Example 1 with Role
use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.
the class WikiRequestWrapper method isUserInRole.
/**
* Determines whether the current user possesses a supplied role, taking
* into account both container and JSPWIki custom authentication status.
* Specifically, if the wrapped request shows that the user possesses the
* role, this method returns <code>true</code>. If not, this method
* iterates through the built-in Role objects (<em>e.g.</em>, ANONYMOUS,
* ASSERTED, AUTHENTICATED) returned by {@link WikiSession#getRoles()} and
* checks to see if any of these principals' names match the supplied role.
*/
public boolean isUserInRole(String role) {
boolean hasContainerRole = super.isUserInRole(role);
if (hasContainerRole) {
return true;
}
// Iterate through all of the built-in roles and look for a match
Principal[] principals = m_session.getRoles();
for (int i = 0; i < principals.length; i++) {
if (principals[i] instanceof Role) {
Role principal = (Role) principals[i];
if (Role.isBuiltInRole(principal) && principal.getName().equals(role)) {
return true;
}
}
}
// None of the built-in roles match, so no luck
return false;
}Example 2 with Role
use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.
the class AuthorizationManager method resolvePrincipal.
/**
* <p>Given a supplied string representing a Principal's name from an Acl, this
* method resolves the correct type of Principal (role, group, or user).
* This method is guaranteed to always return a Principal.
* The algorithm is straightforward:</p>
* <ol>
* <li>If the name matches one of the built-in {@link org.apache.wiki.auth.authorize.Role} names,
* return that built-in Role</li>
* <li>If the name matches one supplied by the current
* {@link org.apache.wiki.auth.Authorizer}, return that Role</li>
* <li>If the name matches a group managed by the
* current {@link org.apache.wiki.auth.authorize.GroupManager}, return that Group</li>
* <li>Otherwise, assume that the name represents a user
* principal. Using the current {@link org.apache.wiki.auth.user.UserDatabase}, find the
* first user who matches the supplied name by calling
* {@link org.apache.wiki.auth.user.UserDatabase#find(String)}.</li>
* <li>Finally, if a user cannot be found, manufacture
* and return a generic {@link org.apache.wiki.auth.acl.UnresolvedPrincipal}</li>
* </ol>
* @param name the name of the Principal to resolve
* @return the fully-resolved Principal
*/
public Principal resolvePrincipal(String name) {
// Check built-in Roles first
Role role = new Role(name);
if (Role.isBuiltInRole(role)) {
return role;
}
// Check Authorizer Roles
Principal principal = m_authorizer.findRole(name);
if (principal != null) {
return principal;
}
// Check Groups
principal = m_engine.getGroupManager().findRole(name);
if (principal != null) {
return principal;
}
// Ok, no luck---this must be a user principal
Principal[] principals = null;
UserProfile profile = null;
UserDatabase db = m_engine.getUserManager().getUserDatabase();
try {
profile = db.find(name);
principals = db.getPrincipals(profile.getLoginName());
for (int i = 0; i < principals.length; i++) {
principal = principals[i];
if (principal.getName().equals(name)) {
return principal;
}
}
} catch (NoSuchPrincipalException e) {
// We couldn't find the user...
}
// Ok, no luck---mark this as unresolved and move on
return new UnresolvedPrincipal(name);
}
Also used :
Role(org.apache.wiki.auth.authorize.Role)
UserProfile(org.apache.wiki.auth.user.UserProfile)
UserDatabase(org.apache.wiki.auth.user.UserDatabase)
Principal(java.security.Principal)
UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal)
UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal)
Example 3 with Role
use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.
the class AuthorizationManagerTest method testAssertedSession.
@Test
public void testAssertedSession() throws Exception {
// Create Alice and her roles
Principal alice = new WikiPrincipal(Users.ALICE);
Role it = new Role("IT");
Role engineering = new Role("Engineering");
Role finance = new Role("Finance");
Principal admin = new GroupPrincipal("Admin");
WikiSession session = WikiSessionTest.assertedSession(m_engine, Users.ALICE, new Principal[] { it, engineering, admin });
// Create two groups: Alice should be part of group Bar, but not Foo
Group fooGroup = m_groupMgr.parseGroup("Foo", "", true);
Group barGroup = m_groupMgr.parseGroup("Bar", "", true);
barGroup.add(alice);
m_groupMgr.setGroup(m_session, fooGroup);
m_groupMgr.setGroup(m_session, barGroup);
// Test user principal posession: Alice isn't considered to
// have the "Alice" principal because she's not authenticated
Assert.assertFalse("Alice has Alice", m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.ALICE)));
Assert.assertFalse("Alice has Alice", m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.ALICE)));
Assert.assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.BOB)));
Assert.assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.BOB)));
// Built-in role memberships
Assert.assertTrue("Alice in ALL", m_auth.hasRoleOrPrincipal(session, Role.ALL));
Assert.assertFalse("Alice not in ANONYMOUS", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
Assert.assertTrue("Alice in ASSERTED", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
Assert.assertFalse("Alice not in AUTHENTICATED", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
// Custom roles should be FALSE because Alice is asserted
Assert.assertFalse("Alice not in IT", m_auth.hasRoleOrPrincipal(session, it));
Assert.assertFalse("Alice not in Engineering", m_auth.hasRoleOrPrincipal(session, engineering));
Assert.assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
// Group memberships should be FALSE because Alice is asserted
Assert.assertFalse("Alice not in Foo", m_auth.hasRoleOrPrincipal(session, fooGroup.getPrincipal()));
Assert.assertFalse("Alice not in Bar", m_auth.hasRoleOrPrincipal(session, barGroup.getPrincipal()));
// Clean up
m_groupMgr.removeGroup("Foo");
m_groupMgr.removeGroup("Bar");
}
Also used :
Role(org.apache.wiki.auth.authorize.Role)
WikiSession(org.apache.wiki.WikiSession)
Group(org.apache.wiki.auth.authorize.Group)
Principal(java.security.Principal)
UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.Test)
Example 4 with Role
use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.
the class AuthorizationManagerTest method testHasRoleOrPrincipal.
@Test
public void testHasRoleOrPrincipal() throws Exception {
// Create new user Alice and 2 sample roles
Principal alice = new WikiPrincipal(Users.ALICE);
Role it = new Role("IT");
Role finance = new Role("Finance");
// Create Group1 with Alice in it, Group2 without
WikiSession session = WikiSessionTest.adminSession(m_engine);
Group g1 = m_groupMgr.parseGroup("Group1", "Alice", true);
m_groupMgr.setGroup(session, g1);
Principal group1 = g1.getPrincipal();
Group g2 = m_groupMgr.parseGroup("Group2", "Bob", true);
m_groupMgr.setGroup(session, g2);
Principal group2 = g2.getPrincipal();
// Create anonymous session; not in ANY custom roles or groups
session = WikiSessionTest.anonymousSession(m_engine);
Assert.assertTrue("Anon anonymous", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
Assert.assertFalse("Anon not asserted", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
Assert.assertFalse("Anon not authenticated", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
Assert.assertFalse("Alice not in Anon", m_auth.hasRoleOrPrincipal(session, alice));
Assert.assertFalse("Anon not in IT", m_auth.hasRoleOrPrincipal(session, it));
Assert.assertFalse("Anon not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
Assert.assertFalse("Anon not in Group1", m_auth.hasRoleOrPrincipal(session, group1));
Assert.assertFalse("Anon not in Group2", m_auth.hasRoleOrPrincipal(session, group2));
// Create asserted session with 1 GroupPrincipal & 1 custom Role
// Alice is asserted, and thus not in ANY custom roles or groups
session = WikiSessionTest.assertedSession(m_engine, Users.ALICE, new Principal[] { it });
Assert.assertFalse("Alice not anonymous", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
Assert.assertTrue("Alice asserted", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
Assert.assertFalse("Alice not authenticated", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
Assert.assertFalse("Alice not in Alice", m_auth.hasRoleOrPrincipal(session, alice));
Assert.assertFalse("Alice not in IT", m_auth.hasRoleOrPrincipal(session, it));
Assert.assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
Assert.assertFalse("Alice not in Group1", m_auth.hasRoleOrPrincipal(session, group1));
Assert.assertFalse("Alice not in Group2", m_auth.hasRoleOrPrincipal(session, group2));
// Create authenticated session with 1 GroupPrincipal & 1 custom Role
// Alice is authenticated, and thus part of custom roles and groups
session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.ALICE, new Principal[] { it });
Assert.assertFalse("Alice not anonymous", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
Assert.assertFalse("Alice not asserted", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
Assert.assertTrue("Alice authenticated", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
Assert.assertTrue("Alice in Ernie", m_auth.hasRoleOrPrincipal(session, alice));
Assert.assertTrue("Alice in IT", m_auth.hasRoleOrPrincipal(session, it));
Assert.assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
Assert.assertTrue("Alice in Group1", m_auth.hasRoleOrPrincipal(session, group1));
Assert.assertFalse("Alice not in Group2", m_auth.hasRoleOrPrincipal(session, group2));
// Clean up
m_groupMgr.removeGroup("Group1");
m_groupMgr.removeGroup("Group2");
}
Also used :
Role(org.apache.wiki.auth.authorize.Role)
WikiSession(org.apache.wiki.WikiSession)
Group(org.apache.wiki.auth.authorize.Group)
Principal(java.security.Principal)
UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.Test)
Example 5 with Role
use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.
the class AuthenticationManagerTest method testCustomAuthorizer.
/**
* Tests a dummy WebAuthorizer that is guaranteed to return true for one
* role for each of the two <code>isInRole</code> methods.
*
* @throws Exception
*/
@Test
public void testCustomAuthorizer() throws Exception {
Properties props = TestEngine.getTestProperties();
props.put(AuthorizationManager.PROP_AUTHORIZER, "org.apache.wiki.auth.AuthenticationManagerTest$DummyAuthorizer");
m_engine = new TestEngine(props);
// Start a session without any container roles: DummyAuthorizer should ALWAYS allow AuthorizerRole
WikiSession session = WikiSessionTest.authenticatedSession(m_engine, Users.JANNE, Users.JANNE_PASS);
Assert.assertTrue(session.hasPrincipal(Role.ALL));
Assert.assertTrue(session.hasPrincipal(Role.AUTHENTICATED));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal(Users.JANNE, WikiPrincipal.LOGIN_NAME)));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("Janne Jalkanen", WikiPrincipal.FULL_NAME)));
Assert.assertTrue(session.hasPrincipal(new Role("AuthorizerRole")));
Assert.assertFalse(session.hasPrincipal(new Role("ContainerRole")));
Assert.assertFalse(session.hasPrincipal(new Role("DummyRole")));
// Try again with a container-authenticated session: DummyAuthorizer should ALSO allow ContainerRole
session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.JANNE, new Principal[0]);
Assert.assertTrue(session.hasPrincipal(Role.ALL));
Assert.assertTrue(session.hasPrincipal(Role.AUTHENTICATED));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal(Users.JANNE, WikiPrincipal.LOGIN_NAME)));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("JanneJalkanen", WikiPrincipal.WIKI_NAME)));
Assert.assertTrue(session.hasPrincipal(new WikiPrincipal("Janne Jalkanen", WikiPrincipal.FULL_NAME)));
Assert.assertTrue(session.hasPrincipal(new Role("AuthorizerRole")));
Assert.assertTrue(session.hasPrincipal(new Role("ContainerRole")));
Assert.assertFalse(session.hasPrincipal(new Role("DummyRole")));
}
Also used :
Role(org.apache.wiki.auth.authorize.Role)
WikiSession(org.apache.wiki.WikiSession)
TestEngine(org.apache.wiki.TestEngine)
Properties(java.util.Properties)
Principal(java.security.Principal)
WikiSessionTest(org.apache.wiki.WikiSessionTest)
Test(org.junit.Test)
Aggregations
Principal (java.security.Principal)10
Role (org.apache.wiki.auth.authorize.Role)10
WikiSession (org.apache.wiki.WikiSession)5
WikiSessionTest (org.apache.wiki.WikiSessionTest)5
UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)5
Test (org.junit.Test)5
Group (org.apache.wiki.auth.authorize.Group)4
WebContainerAuthorizer (org.apache.wiki.auth.authorize.WebContainerAuthorizer)2
ArrayList (java.util.ArrayList)1
Properties (java.util.Properties)1
ResourceBundle (java.util.ResourceBundle)1
InternalWikiException (org.apache.wiki.InternalWikiException)1
TestEngine (org.apache.wiki.TestEngine)1
GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)1
UserDatabase (org.apache.wiki.auth.user.UserDatabase)1
UserProfile (org.apache.wiki.auth.user.UserProfile)1
JDOMException (org.jdom2.JDOMException)1
