Class SecurityVerifier


  • public final class SecurityVerifier
    extends java.lang.Object
    Helper class for verifying JSPWiki's security configuration. Invoked by admin/SecurityConfig.jsp.
    Since:
    2.4
    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ERROR
      Message prefix for errors.
      static java.lang.String ERROR_DB
      Message topic for user database errors.
      static java.lang.String ERROR_GROUPS
      Message topic for group database errors.
      static java.lang.String ERROR_JAAS
      Message topic for JAAS errors.
      static java.lang.String ERROR_POLICY
      Message topic for policy errors.
      static java.lang.String ERROR_ROLES
      Message topic for role-checking errors.
      static java.lang.String INFO
      Message prefix for information messages.
      static java.lang.String INFO_DB
      Message topic for user database information messages.
      static java.lang.String INFO_GROUPS
      Message topic for group database information messages.
      static java.lang.String INFO_JAAS
      Message topic for JAAS information messages.
      static java.lang.String INFO_POLICY
      Message topic for policy information messages.
      static java.lang.String INFO_ROLES
      Message topic for role-checking information messages.
      static java.lang.String WARNING
      Message prefix for warnings.
      static java.lang.String WARNING_DB
      Message topic for user database warnings.
      static java.lang.String WARNING_GROUPS
      Message topic for group database warnings.
      static java.lang.String WARNING_JAAS
      Message topic for JAAS warnings.
      static java.lang.String WARNING_POLICY
      Message topic for policy warnings.
    • Constructor Summary

      Constructors 
      Constructor Description
      SecurityVerifier​(Engine engine, Session session)
      Constructs a new SecurityVerifier for a supplied Engine and WikiSession.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String containerRoleTable()
      Formats and returns an HTML table containing the roles the web container is aware of, and whether each role maps to particular JSPs.
      boolean isSecurityPolicyConfigured()
      Returns true if the Java security policy is configured correctly, and it verifies as valid.
      java.security.Principal[] policyPrincipals()
      Returns an array of unique Principals from the JSPWIki security policy file.
      java.lang.String policyRoleTable()
      Formats and returns an HTML table containing sample permissions and what roles are allowed to have them.
      java.security.Principal[] webContainerRoles()
      If the active Authorizer is the WebContainerAuthorizer, returns the roles it knows about; otherwise, a zero-length array.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • SecurityVerifier

        public SecurityVerifier​(Engine engine,
                                Session session)
        Constructs a new SecurityVerifier for a supplied Engine and WikiSession.
        Parameters:
        engine - the wiki engine
        session - the wiki session (typically, that of an administrator)
    • Method Detail

      • policyPrincipals

        public java.security.Principal[] policyPrincipals()
        Returns an array of unique Principals from the JSPWIki security policy file. This array will be zero-length if the policy file was not successfully located, or if the file did not specify any Principals in the policy.
        Returns:
        the array of principals
      • policyRoleTable

        public java.lang.String policyRoleTable()
        Formats and returns an HTML table containing sample permissions and what roles are allowed to have them. This method will throw an IllegalStateException if the authorizer is not of type WebContainerAuthorizer
        Returns:
        the formatted HTML table containing the result of the tests
      • containerRoleTable

        public java.lang.String containerRoleTable()
                                            throws WikiException
        Formats and returns an HTML table containing the roles the web container is aware of, and whether each role maps to particular JSPs. This method throws an IllegalStateException if the authorizer is not of type WebContainerAuthorizer
        Returns:
        the formatted HTML table containing the result of the tests
        Throws:
        WikiException - if tests fail for unexpected reasons
      • isSecurityPolicyConfigured

        public boolean isSecurityPolicyConfigured()
        Returns true if the Java security policy is configured correctly, and it verifies as valid.
        Returns:
        the result of the configuration check
      • webContainerRoles

        public java.security.Principal[] webContainerRoles()
                                                    throws WikiException
        If the active Authorizer is the WebContainerAuthorizer, returns the roles it knows about; otherwise, a zero-length array.
        Returns:
        the roles parsed from web.xml, or a zero-length array
        Throws:
        WikiException - if the web authorizer cannot obtain the list of roles