001/*
002    Licensed to the Apache Software Foundation (ASF) under one
003    or more contributor license agreements.  See the NOTICE file
004    distributed with this work for additional information
005    regarding copyright ownership.  The ASF licenses this file
006    to you under the Apache License, Version 2.0 (the
007    "License"); you may not use this file except in compliance
008    with the License.  You may obtain a copy of the License at
009
010       http://www.apache.org/licenses/LICENSE-2.0
011
012    Unless required by applicable law or agreed to in writing,
013    software distributed under the License is distributed on an
014    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015    KIND, either express or implied.  See the License for the
016    specific language governing permissions and limitations
017    under the License.
018 */
019package org.apache.wiki.api.core;
020
021import org.apache.wiki.event.WikiEventListener;
022
023import javax.security.auth.Subject;
024import java.security.AccessControlException;
025import java.security.Principal;
026import java.security.PrivilegedAction;
027import java.util.Locale;
028
029
030/**
031 * <p>Represents a long-running wiki session, with an associated user Principal, user Subject, and authentication status. The sesion
032 * is initialized with minimal, default-deny values: authentication is set to <code>false</code>, and the user principal is set to
033 * <code>null</code>.</p>
034 * <p>The Session allows callers to:</p>
035 * <ul>
036 *   <li>Obtain the authentication status of the user via
037 *     {@link #isAnonymous()} and {@link #isAuthenticated()}</li>
038 *   <li>Query the session for Principals representing the
039 *     user's identity via {@link #getLoginPrincipal()},
040 *     {@link #getUserPrincipal()} and {@link #getPrincipals()}</li>
041 *   <li>Store, retrieve and clear UI messages via
042 *     {@link #addMessage(String)}, {@link #getMessages(String)}
043 *     and {@link #clearMessages(String)}</li>
044 * </ul>
045 * <p>To keep track of the Principals each user posseses, each Session stores a JAAS Subject. Various login processes add or
046 * remove Principals when users authenticate or log out.</p>
047 * <p>Session extends the {@link org.apache.wiki.event.WikiEventListener} interface and listens for group add/change/delete
048 * events fired by event sources the Session is registered with: {@link org.apache.wiki.auth.AuthenticationManager},
049 * {@link org.apache.wiki.auth.UserManager} and {@link org.apache.wiki.auth.authorize.GroupManager}, so it can catch group events. Thus,
050 * when a user is added to a {@link org.apache.wiki.auth.authorize.Group}, a corresponding {@link org.apache.wiki.auth.GroupPrincipal} is
051 * injected into the Subject's Principal set. Likewise, when the user is removed from the Group or the Group is deleted, the
052 * GroupPrincipal is removed from the Subject. The effect that this strategy produces is extremely beneficial: when someone adds a user
053 * to a wiki group, that user <em>immediately</em> gains the privileges associated with that group; he or she does not need to
054 * re-authenticate.
055 * </p>
056 * <p>In addition to methods for examining individual <code>Session</code> objects, this class also contains a number of static
057 * methods for managing Sessions for an entire wiki. These methods allow callers to find, query and remove Session objects, and
058 * to obtain a list of the current wiki session users.</p>
059 */
060public interface Session extends WikiEventListener {
061
062    /** An anonymous user's session status. */
063    String  ANONYMOUS = "anonymous";
064
065    /** An asserted user's session status. */
066    String  ASSERTED = "asserted";
067
068    /** An authenticated user's session status. */
069    String  AUTHENTICATED = "authenticated";
070
071    /**
072     * Returns <code>true</code> if the user is considered asserted via a session cookie; that is, the Subject contains the Principal
073     * Role.ASSERTED.
074     *
075     * @return Returns <code>true</code> if the user is asserted
076     */
077    boolean isAsserted();
078
079    /**
080     * Returns the authentication status of the user's session. The user is considered authenticated if the Subject contains the
081     * Principal Role.AUTHENTICATED. If this method determines that an earlier LoginModule did not inject Role.AUTHENTICATED, it
082     * will inject one if the user is not anonymous <em>and</em> not asserted.
083     *
084     * @return Returns <code>true</code> if the user is authenticated
085     */
086    boolean isAuthenticated();
087
088    /**
089     * <p>Determines whether the current session is anonymous. This will be true if any of these conditions are true:</p>
090     * <ul>
091     *   <li>The session's Principal set contains {@link org.apache.wiki.auth.authorize.Role#ANONYMOUS}</li>
092     *   <li>The session's Principal set contains {@link org.apache.wiki.auth.WikiPrincipal#GUEST}</li>
093     *   <li>The Principal returned by {@link #getUserPrincipal()} evaluates to an IP address.</li>
094     * </ul>
095     * <p>The criteria above are listed in the order in which they are evaluated.</p>
096     * @return whether the current user's identity is equivalent to an IP address
097     */
098    boolean isAnonymous();
099
100    /**
101     * <p> Returns the Principal used to log in to an authenticated session. The login principal is determined by examining the
102     * Subject's Principal set for PrincipalWrappers or WikiPrincipals with type designator <code>LOGIN_NAME</code>; the first one
103     * found is the login principal. If one is not found, this method returns the first principal that isn't of type Role or
104     * GroupPrincipal. If neither of these conditions hold, this method returns
105     * {@link org.apache.wiki.auth.WikiPrincipal#GUEST}.
106     *
107     * @return the login Principal. If it is a PrincipalWrapper containing an externally-provided Principal, the object returned is the
108     * Principal, not the wrapper around it.
109     */
110    Principal getLoginPrincipal();
111
112    /**
113     * <p>Returns the primary user Principal associated with this session. The primary user principal is determined as follows:</p>
114     * <ol>
115     *     <li>If the Subject's Principal set contains WikiPrincipals, the first WikiPrincipal with type designator
116     *         <code>WIKI_NAME</code> or (alternatively) <code>FULL_NAME</code> is the primary Principal.</li>
117     *     <li>For all other cases, the first Principal in the Subject's principal collection that that isn't of type Role or
118     *         GroupPrincipal is the primary.</li>
119     * </ol>
120     * If no primary user Principal is found, this method returns {@link org.apache.wiki.auth.WikiPrincipal#GUEST}.
121     *
122     * @return the primary user Principal
123     */
124    Principal getUserPrincipal();
125
126    /**
127     *  Returns a cached Locale object for this user.  It's better to use WikiContext's corresponding getBundle() method, since that
128     *  will actually react if the user changes the locale in the middle, but if that's not available (or, for some reason, you need
129     *  the speed), this method can also be used.  The Locale expires when the Session expires, and currently there is no way to
130     *  reset the Locale.
131     *
132     *  @return A cached Locale object
133     *  @since 2.5.96
134     */
135    Locale getLocale();
136
137    /**
138     * Adds a message to the generic list of messages associated with the session. These messages retain their order of insertion and
139     * remain until the {@link #clearMessages()} method is called.
140     *
141     * @param message the message to add; if <code>null</code> it is ignored.
142     */
143    void addMessage( String message );
144
145    /**
146     * Adds a message to the specific set of messages associated with the session. These messages retain their order of insertion and
147     * remain until the {@link #clearMessages()} method is called.
148     *
149     * @param topic the topic to associate the message to;
150     * @param message the message to add
151     */
152    void addMessage( String topic, String message );
153
154    /**
155     * Clears all messages associated with this session.
156     */
157    void clearMessages();
158
159    /**
160     * Clears all messages associated with a session topic.
161     *
162     * @param topic the topic whose messages should be cleared.
163     */
164    void clearMessages( String topic );
165
166    /**
167     * Returns all generic messages associated with this session. The messages stored with the session persist throughout the
168     * session unless they have been reset with {@link #clearMessages()}.
169     *
170     * @return the current messages.
171     */
172    String[] getMessages();
173
174    /**
175     * Returns all messages associated with a session topic. The messages stored with the session persist throughout the
176     * session unless they have been reset with {@link #clearMessages(String)}.
177     *
178     * @return the current messages.
179     * @param topic The topic
180     */
181    String[] getMessages( String topic );
182
183    /**
184     * Returns all user Principals associated with this session. User principals are those in the Subject's principal collection that
185     * aren't of type Role or of type GroupPrincipal. This is a defensive copy.
186     *
187     * @return Returns the user principal
188     * @see org.apache.wiki.auth.AuthenticationManager#isUserPrincipal(Principal)
189     */
190    Principal[] getPrincipals();
191
192    /**
193     * Returns an array of Principal objects that represents the groups and roles that the user associated with a Session possesses.
194     * The array is built by iterating through the Subject's Principal set and extracting all Role and GroupPrincipal objects into a
195     * list. The list is returned as an array sorted in the natural order implied by each Principal's <code>getName</code> method. Note
196     * that this method does <em>not</em> consult the external Authorizer or GroupManager; it relies on the Principals that have been
197     * injected into the user's Subject at login time, or after group creation/modification/deletion.
198     *
199     * @return an array of Principal objects corresponding to the roles the Subject possesses
200     */
201    Principal[] getRoles();
202
203    /**
204     * Returns <code>true</code> if the Session's Subject possess a supplied Principal. This method eliminates the need to externally
205     * request and inspect the JAAS subject.
206     *
207     * @param principal the Principal to test
208     * @return the result
209     */
210    boolean hasPrincipal( Principal principal );
211
212    /** Invalidates the Session and resets its Subject's Principals to the equivalent of a "guest session". */
213    void invalidate();
214
215    /**
216     * <p>Returns the status of the wiki session as a text string. Valid values are:</p>
217     * <ul>
218     *   <li>{@link #AUTHENTICATED}</li>
219     *   <li>{@link #ASSERTED}</li>
220     *   <li>{@link #ANONYMOUS}</li>
221     * </ul>
222     *
223     * @return the user's session status
224     */
225    String getStatus();
226
227    /**
228     * Returns the {@link Subject} associated to the session.
229     *
230     * @return {@link Subject} associated to the session.
231     */
232    Subject getSubject();
233
234    /**
235     * Wrapper for {@link Subject#doAsPrivileged(Subject, PrivilegedAction, java.security.AccessControlContext)}
236     * that executes an action with the privileges posssessed by a Session's Subject. The action executes with a <code>null</code>
237     * AccessControlContext, which has the effect of running it "cleanly" without the AccessControlContexts of the caller.
238     *
239     * @param session the wiki session
240     * @param action the privileged action
241     * @return the result of the privileged action; may be <code>null</code>
242     * @throws java.security.AccessControlException if the action is not permitted by the security policy
243     */
244    static Object doPrivileged( final Session session, final PrivilegedAction<?> action ) throws AccessControlException {
245        return Subject.doAsPrivileged( session.getSubject(), action, null );
246    }
247
248}