Package org.apache.wiki.auth

Class SecurityVerifier

java.lang.Object
org.apache.wiki.auth.SecurityVerifier
public final class SecurityVerifier
extends java.lang.Object
Helper class for verifying JSPWiki's security configuration. Invoked by admin/SecurityConfig.jsp.
Since:
2.4

  • Field Summary

    Fields
    Modifier and Type Field Description
    static java.lang.String ERROR
    Message prefix for errors.
    static java.lang.String ERROR_DB
    Message topic for user database errors.
    static java.lang.String ERROR_GROUPS
    Message topic for group database errors.
    static java.lang.String ERROR_JAAS
    Message topic for JAAS errors.
    static java.lang.String ERROR_POLICY
    Message topic for policy errors.
    static java.lang.String ERROR_ROLES
    Message topic for role-checking errors.
    static java.lang.String INFO
    Message prefix for information messages.
    static java.lang.String INFO_DB
    Message topic for user database information messages.
    static java.lang.String INFO_GROUPS
    Message topic for group database information messages.
    static java.lang.String INFO_JAAS
    Message topic for JAAS information messages.
    static java.lang.String INFO_POLICY
    Message topic for policy information messages.
    static java.lang.String INFO_ROLES
    Message topic for role-checking information messages.
    static java.lang.String WARNING
    Message prefix for warnings.
    static java.lang.String WARNING_DB
    Message topic for user database warnings.
    static java.lang.String WARNING_GROUPS
    Message topic for group database warnings.
    static java.lang.String WARNING_JAAS
    Message topic for JAAS warnings.
    static java.lang.String WARNING_POLICY
    Message topic for policy warnings.

  • Constructor Summary

    Constructors
    Constructor Description
    SecurityVerifier​(Engine engine, Session session)
    Constructs a new SecurityVerifier for a supplied Engine and WikiSession.

  • Method Summary

    Modifier and Type Method Description
    java.lang.String containerRoleTable()
    Formats and returns an HTML table containing the roles the web container is aware of, and whether each role maps to particular JSPs.
    protected java.io.File getFileFromProperty​(java.lang.String property)
    Looks up a file name based on a JRE system property and returns the associated File object if it exists.
    boolean isSecurityPolicyConfigured()
    Returns true if the Java security policy is configured correctly, and it verifies as valid.
    java.security.Principal[] policyPrincipals()
    Returns an array of unique Principals from the JSPWIki security policy file.
    java.lang.String policyRoleTable()
    Formats and returns an HTML table containing sample permissions and what roles are allowed to have them.
    protected void verifyGroupDatabase()
    Verifies that the group datbase was initialized properly, and that user add and delete operations work as they should.
    protected void verifyJaas()
    Verfies the JAAS configuration.
    protected void verifyPolicy()
    Verfies the Java security policy configuration.
    protected void verifyPolicyAndContainerRoles()
    Verifies that the roles given in the security policy are reflected by the container web.xml file.
    protected boolean verifyStaticPermission​(java.security.Principal principal, java.security.Permission permission)
    Verifies that a particular Principal possesses a Permission, as defined in the security policy file.
    protected void verifyUserDatabase()
    Verifies that the user datbase was initialized properly, and that user add and delete operations work as they should.
    java.security.Principal[] webContainerRoles()
    If the active Authorizer is the WebContainerAuthorizer, returns the roles it knows about; otherwise, a zero-length array.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • SecurityVerifier

      public SecurityVerifier​(Engine engine, Session session)
      Constructs a new SecurityVerifier for a supplied Engine and WikiSession.
      Parameters:
      engine - the wiki engine
      session - the wiki session (typically, that of an administrator)

  • Method Details

    • policyPrincipals

      public java.security.Principal[] policyPrincipals()
      Returns an array of unique Principals from the JSPWIki security policy file. This array will be zero-length if the policy file was not successfully located, or if the file did not specify any Principals in the policy.
      Returns:
      the array of principals

    • policyRoleTable

      public java.lang.String policyRoleTable()
      Formats and returns an HTML table containing sample permissions and what roles are allowed to have them. This method will throw an IllegalStateException if the authorizer is not of type WebContainerAuthorizer
      Returns:
      the formatted HTML table containing the result of the tests

    • containerRoleTable

      public java.lang.String containerRoleTable() throws WikiException
      Formats and returns an HTML table containing the roles the web container is aware of, and whether each role maps to particular JSPs. This method throws an IllegalStateException if the authorizer is not of type WebContainerAuthorizer
      Returns:
      the formatted HTML table containing the result of the tests
      Throws:
      WikiException - if tests fail for unexpected reasons

    • isSecurityPolicyConfigured

      public boolean isSecurityPolicyConfigured()
      Returns true if the Java security policy is configured correctly, and it verifies as valid.
      Returns:
      the result of the configuration check

    • webContainerRoles

      public java.security.Principal[] webContainerRoles() throws WikiException
      If the active Authorizer is the WebContainerAuthorizer, returns the roles it knows about; otherwise, a zero-length array.
      Returns:
      the roles parsed from web.xml, or a zero-length array
      Throws:
      WikiException - if the web authorizer cannot obtain the list of roles

    • verifyPolicyAndContainerRoles

      protected void verifyPolicyAndContainerRoles() throws WikiException
      Verifies that the roles given in the security policy are reflected by the container web.xml file.
      Throws:
      WikiException - if the web authorizer cannot verify the roles

    • verifyGroupDatabase

      protected void verifyGroupDatabase()
      Verifies that the group datbase was initialized properly, and that user add and delete operations work as they should.

    • verifyJaas

      protected void verifyJaas()
      Verfies the JAAS configuration. The configuration is valid if value of the jspwiki.properties property "jspwiki.loginModule.class" resolves to a valid class on the classpath.

    • getFileFromProperty

      protected java.io.File getFileFromProperty​(java.lang.String property)
      Looks up a file name based on a JRE system property and returns the associated File object if it exists. This method adds messages with the topic prefix ERROR and INFO as appropriate, with the suffix matching the supplied property.
      Parameters:
      property - the system property to look up
      Returns:
      the file object, or null if not found

    • verifyPolicy

      protected void verifyPolicy()
      Verfies the Java security policy configuration. The configuration is valid if value of the local policy (at WEB-INF/jspwiki.policy resolves to an existing file, and the policy file contained therein represents a valid policy.

    • verifyStaticPermission

      protected boolean verifyStaticPermission​(java.security.Principal principal, java.security.Permission permission)
      Verifies that a particular Principal possesses a Permission, as defined in the security policy file.
      Parameters:
      principal - the principal
      permission - the permission
      Returns:
      the result, based on consultation with the active Java security policy

    • verifyUserDatabase

      protected void verifyUserDatabase()
      Verifies that the user datbase was initialized properly, and that user add and delete operations work as they should.