Search in sources :

Example 1 with UserDatabase

use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.

the class Installer method createAdministrator.

/**
 * Creates an administrative user and returns the new password.
 * If the admin user exists, the password will be <code>null</code>.
 * @return the password
 * @throws WikiSecurityException
 */
public String createAdministrator() throws WikiSecurityException {
    if (!m_validated) {
        throw new WikiSecurityException("Cannot create administrator because one or more of the installation settings are invalid.");
    }
    if (adminExists()) {
        return null;
    }
    // See if the admin user exists already
    UserManager userMgr = m_engine.getUserManager();
    UserDatabase userDb = userMgr.getUserDatabase();
    String password = null;
    try {
        userDb.findByLoginName(ADMIN_ID);
    } catch (NoSuchPrincipalException e) {
        // Create a random 12-character password
        password = TextUtil.generateRandomPassword();
        UserProfile profile = userDb.newProfile();
        profile.setLoginName(ADMIN_ID);
        profile.setFullname(ADMIN_NAME);
        profile.setPassword(password);
        userDb.save(profile);
    }
    // Create a new admin group
    GroupManager groupMgr = m_engine.getGroupManager();
    Group group = null;
    try {
        group = groupMgr.getGroup(ADMIN_GROUP);
        group.add(new WikiPrincipal(ADMIN_NAME));
    } catch (NoSuchPrincipalException e) {
        group = groupMgr.parseGroup(ADMIN_GROUP, ADMIN_NAME, true);
    }
    groupMgr.setGroup(m_session, group);
    return password;
}
Also used : WikiSecurityException(org.apache.wiki.auth.WikiSecurityException) Group(org.apache.wiki.auth.authorize.Group) UserProfile(org.apache.wiki.auth.user.UserProfile) WikiPrincipal(org.apache.wiki.auth.WikiPrincipal) UserManager(org.apache.wiki.auth.UserManager) UserDatabase(org.apache.wiki.auth.user.UserDatabase) NoSuchPrincipalException(org.apache.wiki.auth.NoSuchPrincipalException) GroupManager(org.apache.wiki.auth.authorize.GroupManager)

Example 2 with UserDatabase

use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.

the class AuthorizationManager method resolvePrincipal.

/**
 * <p>Given a supplied string representing a Principal's name from an Acl, this
 * method resolves the correct type of Principal (role, group, or user).
 * This method is guaranteed to always return a Principal.
 * The algorithm is straightforward:</p>
 * <ol>
 * <li>If the name matches one of the built-in {@link org.apache.wiki.auth.authorize.Role} names,
 * return that built-in Role</li>
 * <li>If the name matches one supplied by the current
 * {@link org.apache.wiki.auth.Authorizer}, return that Role</li>
 * <li>If the name matches a group managed by the
 * current {@link org.apache.wiki.auth.authorize.GroupManager}, return that Group</li>
 * <li>Otherwise, assume that the name represents a user
 * principal. Using the current {@link org.apache.wiki.auth.user.UserDatabase}, find the
 * first user who matches the supplied name by calling
 * {@link org.apache.wiki.auth.user.UserDatabase#find(String)}.</li>
 * <li>Finally, if a user cannot be found, manufacture
 * and return a generic {@link org.apache.wiki.auth.acl.UnresolvedPrincipal}</li>
 * </ol>
 * @param name the name of the Principal to resolve
 * @return the fully-resolved Principal
 */
public Principal resolvePrincipal(String name) {
    // Check built-in Roles first
    Role role = new Role(name);
    if (Role.isBuiltInRole(role)) {
        return role;
    }
    // Check Authorizer Roles
    Principal principal = m_authorizer.findRole(name);
    if (principal != null) {
        return principal;
    }
    // Check Groups
    principal = m_engine.getGroupManager().findRole(name);
    if (principal != null) {
        return principal;
    }
    // Ok, no luck---this must be a user principal
    Principal[] principals = null;
    UserProfile profile = null;
    UserDatabase db = m_engine.getUserManager().getUserDatabase();
    try {
        profile = db.find(name);
        principals = db.getPrincipals(profile.getLoginName());
        for (int i = 0; i < principals.length; i++) {
            principal = principals[i];
            if (principal.getName().equals(name)) {
                return principal;
            }
        }
    } catch (NoSuchPrincipalException e) {
    // We couldn't find the user...
    }
    // Ok, no luck---mark this as unresolved and move on
    return new UnresolvedPrincipal(name);
}
Also used : Role(org.apache.wiki.auth.authorize.Role) UserProfile(org.apache.wiki.auth.user.UserProfile) UserDatabase(org.apache.wiki.auth.user.UserDatabase) Principal(java.security.Principal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal) UnresolvedPrincipal(org.apache.wiki.auth.acl.UnresolvedPrincipal)

Example 3 with UserDatabase

use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.

the class SecurityVerifier method verifyUserDatabase.

/**
 * Verifies that the user datbase was initialized properly, and that
 * user add and delete operations work as they should.
 */
protected void verifyUserDatabase() {
    UserDatabase db = m_engine.getUserManager().getUserDatabase();
    // Check for obvious error conditions
    if (db == null) {
        m_session.addMessage(ERROR_DB, "UserDatabase is null; JSPWiki could not " + "initialize it. Check the error logs.");
        return;
    }
    if (db instanceof UserManager.DummyUserDatabase) {
        m_session.addMessage(ERROR_DB, "UserDatabase is DummyUserDatabase; JSPWiki " + "may not have been able to initialize the database you supplied in " + "jspwiki.properties, or you left the 'jspwiki.userdatabase' property " + "blank. Check the error logs.");
    }
    // Tell user what class of database this is.
    m_session.addMessage(INFO_DB, "UserDatabase is of type '" + db.getClass().getName() + "'. It appears to be initialized properly.");
    // Now, see how many users we have.
    int oldUserCount = 0;
    try {
        Principal[] users = db.getWikiNames();
        oldUserCount = users.length;
        m_session.addMessage(INFO_DB, "The user database contains " + oldUserCount + " users.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_DB, "Could not obtain a list of current users: " + e.getMessage());
        return;
    }
    // Try adding a bogus user with random name
    String loginName = "TestUser" + System.currentTimeMillis();
    try {
        UserProfile profile = db.newProfile();
        profile.setEmail("jspwiki.tests@mailinator.com");
        profile.setLoginName(loginName);
        profile.setFullname("FullName" + loginName);
        profile.setPassword("password");
        db.save(profile);
        // Make sure the profile saved successfully
        if (db.getWikiNames().length == oldUserCount) {
            m_session.addMessage(ERROR_DB, "Could not add a test user to the database.");
            return;
        }
        m_session.addMessage(INFO_DB, "The user database allows new users to be created, as it should.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_DB, "Could not add a test user to the database: " + e.getMessage());
        return;
    }
    // Now delete the profile; should be back to old count
    try {
        db.deleteByLoginName(loginName);
        if (db.getWikiNames().length != oldUserCount) {
            m_session.addMessage(ERROR_DB, "Could not delete a test user from the database.");
            return;
        }
        m_session.addMessage(INFO_DB, "The user database allows users to be deleted, as it should.");
    } catch (WikiSecurityException e) {
        m_session.addMessage(ERROR_DB, "Could not delete a test user to the database: " + e.getMessage());
        return;
    }
    m_session.addMessage(INFO_DB, "The user database configuration looks fine.");
}
Also used : UserProfile(org.apache.wiki.auth.user.UserProfile) UserDatabase(org.apache.wiki.auth.user.UserDatabase) Principal(java.security.Principal)

Example 4 with UserDatabase

use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.

the class WikiContext method requiredPermission.

/**
 * Returns the permission required to successfully execute this context.
 * For example, the a wiki context of VIEW for a certain page means that
 * the PagePermission "view" is required for the page. In some cases, no
 * particular permission is required, in which case a dummy permission will
 * be returned ({@link java.util.PropertyPermission}<code> "os.name",
 * "read"</code>). This method is guaranteed to always return a valid,
 * non-null permission.
 * @return the permission
 * @since 2.4
 */
public Permission requiredPermission() {
    // This is a filthy rotten hack -- absolutely putrid
    if (WikiCommand.INSTALL.equals(m_command)) {
        // See if admin users exists
        boolean adminExists = false;
        try {
            UserManager userMgr = m_engine.getUserManager();
            UserDatabase userDb = userMgr.getUserDatabase();
            userDb.findByLoginName(Installer.ADMIN_ID);
            adminExists = true;
        } catch (NoSuchPrincipalException e) {
            return DUMMY_PERMISSION;
        }
        if (adminExists) {
            return new AllPermission(m_engine.getApplicationName());
        }
    }
    // method returns null, but until then we will use this hack
    if (m_command.requiredPermission() == null) {
        return DUMMY_PERMISSION;
    }
    return m_command.requiredPermission();
}
Also used : UserManager(org.apache.wiki.auth.UserManager) UserDatabase(org.apache.wiki.auth.user.UserDatabase) AllPermission(org.apache.wiki.auth.permissions.AllPermission) NoSuchPrincipalException(org.apache.wiki.auth.NoSuchPrincipalException)

Example 5 with UserDatabase

use of org.apache.wiki.auth.user.UserDatabase in project jspwiki by apache.

the class WikiSession method injectUserProfilePrincipals.

/**
 * Adds Principal objects to the Subject that correspond to the
 * logged-in user's profile attributes for the wiki name, full name
 * and login name. These Principals will be WikiPrincipals, and they
 * will replace all other WikiPrincipals in the Subject. <em>Note:
 * this method is never called during anonymous or asserted sessions.</em>
 */
protected void injectUserProfilePrincipals() {
    // Search for the user profile
    String searchId = m_loginPrincipal.getName();
    if (searchId == null) {
        // Oh dear, this wasn't an authenticated user after all
        log.info("Refresh principals failed because WikiSession had no user Principal; maybe not logged in?");
        return;
    }
    // Look up the user and go get the new Principals
    UserDatabase database = m_engine.getUserManager().getUserDatabase();
    if (database == null) {
        throw new IllegalStateException("User database cannot be null.");
    }
    try {
        UserProfile profile = database.find(searchId);
        Principal[] principals = database.getPrincipals(profile.getLoginName());
        for (Principal principal : principals) {
            // Add the Principal to the Subject
            m_subject.getPrincipals().add(principal);
            // Set the user principal if needed; we prefer FullName, but the WikiName will also work
            boolean isFullNamePrincipal = (principal instanceof WikiPrincipal && ((WikiPrincipal) principal).getType() == WikiPrincipal.FULL_NAME);
            if (isFullNamePrincipal) {
                m_userPrincipal = principal;
            } else if (!(m_userPrincipal instanceof WikiPrincipal)) {
                m_userPrincipal = principal;
            }
        }
    } catch (NoSuchPrincipalException e) {
        // We will get here if the user has a principal but not a profile
        // For example, it's a container-managed user who hasn't set up a profile yet
        log.warn("User profile '" + searchId + "' not found. This is normal for container-auth users who haven't set up a profile yet.");
    }
}
Also used : UserProfile(org.apache.wiki.auth.user.UserProfile) UserDatabase(org.apache.wiki.auth.user.UserDatabase) Principal(java.security.Principal)

Aggregations

UserDatabase (org.apache.wiki.auth.user.UserDatabase)7 UserProfile (org.apache.wiki.auth.user.UserProfile)5 NoSuchPrincipalException (org.apache.wiki.auth.NoSuchPrincipalException)4 Principal (java.security.Principal)3 UserManager (org.apache.wiki.auth.UserManager)3 WikiPrincipal (org.apache.wiki.auth.WikiPrincipal)2 IOException (java.io.IOException)1 Callback (javax.security.auth.callback.Callback)1 NameCallback (javax.security.auth.callback.NameCallback)1 PasswordCallback (javax.security.auth.callback.PasswordCallback)1 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1 LoginException (javax.security.auth.login.LoginException)1 WikiSecurityException (org.apache.wiki.auth.WikiSecurityException)1 UnresolvedPrincipal (org.apache.wiki.auth.acl.UnresolvedPrincipal)1 Group (org.apache.wiki.auth.authorize.Group)1 GroupManager (org.apache.wiki.auth.authorize.GroupManager)1 Role (org.apache.wiki.auth.authorize.Role)1 AllPermission (org.apache.wiki.auth.permissions.AllPermission)1