Examples with Role org.apache.wiki.auth.authorize.Role used on opensource projects

Search in sources :

Example 6 with Role

use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.

the class AuthorizationManagerTest method testIsUserInRole.

@Test
public void testIsUserInRole() throws Exception {
    // Create new user Alice and 2 sample roles
    Principal alice = new WikiPrincipal(Users.ALICE);
    Role it = new Role("IT");
    Role finance = new Role("Finance");
    // Create Group1 with Alice in it, Group2 without
    WikiSession session = WikiSessionTest.adminSession(m_engine);
    Group g1 = m_groupMgr.parseGroup("Group1", "Alice", true);
    m_groupMgr.setGroup(session, g1);
    Principal group1 = g1.getPrincipal();
    Group g2 = m_groupMgr.parseGroup("Group2", "Bob", true);
    m_groupMgr.setGroup(session, g2);
    Principal group2 = g2.getPrincipal();
    // Create anonymous session; not in ANY custom roles or groups
    session = WikiSessionTest.anonymousSession(m_engine);
    Assert.assertTrue("Anon anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
    Assert.assertFalse("Anon not asserted", m_auth.isUserInRole(session, Role.ASSERTED));
    Assert.assertFalse("Anon not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
    Assert.assertFalse("Anon not in Ernie", m_auth.isUserInRole(session, alice));
    Assert.assertFalse("Anon not in IT", m_auth.isUserInRole(session, it));
    Assert.assertFalse("Anon not in Finance", m_auth.isUserInRole(session, finance));
    Assert.assertFalse("Anon not in Group1", m_auth.isUserInRole(session, group1));
    Assert.assertFalse("Anon not in Group2", m_auth.isUserInRole(session, group2));
    // Create asserted session with 1 GroupPrincipal & 1 custom Role
    // Alice is asserted, and thus not in ANY custom roles or groups
    session = WikiSessionTest.assertedSession(m_engine, Users.ALICE, new Principal[] { it });
    Assert.assertFalse("Alice not anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
    Assert.assertTrue("Alice asserted", m_auth.isUserInRole(session, Role.ASSERTED));
    Assert.assertFalse("Alice not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
    Assert.assertFalse("Alice not in Alice", m_auth.isUserInRole(session, alice));
    Assert.assertFalse("Alice not in IT", m_auth.isUserInRole(session, it));
    Assert.assertFalse("Alice not in Finance", m_auth.isUserInRole(session, finance));
    Assert.assertFalse("Alice not in Group1", m_auth.isUserInRole(session, group1));
    Assert.assertFalse("Alice not in Group2", m_auth.isUserInRole(session, group2));
    // Create authenticated session with 1 GroupPrincipal & 1 custom Role
    // Ernie is authenticated, and thus part of custom roles and groups
    session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.ALICE, new Principal[] { it });
    Assert.assertFalse("Alice not anonymous", m_auth.isUserInRole(session, Role.ANONYMOUS));
    Assert.assertFalse("Alice not asserted", m_auth.isUserInRole(session, Role.ASSERTED));
    Assert.assertTrue("Alice not authenticated", m_auth.isUserInRole(session, Role.AUTHENTICATED));
    Assert.assertFalse("Alice not in Alice", m_auth.isUserInRole(session, alice));
    Assert.assertTrue("Alice in IT", m_auth.isUserInRole(session, it));
    Assert.assertFalse("Alice not in Finance", m_auth.isUserInRole(session, finance));
    Assert.assertTrue("Alice in Group1", m_auth.isUserInRole(session, group1));
    Assert.assertFalse("Alice not in Group2", m_auth.isUserInRole(session, group2));
    // Clean up
    m_groupMgr.removeGroup("Group1");
    m_groupMgr.removeGroup("Group2");
}
Also used : Role(org.apache.wiki.auth.authorize.Role) WikiSession(org.apache.wiki.WikiSession) Group(org.apache.wiki.auth.authorize.Group) Principal(java.security.Principal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 7 with Role

use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.

the class AuthorizationManagerTest method testAuthenticatedSession.

@Test
public void testAuthenticatedSession() throws Exception {
    // Create Alice and her roles
    Principal alice = new WikiPrincipal(Users.ALICE);
    Role it = new Role("IT");
    Role engineering = new Role("Engineering");
    Role finance = new Role("Finance");
    Principal admin = new GroupPrincipal("Admin");
    WikiSession session = WikiSessionTest.containerAuthenticatedSession(m_engine, Users.ALICE, new Principal[] { it, engineering, admin });
    // Create two groups: Alice should be part of group Bar, but not Foo
    Group fooGroup = m_groupMgr.parseGroup("Foo", "", true);
    Group barGroup = m_groupMgr.parseGroup("Bar", "", true);
    barGroup.add(alice);
    m_groupMgr.setGroup(m_session, fooGroup);
    m_groupMgr.setGroup(m_session, barGroup);
    // Test user principal posession: user principals of different
    // types should still be "the same" if their names are equal
    Assert.assertTrue("Alice has Alice", m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.ALICE)));
    Assert.assertTrue("Alice has Alice", m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.ALICE)));
    Assert.assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(session, new WikiPrincipal(Users.BOB)));
    Assert.assertFalse("Alice not has Bob", m_auth.hasRoleOrPrincipal(session, new TestPrincipal(Users.BOB)));
    // Built-in role membership
    Assert.assertTrue("Alice in ALL", m_auth.hasRoleOrPrincipal(session, Role.ALL));
    Assert.assertFalse("Alice not in ANONYMOUS", m_auth.hasRoleOrPrincipal(session, Role.ANONYMOUS));
    Assert.assertFalse("Alice not in ASSERTED", m_auth.hasRoleOrPrincipal(session, Role.ASSERTED));
    Assert.assertTrue("Alice in AUTHENTICATED", m_auth.hasRoleOrPrincipal(session, Role.AUTHENTICATED));
    // Custom roles
    Assert.assertTrue("Alice in IT", m_auth.hasRoleOrPrincipal(session, it));
    Assert.assertTrue("Alice in Engineering", m_auth.hasRoleOrPrincipal(session, engineering));
    Assert.assertFalse("Alice not in Finance", m_auth.hasRoleOrPrincipal(session, finance));
    // Group memberships
    Assert.assertFalse("Alice not in Foo", m_auth.hasRoleOrPrincipal(session, fooGroup.getPrincipal()));
    Assert.assertTrue("Alice in Bar", m_auth.hasRoleOrPrincipal(session, barGroup.getPrincipal()));
    // Cleanup
    m_groupMgr.removeGroup("Foo");
    m_groupMgr.removeGroup("Bar");
}
Also used : Role(org.apache.wiki.auth.authorize.Role) WikiSession(org.apache.wiki.WikiSession) Group(org.apache.wiki.auth.authorize.Group) Principal(java.security.Principal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal) WikiSessionTest(org.apache.wiki.WikiSessionTest) Test(org.junit.Test)

Example 8 with Role

use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.

the class UserProfileTag method printRoles.

/**
 * Returns a sorted list of the {@link org.apache.wiki.auth.authorize.Role} objects a user possesses
 * in his or her WikiSession. The result is computed by consulting
 * {@link org.apache.wiki.WikiSession#getRoles()}
 * and extracting those that are of type Role.
 * @return the list of roles, sorted by name
 */
public static String printRoles(WikiContext context) {
    Principal[] roles = context.getWikiSession().getRoles();
    List<String> tempRoles = new ArrayList<String>();
    ResourceBundle rb = Preferences.getBundle(context, InternationalizationManager.CORE_BUNDLE);
    for (Principal role : roles) {
        if (role instanceof Role) {
            tempRoles.add(role.getName());
        }
    }
    if (tempRoles.size() == 0) {
        return rb.getString("userprofile.noroles");
    }
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < tempRoles.size(); i++) {
        String name = tempRoles.get(i);
        sb.append(name);
        if (i < (tempRoles.size() - 1)) {
            sb.append(',');
            sb.append(' ');
        }
    }
    return sb.toString();
}
Also used : Role(org.apache.wiki.auth.authorize.Role) ArrayList(java.util.ArrayList) ResourceBundle(java.util.ResourceBundle) Principal(java.security.Principal) GroupPrincipal(org.apache.wiki.auth.GroupPrincipal)

Example 9 with Role

use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.

the class SecurityVerifier method containerRoleTable.

/**
 * Formats and returns an HTML table containing the roles the web container
 * is aware of, and whether each role maps to particular JSPs. This method
 * throws an {@link IllegalStateException} if the authorizer is not of type
 * {@link org.apache.wiki.auth.authorize.WebContainerAuthorizer}
 * @return the formatted HTML table containing the result of the tests
 * @throws WikiException if tests fail for unexpected reasons
 */
public String containerRoleTable() throws WikiException {
    AuthorizationManager authorizationManager = m_engine.getAuthorizationManager();
    Authorizer authorizer = authorizationManager.getAuthorizer();
    // If authorizer not WebContainerAuthorizer, print error message
    if (!(authorizer instanceof WebContainerAuthorizer)) {
        throw new IllegalStateException("Authorizer should be WebContainerAuthorizer");
    }
    // Now, print a table with JSP pages listed on the left, and
    // an evaluation of each pages' constraints for each role
    // we discovered
    StringBuilder s = new StringBuilder();
    Principal[] roles = authorizer.getRoles();
    s.append("<table class=\"wikitable\" border=\"1\">\n");
    s.append("<thead>\n");
    s.append("  <tr>\n");
    s.append("    <th rowspan=\"2\">Action</th>\n");
    s.append("    <th rowspan=\"2\">Page</th>\n");
    s.append("    <th colspan=\"" + roles.length + 1 + "\">Roles</th>\n");
    s.append("  </tr>\n");
    s.append("  <tr>\n");
    s.append("    <th>Anonymous</th>\n");
    for (Principal role : roles) {
        s.append("    <th>" + role.getName() + "</th>\n");
    }
    s.append("</tr>\n");
    s.append("</thead>\n");
    s.append("<tbody>\n");
    try {
        WebContainerAuthorizer wca = (WebContainerAuthorizer) authorizer;
        for (int i = 0; i < CONTAINER_ACTIONS.length; i++) {
            String action = CONTAINER_ACTIONS[i];
            String jsp = CONTAINER_JSPS[i];
            // Print whether the page is constrained for each role
            boolean allowsAnonymous = !wca.isConstrained(jsp, Role.ALL);
            s.append("  <tr>\n");
            s.append("    <td>" + action + "</td>\n");
            s.append("    <td>" + jsp + "</td>\n");
            s.append("    <td title=\"");
            s.append(allowsAnonymous ? "ALLOW: " : "DENY: ");
            s.append(jsp);
            s.append(" Anonymous");
            s.append("\"");
            s.append(allowsAnonymous ? BG_GREEN + ">" : BG_RED + ">");
            s.append("&nbsp;</td>\n");
            for (Principal role : roles) {
                boolean allowed = allowsAnonymous || wca.isConstrained(jsp, (Role) role);
                s.append("    <td title=\"");
                s.append(allowed ? "ALLOW: " : "DENY: ");
                s.append(jsp);
                s.append(" ");
                s.append(role.getClass().getName());
                s.append(" &quot;");
                s.append(role.getName());
                s.append("&quot;");
                s.append("\"");
                s.append(allowed ? BG_GREEN + ">" : BG_RED + ">");
                s.append("&nbsp;</td>\n");
            }
            s.append("  </tr>\n");
        }
    } catch (JDOMException e) {
        // If we couldn't evaluate constraints it means
        // there's some sort of IO mess or parsing issue
        LOG.error("Malformed XML in web.xml", e);
        throw new InternalWikiException(e.getClass().getName() + ": " + e.getMessage(), e);
    }
    s.append("</tbody>\n");
    s.append("</table>\n");
    return s.toString();
}
Also used : JDOMException(org.jdom2.JDOMException) InternalWikiException(org.apache.wiki.InternalWikiException) Role(org.apache.wiki.auth.authorize.Role) WebContainerAuthorizer(org.apache.wiki.auth.authorize.WebContainerAuthorizer) WebContainerAuthorizer(org.apache.wiki.auth.authorize.WebContainerAuthorizer) Principal(java.security.Principal)

Example 10 with Role

use of org.apache.wiki.auth.authorize.Role in project jspwiki by apache.

the class SecurityVerifier method verifyPolicyAndContainerRoles.

/**
 * Verifies that the roles given in the security policy are reflected by the
 * container <code>web.xml</code> file.
 * @throws WikiException if the web authorizer cannot verify the roles
 */
protected void verifyPolicyAndContainerRoles() throws WikiException {
    Authorizer authorizer = m_engine.getAuthorizationManager().getAuthorizer();
    Principal[] containerRoles = authorizer.getRoles();
    boolean missing = false;
    for (Principal principal : m_policyPrincipals) {
        if (principal instanceof Role) {
            Role role = (Role) principal;
            boolean isContainerRole = ArrayUtils.contains(containerRoles, role);
            if (!Role.isBuiltInRole(role) && !isContainerRole) {
                m_session.addMessage(ERROR_ROLES, "Role '" + role.getName() + "' is defined in security policy but not in web.xml.");
                missing = true;
            }
        }
    }
    if (!missing) {
        m_session.addMessage(INFO_ROLES, "Every non-standard role defined in the security policy was also found in web.xml.");
    }
}
Also used : Role(org.apache.wiki.auth.authorize.Role) WebContainerAuthorizer(org.apache.wiki.auth.authorize.WebContainerAuthorizer) Principal(java.security.Principal)

Aggregations

Principal (java.security.Principal)10 Role (org.apache.wiki.auth.authorize.Role)10 WikiSession (org.apache.wiki.WikiSession)5 WikiSessionTest (org.apache.wiki.WikiSessionTest)5 UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)5 Test (org.junit.Test)5 Group (org.apache.wiki.auth.authorize.Group)4 WebContainerAuthorizer (org.apache.wiki.auth.authorize.WebContainerAuthorizer)2 ArrayList (java.util.ArrayList)1 Properties (java.util.Properties)1 ResourceBundle (java.util.ResourceBundle)1 InternalWikiException (org.apache.wiki.InternalWikiException)1 TestEngine (org.apache.wiki.TestEngine)1 GroupPrincipal (org.apache.wiki.auth.GroupPrincipal)1 UserDatabase (org.apache.wiki.auth.user.UserDatabase)1 UserProfile (org.apache.wiki.auth.user.UserProfile)1 JDOMException (org.jdom2.JDOMException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial