use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.
the class Installer method createAdministrator.
/**
* Creates an administrative user and returns the new password.
* If the admin user exists, the password will be <code>null</code>.
* @return the password
* @throws WikiSecurityException
*/
public String createAdministrator() throws WikiSecurityException {
if (!m_validated) {
throw new WikiSecurityException("Cannot create administrator because one or more of the installation settings are invalid.");
}
if (adminExists()) {
return null;
}
// See if the admin user exists already
UserManager userMgr = m_engine.getUserManager();
UserDatabase userDb = userMgr.getUserDatabase();
String password = null;
try {
userDb.findByLoginName(ADMIN_ID);
} catch (NoSuchPrincipalException e) {
// Create a random 12-character password
password = TextUtil.generateRandomPassword();
UserProfile profile = userDb.newProfile();
profile.setLoginName(ADMIN_ID);
profile.setFullname(ADMIN_NAME);
profile.setPassword(password);
userDb.save(profile);
}
// Create a new admin group
GroupManager groupMgr = m_engine.getGroupManager();
Group group = null;
try {
group = groupMgr.getGroup(ADMIN_GROUP);
group.add(new WikiPrincipal(ADMIN_NAME));
} catch (NoSuchPrincipalException e) {
group = groupMgr.parseGroup(ADMIN_GROUP, ADMIN_NAME, true);
}
groupMgr.setGroup(m_session, group);
return password;
}
use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.
the class AuthorizationManager method resolvePrincipal.
/**
* <p>Given a supplied string representing a Principal's name from an Acl, this
* method resolves the correct type of Principal (role, group, or user).
* This method is guaranteed to always return a Principal.
* The algorithm is straightforward:</p>
* <ol>
* <li>If the name matches one of the built-in {@link org.apache.wiki.auth.authorize.Role} names,
* return that built-in Role</li>
* <li>If the name matches one supplied by the current
* {@link org.apache.wiki.auth.Authorizer}, return that Role</li>
* <li>If the name matches a group managed by the
* current {@link org.apache.wiki.auth.authorize.GroupManager}, return that Group</li>
* <li>Otherwise, assume that the name represents a user
* principal. Using the current {@link org.apache.wiki.auth.user.UserDatabase}, find the
* first user who matches the supplied name by calling
* {@link org.apache.wiki.auth.user.UserDatabase#find(String)}.</li>
* <li>Finally, if a user cannot be found, manufacture
* and return a generic {@link org.apache.wiki.auth.acl.UnresolvedPrincipal}</li>
* </ol>
* @param name the name of the Principal to resolve
* @return the fully-resolved Principal
*/
public Principal resolvePrincipal(String name) {
// Check built-in Roles first
Role role = new Role(name);
if (Role.isBuiltInRole(role)) {
return role;
}
// Check Authorizer Roles
Principal principal = m_authorizer.findRole(name);
if (principal != null) {
return principal;
}
// Check Groups
principal = m_engine.getGroupManager().findRole(name);
if (principal != null) {
return principal;
}
// Ok, no luck---this must be a user principal
Principal[] principals = null;
UserProfile profile = null;
UserDatabase db = m_engine.getUserManager().getUserDatabase();
try {
profile = db.find(name);
principals = db.getPrincipals(profile.getLoginName());
for (int i = 0; i < principals.length; i++) {
principal = principals[i];
if (principal.getName().equals(name)) {
return principal;
}
}
} catch (NoSuchPrincipalException e) {
// We couldn't find the user...
}
// Ok, no luck---mark this as unresolved and move on
return new UnresolvedPrincipal(name);
}
use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.
the class SecurityVerifier method verifyUserDatabase.
/**
* Verifies that the user datbase was initialized properly, and that
* user add and delete operations work as they should.
*/
protected void verifyUserDatabase() {
UserDatabase db = m_engine.getUserManager().getUserDatabase();
// Check for obvious error conditions
if (db == null) {
m_session.addMessage(ERROR_DB, "UserDatabase is null; JSPWiki could not " + "initialize it. Check the error logs.");
return;
}
if (db instanceof UserManager.DummyUserDatabase) {
m_session.addMessage(ERROR_DB, "UserDatabase is DummyUserDatabase; JSPWiki " + "may not have been able to initialize the database you supplied in " + "jspwiki.properties, or you left the 'jspwiki.userdatabase' property " + "blank. Check the error logs.");
}
// Tell user what class of database this is.
m_session.addMessage(INFO_DB, "UserDatabase is of type '" + db.getClass().getName() + "'. It appears to be initialized properly.");
// Now, see how many users we have.
int oldUserCount = 0;
try {
Principal[] users = db.getWikiNames();
oldUserCount = users.length;
m_session.addMessage(INFO_DB, "The user database contains " + oldUserCount + " users.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_DB, "Could not obtain a list of current users: " + e.getMessage());
return;
}
// Try adding a bogus user with random name
String loginName = "TestUser" + System.currentTimeMillis();
try {
UserProfile profile = db.newProfile();
profile.setEmail("jspwiki.tests@mailinator.com");
profile.setLoginName(loginName);
profile.setFullname("FullName" + loginName);
profile.setPassword("password");
db.save(profile);
// Make sure the profile saved successfully
if (db.getWikiNames().length == oldUserCount) {
m_session.addMessage(ERROR_DB, "Could not add a test user to the database.");
return;
}
m_session.addMessage(INFO_DB, "The user database allows new users to be created, as it should.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_DB, "Could not add a test user to the database: " + e.getMessage());
return;
}
// Now delete the profile; should be back to old count
try {
db.deleteByLoginName(loginName);
if (db.getWikiNames().length != oldUserCount) {
m_session.addMessage(ERROR_DB, "Could not delete a test user from the database.");
return;
}
m_session.addMessage(INFO_DB, "The user database allows users to be deleted, as it should.");
} catch (WikiSecurityException e) {
m_session.addMessage(ERROR_DB, "Could not delete a test user to the database: " + e.getMessage());
return;
}
m_session.addMessage(INFO_DB, "The user database configuration looks fine.");
}
use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.
the class WikiContext method requiredPermission.
/**
* Returns the permission required to successfully execute this context.
* For example, the a wiki context of VIEW for a certain page means that
* the PagePermission "view" is required for the page. In some cases, no
* particular permission is required, in which case a dummy permission will
* be returned ({@link java.util.PropertyPermission}<code> "os.name",
* "read"</code>). This method is guaranteed to always return a valid,
* non-null permission.
* @return the permission
* @since 2.4
*/
public Permission requiredPermission() {
// This is a filthy rotten hack -- absolutely putrid
if (WikiCommand.INSTALL.equals(m_command)) {
// See if admin users exists
boolean adminExists = false;
try {
UserManager userMgr = m_engine.getUserManager();
UserDatabase userDb = userMgr.getUserDatabase();
userDb.findByLoginName(Installer.ADMIN_ID);
adminExists = true;
} catch (NoSuchPrincipalException e) {
return DUMMY_PERMISSION;
}
if (adminExists) {
return new AllPermission(m_engine.getApplicationName());
}
}
// method returns null, but until then we will use this hack
if (m_command.requiredPermission() == null) {
return DUMMY_PERMISSION;
}
return m_command.requiredPermission();
}
use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.
the class WikiSession method injectUserProfilePrincipals.
/**
* Adds Principal objects to the Subject that correspond to the
* logged-in user's profile attributes for the wiki name, full name
* and login name. These Principals will be WikiPrincipals, and they
* will replace all other WikiPrincipals in the Subject. <em>Note:
* this method is never called during anonymous or asserted sessions.</em>
*/
protected void injectUserProfilePrincipals() {
// Search for the user profile
String searchId = m_loginPrincipal.getName();
if (searchId == null) {
// Oh dear, this wasn't an authenticated user after all
log.info("Refresh principals failed because WikiSession had no user Principal; maybe not logged in?");
return;
}
// Look up the user and go get the new Principals
UserDatabase database = m_engine.getUserManager().getUserDatabase();
if (database == null) {
throw new IllegalStateException("User database cannot be null.");
}
try {
UserProfile profile = database.find(searchId);
Principal[] principals = database.getPrincipals(profile.getLoginName());
for (Principal principal : principals) {
// Add the Principal to the Subject
m_subject.getPrincipals().add(principal);
// Set the user principal if needed; we prefer FullName, but the WikiName will also work
boolean isFullNamePrincipal = (principal instanceof WikiPrincipal && ((WikiPrincipal) principal).getType() == WikiPrincipal.FULL_NAME);
if (isFullNamePrincipal) {
m_userPrincipal = principal;
} else if (!(m_userPrincipal instanceof WikiPrincipal)) {
m_userPrincipal = principal;
}
}
} catch (NoSuchPrincipalException e) {
// We will get here if the user has a principal but not a profile
// For example, it's a container-managed user who hasn't set up a profile yet
log.warn("User profile '" + searchId + "' not found. This is normal for container-auth users who haven't set up a profile yet.");
}
}
Aggregations