Examples of com.ecyrd.jspwiki.auth.AuthorizationManager

com.ecyrd.jspwiki.auth.AuthorizationManager
Manages all access control and authorization; determines what authenticated users are allowed to do.

Privileges in JSPWiki are expressed as Java-standard {@link java.security.Permission}classes. There are two types of permissions:
- {@link com.ecyrd.jspwiki.auth.permissions.WikiPermission} - privileges that applyto an entire wiki instance: e.g., editing user profiles, creating pages, creating groups
- {@link com.ecyrd.jspwiki.auth.permissions.PagePermission} - privileges that applyto a single wiki page or range of pages: e.g., reading, editing, renaming
Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first, then passing it and the current {@link com.ecyrd.jspwiki.WikiSession} to the{@link #checkPermission(WikiSession,Permission)} method. If the session'sSubject possesses the permission, the action is allowed.

For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki security policy -- or not.

For PagePermissions, the logic is exactly the same if the page being checked does not have an access control list. However, if the page does have an ACL, the authorization decision is made based the union of the permissions granted in the ACL and in the security policy. In other words, the user must be named in the ACL (or belong to a group or role that is named in the ACL) and be granted (at least) the same permission in the security policy. We do this to prevent a user from gaining more permissions than they already have, based on the security policy.

See the {@link #checkPermission(WikiSession,Permission)} and{@link #hasRoleOrPrincipal(WikiSession,Principal)} methods for more informationon the authorization logic.
@author Andrew Jaquith @since 2.3 @see AuthenticationManager

     */
    private boolean checkPermission( String permission )
    {
        WikiSession session        = m_wikiContext.getWikiSession();
        WikiPage    page           = m_wikiContext.getPage();
        AuthorizationManager mgr   = m_wikiContext.getEngine().getAuthorizationManager();
        boolean gotPermission     = false;
        
        if ( CREATE_GROUPS.equals( permission ) || CREATE_PAGES.equals( permission )
            || EDIT_PREFERENCES.equals( permission ) || EDIT_PROFILE.equals( permission )
            || LOGIN.equals( permission ) )
        {
            gotPermission = mgr.checkPermission( session, new WikiPermission( page.getWiki(), permission ) );
        }
        else if ( VIEW_GROUP.equals( permission ) 
            || EDIT_GROUP.equals( permission )
            || DELETE_GROUP.equals( permission ) )
        {
            Command command = m_wikiContext.getCommand();
            gotPermission = false;
            if ( command instanceof GroupCommand && command.getTarget() != null )
            {
                GroupPrincipal group = (GroupPrincipal)command.getTarget();
                String groupName = group.getName();
                String action = "view";
                if( EDIT_GROUP.equals( permission ) )
                {
                    action = "edit";
                }
                else if ( DELETE_GROUP.equals( permission ) )
                {
                    action = "delete";
                }
                gotPermission = mgr.checkPermission( session, new GroupPermission( groupName, action ) );
            }
        }
        else if ( ALL_PERMISSION.equals( permission ) )
        {
            gotPermission = mgr.checkPermission( session, new AllPermission( m_wikiContext.getEngine().getApplicationName() ) );
        }
        else if ( page != null )
        {
            //
            //  Edit tag also checks that we're not trying to edit an
            //  old version: they cannot be edited.
            //
            if( EDIT.equals(permission) )
            {
                WikiPage latest = m_wikiContext.getEngine().getPage( page.getName() );
                if( page.getVersion() != WikiProvider.LATEST_VERSION &&
                    latest.getVersion() != page.getVersion() )
                {
                    return false;
                }
            }


            Permission p = PermissionFactory.getPagePermission( page, permission );
            gotPermission = mgr.checkPermission( session,
                                                  p );
        }
        
        return gotPermission;
    }

View Full Code Here

    {
        Calendar   startTime;
        Calendar   stopTime;
        int        numDays = DEFAULT_DAYS;
        WikiEngine engine = context.getEngine();
        AuthorizationManager mgr = engine.getAuthorizationManager();
        
        //
        //  Parse parameters.
        //
        String  days;
        DateFormat entryFormat;
        String  startDay = null;
        boolean hasComments = false;
        int     maxEntries;
        String  weblogName;


        if( (weblogName = (String) params.get(PARAM_PAGE)) == null )
        {
            weblogName = context.getPage().getName();
        }


        if( (days = context.getHttpParameter( "weblog."+PARAM_DAYS )) == null )
        {
            days = (String) params.get( PARAM_DAYS );
        }


        if( ( params.get(PARAM_ENTRYFORMAT)) == null )
        {
            entryFormat = Preferences.getDateFormat( context, TimeFormat.DATETIME );
        }
        else
        {
            entryFormat = new SimpleDateFormat( (String)params.get(PARAM_ENTRYFORMAT) );
        }


        if( days != null )
        {
            if( days.equalsIgnoreCase("all") )
            {
                numDays = Integer.MAX_VALUE;
            }
            else
            {
                numDays = TextUtil.parseIntParameter( days, DEFAULT_DAYS );
            }
        }




        if( (startDay = (String)params.get(PARAM_STARTDATE)) == null )
        {
            startDay = context.getHttpParameter( "weblog."+PARAM_STARTDATE );
        }


        if( TextUtil.isPositive( (String)params.get(PARAM_ALLOWCOMMENTS) ) )
        {
            hasComments = true;
        }


        maxEntries = TextUtil.parseIntParameter( (String)params.get(PARAM_MAXENTRIES),
                                                 Integer.MAX_VALUE );


        //
        //  Determine the date range which to include.
        //


        startTime = Calendar.getInstance();
        stopTime  = Calendar.getInstance();


        if( startDay != null )
        {
            SimpleDateFormat fmt = new SimpleDateFormat( DEFAULT_DATEFORMAT );
            try
            {
                Date d = fmt.parse( startDay );
                startTime.setTime( d );
                stopTime.setTime( d );
            }
            catch( ParseException e )
            {
                return "Illegal time format: "+startDay;
            }
        }


        //
        //  Mark this to be a weblog
        //


        context.getPage().setAttribute(ATTR_ISWEBLOG, "true");


        //
        //  We make a wild guess here that nobody can do millisecond
        //  accuracy here.
        //
        startTime.add( Calendar.DAY_OF_MONTH, -numDays );
        startTime.set( Calendar.HOUR, 0 );
        startTime.set( Calendar.MINUTE, 0 );
        startTime.set( Calendar.SECOND, 0 );
        stopTime.set( Calendar.HOUR, 23 );
        stopTime.set( Calendar.MINUTE, 59 );
        stopTime.set( Calendar.SECOND, 59 );


        StringBuffer sb = new StringBuffer();


        try
        {
            List<WikiPage> blogEntries = findBlogEntries( engine.getPageManager(),
                                                          weblogName,
                                                          startTime.getTime(),
                                                          stopTime.getTime() );


            Collections.sort( blogEntries, new PageDateComparator() );


            sb.append("<div class=\"weblog\">\n");
            
            for( Iterator i = blogEntries.iterator(); i.hasNext() && maxEntries-- > 0 ; )
            {
                WikiPage p = (WikiPage) i.next();


                if( mgr.checkPermission( context.getWikiSession(), 
                                         new PagePermission(p, PagePermission.VIEW_ACTION) ) )
                {
                    addEntryHTML(context, entryFormat, hasComments, sb, p);
                }
            }

View Full Code Here


        String msg      = "An error occurred. Ouch.";
        int    ver      = WikiProvider.LATEST_VERSION;


        AttachmentManager mgr = m_engine.getAttachmentManager();
        AuthorizationManager authmgr = m_engine.getAuthorizationManager();




        String page = context.getPage().getName();


        if( page == null )
        {
            log.info("Invalid attachment name.");
            res.sendError( HttpServletResponse.SC_BAD_REQUEST );
            return;
        }


        OutputStream out = null;
        InputStream  in  = null;


        try
        {
            log.debug("Attempting to download att "+page+", version "+version);
            if( version != null )
            {
                ver = Integer.parseInt( version );
            }


            Attachment att = mgr.getAttachmentInfo( page, ver );


            if( att != null )
            {
                //
                //  Check if the user has permission for this attachment
                //


                Permission permission = PermissionFactory.getPagePermission( att, "view" );
                if( !authmgr.checkPermission( context.getWikiSession(), permission ) )
                {
                    log.debug("User does not have permission for this");
                    res.sendError( HttpServletResponse.SC_FORBIDDEN );
                    return;
                }

View Full Code Here

        throws XmlRpcException
    {
        try
        {
            AuthenticationManager amm = m_context.getEngine().getAuthenticationManager();
            AuthorizationManager mgr = m_context.getEngine().getAuthorizationManager();
        
            if( amm.login( m_context.getWikiSession(), m_context.getHttpRequest(), username, password ) )
            {
                if( !mgr.checkPermission( m_context.getWikiSession(), PermissionFactory.getPagePermission( page, permission ) ))
                {
                    throw new XmlRpcException( 1, "No permission" );
                }   
            }
            else

View Full Code Here

     *  
     *  @param perm the Permission to check
     */
    protected void checkPermission( Permission perm )
    {
        AuthorizationManager mgr = m_engine.getAuthorizationManager();
        
        if( mgr.checkPermission( m_context.getWikiSession(), perm ) )
            return;
        
        throw new AuthenticationFailed( "You have no access to this resource, o master" );
    }

View Full Code Here

TOP

Related Classes of com.ecyrd.jspwiki.auth.AuthorizationManager

com.ecyrd.jspwiki.attachment.AttachmentServlet

com.ecyrd.jspwiki.auth.acl.Acl

com.ecyrd.jspwiki.auth.acl.AclEntry

com.ecyrd.jspwiki.auth.acl.UnresolvedPrincipal

com.ecyrd.jspwiki.auth.authorize.Role

com.ecyrd.jspwiki.auth.permissions.AllPermission

com.ecyrd.jspwiki.auth.user.UserDatabase

com.ecyrd.jspwiki.auth.user.UserProfile

com.ecyrd.jspwiki.event.WikiSecurityEvent

com.ecyrd.jspwiki.plugin.WeblogPlugin

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.