This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit f6fe5041da6b74c60355adc0f5a7e9eb00ef8896 Author: juanpablo <[email protected]> AuthorDate: Wed Mar 4 21:39:10 2020 +0100 JSPWIKI-303: begin to use Session instead of WikiSession (1) --- .../src/main/java/org/apache/wiki/WikiContext.java | 8 +-- .../apache/wiki/attachment/AttachmentServlet.java | 3 +- .../apache/wiki/auth/AuthenticationManager.java | 4 +- .../org/apache/wiki/auth/AuthorizationManager.java | 22 ++++---- .../main/java/org/apache/wiki/auth/Authorizer.java | 3 +- .../wiki/auth/DefaultAuthenticationManager.java | 11 ++-- .../wiki/auth/DefaultAuthorizationManager.java | 9 ++-- .../org/apache/wiki/auth/DefaultUserManager.java | 15 +++--- .../org/apache/wiki/auth/SecurityVerifier.java | 6 +-- .../java/org/apache/wiki/auth/SessionMonitor.java | 60 +++++++++++----------- .../java/org/apache/wiki/auth/UserManager.java | 13 ++--- .../wiki/auth/authorize/DefaultGroupManager.java | 5 +- .../apache/wiki/auth/authorize/GroupManager.java | 10 ++-- .../auth/authorize/WebContainerAuthorizer.java | 6 +-- .../main/java/org/apache/wiki/plugin/Groups.java | 5 +- 15 files changed, 94 insertions(+), 86 deletions(-) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java index 7fce8c9..8b9e53d 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java @@ -20,6 +20,7 @@ package org.apache.wiki; import org.apache.log4j.Logger; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.auth.AuthorizationManager; import org.apache.wiki.auth.NoSuchPrincipalException; import org.apache.wiki.auth.UserManager; @@ -69,7 +70,7 @@ public class WikiContext implements Cloneable, Command { /** Stores the HttpServletRequest. May be null, if the request did not come from a servlet. */ protected HttpServletRequest m_request; - private WikiSession m_session; + private Session m_session; public static final String ATTR_CONTEXT = "jspwiki.context"; @@ -652,11 +653,12 @@ public class WikiContext implements Cloneable, Command { /** * Returns the WikiSession associated with the context. This method is guaranteed to always return a valid WikiSession. - * If this context was constructed without an associated HttpServletRequest, it will return {@link WikiSession#guestSession(Engine)}. + * If this context was constructed without an associated HttpServletRequest, it will return + * {@link org.apache.wiki.WikiSession#guestSession(Engine)}. * * @return The WikiSession associate with this context. */ - public WikiSession getWikiSession() + public Session getWikiSession() { return m_session; } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java b/jspwiki-main/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java index 1a1e0c4..005076f 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java @@ -31,6 +31,7 @@ import org.apache.wiki.WikiPage; import org.apache.wiki.WikiProvider; import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.ProviderException; import org.apache.wiki.api.exceptions.RedirectException; import org.apache.wiki.api.exceptions.WikiException; @@ -351,7 +352,7 @@ public class AttachmentServlet extends HttpServlet { req.getSession().removeAttribute("msg"); res.sendRedirect( nextPage ); } catch( final RedirectException e ) { - final WikiSession session = WikiSession.getWikiSession( m_engine, req ); + final Session session = WikiSession.getWikiSession( m_engine, req ); session.addMessage( e.getMessage() ); req.getSession().setAttribute("msg", e.getMessage()); diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java index e2c349b..9360124 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java @@ -18,8 +18,8 @@ */ package org.apache.wiki.auth; -import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.WikiException; import org.apache.wiki.auth.authorize.Role; import org.apache.wiki.event.WikiEventListener; @@ -131,7 +131,7 @@ public interface AuthenticationManager { * @return true, if the username/password is valid * @throws org.apache.wiki.auth.WikiSecurityException if the Authorizer or UserManager cannot be obtained */ - boolean login( WikiSession session, HttpServletRequest request, String username, String password ) throws WikiSecurityException; + boolean login( Session session, HttpServletRequest request, String username, String password ) throws WikiSecurityException; /** * Logs the user out by retrieving the WikiSession associated with the HttpServletRequest and unbinding all of the Subject's Principals, diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java index 5c07767..c10128e 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java @@ -19,8 +19,8 @@ package org.apache.wiki.auth; import org.apache.wiki.WikiContext; -import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.WikiException; import org.apache.wiki.auth.authorize.Role; import org.apache.wiki.event.WikiEventListener; @@ -45,7 +45,7 @@ import java.util.Properties; * <em>e.g.,</em> reading, editing, renaming * </ul> * <p>Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first, - * then passing it and the current {@link org.apache.wiki.WikiSession} to the {@link #checkPermission(WikiSession, Permission)} method. If + * then passing it and the current {@link org.apache.wiki.WikiSession} to the {@link #checkPermission(Session, Permission)} method. If * the session's Subject possesses the permission, the action is allowed.</p> * <p>For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki * security policy -- or not.</p> @@ -54,7 +54,7 @@ import java.util.Properties; * security policy. In other words, the user must be named in the ACL (or belong to a group or role that is named in the ACL) <em>and</em> * be granted (at least) the same permission in the security policy. We do this to prevent a user from gaining more permissions than they * already have, based on the security policy.</p> - * <p>See the implementation on {@link #checkPermission(WikiSession, Permission)} method for more information on the authorization logic.</p> + * <p>See the implementation on {@link #checkPermission(Session, Permission)} method for more information on the authorization logic.</p> * * @since 2.3 * @see AuthenticationManager @@ -103,7 +103,7 @@ public interface AuthorizationManager { * @param permission the Permission being checked * @return the result of the Permission check */ - boolean checkPermission( WikiSession session, Permission permission ); + boolean checkPermission( Session session, Permission permission ); /** * <p>Determines if the Subject associated with a supplied WikiSession contains a desired Role or GroupPrincipal. The algorithm @@ -119,7 +119,7 @@ public interface AuthorizationManager { * the result of this method always returns <code>false</code> * @return <code>true</code> if the Subject supplied with the WikiContext posesses the Role or GroupPrincipal, <code>false</code> otherwise */ - default boolean isUserInRole( final WikiSession session, final Principal principal ) { + default boolean isUserInRole( final Session session, final Principal principal ) { if ( session == null || principal == null || AuthenticationManager.isUserPrincipal( principal ) ) { return false; } @@ -149,7 +149,7 @@ public interface AuthorizationManager { * <p>Determines if the Subject associated with a supplied WikiSession contains a desired user Principal or built-in Role principal, * OR is a member a Group or external Role. The rules are as follows:</p> * <ol> - * <li>First, if desired Principal is a Role or GroupPrincipal, delegate to {@link #isUserInRole(WikiSession, Principal)} and + * <li>First, if desired Principal is a Role or GroupPrincipal, delegate to {@link #isUserInRole(Session, Principal)} and * return the result.</li> * <li>Otherwise, we're looking for a user Principal, so iterate through the Principal set and see if any share the same name as the * one we are looking for.</li> @@ -163,11 +163,11 @@ public interface AuthorizationManager { * @return <code>true</code> if the Subject supplied with the WikiContext posesses the Role, GroupPrincipal or desired * user Principal, <code>false</code> otherwise */ - boolean hasRoleOrPrincipal( WikiSession session, Principal principal ); + boolean hasRoleOrPrincipal( Session session, Principal principal ); /** * Checks whether the current user has access to the wiki context, by obtaining the required Permission ({@link WikiContext#requiredPermission()}) - * and delegating the access check to {@link #checkPermission(WikiSession, Permission)}. If the user is allowed, this method returns + * and delegating the access check to {@link #checkPermission(Session, Permission)}. If the user is allowed, this method returns * <code>true</code>; <code>false</code> otherwise. If access is allowed, the wiki context will be added to the request as an attribute * with the key name {@link org.apache.wiki.WikiContext#ATTR_CONTEXT}. Note that this method will automatically redirect the user to * a login or error page, as appropriate, if access fails. This is NOT guaranteed to be default behavior in the future. @@ -184,7 +184,7 @@ public interface AuthorizationManager { /** * Checks whether the current user has access to the wiki context (and * optionally redirects if not), by obtaining the required Permission ({@link WikiContext#requiredPermission()}) - * and delegating the access check to {@link #checkPermission(WikiSession, Permission)}. + * and delegating the access check to {@link #checkPermission(Session, Permission)}. * If the user is allowed, this method returns <code>true</code>; * <code>false</code> otherwise. Also, the wiki context will be added to the request as attribute * with the key name {@link org.apache.wiki.WikiContext#ATTR_CONTEXT}. @@ -209,7 +209,7 @@ public interface AuthorizationManager { /** * Checks to see if the local security policy allows a particular static Permission. - * Do not use this method for normal permission checks; use {@link #checkPermission(WikiSession, Permission)} instead. + * Do not use this method for normal permission checks; use {@link #checkPermission(Session, Permission)} instead. * * @param principals the Principals to check * @param permission the Permission @@ -230,7 +230,7 @@ public interface AuthorizationManager { * @param permission the Permission the Subject must possess * @return <code>true</code> if the Subject possesses the permission, <code>false</code> otherwise */ - boolean checkStaticPermission( WikiSession session, Permission permission ); + boolean checkStaticPermission( Session session, Permission permission ); /** * <p>Given a supplied string representing a Principal's name from an Acl, this method resolves the correct type of Principal (role, diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java index efdc60e..534d6a5 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java @@ -20,6 +20,7 @@ package org.apache.wiki.auth; import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import java.security.Principal; import java.util.Properties; @@ -74,6 +75,6 @@ public interface Authorizer { * @param role the role to check * @return <code>true</code> if the user is considered to be in the role, <code>false</code> otherwise */ - boolean isUserInRole( WikiSession session, Principal role ); + boolean isUserInRole( Session session, Principal role ); } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java index a5a9f13..8056db8 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java @@ -21,6 +21,7 @@ package org.apache.wiki.auth; import org.apache.log4j.Logger; import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.WikiException; import org.apache.wiki.auth.authorize.WebAuthorizer; import org.apache.wiki.auth.authorize.WebContainerAuthorizer; @@ -208,7 +209,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager { * {@inheritDoc} */ @Override - public boolean login( final WikiSession session, final HttpServletRequest request, final String username, final String password ) throws WikiSecurityException { + public boolean login( final Session session, final HttpServletRequest request, final String username, final String password ) throws WikiSecurityException { if ( session == null ) { log.error( "No wiki session provided, cannot log in." ); return false; @@ -276,7 +277,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager { log.debug( "Invalidating WikiSession for session ID=" + sid ); } // Retrieve the associated WikiSession and clear the Principal set - final WikiSession wikiSession = WikiSession.getWikiSession( m_engine, request ); + final Session wikiSession = WikiSession.getWikiSession( m_engine, request ); final Principal originalPrincipal = wikiSession.getLoginPrincipal(); wikiSession.invalidate(); @@ -284,7 +285,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager { WikiSession.removeWikiSession( m_engine, request ); // We need to flush the HTTP session too - if ( session != null ) { + if( session != null ) { session.invalidate(); } @@ -394,7 +395,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager { /** * After successful login, this method is called to inject authorized role Principals into the WikiSession. To determine which roles * should be injected, the configured Authorizer is queried for the roles it knows about by calling {@link Authorizer#getRoles()}. - * Then, each role returned by the authorizer is tested by calling {@link Authorizer#isUserInRole(WikiSession, Principal)}. If this + * Then, each role returned by the authorizer is tested by calling {@link Authorizer#isUserInRole(Session, Principal)}. If this * check fails, and the Authorizer is of type WebAuthorizer, the role is checked again by calling * {@link WebAuthorizer#isUserInRole(HttpServletRequest, Principal)}). Any roles that pass the test are injected into the Subject by * firing appropriate authentication events. @@ -403,7 +404,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager { * @param authorizer the Engine's configured Authorizer * @param request the user's HTTP session, which may be <code>null</code> */ - private void injectAuthorizerRoles( final WikiSession session, final Authorizer authorizer, final HttpServletRequest request ) { + private void injectAuthorizerRoles( final Session session, final Authorizer authorizer, final HttpServletRequest request ) { // Test each role the authorizer knows about for( final Principal role : authorizer.getRoles() ) { // Test the Authorizer diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java index b64834e..0506df0 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java @@ -23,6 +23,7 @@ import org.apache.wiki.WikiContext; import org.apache.wiki.WikiPage; import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.NoRequiredPropertyException; import org.apache.wiki.api.exceptions.WikiException; import org.apache.wiki.auth.acl.Acl; @@ -94,7 +95,7 @@ public class DefaultAuthorizationManager implements AuthorizationManager { /** {@inheritDoc} */ @Override - public boolean checkPermission( final WikiSession session, final Permission permission ) { + public boolean checkPermission( final Session session, final Permission permission ) { // A slight sanity check. if( session == null || permission == null ) { fireEvent( WikiSecurityEvent.ACCESS_DENIED, null, permission ); @@ -172,7 +173,7 @@ public class DefaultAuthorizationManager implements AuthorizationManager { /** {@inheritDoc} */ @Override - public boolean hasRoleOrPrincipal( final WikiSession session, final Principal principal ) { + public boolean hasRoleOrPrincipal( final Session session, final Principal principal ) { // If either parameter is null, always deny if( session == null || principal == null ) { return false; @@ -315,8 +316,8 @@ public class DefaultAuthorizationManager implements AuthorizationManager { /** {@inheritDoc} */ @Override - public boolean checkStaticPermission( final WikiSession session, final Permission permission ) { - return ( Boolean )WikiSession.doPrivileged( session, ( PrivilegedAction< Boolean > )() -> { + public boolean checkStaticPermission( final Session session, final Permission permission ) { + return ( Boolean )Session.doPrivileged( session, ( PrivilegedAction< Boolean > )() -> { try { // Check the JVM-wide security policy first AccessController.checkPermission( permission ); diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java index 1eee920..0b8db6f 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java @@ -21,11 +21,11 @@ package org.apache.wiki.auth; import org.apache.commons.lang3.StringUtils; import org.apache.log4j.Logger; import org.apache.wiki.WikiContext; -import org.apache.wiki.WikiSession; import org.apache.wiki.ajax.AjaxUtil; import org.apache.wiki.ajax.WikiAjaxDispatcherServlet; import org.apache.wiki.ajax.WikiAjaxServlet; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.NoRequiredPropertyException; import org.apache.wiki.api.exceptions.WikiException; import org.apache.wiki.api.filters.PageFilter; @@ -90,7 +90,7 @@ public class DefaultUserManager implements UserManager { private static final Logger log = Logger.getLogger( DefaultUserManager.class); /** Associates wiki sessions with profiles */ - private final Map< WikiSession, UserProfile > m_profiles = new WeakHashMap<>(); + private final Map< Session, UserProfile > m_profiles = new WeakHashMap<>(); /** The user database loads, manages and persists user identities */ private UserDatabase m_database; @@ -147,7 +147,7 @@ public class DefaultUserManager implements UserManager { /** {@inheritDoc} */ @Override - public UserProfile getUserProfile( final WikiSession session ) { + public UserProfile getUserProfile( final Session session ) { // Look up cached user profile UserProfile profile = m_profiles.get( session ); boolean newProfile = profile == null; @@ -179,7 +179,7 @@ public class DefaultUserManager implements UserManager { /** {@inheritDoc} */ @Override - public void setUserProfile( final WikiSession session, final UserProfile profile ) throws DuplicateUserException, WikiException { + public void setUserProfile( final Session session, final UserProfile profile ) throws DuplicateUserException, WikiException { // Verify user is allowed to save profile! final Permission p = new WikiPermission( m_engine.getApplicationName(), WikiPermission.EDIT_PROFILE_ACTION ); if ( !m_engine.getManager( AuthorizationManager.class ).checkPermission( session, p ) ) { @@ -250,7 +250,7 @@ public class DefaultUserManager implements UserManager { /** {@inheritDoc} */ @Override - public void startUserProfileCreationWorkflow( final WikiSession session, final UserProfile profile ) throws WikiException { + public void startUserProfileCreationWorkflow( final Session session, final UserProfile profile ) throws WikiException { final WorkflowBuilder builder = WorkflowBuilder.getBuilder( m_engine ); final Principal submitter = session.getUserPrincipal(); final Step completionTask = m_engine.getManager( TasksManager.class ).buildSaveUserProfileTask( m_engine, session.getLocale() ); @@ -300,8 +300,7 @@ public class DefaultUserManager implements UserManager { fullname = InputValidator.isBlank( fullname ) ? null : fullname; email = InputValidator.isBlank( email ) ? null : email; - // A special case if we have container authentication - // If authenticated, login name is always taken from container + // A special case if we have container authentication: if authenticated, login name is always taken from container if ( m_engine.getManager( AuthenticationManager.class ).isContainerAuthenticated() && context.getWikiSession().isAuthenticated() ) { loginName = context.getWikiSession().getLoginPrincipal().getName(); } @@ -318,7 +317,7 @@ public class DefaultUserManager implements UserManager { @Override public void validateProfile( final WikiContext context, final UserProfile profile ) { final boolean isNew = profile.isNew(); - final WikiSession session = context.getWikiSession(); + final Session session = context.getWikiSession(); final InputValidator validator = new InputValidator( SESSION_MESSAGES, context ); final ResourceBundle rb = Preferences.getBundle( context, InternationalizationManager.CORE_BUNDLE ); diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java index dfc4a20..97a6e94 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java @@ -20,8 +20,8 @@ package org.apache.wiki.auth; import org.apache.commons.lang3.ArrayUtils; import org.apache.log4j.Logger; -import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.WikiException; import org.apache.wiki.auth.authorize.Group; import org.apache.wiki.auth.authorize.GroupDatabase; @@ -67,7 +67,7 @@ public final class SecurityVerifier { private Principal[] m_policyPrincipals = new Principal[0]; - private WikiSession m_session; + private Session m_session; /** Message prefix for errors. */ public static final String ERROR = "Error."; @@ -150,7 +150,7 @@ public final class SecurityVerifier { * @param engine the wiki engine * @param session the wiki session (typically, that of an administrator) */ - public SecurityVerifier( final Engine engine, final WikiSession session ) { + public SecurityVerifier( final Engine engine, final Session session ) { m_engine = engine; m_session = session; m_session.clearMessages(); diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java index 52f8e54..0ddc03e 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java @@ -26,6 +26,7 @@ import org.apache.wiki.event.WikiEventManager; import org.apache.wiki.event.WikiSecurityEvent; import org.apache.wiki.util.comparators.PrincipalComparator; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; @@ -38,10 +39,9 @@ import java.util.WeakHashMap; import java.util.concurrent.ConcurrentHashMap; /** - * <p>Manages WikiSession's for different Engine's.</p> - * <p>The WikiSession's are stored both in the remote user HttpSession and in the SessionMonitor for the WikeEngine. - * This class must be configured as a session listener in the web.xml for the wiki web application. - * </p> + * <p>Manages Sessions for different Engines.</p> + * <p>The Sessions are stored both in the remote user HttpSession and in the SessionMonitor for the Engine. + * This class must be configured as a session listener in the web.xml for the wiki web application.</p> */ public class SessionMonitor implements HttpSessionListener { @@ -64,29 +64,20 @@ public class SessionMonitor implements HttpSessionListener { * @return the session monitor */ public static SessionMonitor getInstance( final Engine engine ) { - if( engine == null ) - { + if( engine == null ) { throw new IllegalArgumentException( "Engine cannot be null." ); } - SessionMonitor monitor; - - monitor = c_monitors.get(engine); - if( monitor == null ) - { - monitor = new SessionMonitor(engine); - - c_monitors.put( engine, monitor ); - - } + SessionMonitor monitor = c_monitors.get( engine ); + if( monitor == null ) { + monitor = new SessionMonitor( engine ); + c_monitors.put( engine, monitor ); + } return monitor; } - /** - * Construct the SessionListener - */ - public SessionMonitor() - { + /** Construct the SessionListener */ + public SessionMonitor() { } private SessionMonitor( final Engine engine ) { @@ -139,7 +130,7 @@ public class SessionMonitor implements HttpSessionListener { if( log.isDebugEnabled() ) { log.debug( "Looking up WikiSession for session ID=" + sid + "... not found. Creating guestSession()" ); } - wikiSession = WikiSession.guestSession( m_engine ); + wikiSession = (WikiSession)WikiSession.guestSession( m_engine ); synchronized( m_sessions ) { m_sessions.put( sid, wikiSession ); } @@ -149,18 +140,27 @@ public class SessionMonitor implements HttpSessionListener { } /** - * Removes the wiki session associated with the user's HttpSession - * from the session cache. + * Removes the wiki session associated with the user's HttpRequest from the session cache. + * + * @param request the user's HTTP request + */ + public final void remove( final HttpServletRequest request ) { + if( request == null ) { + throw new IllegalArgumentException( "Request cannot be null." ); + } + remove( request.getSession() ); + } + + /** + * Removes the wiki session associated with the user's HttpSession from the session cache. + * * @param session the user's HTTP session */ - public final void remove( final HttpSession session ) - { - if ( session == null ) - { + public final void remove( final HttpSession session ) { + if( session == null ) { throw new IllegalArgumentException( "Session cannot be null." ); } - synchronized ( m_sessions ) - { + synchronized( m_sessions ) { m_sessions.remove( session.getId() ); } } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java index f68dda1..bc0f66c 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java @@ -21,6 +21,7 @@ package org.apache.wiki.auth; import org.apache.wiki.WikiContext; import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.WikiException; import org.apache.wiki.auth.user.DuplicateUserException; import org.apache.wiki.auth.user.UserDatabase; @@ -64,7 +65,7 @@ public interface UserManager { UserDatabase getUserDatabase(); /** - * <p>Retrieves the {@link org.apache.wiki.auth.user.UserProfile} for the user in a wiki session. If the user is authenticated, the + * <p>Retrieves the {@link org.apache.wiki.auth.user.UserProfile} for the user in a session. If the user is authenticated, the * UserProfile returned will be the one stored in the user database; if one does not exist, a new one will be initialized and returned. * If the user is anonymous or asserted, the UserProfile will <i>always</i> be newly initialized to prevent spoofing of identities. * If a UserProfile needs to be initialized, its {@link org.apache.wiki.auth.user.UserProfile#isNew()} method will return @@ -74,11 +75,11 @@ public interface UserManager { * <code>false</code>, this method throws an {@link IllegalStateException}. This is meant as a quality check for UserDatabase providers; * it should only be thrown if the implementation is faulty.</p> * - * @param session the wiki session, which may not be <code>null</code> + * @param session the session, which may not be <code>null</code> * @return the user's profile, which will be newly initialized if the user is anonymous or asserted, or if the user cannot be found in * the user database */ - UserProfile getUserProfile( WikiSession session ); + UserProfile getUserProfile( Session session ); /** * <p> @@ -108,9 +109,9 @@ public interface UserManager { * {@link org.apache.wiki.workflow.DecisionRequiredException}. All other WikiException * indicate a condition that is not normal is probably due to mis-configuration */ - void setUserProfile( WikiSession session, UserProfile profile ) throws DuplicateUserException, WikiException; + void setUserProfile( Session session, UserProfile profile ) throws DuplicateUserException, WikiException; - void startUserProfileCreationWorkflow( WikiSession session, UserProfile profile ) throws WikiException; + void startUserProfileCreationWorkflow( Session session, UserProfile profile ) throws WikiException; /** * <p> Extracts user profile parameters from the HTTP request and populates a UserProfile with them. The UserProfile will either be a @@ -177,7 +178,7 @@ public interface UserManager { * @param session the wiki session supporting the event * @param profile the user profile (or array of user profiles), which may be <code>null</code> */ - default void fireEvent( final int type, final WikiSession session, final Object profile ) { + default void fireEvent( final int type, final Session session, final Object profile ) { if( WikiEventManager.isListening( this ) ) { WikiEventManager.fireEvent( this, new WikiSecurityEvent( session, type, profile ) ); } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java index e24ba71..227c453 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java @@ -22,6 +22,7 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.log4j.Logger; import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.NoRequiredPropertyException; import org.apache.wiki.api.exceptions.WikiException; import org.apache.wiki.auth.AuthenticationManager; @@ -175,7 +176,7 @@ public class DefaultGroupManager implements GroupManager, Authorizer, WikiEventL /** {@inheritDoc} */ @Override - public boolean isUserInRole( final WikiSession session, final Principal role ) { + public boolean isUserInRole( final Session session, final Principal role ) { // Always return false if session/role is null, or if role isn't a GroupPrincipal if ( session == null || !( role instanceof GroupPrincipal ) || !session.isAuthenticated() ) { return false; @@ -273,7 +274,7 @@ public class DefaultGroupManager implements GroupManager, Authorizer, WikiEventL /** {@inheritDoc} */ @Override - public void setGroup( final WikiSession session, final Group group ) throws WikiSecurityException { + public void setGroup( final Session session, final Group group ) throws WikiSecurityException { // TODO: check for appropriate permissions // If group already exists, delete it; fire GROUP_REMOVE event diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java index 7c38ac5..d6a0866 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java @@ -20,7 +20,7 @@ package org.apache.wiki.auth.authorize; import org.apache.commons.lang3.ArrayUtils; import org.apache.wiki.WikiContext; -import org.apache.wiki.WikiSession; +import org.apache.wiki.api.core.Session; import org.apache.wiki.auth.Authorizer; import org.apache.wiki.auth.NoSuchPrincipalException; import org.apache.wiki.auth.WikiSecurityException; @@ -82,7 +82,7 @@ public interface GroupManager extends Authorizer, WikiEventListener { * parameter contains the member list. If these differ from those in the existing group, the passed values override the old values. * </p> * <p> - * This method does not commit the new Group to the GroupManager cache. To do that, use {@link #setGroup(WikiSession, Group)}. + * This method does not commit the new Group to the GroupManager cache. To do that, use {@link #setGroup(Session, Group)}. * </p> * @param name the name of the group to construct * @param memberLine the line of text containing the group membership list @@ -106,7 +106,7 @@ public interface GroupManager extends Authorizer, WikiEventListener { * parameter contains the member list. If these differ from those in the existing group, the passed values override the old values. * </p> * <p> - * This method does not commit the new Group to the GroupManager cache. To do that, use {@link #setGroup(WikiSession, Group)}. + * This method does not commit the new Group to the GroupManager cache. To do that, use {@link #setGroup(Session, Group)}. * </p> * @param context the current wiki context * @param create whether this method should create a new, empty Group if one with the requested name is not found. If <code>false</code>, @@ -176,11 +176,11 @@ public interface GroupManager extends Authorizer, WikiEventListener { * @param group the Group, which may not be <code>null</code> * @throws WikiSecurityException if the Group cannot be saved by the back-end */ - void setGroup( final WikiSession session, final Group group ) throws WikiSecurityException; + void setGroup( final Session session, final Group group ) throws WikiSecurityException; /** * Validates a Group, and appends any errors to the session errors list. Any validation errors are added to the wiki session's messages - * collection (see {@link WikiSession#getMessages()}. + * collection (see {@link Session#getMessages()}. * * @param context the current wiki context * @param group the supplied Group diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java index a4c4968..0353266 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java @@ -20,8 +20,8 @@ package org.apache.wiki.auth.authorize; import org.apache.log4j.Logger; import org.apache.wiki.InternalWikiException; -import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.jdom2.Document; import org.jdom2.Element; import org.jdom2.JDOMException; @@ -166,10 +166,10 @@ public class WebContainerAuthorizer implements WebAuthorizer { * @param role the role to check * @return <code>true</code> if the user is considered to be in the role, * <code>false</code> otherwise - * @see org.apache.wiki.auth.Authorizer#isUserInRole(org.apache.wiki.WikiSession, java.security.Principal) + * @see org.apache.wiki.auth.Authorizer#isUserInRole(org.apache.wiki.api.core.Session, java.security.Principal) */ @Override - public boolean isUserInRole( final WikiSession session, final Principal role ) { + public boolean isUserInRole( final Session session, final Principal role ) { if ( session == null || role == null ) { return false; } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/plugin/Groups.java b/jspwiki-main/src/main/java/org/apache/wiki/plugin/Groups.java index 6447a49..1e5facc 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/plugin/Groups.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/plugin/Groups.java @@ -22,9 +22,9 @@ import org.apache.wiki.WikiContext; import org.apache.wiki.api.core.Engine; import org.apache.wiki.api.exceptions.PluginException; import org.apache.wiki.api.plugin.WikiPlugin; -import org.apache.wiki.auth.PrincipalComparator; import org.apache.wiki.auth.authorize.GroupManager; import org.apache.wiki.url.URLConstructor; +import org.apache.wiki.util.comparators.PrincipalComparator; import java.security.Principal; import java.util.Arrays; @@ -47,7 +47,8 @@ public class Groups implements WikiPlugin { /** * {@inheritDoc} */ - @Override public String execute( final WikiContext context, final Map<String, String> params ) throws PluginException { + @Override + public String execute( final WikiContext context, final Map<String, String> params ) throws PluginException { // Retrieve groups, and sort by name final Engine engine = context.getEngine(); final GroupManager groupMgr = engine.getManager( GroupManager.class );
