Return-Path:
MyWiki:MyGroup
).
- * @return the qualified name of the Group
- */
- public String getQualifiedName()
- {
- return m_qualifiedName;
- }
-
- /**
* Returns the GroupPrincipal that represents this Group.
* @return the group principal
*/
@@ -256,22 +251,12 @@
}
/**
- * Returns the members of the group as an unmodifiable Set of Principal
- * objects.
- */
- public List
@@ -137,7 +149,7 @@
dbClassName = XMLGroupDatabase.class.getName();
}
log.info( "Attempting to load group database class " + dbClassName );
- Class dbClass = ClassUtil.findClass( "com.ecyrd.jspwiki.auth.authorize", dbClassName );
+ Class> dbClass = ClassUtil.findClass( "com.ecyrd.jspwiki.auth.authorize", dbClassName );
m_groupDatabase = (GroupDatabase) dbClass.newInstance();
m_groupDatabase.initialize( m_engine, m_engine.getWikiProperties() );
log.info( "Group database initialized." );
@@ -214,9 +226,8 @@
Group[] groups = m_groupDatabase.groups();
synchronized( m_groups )
{
- for( int i = 0; i < groups.length; i++ )
+ for( Group group : groups )
{
- Group group = groups[i];
// Add new group to cache; fire GROUP_ADD event
m_groups.put( group.getPrincipal(), group );
fireEvent( WikiSecurityEvent.GROUP_ADD, group );
@@ -269,10 +280,9 @@
}
// Check each user principal to see if it belongs to the group
- Principal[] principals = session.getPrincipals();
- for ( int i = 0; i < principals.length; i++ )
+ for ( Principal principal : session.getPrincipals() )
{
- if ( AuthenticationManager.isUserPrincipal( principals[i] ) && group.isMember( principals[i] ) )
+ if ( AuthenticationManager.isUserPrincipal( principal ) && group.isMember( principal ) )
{
return true;
}
@@ -349,10 +359,9 @@
group.setCreated( existingGroup.getCreated() );
group.setModifier( existingGroup.getModifier() );
group.setLastModified( existingGroup.getLastModified() );
- List Implementation of GroupDatabase that persists {@link Group}
- * objects to a JDBC DataSource, as might typically be provided by a web
- * container. This implementation looks up the JDBC DataSource using JNDI.
- * The JNDI name of the datasource, backing table and mapped columns used
- * by this class are configured via settings in Configurable properties are these:
+ * Implementation of GroupDatabase that persists {@link Group} objects to a JDBC
+ * DataSource, as might typically be provided by a web container. This
+ * implementation looks up the JDBC DataSource using JNDI. The JNDI name of the
+ * datasource, backing table and mapped columns used by this class are
+ * configured via settings in
+ * Configurable properties are these:
+ * This class is typically used in conjunction with a web container's JNDI resource
- * factory. For example, Tomcat versions 4 and higher provide a basic JNDI factory
- * for registering DataSources. To give JSPWiki access to the JNDI resource named
- * by
+ * This class is typically used in conjunction with a web container's JNDI
+ * resource factory. For example, Tomcat versions 4 and higher provide a basic
+ * JNDI factory for registering DataSources. To give JSPWiki access to the JNDI
+ * resource named by JDBC driver JARs should be added to Tomcat's JDBCGroupDatabase commits changes as transactions if the back-end database supports them.
- * If the database supports transactions, group changes are saved
- * to permanent storage only when the {@link #commit()} method is called. If the database does not
- * support transactions, then changes are made immediately (during the {@link #save(Group, Principal)}
- * method), and the {@linkplain #commit()} method no-ops. Thus, callers should always call the
- * {@linkplain #commit()} method after saving a profile to guarantee that changes are applied.
+ * JDBC driver JARs should be added to Tomcat's
+ * JDBCGroupDatabase commits changes as transactions if the back-end database
+ * supports them. If the database supports transactions, group changes are saved
+ * to permanent storage only when the {@link #commit()} method is called. If the
+ * database does not support transactions, then changes are made
+ * immediately (during the {@link #save(Group, Principal)} method), and the
+ * {@linkplain #commit()} method no-ops. Thus, callers should always call the
+ * {@linkplain #commit()} method after saving a profile to guarantee that
+ * changes are applied.
+ * Authorizer implementation. Authorizers are classes which figure out whether a given user matches a given password,
+and whether they should be let into the wiki in the first place. This package also contains
+group management.
@@ -48,9 +48,7 @@
*
*
* After authentication, a generic WikiPrincipal based on the IP address will be
- * created and associated with the Subject. Principals
- * {@link com.ecyrd.jspwiki.auth.authorize.Role#ALL} and
- * {@link com.ecyrd.jspwiki.auth.authorize.Role#ANONYMOUS} will be added.
+ * created and associated with the Subject.
* @see javax.security.auth.spi.LoginModule#commit()
* jspwiki.properties
.jspwiki.properties
.
+ *
- *
- *
- *
- * Property
- * Default
- * Definition
- *
- *
- *
- *
- *
- * jspwiki.groupdatabase.datasource
- * jdbc/GroupDatabase
The JNDI name of the DataSource
- *
- *
- *
- * jspwiki.groupdatabase.table
- * groups
The table that stores the groups
- *
- *
- *
- * jspwiki.groupdatabase.membertable
- * group_members
The table that stores the names of group members
- *
- *
- *
- * jspwiki.groupdatabase.created
- * created
The column containing the group's creation timestamp
- *
- *
- *
- * jspwiki.groupdatabase.creator
- * creator
The column containing the group creator's name
- *
- *
- *
- * jspwiki.groupdatabase.name
- * name
The column containing the group's name
- *
- *
- *
- * jspwiki.groupdatabase.member
- * member
The column containing the group member's name
- *
- *
- *
- * jspwiki.groupdatabase.modified
- * modified
The column containing the group's last-modified timestamp
- *
- *
+ *
- * jspwiki.groupdatabase.modifier
- * modifier
The column containing the name of the user who last modified the group
- *
+ * Property
+ * Default
+ * Definition
+ *
+ *
+ *
+ *
+ * jspwiki.groupdatabase.datasource
+ * jdbc/GroupDatabase
The JNDI name of the DataSource
+ *
+ *
+ *
+ * jspwiki.groupdatabase.table
+ * groups
The table that stores the groups
+ *
+ *
+ *
+ * jspwiki.groupdatabase.membertable
+ * group_members
The table that stores the names of group members
+ *
+ *
+ *
+ * jspwiki.groupdatabase.created
+ * created
The column containing the group's creation timestamp
+ *
+ *
+ *
+ * jspwiki.groupdatabase.creator
+ * creator
The column containing the group creator's name
+ *
+ *
+ *
+ * jspwiki.groupdatabase.name
+ * name
The column containing the group's name
+ *
+ *
+ *
+ * jspwiki.groupdatabase.member
+ * member
The column containing the group member's name
+ *
+ *
+ *
+ * jspwiki.groupdatabase.modified
+ * modified
The column containing the group's last-modified timestamp
+ *
+ *
*
+ * jspwiki.groupdatabase.modifier
+ * modifier
The column containing the name of the user who last modified the group
+ * jdbc/GroupDatabase
, you would declare the datasource resource similar to this:jdbc/GroupDatabase
, you would declare the
+ * datasource resource similar to this:
+ *
- * <Context ...>
* ...
* <Resource name="jdbc/GroupDatabase" auth="Container"
@@ -110,106 +116,151 @@
* maxActive="8" maxIdle="4"/>
* ...
* </Context>common/lib
directory.
- * For more Tomcat 5.5 JNDI configuration examples,
- * see
- * http://tomcat.apache.org/tomcat-5.5-doc/jndi-resources-howto.html.common/lib
+ * directory. For more Tomcat 5.5 JNDI configuration examples, see
+ * http://tomcat.apache.org/tomcat-5.5-doc/jndi-resources-howto.html.
+ * IllegalArgumentException
, if the
* proposed group is the same name as one of the built-in Roles: e.g.,
* Admin, Authenticated, etc. The database is responsible for setting
- * create/modify timestamps, upon a successful save, to the Group.
- * The method commits the results of the delete to persistent storage.
+ * create/modify timestamps, upon a successful save, to the Group. The
+ * method commits the results of the delete to persistent storage.
+ *
* @param group the Group to save
* @param modifier the user who saved the Group
- * @throws WikiSecurityException if the Group could not be saved successfully
+ * @throws WikiSecurityException if the Group could not be saved
+ * successfully
*/
public void save( Group group, Principal modifier ) throws WikiSecurityException
{
- if ( group == null || modifier == null )
+ if( group == null || modifier == null )
{
throw new IllegalArgumentException( "Group or modifier cannot be null." );
}
@@ -328,7 +395,7 @@
{
// Open the database connection
conn = m_ds.getConnection();
- if ( m_supportsCommits )
+ if( m_supportsCommits )
{
conn.setAutoCommit( false );
}
@@ -336,7 +403,7 @@
PreparedStatement ps;
Timestamp ts = new Timestamp( System.currentTimeMillis() );
Date modDate = new Date( ts.getTime() );
- if ( !exists )
+ if( !exists )
{
// Group is new: insert new group record
ps = conn.prepareStatement( m_insertGroup );
@@ -356,7 +423,7 @@
{
// Modify existing group record
ps = conn.prepareStatement( m_updateGroup );
- ps.setTimestamp( 1, ts);
+ ps.setTimestamp( 1, ts );
ps.setString( 2, modifier.getName() );
ps.setString( 3, group.getName() );
ps.execute();
@@ -373,11 +440,13 @@
ps.setString( 1, group.getName() );
ps.execute();
ps.close();
-
+
// Insert group member records
ps = conn.prepareStatement( m_insertGroupMembers );
- for ( Principal member : group.getMembers() )
+ Principal[] members = group.members();
+ for( int i = 0; i < members.length; i++ )
{
+ Principal member = members[i];
ps.setString( 1, group.getName() );
ps.setString( 2, member.getName() );
ps.execute();
@@ -385,26 +454,34 @@
ps.close();
// Commit and close connection
- if ( m_supportsCommits )
+ if( m_supportsCommits )
{
conn.commit();
}
}
- catch ( SQLException e )
+ catch( SQLException e )
{
throw new WikiSecurityException( e.getMessage() );
}
finally
{
- try { conn.close(); } catch (Exception e) {}
+ try
+ {
+ if( conn != null ) conn.close();
+ }
+ catch( Exception e )
+ {
+ }
}
}
/**
* Initializes the group database based on values from a Properties object.
+ *
* @param engine the wiki engine
* @param props the properties used to initialize the group database
- * @throws WikiSecurityException if the database could not be initialized successfully
+ * @throws WikiSecurityException if the database could not be initialized
+ * successfully
* @throws NoRequiredPropertyException if a required property is not present
*/
public void initialize( WikiEngine engine, Properties props ) throws NoRequiredPropertyException, WikiSecurityException
@@ -415,40 +492,30 @@
try
{
Context initCtx = new InitialContext();
- Context ctx = (Context) initCtx.lookup("java:comp/env");
+ Context ctx = (Context) initCtx.lookup( "java:comp/env" );
m_ds = (DataSource) ctx.lookup( jndiName );
// Prepare the SQL selectors
- m_table = props.getProperty( PROP_GROUPDB_TABLE, DEFAULT_GROUPDB_TABLE );
+ m_table = props.getProperty( PROP_GROUPDB_TABLE, DEFAULT_GROUPDB_TABLE );
m_memberTable = props.getProperty( PROP_GROUPDB_MEMBER_TABLE, DEFAULT_GROUPDB_MEMBER_TABLE );
- m_name = props.getProperty( PROP_GROUPDB_NAME, DEFAULT_GROUPDB_NAME );
- m_created = props.getProperty( PROP_GROUPDB_CREATED, DEFAULT_GROUPDB_CREATED );
- m_creator = props.getProperty( PROP_GROUPDB_CREATOR, DEFAULT_GROUPDB_CREATOR );
- m_modifier = props.getProperty( PROP_GROUPDB_MODIFIER, DEFAULT_GROUPDB_MODIFIER );
- m_modified = props.getProperty( PROP_GROUPDB_MODIFIED, DEFAULT_GROUPDB_MODIFIED );
- m_member = props.getProperty( PROP_GROUPDB_MEMBER, DEFAULT_GROUPDB_MEMBER );
+ m_name = props.getProperty( PROP_GROUPDB_NAME, DEFAULT_GROUPDB_NAME );
+ m_created = props.getProperty( PROP_GROUPDB_CREATED, DEFAULT_GROUPDB_CREATED );
+ m_creator = props.getProperty( PROP_GROUPDB_CREATOR, DEFAULT_GROUPDB_CREATOR );
+ m_modifier = props.getProperty( PROP_GROUPDB_MODIFIER, DEFAULT_GROUPDB_MODIFIER );
+ m_modified = props.getProperty( PROP_GROUPDB_MODIFIED, DEFAULT_GROUPDB_MODIFIED );
+ m_member = props.getProperty( PROP_GROUPDB_MEMBER, DEFAULT_GROUPDB_MEMBER );
- m_findAll = "SELECT DISTINCT * FROM " + m_table;
- m_findGroup = "SELECT DISTINCT * FROM " + m_table + " WHERE " + m_name + "=?";
+ m_findAll = "SELECT DISTINCT * FROM " + m_table;
+ m_findGroup = "SELECT DISTINCT * FROM " + m_table + " WHERE " + m_name + "=?";
m_findMembers = "SELECT * FROM " + m_memberTable + " WHERE " + m_name + "=?";
// Prepare the group insert/update SQL
- m_insertGroup = "INSERT INTO " + m_table + " ("
- + m_name + ","
- + m_modified + ","
- + m_modifier + ","
- + m_created + ","
- + m_creator
- + ") VALUES (?,?,?,?,?)";
- m_updateGroup = "UPDATE " + m_table + " SET "
- + m_modified + "=?,"
- + m_modifier + "=? WHERE " + m_name + "=?";
+ m_insertGroup = "INSERT INTO " + m_table + " (" + m_name + "," + m_modified + "," + m_modifier + "," + m_created + ","
+ + m_creator + ") VALUES (?,?,?,?,?)";
+ m_updateGroup = "UPDATE " + m_table + " SET " + m_modified + "=?," + m_modifier + "=? WHERE " + m_name + "=?";
// Prepare the group member insert SQL
- m_insertGroupMembers = "INSERT INTO " + m_memberTable + " ("
- + m_name + ","
- + m_member
- + ") VALUES (?,?)";
+ m_insertGroupMembers = "INSERT INTO " + m_memberTable + " (" + m_name + "," + m_member + ") VALUES (?,?)";
// Prepare the group delete SQL
m_deleteGroup = "DELETE FROM " + m_table + " WHERE " + m_name + "=?";
@@ -457,7 +524,8 @@
catch( NamingException e )
{
log.error( "JDBCGroupDatabase initialization error: " + e.getMessage() );
- throw new NoRequiredPropertyException( PROP_GROUPDB_DATASOURCE, "JDBCGroupDatabase initialization error: " + e.getMessage() );
+ throw new NoRequiredPropertyException( PROP_GROUPDB_DATASOURCE, "JDBCGroupDatabase initialization error: "
+ + e.getMessage() );
}
// Test connection by doing a quickie select
@@ -469,14 +537,21 @@
ps.executeQuery();
ps.close();
}
- catch ( SQLException e )
+ catch( SQLException e )
{
log.error( "JDBCGroupDatabase initialization error: " + e.getMessage() );
- throw new NoRequiredPropertyException( PROP_GROUPDB_DATASOURCE, "JDBCGroupDatabase initialization error: " + e.getMessage() );
+ throw new NoRequiredPropertyException( PROP_GROUPDB_DATASOURCE, "JDBCGroupDatabase initialization error: "
+ + e.getMessage() );
}
finally
{
- try { conn.close(); } catch (Exception e) {}
+ try
+ {
+ if( conn != null ) conn.close();
+ }
+ catch( Exception e )
+ {
+ }
}
log.info( "JDBCGroupDatabase initialized from JNDI DataSource: " + jndiName );
@@ -485,26 +560,34 @@
{
conn = m_ds.getConnection();
DatabaseMetaData dmd = conn.getMetaData();
- if ( dmd.supportsTransactions() )
+ if( dmd.supportsTransactions() )
{
m_supportsCommits = true;
conn.setAutoCommit( false );
- log.info("JDBCGroupDatabase supports transactions. Good; we will use them." );
+ log.info( "JDBCGroupDatabase supports transactions. Good; we will use them." );
}
}
- catch ( SQLException e )
+ catch( SQLException e )
{
- log.warn("JDBCGroupDatabase warning: user database doesn't seem to support transactions. Reason: " + e.getMessage() );
- throw new NoRequiredPropertyException( PROP_GROUPDB_DATASOURCE, "JDBCGroupDatabase initialization error: " + e.getMessage() );
+ log.warn( "JDBCGroupDatabase warning: user database doesn't seem to support transactions. Reason: " + e.getMessage() );
+ throw new NoRequiredPropertyException( PROP_GROUPDB_DATASOURCE, "JDBCGroupDatabase initialization error: "
+ + e.getMessage() );
}
finally
{
- try { conn.close(); } catch (Exception e) {}
+ try
+ {
+ if( conn != null ) conn.close();
+ }
+ catch( Exception e )
+ {
+ }
}
}
/**
* Returns true
if the Group exists in back-end storage.
+ *
* @param group the Group to look for
* @return the result of the search
*/
@@ -516,14 +599,16 @@
findGroup( index );
return true;
}
- catch ( NoSuchPrincipalException e )
+ catch( NoSuchPrincipalException e )
{
return false;
}
}
/**
- * Loads and returns a Group from the back-end database matching a supplied name.
+ * Loads and returns a Group from the back-end database matching a supplied
+ * name.
+ *
* @param index the name of the Group to find
* @return the populated Group
* @throws NoSuchPrincipalException if the Group cannot be found
@@ -545,7 +630,7 @@
ResultSet rs = ps.executeQuery();
while ( rs.next() )
{
- if ( group != null )
+ if( group != null )
{
unique = false;
break;
@@ -560,28 +645,35 @@
}
ps.close();
}
- catch ( SQLException e )
+ catch( SQLException e )
{
throw new NoSuchPrincipalException( e.getMessage() );
}
finally
{
- try { conn.close(); } catch (Exception e) {}
+ try
+ {
+ if( conn != null ) conn.close();
+ }
+ catch( Exception e )
+ {
+ }
}
- if ( !found )
+ if( !found )
{
- throw new NoSuchPrincipalException("Could not find group in database!");
+ throw new NoSuchPrincipalException( "Could not find group in database!" );
}
- if ( !unique )
+ if( !unique )
{
- throw new NoSuchPrincipalException("More than one group in database!");
+ throw new NoSuchPrincipalException( "More than one group in database!" );
}
return group;
}
/**
* Fills a Group with members.
+ *
* @param group the group to populate
* @return the populated Group
*/
@@ -599,7 +691,7 @@
while ( rs.next() )
{
String memberName = rs.getString( m_member );
- if ( memberName != null )
+ if( memberName != null )
{
WikiPrincipal principal = new WikiPrincipal( memberName, WikiPrincipal.UNSPECIFIED );
group.add( principal );
@@ -607,13 +699,19 @@
}
ps.close();
}
- catch ( SQLException e )
+ catch( SQLException e )
{
// I guess that means there aren't any principals...
}
finally
{
- try { conn.close(); } catch (Exception e) {}
+ try
+ {
+ if( conn != null ) conn.close();
+ }
+ catch( Exception e )
+ {
+ }
}
return group;
}
Modified: incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/Role.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/Role.java?rev=682144&r1=682143&r2=682144&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/Role.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/Role.java Sun Aug 3 05:17:34 2008
@@ -1,24 +1,26 @@
-/*
- JSPWiki - a JSP-based WikiWiki clone.
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2004 Janne Jalkanen (Janne.Jalkanen@iki.fi)
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.authorize;
+import java.io.Serializable;
import java.security.Principal;
/**
@@ -29,8 +31,9 @@
* @author Andrew Jaquith
* @since 2.3
*/
-public final class Role implements Principal
+public final class Role implements Principal, Serializable
{
+ private static final long serialVersionUID = 1L;
/** All users, regardless of authentication status */
public static final Role ALL = new Role( "All" );
@@ -47,6 +50,14 @@
private final String m_name;
/**
+ * Create an empty Role.
+ */
+ protected Role()
+ {
+ this(null);
+ }
+
+ /**
* Constructs a new Role with a given name.
* @param name the name of the Role
*/
Modified: incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/WebAuthorizer.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/WebAuthorizer.java?rev=682144&r1=682143&r2=682144&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/WebAuthorizer.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/WebAuthorizer.java Sun Aug 3 05:17:34 2008
@@ -1,15 +1,22 @@
-/*
- * JSPWiki - a JSP-based WikiWiki clone. Copyright (C) 2001-2003 Janne Jalkanen
- * (Janne.Jalkanen@iki.fi) This program is free software; you can redistribute
- * it and/or modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of the
- * License, or (at your option) any later version. This program is distributed
- * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
- * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU Lesser General Public License for more details. You should have
- * received a copy of the GNU Lesser General Public License along with this
- * program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place, Suite 330, Boston, MA 02111-1307 USA
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.authorize;
Modified: incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/WebContainerAuthorizer.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/WebContainerAuthorizer.java?rev=682144&r1=682143&r2=682144&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/WebContainerAuthorizer.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/WebContainerAuthorizer.java Sun Aug 3 05:17:34 2008
@@ -1,15 +1,22 @@
-/*
- * JSPWiki - a JSP-based WikiWiki clone. Copyright (C) 2001-2003 Janne Jalkanen
- * (Janne.Jalkanen@iki.fi) This program is free software; you can redistribute
- * it and/or modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of the
- * License, or (at your option) any later version. This program is distributed
- * in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
- * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU Lesser General Public License for more details. You should have
- * received a copy of the GNU Lesser General Public License along with this
- * program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place, Suite 330, Boston, MA 02111-1307 USA
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.authorize;
@@ -130,9 +137,9 @@
if ( m_containerRoles.length > 0 )
{
String roles = "";
- for( int i = 0; i < m_containerRoles.length; i++ )
+ for( Role containerRole : m_containerRoles )
{
- roles = roles + m_containerRoles[i] + " ";
+ roles = roles + containerRole + " ";
}
log.info( " JSPWiki determined the web container manages these roles: " + roles );
}
@@ -162,9 +169,10 @@
* return false
.
* This method simply examines the WikiSession subject to see if it
* possesses the desired Principal. We assume that the method
- * {@link com.ecyrd.jspwiki.auth.AuthenticationManager#login(HttpServletRequest)}
- * previously executed at user login time, and that it has injected
- * the role Principals that were in force at login time.
+ * {@link com.ecyrd.jspwiki.ui.WikiServletFilter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)}
+ * previously executed, and that it has set the WikiSession
+ * subject correctly by logging in the user with the various login modules,
+ * in particular {@link com.ecyrd.jspwiki.auth.login.WebContainerLoginModule}}.
* This is definitely a hack,
* but it eliminates the need for WikiSession to keep dangling
* references to the last WikiContext hanging around, just
@@ -195,11 +203,11 @@
*/
public Principal findRole( String role )
{
- for( int i = 0; i < m_containerRoles.length; i++ )
+ for( Role containerRole : m_containerRoles )
{
- if ( m_containerRoles[i].getName().equals( role ) )
+ if ( containerRole.getName().equals( role ) )
{
- return m_containerRoles[i];
+ return containerRole;
}
}
return null;
@@ -238,13 +246,13 @@
selector = "//j:web-app/j:security-constraint[j:web-resource-collection/j:url-pattern=\"" + url + "\"]";
xpath = XPath.newInstance( selector );
xpath.addNamespace( "j", J2EE_SCHEMA_24_NAMESPACE );
- List constraints = xpath.selectNodes( root );
+ List> constraints = xpath.selectNodes( root );
// Get all constraints that match our Role pattern
selector = "//j:web-app/j:security-constraint[j:auth-constraint/j:role-name=\"" + role.getName() + "\"]";
xpath = XPath.newInstance( selector );
xpath.addNamespace( "j", J2EE_SCHEMA_24_NAMESPACE );
- List roles = xpath.selectNodes( root );
+ List> roles = xpath.selectNodes( root );
// If we can't find either one, we must not be constrained
if ( constraints.size() == 0 )
@@ -265,10 +273,10 @@
}
// If a constraint is contained in both lists, we must be constrained
- for ( Iterator c = constraints.iterator(); c.hasNext(); )
+ for ( Iterator> c = constraints.iterator(); c.hasNext(); )
{
Element constraint = (Element)c.next();
- for ( Iterator r = roles.iterator(); r.hasNext(); )
+ for ( Iterator> r = roles.iterator(); r.hasNext(); )
{
Element roleConstraint = (Element)r.next();
if ( constraint.equals( roleConstraint ) )
@@ -331,8 +339,8 @@
String selector = "//j:web-app/j:security-constraint/j:auth-constraint/j:role-name";
XPath xpath = XPath.newInstance( selector );
xpath.addNamespace( "j", J2EE_SCHEMA_24_NAMESPACE );
- List nodes = xpath.selectNodes( root );
- for( Iterator it = nodes.iterator(); it.hasNext(); )
+ List> nodes = xpath.selectNodes( root );
+ for( Iterator> it = nodes.iterator(); it.hasNext(); )
{
String role = ( (Element) it.next() ).getTextTrim();
roles.add( new Role( role ) );
@@ -343,7 +351,7 @@
xpath = XPath.newInstance( selector );
xpath.addNamespace( "j", J2EE_SCHEMA_24_NAMESPACE );
nodes = xpath.selectNodes( root );
- for( Iterator it = nodes.iterator(); it.hasNext(); )
+ for( Iterator> it = nodes.iterator(); it.hasNext(); )
{
String role = ( (Element) it.next() ).getTextTrim();
roles.add( new Role( role ) );
Modified: incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/XMLGroupDatabase.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/XMLGroupDatabase.java?rev=682144&r1=682143&r2=682144&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/XMLGroupDatabase.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/authorize/XMLGroupDatabase.java Sun Aug 3 05:17:34 2008
@@ -1,21 +1,22 @@
-/*
+/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2002 Janne Jalkanen (Janne.Jalkanen@iki.fi)
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.authorize;
@@ -32,7 +33,6 @@
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
-import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
@@ -113,7 +113,7 @@
private WikiEngine m_engine = null;
- private MapPackage Specification
+
+Related Documentation
+
+
+
\ No newline at end of file
Modified: incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java?rev=682144&r1=682143&r2=682144&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java Sun Aug 3 05:17:34 2008
@@ -1,28 +1,28 @@
/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2007 Janne Jalkanen (Janne.Jalkanen@iki.fi)
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.login;
import java.security.Principal;
import java.util.Collection;
import java.util.HashSet;
-import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
@@ -50,7 +50,7 @@
protected CallbackHandler m_handler;
- protected Map m_options;
+ protected Mapm_principalsToOverwrite
collection because when it
* succeeds, its own {@link com.ecyrd.jspwiki.auth.authorize.Role#AUTHENTICATED}
* should over-write {@link com.ecyrd.jspwiki.auth.authorize.Role#ANONYMOUS}.
+ * @deprecated
*/
- protected Collection m_principalsToOverwrite;
+ protected Collectiontrue
.
* @see javax.security.auth.spi.LoginModule#abort()
* @throws LoginException if the abort itself fails
+ * @return True, always.
*/
public final boolean abort() throws LoginException
{
@@ -138,17 +142,13 @@
* failed
* @see javax.security.auth.spi.LoginModule#commit()
*/
- /**
- * @see javax.security.auth.spi.LoginModule#commit()
- */
- public final boolean commit() throws LoginException
+ public final boolean commit()
{
if ( succeeded() )
{
removePrincipals( m_previousWikiPrincipals );
- for ( Iterator it = m_principals.iterator(); it.hasNext(); )
+ for ( Principal principal : m_principals )
{
- Principal principal = (Principal)it.next();
m_subject.getPrincipals().add( principal );
if ( log.isDebugEnabled() )
{
@@ -177,13 +177,18 @@
* @see javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject,
* javax.security.auth.callback.CallbackHandler, java.util.Map,
* java.util.Map)
+ *
+ * @param subject {@inheritDoc}
+ * @param callbackHandler {@inheritDoc}
+ * @param sharedState {@inheritDoc}
+ * @param options {@inheritDoc}
*/
- public final void initialize( Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options )
+ public final void initialize( Subject subject, CallbackHandler callbackHandler, Maptrue
if the number of principals
* contained in {@link #m_principals} is non-zero;
* false
otherwise.
- * @return
+ * @return True, if a login has succeeded.
*/
private final boolean succeeded()
{
@@ -247,11 +252,10 @@
* Principal set.
* @param principals the principals to remove
*/
- private final void removePrincipals( Collection principals )
+ private final void removePrincipals( Collectionfalse
- * if the Subject's Principal set already contains either
- * {@link Role#ASSERTED} or {@link Role#AUTHENTICATED}; otherwise,
- * always returns true
.
+ * @return the result of the login; this will always be true
.
* @see javax.security.auth.spi.LoginModule#login()
+ * @throws {@inheritDoc}
*/
public boolean login() throws LoginException
{
- // If already logged in or asserted, ignore this login module
- if ( m_subject.getPrincipals().contains( Role.AUTHENTICATED )
- || m_subject.getPrincipals().contains( Role.ASSERTED ) )
- {
- // If login ignored, remove anonymous role
- m_principalsToRemove.add( Role.ANONYMOUS );
- return false;
- }
-
- // Otherwise, let's go and make a Principal based on the IP address
+ // Let's go and make a Principal based on the IP address
HttpRequestCallback hcb = new HttpRequestCallback();
Callback[] callbacks = new Callback[]
{ hcb };
@@ -100,20 +87,10 @@
{
HttpSession session = request.getSession( false );
String sid = (session == null) ? NULL : session.getId();
- log.debug("Logged in session ID=" + sid);
- log.debug("Added Principals " + ipAddr + ",Role.ANONYMOUS,Role.ALL" );
+ log.debug("Logged in session ID=" + sid + "; IP=" + ipAddr);
}
// If login succeeds, commit these principals/roles
m_principals.add( ipAddr );
- m_principals.add( Role.ANONYMOUS );
- m_principals.add( Role.ALL );
-
- // If login succeeds, overwrite these principals/roles
- m_principalsToOverwrite.add( WikiPrincipal.GUEST );
-
- // If login fails, remove these roles
- m_principalsToRemove.add( Role.ANONYMOUS );
-
return true;
}
catch( IOException e )
Modified: incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/login/AuthorizerCallback.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/login/AuthorizerCallback.java?rev=682144&r1=682143&r2=682144&view=diff
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/login/AuthorizerCallback.java (original)
+++ incubator/jspwiki/branches/JSPWIKI_2_9_STRIPES_BRANCH/src/com/ecyrd/jspwiki/auth/login/AuthorizerCallback.java Sun Aug 3 05:17:34 2008
@@ -1,21 +1,22 @@
-/*
+/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2007 Janne Jalkanen (Janne.Jalkanen@iki.fi)
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.login;
@@ -54,4 +55,4 @@
return m_authorizer;
}
-}
\ No newline at end of file
+}