Examples of com.ecyrd.jspwiki.auth.AuthorizationManager.checkPermission()

Class com.ecyrd.jspwiki.auth.AuthorizationManager

Examples of com.ecyrd.jspwiki.auth.AuthorizationManager.checkPermission()

com.ecyrd.jspwiki.auth.AuthorizationManager.checkPermission()
Returns true or false, depending on whether a Permission is allowed for the Subject associated with a supplied WikiSession. The access control algorithm works this way:
1. The {@link com.ecyrd.jspwiki.auth.acl.Acl} for the page is obtained
2. The Subject associated with the current {@link com.ecyrd.jspwiki.WikiSession} is obtained
3. If the Subject's Principal set includes the Role Principal that is the administrator group, always allow the Permission
4. For all permissions, check to see if the Permission is allowed according to the default security policy. If it isn't, deny the permission and halt further processing.
5. If there is an Acl, get the list of Principals assigned this Permission in the Acl: these will be role, group or user Principals, or {@link com.ecyrd.jspwiki.auth.acl.UnresolvedPrincipal}s (see below). Then iterate through the Subject's Principal set and determine whether the user (Subject) posesses any one of these specified Roles or Principals. The matching process delegates to {@link #hasRoleOrPrincipal(WikiSession,Principal)}.
Note that when iterating through the Acl's list of authorized Principals, it is possible that one or more of the Acl's Principal entries are of type UnresolvedPrincipal. This means that the last time the ACL was read, the Principal (user, built-in Role, authorizer Role, or wiki Group) could not be resolved: the Role was not valid, the user wasn't found in the UserDatabase, or the Group wasn't known to (e.g., cached) in the GroupManager. If an UnresolvedPrincipal is encountered, this method will attempt to resolve it first before checking to see if the Subject possesses this principal, by calling {@link #resolvePrincipal(String)}. If the (re-)resolution does not succeed, the access check for the principal will fail by definition (the Subject should never contain UnresolvedPrincipals).

If security not set to JAAS, will return true.
@param session the current wiki session @param permission the Permission being checked @see #hasRoleOrPrincipal(WikiSession,Principal) @return the result of the Permission check

        
        if ( CREATE_GROUPS.equals( permission ) || CREATE_PAGES.equals( permission )
            || EDIT_PREFERENCES.equals( permission ) || EDIT_PROFILE.equals( permission )
            || LOGIN.equals( permission ) )
        {
            gotPermission = mgr.checkPermission( session, new WikiPermission( page.getWiki(), permission ) );
        }
        else if ( VIEW_GROUP.equals( permission ) 
            || EDIT_GROUP.equals( permission )
            || DELETE_GROUP.equals( permission ) )
        {

View Full Code Here

                }
                else if ( DELETE_GROUP.equals( permission ) )
                {
                    action = "delete";
                }
                gotPermission = mgr.checkPermission( session, new GroupPermission( groupName, action ) );
            }
        }
        else if ( ALL_PERMISSION.equals( permission ) )
        {
            gotPermission = mgr.checkPermission( session, new AllPermission( m_wikiContext.getEngine().getApplicationName() ) );

View Full Code Here

                gotPermission = mgr.checkPermission( session, new GroupPermission( groupName, action ) );
            }
        }
        else if ( ALL_PERMISSION.equals( permission ) )
        {
            gotPermission = mgr.checkPermission( session, new AllPermission( m_wikiContext.getEngine().getApplicationName() ) );
        }
        else if ( page != null )
        {
            //
            //  Edit tag also checks that we're not trying to edit an

View Full Code Here

                    return false;
                }
            }


            Permission p = PermissionFactory.getPagePermission( page, permission );
            gotPermission = mgr.checkPermission( session,
                                                  p );
        }
        
        return gotPermission;
    }

View Full Code Here

            
            for( Iterator i = blogEntries.iterator(); i.hasNext() && maxEntries-- > 0 ; )
            {
                WikiPage p = (WikiPage) i.next();


                if( mgr.checkPermission( context.getWikiSession(), 
                                         new PagePermission(p, PagePermission.VIEW_ACTION) ) )
                {
                    addEntryHTML(context, entryFormat, hasComments, sb, p);
                }
            }

View Full Code Here

                //
                //  Check if the user has permission for this attachment
                //


                Permission permission = PermissionFactory.getPagePermission( att, "view" );
                if( !authmgr.checkPermission( context.getWikiSession(), permission ) )
                {
                    log.debug("User does not have permission for this");
                    res.sendError( HttpServletResponse.SC_FORBIDDEN );
                    return;
                }

View Full Code Here

            AuthenticationManager amm = m_context.getEngine().getAuthenticationManager();
            AuthorizationManager mgr = m_context.getEngine().getAuthorizationManager();
        
            if( amm.login( m_context.getWikiSession(), m_context.getHttpRequest(), username, password ) )
            {
                if( !mgr.checkPermission( m_context.getWikiSession(), PermissionFactory.getPagePermission( page, permission ) ))
                {
                    throw new XmlRpcException( 1, "No permission" );
                }   
            }
            else

View Full Code Here

     */
    protected void checkPermission( Permission perm )
    {
        AuthorizationManager mgr = m_engine.getAuthorizationManager();
        
        if( mgr.checkPermission( m_context.getWikiSession(), perm ) )
            return;
        
        throw new AuthenticationFailed( "You have no access to this resource, o master" );
    }

View Full Code Here

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.