page should not contain the old wiki name OR login name
// in the ACL any more (the full name is always used)
p = m_engine.getPage(pageName);
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(oldLogin)));
Assert.assertNotNull(p.getAcl().getEntry(new WikiPrincipal(oldName)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newLogin)));
Assert.assertNull(p.getAcl().getEntry(new WikiPrincipal(newName)));
Assert.assertTrue("Test User view page", authManager.checkPermission(session, PermissionFactory.getPagePermission(p, "view")));
Assert.assertFalse("Bob !view page", authManager.checkPermission(bobSession, PermissionFactory.getPagePermission(p, "view")));
// Test 8: our page text should have been re-written
// (The new full name should be in the ACL, but the login name should have been removed)
expectedText = "[{ALLOW view Alice," + oldName + "}]\nMore test text. More text.\r\n";
actualText = m_engine.getText(pageName);
Assert.assertEquals(expectedText, actualText);
// CLEANUP: delete the profile; user and page; should be back to old counts
m_db.deleteByLoginName(newLogin);
Assert.assertEquals(oldUserCount, m_db.getWikiNames().length);
groupManager.removeGroup(group.getName());
Assert.assertEquals(oldGroupCount, groupManager.getRoles().length);
m_engine.deletePage(pageName);
Assert.assertEquals(oldPageCount, pageManager.getTotalPageCount());
}
Also used :
Group(org.apache.wiki.auth.authorize.Group)
UserProfile(org.apache.wiki.auth.user.UserProfile)
WikiPage(org.apache.wiki.WikiPage)
GroupManager(org.apache.wiki.auth.authorize.GroupManager)
WikiSession(org.apache.wiki.WikiSession)
PageManager(org.apache.wiki.PageManager)
Principal(java.security.Principal)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.Test)
Example 5 with GroupManager
use of org.apache.wiki.auth.authorize.GroupManager in project jspwiki by apache.
the class Groups method execute.
/**
* {@inheritDoc}
*/
public String execute(WikiContext context, Map<String, String> params) throws PluginException {
// Retrieve groups, and sort by name
WikiEngine engine = context.getEngine();
GroupManager groupMgr = engine.getGroupManager();
Principal[] groups = groupMgr.getRoles();
Arrays.sort(groups, COMPARATOR);
StringBuilder s = new StringBuilder();
for (int i = 0; i < groups.length; i++) {
String name = groups[i].getName();
// Make URL
String url = engine.getURLConstructor().makeURL(WikiContext.VIEW_GROUP, name, false, null);
// Create hyperlink
s.append("<a href=\"");
s.append(url);
s.append("\">");
s.append(name);
s.append("</a>");
// If not the last one, add a comma and space
if (i < (groups.length - 1)) {
s.append(',');
s.append(' ');
}
}
return s.toString();
}
Also used :
WikiEngine(org.apache.wiki.WikiEngine)
GroupManager(org.apache.wiki.auth.authorize.GroupManager)
Principal(java.security.Principal)
Aggregations
GroupManager (org.apache.wiki.auth.authorize.GroupManager)8
Principal (java.security.Principal)5
Group (org.apache.wiki.auth.authorize.Group)4
WikiSession (org.apache.wiki.WikiSession)2
WikiSessionTest (org.apache.wiki.WikiSessionTest)2
UserManager (org.apache.wiki.auth.UserManager)2
UserProfile (org.apache.wiki.auth.user.UserProfile)2
Test (org.junit.Test)2
File (java.io.File)1
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Date (java.util.Date)1
PageManager (org.apache.wiki.PageManager)1
WikiEngine (org.apache.wiki.WikiEngine)1
WikiPage (org.apache.wiki.WikiPage)1
AdminBeanManager (org.apache.wiki.api.engine.AdminBeanManager)1
FilterManager (org.apache.wiki.api.engine.FilterManager)1
PluginManager (org.apache.wiki.api.engine.PluginManager)1
FilterException (org.apache.wiki.api.exceptions.FilterException)1
NoSuchVariableException (org.apache.wiki.api.exceptions.NoSuchVariableException)1
