Class DefaultAuthorizationManager

java.lang.Object
org.apache.wiki.auth.DefaultAuthorizationManager
All Implemented Interfaces:
Initializable, AuthorizationManager

public class DefaultAuthorizationManager
extends java.lang.Object
implements AuthorizationManager

Default implementation for AuthorizationManager

See the checkPermission(Session, Permission) and hasRoleOrPrincipal(Session, Principal) methods for more information on the authorization logic.

Since:
2.3
See Also:
AuthenticationManager
  • Field Summary

    Fields inherited from interface org.apache.wiki.auth.AuthorizationManager

    DEFAULT_AUTHORIZER, DEFAULT_POLICY, POLICY, PROP_AUTHORIZER
  • Constructor Summary

    Constructors
    Constructor Description
    DefaultAuthorizationManager()
    Constructs a new DefaultAuthorizationManager instance.
  • Method Summary

    Modifier and Type Method Description
    void addWikiEventListener​(WikiEventListener listener)
    Registers a WikiEventListener with this instance.
    boolean allowedByLocalPolicy​(java.security.Principal[] principals, java.security.Permission permission)
    Checks to see if the local security policy allows a particular static Permission.
    boolean checkPermission​(Session session, java.security.Permission permission)
    Returns true or false, depending on whether a Permission is allowed for the Subject associated with a supplied Session.
    boolean checkStaticPermission​(Session session, java.security.Permission permission)
    Determines whether a Subject possesses a given "static" Permission as defined in the security policy file.
    Authorizer getAuthorizer()
    Returns the current external Authorizer in use.
    boolean hasAccess​(Context context, javax.servlet.http.HttpServletResponse response, boolean redirect)
    Checks whether the current user has access to the wiki context (and optionally redirects if not), by obtaining the required Permission (Command.requiredPermission()) and delegating the access check to AuthorizationManager.checkPermission(Session, Permission).
    boolean hasRoleOrPrincipal​(Session session, java.security.Principal principal)
    Determines if the Subject associated with a supplied Session contains a desired user Principal or built-in Role principal, OR is a member a Group or external Role.
    void initialize​(Engine engine, java.util.Properties properties)
    Initializes this Engine component.
    void removeWikiEventListener​(WikiEventListener listener)
    Un-registers a WikiEventListener with this instance.
    java.security.Principal resolvePrincipal​(java.lang.String name)
    Given a supplied string representing a Principal's name from an Acl, this method resolves the correct type of Principal (role, group, or user).

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.apache.wiki.auth.AuthorizationManager

    fireEvent, hasAccess, isUserInRole
  • Constructor Details

  • Method Details

    • checkPermission

      public boolean checkPermission​(Session session, java.security.Permission permission)
      Returns true or false, depending on whether a Permission is allowed for the Subject associated with a supplied Session. The access control algorithm works this way:
      1. The Acl for the page is obtained
      2. The Subject associated with the current Session is obtained
      3. If the Subject's Principal set includes the Role Principal that is the administrator group, always allow the Permission
      4. For all permissions, check to see if the Permission is allowed according to the default security policy. If it isn't, deny the permission and halt further processing.
      5. If there is an Acl, get the list of Principals assigned this Permission in the Acl: these will be role, group or user Principals, or UnresolvedPrincipals (see below). Then iterate through the Subject's Principal set and determine whether the user (Subject) possesses any one of these specified Roles or Principals.

      Note that when iterating through the Acl's list of authorized Principals, it is possible that one or more of the Acl's Principal entries are of type UnresolvedPrincipal. This means that the last time the ACL was read, the Principal (user, built-in Role, authorizer Role, or wiki Group) could not be resolved: the Role was not valid, the user wasn't found in the UserDatabase, or the Group wasn't known to (e.g., cached) in the GroupManager. If an UnresolvedPrincipal is encountered, this method will attempt to resolve it first before checking to see if the Subject possesses this principal, by calling AuthorizationManager.resolvePrincipal(String). If the (re-)resolution does not succeed, the access check for the principal will fail by definition (the Subject should never contain UnresolvedPrincipals).

      If security not set to JAAS, will return true.

      Specified by:
      checkPermission in interface AuthorizationManager
      Parameters:
      session - the current wiki session
      permission - the Permission being checked
      Returns:
      the result of the Permission check
    • getAuthorizer

      Returns the current external Authorizer in use. This method is guaranteed to return a properly-initialized Authorizer, unless it could not be initialized. In that case, this method throws a WikiSecurityException.
      Specified by:
      getAuthorizer in interface AuthorizationManager
      Returns:
      the current Authorizer
      Throws:
      WikiSecurityException - if the Authorizer could not be initialized
    • hasRoleOrPrincipal

      public boolean hasRoleOrPrincipal​(Session session, java.security.Principal principal)

      Determines if the Subject associated with a supplied Session contains a desired user Principal or built-in Role principal, OR is a member a Group or external Role. The rules are as follows:

      1. First, if desired Principal is a Role or GroupPrincipal, delegate to AuthorizationManager.isUserInRole(Session, Principal) and return the result.
      2. Otherwise, we're looking for a user Principal, so iterate through the Principal set and see if any share the same name as the one we are looking for.

      Note: if the Principal parameter is a user principal, the session must be authenticated in order for the user to "possess it". Anonymous or asserted sessions will never posseess a named user principal.

      Specified by:
      hasRoleOrPrincipal in interface AuthorizationManager
      Parameters:
      session - the current wiki session, which must be non-null. If null, the result of this method always returns false
      principal - the Principal (role, group, or user principal) to look for, which must be non-null. If null, the result of this method always returns false
      Returns:
      true if the Subject supplied with the WikiContext posesses the Role, GroupPrincipal or desired user Principal, false otherwise
    • hasAccess

      public boolean hasAccess​(Context context, javax.servlet.http.HttpServletResponse response, boolean redirect) throws java.io.IOException
      Checks whether the current user has access to the wiki context (and optionally redirects if not), by obtaining the required Permission (Command.requiredPermission()) and delegating the access check to AuthorizationManager.checkPermission(Session, Permission). If the user is allowed, this method returns true; false otherwise. Also, the wiki context will be added to the request as attribute with the key name Context.ATTR_CONTEXT.
      Specified by:
      hasAccess in interface AuthorizationManager
      Parameters:
      context - wiki context to check if it is accesible
      response - The servlet response object
      redirect - If true, makes an automatic redirect to the response
      Returns:
      the result of the access check
      Throws:
      java.io.IOException - If something goes wrong
    • initialize

      public void initialize​(Engine engine, java.util.Properties properties) throws WikiException

      Initializes this Engine component. Note that the engine is not fully initialized at this point, so don't do anything fancy here - use lazy init, if you have to.
       

      Expects to find property 'jspwiki.authorizer' with a valid Authorizer implementation name to take care of role lookup operations.
      Specified by:
      initialize in interface Initializable
      Parameters:
      engine - Engine performing the initialization.
      properties - Properties for setup.
      Throws:
      WikiException - if an exception occurs while initializing the component.
    • allowedByLocalPolicy

      public boolean allowedByLocalPolicy​(java.security.Principal[] principals, java.security.Permission permission)
      Checks to see if the local security policy allows a particular static Permission. Do not use this method for normal permission checks; use AuthorizationManager.checkPermission(Session, Permission) instead.
      Specified by:
      allowedByLocalPolicy in interface AuthorizationManager
      Parameters:
      principals - the Principals to check
      permission - the Permission
      Returns:
      the result
    • checkStaticPermission

      public boolean checkStaticPermission​(Session session, java.security.Permission permission)
      Determines whether a Subject possesses a given "static" Permission as defined in the security policy file. This method uses standard Java 2 security calls to do its work. Note that the current access control context's codeBase is effectively this class, not that of the caller. Therefore, this method will work best when what matters in the policy is who makes the permission check, not what the caller's code source is. Internally, this method works by executing Subject.doAsPrivileged with a privileged action that simply calls AccessController.checkPermission(Permission).
      Specified by:
      checkStaticPermission in interface AuthorizationManager
      Parameters:
      session - the Session whose permission status is being queried
      permission - the Permission the Subject must possess
      Returns:
      true if the Subject possesses the permission, false otherwise
      See Also:
      . A caught exception (or lack thereof) determines whether the privilege is absent (or present).
    • resolvePrincipal

      public java.security.Principal resolvePrincipal​(java.lang.String name)

      Given a supplied string representing a Principal's name from an Acl, this method resolves the correct type of Principal (role, group, or user). This method is guaranteed to always return a Principal. The algorithm is straightforward:

      1. If the name matches one of the built-in Role names, return that built-in Role
      2. If the name matches one supplied by the current Authorizer, return that Role
      3. If the name matches a group managed by the current GroupManager, return that Group
      4. Otherwise, assume that the name represents a user principal. Using the current UserDatabase, find the first user who matches the supplied name by calling UserDatabase.find(String).
      5. Finally, if a user cannot be found, manufacture and return a generic UnresolvedPrincipal
      Specified by:
      resolvePrincipal in interface AuthorizationManager
      Parameters:
      name - the name of the Principal to resolve
      Returns:
      the fully-resolved Principal
    • addWikiEventListener

      public void addWikiEventListener​(WikiEventListener listener)
      Registers a WikiEventListener with this instance.
      Specified by:
      addWikiEventListener in interface AuthorizationManager
      Parameters:
      listener - the event listener
    • removeWikiEventListener

      public void removeWikiEventListener​(WikiEventListener listener)
      Un-registers a WikiEventListener with this instance.
      Specified by:
      removeWikiEventListener in interface AuthorizationManager
      Parameters:
      listener - the event listener