jspwiki-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ajaqu...@apache.org
Subject svn commit: r814357 - in /incubator/jspwiki/trunk/src/java/org/apache/wiki/auth: AuthenticationManager.java AuthorizationManager.java
Date Sun, 13 Sep 2009 17:47:41 GMT
Author: ajaquith
Date: Sun Sep 13 17:47:40 2009
New Revision: 814357

URL: http://svn.apache.org/viewvc?rev=814357&view=rev
Log:
The "superuser" (su) feature has been implemented. This user can do anything, and can log
in even when the UserManager is not working. The password is hashed and stored in jspwiki.properties.

Modified:
    incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java
    incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java

Modified: incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java?rev=814357&r1=814356&r2=814357&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java (original)
+++ incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java Sun Sep
13 17:47:40 2009
@@ -20,10 +20,7 @@
  */
 package org.apache.wiki.auth;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
+import java.io.*;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.NoSuchAlgorithmException;
@@ -39,6 +36,7 @@
 
 import org.apache.wiki.WikiEngine;
 import org.apache.wiki.WikiSession;
+import org.apache.wiki.action.InstallActionBean;
 import org.apache.wiki.api.WikiException;
 import org.apache.wiki.auth.authorize.Role;
 import org.apache.wiki.auth.authorize.WebAuthorizer;
@@ -49,6 +47,7 @@
 import org.apache.wiki.event.WikiSecurityEvent;
 import org.apache.wiki.log.Logger;
 import org.apache.wiki.log.LoggerFactory;
+import org.apache.wiki.util.CryptoUtil;
 import org.apache.wiki.util.TextUtil;
 import org.apache.wiki.util.TimedCounterList;
 import org.freshcookies.security.Keychain;
@@ -134,6 +133,11 @@
      */
     protected static final String             SECURITY_CONTAINER = "container";
 
+    /**
+     * The superuser username.
+     */
+    protected static final String SUPERUSER = "su";
+
     /** The default {@link javax.security.auth.spi.LoginModule} class name to use for custom
authentication. */
     private static final String                 DEFAULT_LOGIN_MODULE = "org.apache.wiki.auth.login.UserDatabaseLoginModule";
     
@@ -495,6 +499,29 @@
             delayLogin(username);
         }
         
+        // Did the user log in as the superuser?
+        boolean isSu = false;
+        if ( SUPERUSER.equals( username ) )
+        {
+            String passwordHash = m_engine.getWikiProperties().getProperty( InstallActionBean.PROP_ADMIN_PASSWORD_HASH
);
+            if ( passwordHash != null && passwordHash.length() > 0 )
+            {
+                try
+                {
+                    isSu = CryptoUtil.verifySaltedPassword( password.getBytes(), passwordHash
);
+                }
+                catch( NoSuchAlgorithmException e ) { }
+                catch( UnsupportedEncodingException e ) { }
+            }
+        }
+        if ( isSu )
+        {
+            fireEvent(WikiSecurityEvent.LOGIN_AUTHENTICATED, new WikiPrincipal( "su", WikiPrincipal.LOGIN_NAME
), session );
+            fireEvent( WikiSecurityEvent.PRINCIPAL_ADD, Role.SUPERUSER, session );
+            return true;
+        }
+        
+        // No, so try logging in with JAAS
         CallbackHandler handler = new WikiCallbackHandler(
                 m_engine,
                 request,

Modified: incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java?rev=814357&r1=814356&r2=814357&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java (original)
+++ incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java Sun Sep
13 17:47:40 2009
@@ -192,6 +192,13 @@
 
         Principal user = session.getLoginPrincipal();
 
+        // Always allow the action if user is superuser
+        if ( hasRoleOrPrincipal( session, Role.SUPERUSER ) )
+        {
+            fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission );
+            return true;
+        }
+
         // Always allow the action if user has AllPermission
         Permission allPermission = new AllPermission( m_engine.getApplicationName() );
         boolean hasAllPermission = checkStaticPermission( session, allPermission );



Mime
View raw message