You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2020/03/06 18:04:22 UTC
[jspwiki] 20/35: JSPWIKI-303: begin to use Session instead of
WikiSession (1)
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit f6fe5041da6b74c60355adc0f5a7e9eb00ef8896
Author: juanpablo <ju...@apache.org>
AuthorDate: Wed Mar 4 21:39:10 2020 +0100
JSPWIKI-303: begin to use Session instead of WikiSession (1)
---
.../src/main/java/org/apache/wiki/WikiContext.java | 8 +--
.../apache/wiki/attachment/AttachmentServlet.java | 3 +-
.../apache/wiki/auth/AuthenticationManager.java | 4 +-
.../org/apache/wiki/auth/AuthorizationManager.java | 22 ++++----
.../main/java/org/apache/wiki/auth/Authorizer.java | 3 +-
.../wiki/auth/DefaultAuthenticationManager.java | 11 ++--
.../wiki/auth/DefaultAuthorizationManager.java | 9 ++--
.../org/apache/wiki/auth/DefaultUserManager.java | 15 +++---
.../org/apache/wiki/auth/SecurityVerifier.java | 6 +--
.../java/org/apache/wiki/auth/SessionMonitor.java | 60 +++++++++++-----------
.../java/org/apache/wiki/auth/UserManager.java | 13 ++---
.../wiki/auth/authorize/DefaultGroupManager.java | 5 +-
.../apache/wiki/auth/authorize/GroupManager.java | 10 ++--
.../auth/authorize/WebContainerAuthorizer.java | 6 +--
.../main/java/org/apache/wiki/plugin/Groups.java | 5 +-
15 files changed, 94 insertions(+), 86 deletions(-)
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java
index 7fce8c9..8b9e53d 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java
@@ -20,6 +20,7 @@ package org.apache.wiki;
import org.apache.log4j.Logger;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.auth.AuthorizationManager;
import org.apache.wiki.auth.NoSuchPrincipalException;
import org.apache.wiki.auth.UserManager;
@@ -69,7 +70,7 @@ public class WikiContext implements Cloneable, Command {
/** Stores the HttpServletRequest. May be null, if the request did not come from a servlet. */
protected HttpServletRequest m_request;
- private WikiSession m_session;
+ private Session m_session;
public static final String ATTR_CONTEXT = "jspwiki.context";
@@ -652,11 +653,12 @@ public class WikiContext implements Cloneable, Command {
/**
* Returns the WikiSession associated with the context. This method is guaranteed to always return a valid WikiSession.
- * If this context was constructed without an associated HttpServletRequest, it will return {@link WikiSession#guestSession(Engine)}.
+ * If this context was constructed without an associated HttpServletRequest, it will return
+ * {@link org.apache.wiki.WikiSession#guestSession(Engine)}.
*
* @return The WikiSession associate with this context.
*/
- public WikiSession getWikiSession()
+ public Session getWikiSession()
{
return m_session;
}
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java b/jspwiki-main/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java
index 1a1e0c4..005076f 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/attachment/AttachmentServlet.java
@@ -31,6 +31,7 @@ import org.apache.wiki.WikiPage;
import org.apache.wiki.WikiProvider;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.ProviderException;
import org.apache.wiki.api.exceptions.RedirectException;
import org.apache.wiki.api.exceptions.WikiException;
@@ -351,7 +352,7 @@ public class AttachmentServlet extends HttpServlet {
req.getSession().removeAttribute("msg");
res.sendRedirect( nextPage );
} catch( final RedirectException e ) {
- final WikiSession session = WikiSession.getWikiSession( m_engine, req );
+ final Session session = WikiSession.getWikiSession( m_engine, req );
session.addMessage( e.getMessage() );
req.getSession().setAttribute("msg", e.getMessage());
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java
index e2c349b..9360124 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java
@@ -18,8 +18,8 @@
*/
package org.apache.wiki.auth;
-import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.authorize.Role;
import org.apache.wiki.event.WikiEventListener;
@@ -131,7 +131,7 @@ public interface AuthenticationManager {
* @return true, if the username/password is valid
* @throws org.apache.wiki.auth.WikiSecurityException if the Authorizer or UserManager cannot be obtained
*/
- boolean login( WikiSession session, HttpServletRequest request, String username, String password ) throws WikiSecurityException;
+ boolean login( Session session, HttpServletRequest request, String username, String password ) throws WikiSecurityException;
/**
* Logs the user out by retrieving the WikiSession associated with the HttpServletRequest and unbinding all of the Subject's Principals,
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java
index 5c07767..c10128e 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java
@@ -19,8 +19,8 @@
package org.apache.wiki.auth;
import org.apache.wiki.WikiContext;
-import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.authorize.Role;
import org.apache.wiki.event.WikiEventListener;
@@ -45,7 +45,7 @@ import java.util.Properties;
* <em>e.g.,</em> reading, editing, renaming
* </ul>
* <p>Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first,
- * then passing it and the current {@link org.apache.wiki.WikiSession} to the {@link #checkPermission(WikiSession, Permission)} method. If
+ * then passing it and the current {@link org.apache.wiki.WikiSession} to the {@link #checkPermission(Session, Permission)} method. If
* the session's Subject possesses the permission, the action is allowed.</p>
* <p>For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki
* security policy -- or not.</p>
@@ -54,7 +54,7 @@ import java.util.Properties;
* security policy. In other words, the user must be named in the ACL (or belong to a group or role that is named in the ACL) <em>and</em>
* be granted (at least) the same permission in the security policy. We do this to prevent a user from gaining more permissions than they
* already have, based on the security policy.</p>
- * <p>See the implementation on {@link #checkPermission(WikiSession, Permission)} method for more information on the authorization logic.</p>
+ * <p>See the implementation on {@link #checkPermission(Session, Permission)} method for more information on the authorization logic.</p>
*
* @since 2.3
* @see AuthenticationManager
@@ -103,7 +103,7 @@ public interface AuthorizationManager {
* @param permission the Permission being checked
* @return the result of the Permission check
*/
- boolean checkPermission( WikiSession session, Permission permission );
+ boolean checkPermission( Session session, Permission permission );
/**
* <p>Determines if the Subject associated with a supplied WikiSession contains a desired Role or GroupPrincipal. The algorithm
@@ -119,7 +119,7 @@ public interface AuthorizationManager {
* the result of this method always returns <code>false</code>
* @return <code>true</code> if the Subject supplied with the WikiContext posesses the Role or GroupPrincipal, <code>false</code> otherwise
*/
- default boolean isUserInRole( final WikiSession session, final Principal principal ) {
+ default boolean isUserInRole( final Session session, final Principal principal ) {
if ( session == null || principal == null || AuthenticationManager.isUserPrincipal( principal ) ) {
return false;
}
@@ -149,7 +149,7 @@ public interface AuthorizationManager {
* <p>Determines if the Subject associated with a supplied WikiSession contains a desired user Principal or built-in Role principal,
* OR is a member a Group or external Role. The rules are as follows:</p>
* <ol>
- * <li>First, if desired Principal is a Role or GroupPrincipal, delegate to {@link #isUserInRole(WikiSession, Principal)} and
+ * <li>First, if desired Principal is a Role or GroupPrincipal, delegate to {@link #isUserInRole(Session, Principal)} and
* return the result.</li>
* <li>Otherwise, we're looking for a user Principal, so iterate through the Principal set and see if any share the same name as the
* one we are looking for.</li>
@@ -163,11 +163,11 @@ public interface AuthorizationManager {
* @return <code>true</code> if the Subject supplied with the WikiContext posesses the Role, GroupPrincipal or desired
* user Principal, <code>false</code> otherwise
*/
- boolean hasRoleOrPrincipal( WikiSession session, Principal principal );
+ boolean hasRoleOrPrincipal( Session session, Principal principal );
/**
* Checks whether the current user has access to the wiki context, by obtaining the required Permission ({@link WikiContext#requiredPermission()})
- * and delegating the access check to {@link #checkPermission(WikiSession, Permission)}. If the user is allowed, this method returns
+ * and delegating the access check to {@link #checkPermission(Session, Permission)}. If the user is allowed, this method returns
* <code>true</code>; <code>false</code> otherwise. If access is allowed, the wiki context will be added to the request as an attribute
* with the key name {@link org.apache.wiki.WikiContext#ATTR_CONTEXT}. Note that this method will automatically redirect the user to
* a login or error page, as appropriate, if access fails. This is NOT guaranteed to be default behavior in the future.
@@ -184,7 +184,7 @@ public interface AuthorizationManager {
/**
* Checks whether the current user has access to the wiki context (and
* optionally redirects if not), by obtaining the required Permission ({@link WikiContext#requiredPermission()})
- * and delegating the access check to {@link #checkPermission(WikiSession, Permission)}.
+ * and delegating the access check to {@link #checkPermission(Session, Permission)}.
* If the user is allowed, this method returns <code>true</code>;
* <code>false</code> otherwise. Also, the wiki context will be added to the request as attribute
* with the key name {@link org.apache.wiki.WikiContext#ATTR_CONTEXT}.
@@ -209,7 +209,7 @@ public interface AuthorizationManager {
/**
* Checks to see if the local security policy allows a particular static Permission.
- * Do not use this method for normal permission checks; use {@link #checkPermission(WikiSession, Permission)} instead.
+ * Do not use this method for normal permission checks; use {@link #checkPermission(Session, Permission)} instead.
*
* @param principals the Principals to check
* @param permission the Permission
@@ -230,7 +230,7 @@ public interface AuthorizationManager {
* @param permission the Permission the Subject must possess
* @return <code>true</code> if the Subject possesses the permission, <code>false</code> otherwise
*/
- boolean checkStaticPermission( WikiSession session, Permission permission );
+ boolean checkStaticPermission( Session session, Permission permission );
/**
* <p>Given a supplied string representing a Principal's name from an Acl, this method resolves the correct type of Principal (role,
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java
index efdc60e..534d6a5 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java
@@ -20,6 +20,7 @@ package org.apache.wiki.auth;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import java.security.Principal;
import java.util.Properties;
@@ -74,6 +75,6 @@ public interface Authorizer {
* @param role the role to check
* @return <code>true</code> if the user is considered to be in the role, <code>false</code> otherwise
*/
- boolean isUserInRole( WikiSession session, Principal role );
+ boolean isUserInRole( Session session, Principal role );
}
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java
index a5a9f13..8056db8 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java
@@ -21,6 +21,7 @@ package org.apache.wiki.auth;
import org.apache.log4j.Logger;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.authorize.WebAuthorizer;
import org.apache.wiki.auth.authorize.WebContainerAuthorizer;
@@ -208,7 +209,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
* {@inheritDoc}
*/
@Override
- public boolean login( final WikiSession session, final HttpServletRequest request, final String username, final String password ) throws WikiSecurityException {
+ public boolean login( final Session session, final HttpServletRequest request, final String username, final String password ) throws WikiSecurityException {
if ( session == null ) {
log.error( "No wiki session provided, cannot log in." );
return false;
@@ -276,7 +277,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
log.debug( "Invalidating WikiSession for session ID=" + sid );
}
// Retrieve the associated WikiSession and clear the Principal set
- final WikiSession wikiSession = WikiSession.getWikiSession( m_engine, request );
+ final Session wikiSession = WikiSession.getWikiSession( m_engine, request );
final Principal originalPrincipal = wikiSession.getLoginPrincipal();
wikiSession.invalidate();
@@ -284,7 +285,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
WikiSession.removeWikiSession( m_engine, request );
// We need to flush the HTTP session too
- if ( session != null ) {
+ if( session != null ) {
session.invalidate();
}
@@ -394,7 +395,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
/**
* After successful login, this method is called to inject authorized role Principals into the WikiSession. To determine which roles
* should be injected, the configured Authorizer is queried for the roles it knows about by calling {@link Authorizer#getRoles()}.
- * Then, each role returned by the authorizer is tested by calling {@link Authorizer#isUserInRole(WikiSession, Principal)}. If this
+ * Then, each role returned by the authorizer is tested by calling {@link Authorizer#isUserInRole(Session, Principal)}. If this
* check fails, and the Authorizer is of type WebAuthorizer, the role is checked again by calling
* {@link WebAuthorizer#isUserInRole(HttpServletRequest, Principal)}). Any roles that pass the test are injected into the Subject by
* firing appropriate authentication events.
@@ -403,7 +404,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
* @param authorizer the Engine's configured Authorizer
* @param request the user's HTTP session, which may be <code>null</code>
*/
- private void injectAuthorizerRoles( final WikiSession session, final Authorizer authorizer, final HttpServletRequest request ) {
+ private void injectAuthorizerRoles( final Session session, final Authorizer authorizer, final HttpServletRequest request ) {
// Test each role the authorizer knows about
for( final Principal role : authorizer.getRoles() ) {
// Test the Authorizer
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java
index b64834e..0506df0 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java
@@ -23,6 +23,7 @@ import org.apache.wiki.WikiContext;
import org.apache.wiki.WikiPage;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.NoRequiredPropertyException;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.acl.Acl;
@@ -94,7 +95,7 @@ public class DefaultAuthorizationManager implements AuthorizationManager {
/** {@inheritDoc} */
@Override
- public boolean checkPermission( final WikiSession session, final Permission permission ) {
+ public boolean checkPermission( final Session session, final Permission permission ) {
// A slight sanity check.
if( session == null || permission == null ) {
fireEvent( WikiSecurityEvent.ACCESS_DENIED, null, permission );
@@ -172,7 +173,7 @@ public class DefaultAuthorizationManager implements AuthorizationManager {
/** {@inheritDoc} */
@Override
- public boolean hasRoleOrPrincipal( final WikiSession session, final Principal principal ) {
+ public boolean hasRoleOrPrincipal( final Session session, final Principal principal ) {
// If either parameter is null, always deny
if( session == null || principal == null ) {
return false;
@@ -315,8 +316,8 @@ public class DefaultAuthorizationManager implements AuthorizationManager {
/** {@inheritDoc} */
@Override
- public boolean checkStaticPermission( final WikiSession session, final Permission permission ) {
- return ( Boolean )WikiSession.doPrivileged( session, ( PrivilegedAction< Boolean > )() -> {
+ public boolean checkStaticPermission( final Session session, final Permission permission ) {
+ return ( Boolean )Session.doPrivileged( session, ( PrivilegedAction< Boolean > )() -> {
try {
// Check the JVM-wide security policy first
AccessController.checkPermission( permission );
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java
index 1eee920..0b8db6f 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultUserManager.java
@@ -21,11 +21,11 @@ package org.apache.wiki.auth;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.apache.wiki.WikiContext;
-import org.apache.wiki.WikiSession;
import org.apache.wiki.ajax.AjaxUtil;
import org.apache.wiki.ajax.WikiAjaxDispatcherServlet;
import org.apache.wiki.ajax.WikiAjaxServlet;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.NoRequiredPropertyException;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.api.filters.PageFilter;
@@ -90,7 +90,7 @@ public class DefaultUserManager implements UserManager {
private static final Logger log = Logger.getLogger( DefaultUserManager.class);
/** Associates wiki sessions with profiles */
- private final Map< WikiSession, UserProfile > m_profiles = new WeakHashMap<>();
+ private final Map< Session, UserProfile > m_profiles = new WeakHashMap<>();
/** The user database loads, manages and persists user identities */
private UserDatabase m_database;
@@ -147,7 +147,7 @@ public class DefaultUserManager implements UserManager {
/** {@inheritDoc} */
@Override
- public UserProfile getUserProfile( final WikiSession session ) {
+ public UserProfile getUserProfile( final Session session ) {
// Look up cached user profile
UserProfile profile = m_profiles.get( session );
boolean newProfile = profile == null;
@@ -179,7 +179,7 @@ public class DefaultUserManager implements UserManager {
/** {@inheritDoc} */
@Override
- public void setUserProfile( final WikiSession session, final UserProfile profile ) throws DuplicateUserException, WikiException {
+ public void setUserProfile( final Session session, final UserProfile profile ) throws DuplicateUserException, WikiException {
// Verify user is allowed to save profile!
final Permission p = new WikiPermission( m_engine.getApplicationName(), WikiPermission.EDIT_PROFILE_ACTION );
if ( !m_engine.getManager( AuthorizationManager.class ).checkPermission( session, p ) ) {
@@ -250,7 +250,7 @@ public class DefaultUserManager implements UserManager {
/** {@inheritDoc} */
@Override
- public void startUserProfileCreationWorkflow( final WikiSession session, final UserProfile profile ) throws WikiException {
+ public void startUserProfileCreationWorkflow( final Session session, final UserProfile profile ) throws WikiException {
final WorkflowBuilder builder = WorkflowBuilder.getBuilder( m_engine );
final Principal submitter = session.getUserPrincipal();
final Step completionTask = m_engine.getManager( TasksManager.class ).buildSaveUserProfileTask( m_engine, session.getLocale() );
@@ -300,8 +300,7 @@ public class DefaultUserManager implements UserManager {
fullname = InputValidator.isBlank( fullname ) ? null : fullname;
email = InputValidator.isBlank( email ) ? null : email;
- // A special case if we have container authentication
- // If authenticated, login name is always taken from container
+ // A special case if we have container authentication: if authenticated, login name is always taken from container
if ( m_engine.getManager( AuthenticationManager.class ).isContainerAuthenticated() && context.getWikiSession().isAuthenticated() ) {
loginName = context.getWikiSession().getLoginPrincipal().getName();
}
@@ -318,7 +317,7 @@ public class DefaultUserManager implements UserManager {
@Override
public void validateProfile( final WikiContext context, final UserProfile profile ) {
final boolean isNew = profile.isNew();
- final WikiSession session = context.getWikiSession();
+ final Session session = context.getWikiSession();
final InputValidator validator = new InputValidator( SESSION_MESSAGES, context );
final ResourceBundle rb = Preferences.getBundle( context, InternationalizationManager.CORE_BUNDLE );
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java
index dfc4a20..97a6e94 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java
@@ -20,8 +20,8 @@ package org.apache.wiki.auth;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.log4j.Logger;
-import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.authorize.Group;
import org.apache.wiki.auth.authorize.GroupDatabase;
@@ -67,7 +67,7 @@ public final class SecurityVerifier {
private Principal[] m_policyPrincipals = new Principal[0];
- private WikiSession m_session;
+ private Session m_session;
/** Message prefix for errors. */
public static final String ERROR = "Error.";
@@ -150,7 +150,7 @@ public final class SecurityVerifier {
* @param engine the wiki engine
* @param session the wiki session (typically, that of an administrator)
*/
- public SecurityVerifier( final Engine engine, final WikiSession session ) {
+ public SecurityVerifier( final Engine engine, final Session session ) {
m_engine = engine;
m_session = session;
m_session.clearMessages();
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java
index 52f8e54..0ddc03e 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java
@@ -26,6 +26,7 @@ import org.apache.wiki.event.WikiEventManager;
import org.apache.wiki.event.WikiSecurityEvent;
import org.apache.wiki.util.comparators.PrincipalComparator;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
@@ -38,10 +39,9 @@ import java.util.WeakHashMap;
import java.util.concurrent.ConcurrentHashMap;
/**
- * <p>Manages WikiSession's for different Engine's.</p>
- * <p>The WikiSession's are stored both in the remote user HttpSession and in the SessionMonitor for the WikeEngine.
- * This class must be configured as a session listener in the web.xml for the wiki web application.
- * </p>
+ * <p>Manages Sessions for different Engines.</p>
+ * <p>The Sessions are stored both in the remote user HttpSession and in the SessionMonitor for the Engine.
+ * This class must be configured as a session listener in the web.xml for the wiki web application.</p>
*/
public class SessionMonitor implements HttpSessionListener {
@@ -64,29 +64,20 @@ public class SessionMonitor implements HttpSessionListener {
* @return the session monitor
*/
public static SessionMonitor getInstance( final Engine engine ) {
- if( engine == null )
- {
+ if( engine == null ) {
throw new IllegalArgumentException( "Engine cannot be null." );
}
- SessionMonitor monitor;
-
- monitor = c_monitors.get(engine);
- if( monitor == null )
- {
- monitor = new SessionMonitor(engine);
-
- c_monitors.put( engine, monitor );
-
- }
+ SessionMonitor monitor = c_monitors.get( engine );
+ if( monitor == null ) {
+ monitor = new SessionMonitor( engine );
+ c_monitors.put( engine, monitor );
+ }
return monitor;
}
- /**
- * Construct the SessionListener
- */
- public SessionMonitor()
- {
+ /** Construct the SessionListener */
+ public SessionMonitor() {
}
private SessionMonitor( final Engine engine ) {
@@ -139,7 +130,7 @@ public class SessionMonitor implements HttpSessionListener {
if( log.isDebugEnabled() ) {
log.debug( "Looking up WikiSession for session ID=" + sid + "... not found. Creating guestSession()" );
}
- wikiSession = WikiSession.guestSession( m_engine );
+ wikiSession = (WikiSession)WikiSession.guestSession( m_engine );
synchronized( m_sessions ) {
m_sessions.put( sid, wikiSession );
}
@@ -149,18 +140,27 @@ public class SessionMonitor implements HttpSessionListener {
}
/**
- * Removes the wiki session associated with the user's HttpSession
- * from the session cache.
+ * Removes the wiki session associated with the user's HttpRequest from the session cache.
+ *
+ * @param request the user's HTTP request
+ */
+ public final void remove( final HttpServletRequest request ) {
+ if( request == null ) {
+ throw new IllegalArgumentException( "Request cannot be null." );
+ }
+ remove( request.getSession() );
+ }
+
+ /**
+ * Removes the wiki session associated with the user's HttpSession from the session cache.
+ *
* @param session the user's HTTP session
*/
- public final void remove( final HttpSession session )
- {
- if ( session == null )
- {
+ public final void remove( final HttpSession session ) {
+ if( session == null ) {
throw new IllegalArgumentException( "Session cannot be null." );
}
- synchronized ( m_sessions )
- {
+ synchronized( m_sessions ) {
m_sessions.remove( session.getId() );
}
}
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java
index f68dda1..bc0f66c 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java
@@ -21,6 +21,7 @@ package org.apache.wiki.auth;
import org.apache.wiki.WikiContext;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.user.DuplicateUserException;
import org.apache.wiki.auth.user.UserDatabase;
@@ -64,7 +65,7 @@ public interface UserManager {
UserDatabase getUserDatabase();
/**
- * <p>Retrieves the {@link org.apache.wiki.auth.user.UserProfile} for the user in a wiki session. If the user is authenticated, the
+ * <p>Retrieves the {@link org.apache.wiki.auth.user.UserProfile} for the user in a session. If the user is authenticated, the
* UserProfile returned will be the one stored in the user database; if one does not exist, a new one will be initialized and returned.
* If the user is anonymous or asserted, the UserProfile will <i>always</i> be newly initialized to prevent spoofing of identities.
* If a UserProfile needs to be initialized, its {@link org.apache.wiki.auth.user.UserProfile#isNew()} method will return
@@ -74,11 +75,11 @@ public interface UserManager {
* <code>false</code>, this method throws an {@link IllegalStateException}. This is meant as a quality check for UserDatabase providers;
* it should only be thrown if the implementation is faulty.</p>
*
- * @param session the wiki session, which may not be <code>null</code>
+ * @param session the session, which may not be <code>null</code>
* @return the user's profile, which will be newly initialized if the user is anonymous or asserted, or if the user cannot be found in
* the user database
*/
- UserProfile getUserProfile( WikiSession session );
+ UserProfile getUserProfile( Session session );
/**
* <p>
@@ -108,9 +109,9 @@ public interface UserManager {
* {@link org.apache.wiki.workflow.DecisionRequiredException}. All other WikiException
* indicate a condition that is not normal is probably due to mis-configuration
*/
- void setUserProfile( WikiSession session, UserProfile profile ) throws DuplicateUserException, WikiException;
+ void setUserProfile( Session session, UserProfile profile ) throws DuplicateUserException, WikiException;
- void startUserProfileCreationWorkflow( WikiSession session, UserProfile profile ) throws WikiException;
+ void startUserProfileCreationWorkflow( Session session, UserProfile profile ) throws WikiException;
/**
* <p> Extracts user profile parameters from the HTTP request and populates a UserProfile with them. The UserProfile will either be a
@@ -177,7 +178,7 @@ public interface UserManager {
* @param session the wiki session supporting the event
* @param profile the user profile (or array of user profiles), which may be <code>null</code>
*/
- default void fireEvent( final int type, final WikiSession session, final Object profile ) {
+ default void fireEvent( final int type, final Session session, final Object profile ) {
if( WikiEventManager.isListening( this ) ) {
WikiEventManager.fireEvent( this, new WikiSecurityEvent( session, type, profile ) );
}
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java
index e24ba71..227c453 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java
@@ -22,6 +22,7 @@ import org.apache.commons.lang3.ArrayUtils;
import org.apache.log4j.Logger;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.NoRequiredPropertyException;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.auth.AuthenticationManager;
@@ -175,7 +176,7 @@ public class DefaultGroupManager implements GroupManager, Authorizer, WikiEventL
/** {@inheritDoc} */
@Override
- public boolean isUserInRole( final WikiSession session, final Principal role ) {
+ public boolean isUserInRole( final Session session, final Principal role ) {
// Always return false if session/role is null, or if role isn't a GroupPrincipal
if ( session == null || !( role instanceof GroupPrincipal ) || !session.isAuthenticated() ) {
return false;
@@ -273,7 +274,7 @@ public class DefaultGroupManager implements GroupManager, Authorizer, WikiEventL
/** {@inheritDoc} */
@Override
- public void setGroup( final WikiSession session, final Group group ) throws WikiSecurityException {
+ public void setGroup( final Session session, final Group group ) throws WikiSecurityException {
// TODO: check for appropriate permissions
// If group already exists, delete it; fire GROUP_REMOVE event
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java
index 7c38ac5..d6a0866 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java
@@ -20,7 +20,7 @@ package org.apache.wiki.auth.authorize;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.wiki.WikiContext;
-import org.apache.wiki.WikiSession;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.auth.Authorizer;
import org.apache.wiki.auth.NoSuchPrincipalException;
import org.apache.wiki.auth.WikiSecurityException;
@@ -82,7 +82,7 @@ public interface GroupManager extends Authorizer, WikiEventListener {
* parameter contains the member list. If these differ from those in the existing group, the passed values override the old values.
* </p>
* <p>
- * This method does not commit the new Group to the GroupManager cache. To do that, use {@link #setGroup(WikiSession, Group)}.
+ * This method does not commit the new Group to the GroupManager cache. To do that, use {@link #setGroup(Session, Group)}.
* </p>
* @param name the name of the group to construct
* @param memberLine the line of text containing the group membership list
@@ -106,7 +106,7 @@ public interface GroupManager extends Authorizer, WikiEventListener {
* parameter contains the member list. If these differ from those in the existing group, the passed values override the old values.
* </p>
* <p>
- * This method does not commit the new Group to the GroupManager cache. To do that, use {@link #setGroup(WikiSession, Group)}.
+ * This method does not commit the new Group to the GroupManager cache. To do that, use {@link #setGroup(Session, Group)}.
* </p>
* @param context the current wiki context
* @param create whether this method should create a new, empty Group if one with the requested name is not found. If <code>false</code>,
@@ -176,11 +176,11 @@ public interface GroupManager extends Authorizer, WikiEventListener {
* @param group the Group, which may not be <code>null</code>
* @throws WikiSecurityException if the Group cannot be saved by the back-end
*/
- void setGroup( final WikiSession session, final Group group ) throws WikiSecurityException;
+ void setGroup( final Session session, final Group group ) throws WikiSecurityException;
/**
* Validates a Group, and appends any errors to the session errors list. Any validation errors are added to the wiki session's messages
- * collection (see {@link WikiSession#getMessages()}.
+ * collection (see {@link Session#getMessages()}.
*
* @param context the current wiki context
* @param group the supplied Group
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java
index a4c4968..0353266 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java
@@ -20,8 +20,8 @@ package org.apache.wiki.auth.authorize;
import org.apache.log4j.Logger;
import org.apache.wiki.InternalWikiException;
-import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.JDOMException;
@@ -166,10 +166,10 @@ public class WebContainerAuthorizer implements WebAuthorizer {
* @param role the role to check
* @return <code>true</code> if the user is considered to be in the role,
* <code>false</code> otherwise
- * @see org.apache.wiki.auth.Authorizer#isUserInRole(org.apache.wiki.WikiSession, java.security.Principal)
+ * @see org.apache.wiki.auth.Authorizer#isUserInRole(org.apache.wiki.api.core.Session, java.security.Principal)
*/
@Override
- public boolean isUserInRole( final WikiSession session, final Principal role ) {
+ public boolean isUserInRole( final Session session, final Principal role ) {
if ( session == null || role == null ) {
return false;
}
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/plugin/Groups.java b/jspwiki-main/src/main/java/org/apache/wiki/plugin/Groups.java
index 6447a49..1e5facc 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/plugin/Groups.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/plugin/Groups.java
@@ -22,9 +22,9 @@ import org.apache.wiki.WikiContext;
import org.apache.wiki.api.core.Engine;
import org.apache.wiki.api.exceptions.PluginException;
import org.apache.wiki.api.plugin.WikiPlugin;
-import org.apache.wiki.auth.PrincipalComparator;
import org.apache.wiki.auth.authorize.GroupManager;
import org.apache.wiki.url.URLConstructor;
+import org.apache.wiki.util.comparators.PrincipalComparator;
import java.security.Principal;
import java.util.Arrays;
@@ -47,7 +47,8 @@ public class Groups implements WikiPlugin {
/**
* {@inheritDoc}
*/
- @Override public String execute( final WikiContext context, final Map<String, String> params ) throws PluginException {
+ @Override
+ public String execute( final WikiContext context, final Map<String, String> params ) throws PluginException {
// Retrieve groups, and sort by name
final Engine engine = context.getEngine();
final GroupManager groupMgr = engine.getManager( GroupManager.class );