Package org.apache.wiki.auth

Class SecurityVerifier

java.lang.Object

org.apache.wiki.auth.SecurityVerifier

public final class SecurityVerifier
extends Object

Helper class for verifying JSPWiki's security configuration. Invoked by admin/SecurityConfig.jsp.

Since:

2.4

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ERROR	Message prefix for errors.
static final String	ERROR_DB	Message topic for user database errors.
static final String	ERROR_GROUPS	Message topic for group database errors.
static final String	ERROR_JAAS	Message topic for JAAS errors.
static final String	ERROR_POLICY	Message topic for policy errors.
static final String	ERROR_ROLES	Message topic for role-checking errors.
static final String	INFO	Message prefix for information messages.
static final String	INFO_DB	Message topic for user database information messages.
static final String	INFO_GROUPS	Message topic for group database information messages.
static final String	INFO_JAAS	Message topic for JAAS information messages.
static final String	INFO_POLICY	Message topic for policy information messages.
static final String	INFO_ROLES	Message topic for role-checking information messages.
static final String	WARNING	Message prefix for warnings.
static final String	WARNING_DB	Message topic for user database warnings.
static final String	WARNING_GROUPS	Message topic for group database warnings.
static final String	WARNING_JAAS	Message topic for JAAS warnings.
static final String	WARNING_POLICY	Message topic for policy warnings.

Constructor Summary

Constructors

Constructor	Description
SecurityVerifier(Engine engine, Session session)	Constructs a new SecurityVerifier for a supplied Engine and WikiSession.

Method Summary

Modifier and Type	Method	Description
String	containerRoleTable()	Formats and returns an HTML table containing the roles the web container is aware of, and whether each role maps to particular JSPs.
boolean	isSecurityPolicyConfigured()	Returns true if the Java security policy is configured correctly, and it verifies as valid.
Principal[]	policyPrincipals()	Returns an array of unique Principals from the JSPWIki security policy file.
String	policyRoleTable()	Formats and returns an HTML table containing sample permissions and what roles are allowed to have them.
Principal[]	webContainerRoles()	If the active Authorizer is the WebContainerAuthorizer, returns the roles it knows about; otherwise, a zero-length array.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ERROR

public static final String ERROR

Message prefix for errors.

See Also:

• Constant Field Values

WARNING

public static final String WARNING

Message prefix for warnings.

See Also:

• Constant Field Values

INFO

public static final String INFO

Message prefix for information messages.

See Also:

• Constant Field Values

ERROR_POLICY

public static final String ERROR_POLICY

Message topic for policy errors.

See Also:

• Constant Field Values

WARNING_POLICY

public static final String WARNING_POLICY

Message topic for policy warnings.

See Also:

• Constant Field Values

INFO_POLICY

public static final String INFO_POLICY

Message topic for policy information messages.

See Also:

• Constant Field Values

ERROR_JAAS

public static final String ERROR_JAAS

Message topic for JAAS errors.

See Also:

• Constant Field Values

WARNING_JAAS

public static final String WARNING_JAAS

Message topic for JAAS warnings.

See Also:

• Constant Field Values

ERROR_ROLES

public static final String ERROR_ROLES

Message topic for role-checking errors.

See Also:

• Constant Field Values

INFO_ROLES

public static final String INFO_ROLES

Message topic for role-checking information messages.

See Also:

• Constant Field Values

ERROR_DB

public static final String ERROR_DB

Message topic for user database errors.

See Also:

• Constant Field Values

WARNING_DB

public static final String WARNING_DB

Message topic for user database warnings.

See Also:

• Constant Field Values

INFO_DB

public static final String INFO_DB

Message topic for user database information messages.

See Also:

• Constant Field Values

ERROR_GROUPS

public static final String ERROR_GROUPS

Message topic for group database errors.

See Also:

• Constant Field Values

WARNING_GROUPS

public static final String WARNING_GROUPS

Message topic for group database warnings.

See Also:

• Constant Field Values

INFO_GROUPS

public static final String INFO_GROUPS

Message topic for group database information messages.

See Also:

• Constant Field Values

INFO_JAAS

public static final String INFO_JAAS

Message topic for JAAS information messages.

See Also:

• Constant Field Values

Constructor Details

SecurityVerifier

public SecurityVerifier(Engine engine,
 Session session)

Constructs a new SecurityVerifier for a supplied Engine and WikiSession.

Parameters:

engine - the wiki engine

session - the wiki session (typically, that of an administrator)

Method Details

policyPrincipals

public Principal[] policyPrincipals()

Returns an array of unique Principals from the JSPWIki security policy file. This array will be zero-length if the policy file was not successfully located, or if the file did not specify any Principals in the policy.

Returns:

the array of principals

policyRoleTable

public String policyRoleTable()

Formats and returns an HTML table containing sample permissions and what roles are allowed to have them. This method will throw an IllegalStateException if the authorizer is not of type WebContainerAuthorizer

Returns:

the formatted HTML table containing the result of the tests

containerRoleTable

public String containerRoleTable()
                          throws WikiException

Formats and returns an HTML table containing the roles the web container is aware of, and whether each role maps to particular JSPs. This method throws an IllegalStateException if the authorizer is not of type WebContainerAuthorizer

Returns:

the formatted HTML table containing the result of the tests

Throws:

WikiException - if tests fail for unexpected reasons

isSecurityPolicyConfigured

public boolean isSecurityPolicyConfigured()

Returns true if the Java security policy is configured correctly, and it verifies as valid.

Returns:

the result of the configuration check

webContainerRoles

public Principal[] webContainerRoles()
                              throws WikiException

If the active Authorizer is the WebContainerAuthorizer, returns the roles it knows about; otherwise, a zero-length array.

Returns:

the roles parsed from web.xml, or a zero-length array

Throws:

WikiException - if the web authorizer cannot obtain the list of roles