Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 9F60D200CC2 for ; Tue, 20 Jun 2017 18:19:43 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 9E5A6160C11; Tue, 20 Jun 2017 16:19:43 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6E125160BFF for ; Tue, 20 Jun 2017 18:19:41 +0200 (CEST) Received: (qmail 67437 invoked by uid 500); 20 Jun 2017 16:19:40 -0000 Mailing-List: contact commits-help@jspwiki.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jspwiki.apache.org Delivered-To: mailing list commits@jspwiki.apache.org Received: (qmail 67105 invoked by uid 99); 20 Jun 2017 16:19:39 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Jun 2017 16:19:39 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 369D8E361C; Tue, 20 Jun 2017 16:19:39 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: juanpablo@apache.org To: commits@jspwiki.apache.org Date: Tue, 20 Jun 2017 16:19:53 -0000 Message-Id: In-Reply-To: <14ae8e698c93460fb84035fc8f60e577@git.apache.org> References: <14ae8e698c93460fb84035fc8f60e577@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [16/51] [partial] jspwiki-site git commit: Manual testing of new & upcoming ci.sh / mvn-ci.sh on jbake branch archived-at: Tue, 20 Jun 2017 16:19:43 -0000 http://git-wip-us.apache.org/repos/asf/jspwiki-site/blob/04f45623/apidocs/2.10.1/org/apache/wiki/auth/SecurityVerifier.html ---------------------------------------------------------------------- diff --git a/apidocs/2.10.1/org/apache/wiki/auth/SecurityVerifier.html b/apidocs/2.10.1/org/apache/wiki/auth/SecurityVerifier.html new file mode 100755 index 0000000..14383a5 --- /dev/null +++ b/apidocs/2.10.1/org/apache/wiki/auth/SecurityVerifier.html @@ -0,0 +1,916 @@ + + + + + + + +SecurityVerifier (Apache JSPWiki Main War 2.10.1 API) + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+ +

+ +org.apache.wiki.auth +
+Class SecurityVerifier

+
+java.lang.Object
+  extended by org.apache.wiki.auth.SecurityVerifier
+
+
+
+
public final class SecurityVerifier
extends Object
+ + + + +
+ +

+Helper class for verifying JSPWiki's security configuration. Invoked by + admin/SecurityConfig.jsp. +

+ +

+

+
Since:
+
2.4
+
+
+ +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+Field Summary
+static StringERROR + +
+          Message prefix for errors.
+static StringERROR_DB + +
+          Message topic for user database errors.
+static StringERROR_GROUPS + +
+          Message topic for group database errors.
+static StringERROR_JAAS + +
+          Message topic for JAAS errors.
+static StringERROR_POLICY + +
+          Message topic for policy errors.
+static StringERROR_ROLES + +
+          Message topic for role-checking errors.
+static StringINFO + +
+          Message prefix for information messages.
+static StringINFO_DB + +
+          Message topic for user database information messages.
+static StringINFO_GROUPS + +
+          Message topic for group database information messages.
+static StringINFO_JAAS + +
+          Message topic for JAAS information messages.
+static StringINFO_POLICY + +
+          Message topic for policy information messages.
+static StringINFO_ROLES + +
+          Message topic for role-checking information messages.
+static StringWARNING + +
+          Message prefix for warnings.
+static StringWARNING_DB + +
+          Message topic for user database warnings.
+static StringWARNING_GROUPS + +
+          Message topic for group database warnings.
+static StringWARNING_JAAS + +
+          Message topic for JAAS warnings.
+static StringWARNING_POLICY + +
+          Message topic for policy warnings.
+  + + + + + + + + + + +
+Constructor Summary
SecurityVerifier(WikiEngine engine, + WikiSession session) + +
+          Constructs a new SecurityVerifier for a supplied WikiEngine and WikiSession.
+  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+Method Summary
+ StringcontainerRoleTable() + +
+          Formats and returns an HTML table containing the roles the web container + is aware of, and whether each role maps to particular JSPs.
+protected  FilegetFileFromProperty(String property) + +
+          Looks up a file name based on a JRE system property and returns the associated + File object if it exists.
+ booleanisSecurityPolicyConfigured() + +
+          Returns true if the Java security policy is configured + correctly, and it verifies as valid.
+ Principal[]policyPrincipals() + +
+          Returns an array of unique Principals from the JSPWIki security policy + file.
+ StringpolicyRoleTable() + +
+          Formats and returns an HTML table containing sample permissions and what + roles are allowed to have them.
+protected  voidverifyGroupDatabase() + +
+          Verifies that the group datbase was initialized properly, and that + user add and delete operations work as they should.
+protected  voidverifyJaas() + +
+          Verfies the JAAS configuration.
+protected  voidverifyPolicy() + +
+          Verfies the Java security policy configuration.
+protected  voidverifyPolicyAndContainerRoles() + +
+          Verifies that the roles given in the security policy are reflected by the + container web.xml file.
+protected  booleanverifyStaticPermission(Principal principal, + Permission permission) + +
+          Verifies that a particular Principal possesses a Permission, as defined + in the security policy file.
+protected  voidverifyUserDatabase() + +
+          Verifies that the user datbase was initialized properly, and that + user add and delete operations work as they should.
+ Principal[]webContainerRoles() + +
+          If the active Authorizer is the WebContainerAuthorizer, returns the roles + it knows about; otherwise, a zero-length array.
+ + + + + + + +
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
+  +

+ + + + + + + + +
+Field Detail
+ +

+ERROR

+
+public static final String ERROR
+
+
Message prefix for errors. +

+

+
See Also:
Constant Field Values
+
+
+ +

+WARNING

+
+public static final String WARNING
+
+
Message prefix for warnings. +

+

+
See Also:
Constant Field Values
+
+
+ +

+INFO

+
+public static final String INFO
+
+
Message prefix for information messages. +

+

+
See Also:
Constant Field Values
+
+
+ +

+ERROR_POLICY

+
+public static final String ERROR_POLICY
+
+
Message topic for policy errors. +

+

+
See Also:
Constant Field Values
+
+
+ +

+WARNING_POLICY

+
+public static final String WARNING_POLICY
+
+
Message topic for policy warnings. +

+

+
See Also:
Constant Field Values
+
+
+ +

+INFO_POLICY

+
+public static final String INFO_POLICY
+
+
Message topic for policy information messages. +

+

+
See Also:
Constant Field Values
+
+
+ +

+ERROR_JAAS

+
+public static final String ERROR_JAAS
+
+
Message topic for JAAS errors. +

+

+
See Also:
Constant Field Values
+
+
+ +

+WARNING_JAAS

+
+public static final String WARNING_JAAS
+
+
Message topic for JAAS warnings. +

+

+
See Also:
Constant Field Values
+
+
+ +

+ERROR_ROLES

+
+public static final String ERROR_ROLES
+
+
Message topic for role-checking errors. +

+

+
See Also:
Constant Field Values
+
+
+ +

+INFO_ROLES

+
+public static final String INFO_ROLES
+
+
Message topic for role-checking information messages. +

+

+
See Also:
Constant Field Values
+
+
+ +

+ERROR_DB

+
+public static final String ERROR_DB
+
+
Message topic for user database errors. +

+

+
See Also:
Constant Field Values
+
+
+ +

+WARNING_DB

+
+public static final String WARNING_DB
+
+
Message topic for user database warnings. +

+

+
See Also:
Constant Field Values
+
+
+ +

+INFO_DB

+
+public static final String INFO_DB
+
+
Message topic for user database information messages. +

+

+
See Also:
Constant Field Values
+
+
+ +

+ERROR_GROUPS

+
+public static final String ERROR_GROUPS
+
+
Message topic for group database errors. +

+

+
See Also:
Constant Field Values
+
+
+ +

+WARNING_GROUPS

+
+public static final String WARNING_GROUPS
+
+
Message topic for group database warnings. +

+

+
See Also:
Constant Field Values
+
+
+ +

+INFO_GROUPS

+
+public static final String INFO_GROUPS
+
+
Message topic for group database information messages. +

+

+
See Also:
Constant Field Values
+
+
+ +

+INFO_JAAS

+
+public static final String INFO_JAAS
+
+
Message topic for JAAS information messages. +

+

+
See Also:
Constant Field Values
+
+ + + + + + + + +
+Constructor Detail
+ +

+SecurityVerifier

+
+public SecurityVerifier(WikiEngine engine,
+                        WikiSession session)
+
+
Constructs a new SecurityVerifier for a supplied WikiEngine and WikiSession. +

+

+
Parameters:
engine - the wiki engine
session - the wiki session (typically, that of an administrator)
+
+ + + + + + + + +
+Method Detail
+ +

+policyPrincipals

+
+public Principal[] policyPrincipals()
+
+
Returns an array of unique Principals from the JSPWIki security policy + file. This array will be zero-length if the policy file was not + successfully located, or if the file did not specify any Principals in + the policy. +

+

+ +
Returns:
the array of principals
+
+
+
+ +

+policyRoleTable

+
+public String policyRoleTable()
+
+
Formats and returns an HTML table containing sample permissions and what + roles are allowed to have them. This method will throw an + IllegalStateException if the authorizer is not of type + WebContainerAuthorizer +

+

+ +
Returns:
the formatted HTML table containing the result of the tests
+
+
+
+ +

+containerRoleTable

+
+public String containerRoleTable()
+                          throws WikiException
+
+
Formats and returns an HTML table containing the roles the web container + is aware of, and whether each role maps to particular JSPs. This method + throws an IllegalStateException if the authorizer is not of type + WebContainerAuthorizer +

+

+ +
Returns:
the formatted HTML table containing the result of the tests +
Throws: +
WikiException - if tests fail for unexpected reasons
+
+
+
+ +

+isSecurityPolicyConfigured

+
+public boolean isSecurityPolicyConfigured()
+
+
Returns true if the Java security policy is configured + correctly, and it verifies as valid. +

+

+ +
Returns:
the result of the configuration check
+
+
+
+ +

+webContainerRoles

+
+public Principal[] webContainerRoles()
+                              throws WikiException
+
+
If the active Authorizer is the WebContainerAuthorizer, returns the roles + it knows about; otherwise, a zero-length array. +

+

+ +
Returns:
the roles parsed from web.xml, or a zero-length array +
Throws: +
WikiException - if the web authorizer cannot obtain the list of roles
+
+
+
+ +

+verifyPolicyAndContainerRoles

+
+protected void verifyPolicyAndContainerRoles()
+                                      throws WikiException
+
+
Verifies that the roles given in the security policy are reflected by the + container web.xml file. +

+

+ +
Throws: +
WikiException - if the web authorizer cannot verify the roles
+
+
+
+ +

+verifyGroupDatabase

+
+protected void verifyGroupDatabase()
+
+
Verifies that the group datbase was initialized properly, and that + user add and delete operations work as they should. +

+

+
+
+
+
+ +

+verifyJaas

+
+protected void verifyJaas()
+
+
Verfies the JAAS configuration. The configuration is valid if value of the + jspwiki.properties property + "jspwiki.loginModule.class" + resolves to a valid class on the classpath. +

+

+
+
+
+
+ +

+getFileFromProperty

+
+protected File getFileFromProperty(String property)
+
+
Looks up a file name based on a JRE system property and returns the associated + File object if it exists. This method adds messages with the topic prefix + ERROR and INFO as appropriate, with the suffix matching the + supplied property. +

+

+
Parameters:
property - the system property to look up +
Returns:
the file object, or null if not found
+
+
+
+ +

+verifyPolicy

+
+protected void verifyPolicy()
+
+
Verfies the Java security policy configuration. The configuration is + valid if value of the local policy (at WEB-INF/jspwiki.policy + resolves to an existing file, and the policy file contained therein + represents a valid policy. +

+

+
+
+
+
+ +

+verifyStaticPermission

+
+protected boolean verifyStaticPermission(Principal principal,
+                                         Permission permission)
+
+
Verifies that a particular Principal possesses a Permission, as defined + in the security policy file. +

+

+
Parameters:
principal - the principal
permission - the permission +
Returns:
the result, based on consultation with the active Java security + policy
+
+
+
+ +

+verifyUserDatabase

+
+protected void verifyUserDatabase()
+
+
Verifies that the user datbase was initialized properly, and that + user add and delete operations work as they should. +

+

+
+
+
+ +
+ + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+Copyright © {inceptionYear}-2014 The Apache Software Foundation. All rights reserved. + + http://git-wip-us.apache.org/repos/asf/jspwiki-site/blob/04f45623/apidocs/2.10.1/org/apache/wiki/auth/SecurityVerifier.png ---------------------------------------------------------------------- diff --git a/apidocs/2.10.1/org/apache/wiki/auth/SecurityVerifier.png b/apidocs/2.10.1/org/apache/wiki/auth/SecurityVerifier.png new file mode 100755 index 0000000..72b0c0f Binary files /dev/null and b/apidocs/2.10.1/org/apache/wiki/auth/SecurityVerifier.png differ http://git-wip-us.apache.org/repos/asf/jspwiki-site/blob/04f45623/apidocs/2.10.1/org/apache/wiki/auth/SessionMonitor.html ---------------------------------------------------------------------- diff --git a/apidocs/2.10.1/org/apache/wiki/auth/SessionMonitor.html b/apidocs/2.10.1/org/apache/wiki/auth/SessionMonitor.html new file mode 100755 index 0000000..dd5de4e --- /dev/null +++ b/apidocs/2.10.1/org/apache/wiki/auth/SessionMonitor.html @@ -0,0 +1,530 @@ + + + + + + + +SessionMonitor (Apache JSPWiki Main War 2.10.1 API) + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+ +

+ +org.apache.wiki.auth +
+Class SessionMonitor

+
+java.lang.Object
+  extended by org.apache.wiki.auth.SessionMonitor
+
+
+
All Implemented Interfaces:
EventListener, javax.servlet.http.HttpSessionListener
+
+
+
+
public class SessionMonitor
extends Object
implements javax.servlet.http.HttpSessionListener
+ + + + + +
+ +

+

Manages WikiSession's for different WikiEngine's.

+

The WikiSession's are stored both in the remote user + HttpSession and in the SessionMonitor for the WikeEngine. + This class must be configured as a session listener in the + web.xml for the wiki web application. +

+

+ +

+

+ +

+ + + + + + + + + + + +
+Constructor Summary
SessionMonitor() + +
+          Construct the SessionListener
+  + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+Method Summary
+ voidaddWikiEventListener(WikiEventListener listener) + +
+          Registers a WikiEventListener with this instance.
+ WikiSessionfind(javax.servlet.http.HttpSession session) + +
+          Looks up the wiki session associated with a user's Http session + and adds it to the session cache.
+protected  voidfireEvent(int type, + Principal principal, + WikiSession session) + +
+          Fires a WikiSecurityEvent to all registered listeners.
+static SessionMonitorgetInstance(WikiEngine engine) + +
+          Returns the instance of the SessionMonitor for this wiki.
+ voidremove(javax.servlet.http.HttpSession session) + +
+          Removes the wiki session associated with the user's HttpSession + from the session cache.
+ voidremoveWikiEventListener(WikiEventListener listener) + +
+          Un-registers a WikiEventListener with this instance.
+ voidsessionCreated(javax.servlet.http.HttpSessionEvent se) + +
+          Fires when the web container creates a new HTTP session.
+ voidsessionDestroyed(javax.servlet.http.HttpSessionEvent se) + +
+          Removes the user's WikiSession from the internal session cache when the web + container destoys an HTTP session.
+ intsessions() + +
+          Returns the current number of active wiki sessions.
+ Principal[]userPrincipals() + +
+          Returns the current wiki users as a sorted array of + Principal objects.
+ + + + + + + +
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
+  +

+ + + + + + + + +
+Constructor Detail
+ +

+SessionMonitor

+
+public SessionMonitor()
+
+
Construct the SessionListener +

+

+ + + + + + + + +
+Method Detail
+ +

+getInstance

+
+public static final SessionMonitor getInstance(WikiEngine engine)
+
+
Returns the instance of the SessionMonitor for this wiki. + Only one SessionMonitor exists per WikiEngine. +

+

+
+
+
+
Parameters:
engine - the wiki engine +
Returns:
the session monitor
+
+
+
+ +

+find

+
+public final WikiSession find(javax.servlet.http.HttpSession session)
+
+

Looks up the wiki session associated with a user's Http session + and adds it to the session cache. This method will return the + "guest session" as constructed by WikiSession.guestSession(WikiEngine) + if the HttpSession is not currently associated with a WikiSession. + This method is guaranteed to return a non-null WikiSession.

+

Internally, the session is stored in a HashMap; keys are + the HttpSession objects, while the values are + WeakReference-wrapped WikiSessions.

+

+

+
+
+
+
Parameters:
session - the HTTP session +
Returns:
the wiki session
+
+
+
+ +

+remove

+
+public final void remove(javax.servlet.http.HttpSession session)
+
+
Removes the wiki session associated with the user's HttpSession + from the session cache. +

+

+
+
+
+
Parameters:
session - the user's HTTP session
+
+
+
+ +

+sessions

+
+public final int sessions()
+
+
Returns the current number of active wiki sessions. +

+

+
+
+
+ +
Returns:
the number of sessions
+
+
+
+ +

+userPrincipals

+
+public final Principal[] userPrincipals()
+
+

Returns the current wiki users as a sorted array of + Principal objects. The principals are those returned by + each WikiSession's WikiSession.getUserPrincipal()'s + method.

+

To obtain the list of current WikiSessions, we iterate + through our session Map and obtain the list of values, + which are WikiSessions wrapped in WeakReference + objects. Those WeakReferences whose get() + method returns non-null values are valid + sessions.

+

+

+
+
+
+ +
Returns:
the array of user principals
+
+
+
+ +

+addWikiEventListener

+
+public final void addWikiEventListener(WikiEventListener listener)
+
+
Registers a WikiEventListener with this instance. +

+

+
+
+
+
Parameters:
listener - the event listener
Since:
+
2.4.75
+
+
+
+
+ +

+removeWikiEventListener

+
+public final void removeWikiEventListener(WikiEventListener listener)
+
+
Un-registers a WikiEventListener with this instance. +

+

+
+
+
+
Parameters:
listener - the event listener
Since:
+
2.4.75
+
+
+
+
+ +

+fireEvent

+
+protected final void fireEvent(int type,
+                               Principal principal,
+                               WikiSession session)
+
+
Fires a WikiSecurityEvent to all registered listeners. +

+

+
+
+
+
Parameters:
type - the event type
principal - the user principal associated with this session
session - the wiki session
Since:
+
2.4.75
+
+
+
+
+ +

+sessionCreated

+
+public void sessionCreated(javax.servlet.http.HttpSessionEvent se)
+
+
Fires when the web container creates a new HTTP session. +

+

+
Specified by:
sessionCreated in interface javax.servlet.http.HttpSessionListener
+
+
+
Parameters:
se - the HTTP session event
+
+
+
+ +

+sessionDestroyed

+
+public void sessionDestroyed(javax.servlet.http.HttpSessionEvent se)
+
+
Removes the user's WikiSession from the internal session cache when the web + container destoys an HTTP session. +

+

+
Specified by:
sessionDestroyed in interface javax.servlet.http.HttpSessionListener
+
+
+
Parameters:
se - the HTTP session event
+
+
+ +
+ + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + +
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
+		 + +
PREV CLASS  + NEXT CLASS + FRAMES   + NO FRAMES   +  + + + +
+ SUMMARY: NESTED | FIELD | CONSTR | METHOD +DETAIL: FIELD | CONSTR | METHOD
+ + + +
+Copyright © {inceptionYear}-2014 The Apache Software Foundation. All rights reserved. + + http://git-wip-us.apache.org/repos/asf/jspwiki-site/blob/04f45623/apidocs/2.10.1/org/apache/wiki/auth/SessionMonitor.png ---------------------------------------------------------------------- diff --git a/apidocs/2.10.1/org/apache/wiki/auth/SessionMonitor.png b/apidocs/2.10.1/org/apache/wiki/auth/SessionMonitor.png new file mode 100755 index 0000000..fe4363f Binary files /dev/null and b/apidocs/2.10.1/org/apache/wiki/auth/SessionMonitor.png differ