You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by aj...@apache.org on 2009/09/13 19:47:41 UTC
svn commit: r814357 - in
/incubator/jspwiki/trunk/src/java/org/apache/wiki/auth:
AuthenticationManager.java AuthorizationManager.java
Author: ajaquith
Date: Sun Sep 13 17:47:40 2009
New Revision: 814357
URL: http://svn.apache.org/viewvc?rev=814357&view=rev
Log:
The "superuser" (su) feature has been implemented. This user can do anything, and can log in even when the UserManager is not working. The password is hashed and stored in jspwiki.properties.
Modified:
incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java
incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java
Modified: incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java?rev=814357&r1=814356&r2=814357&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java (original)
+++ incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthenticationManager.java Sun Sep 13 17:47:40 2009
@@ -20,10 +20,7 @@
*/
package org.apache.wiki.auth;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
+import java.io.*;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
@@ -39,6 +36,7 @@
import org.apache.wiki.WikiEngine;
import org.apache.wiki.WikiSession;
+import org.apache.wiki.action.InstallActionBean;
import org.apache.wiki.api.WikiException;
import org.apache.wiki.auth.authorize.Role;
import org.apache.wiki.auth.authorize.WebAuthorizer;
@@ -49,6 +47,7 @@
import org.apache.wiki.event.WikiSecurityEvent;
import org.apache.wiki.log.Logger;
import org.apache.wiki.log.LoggerFactory;
+import org.apache.wiki.util.CryptoUtil;
import org.apache.wiki.util.TextUtil;
import org.apache.wiki.util.TimedCounterList;
import org.freshcookies.security.Keychain;
@@ -134,6 +133,11 @@
*/
protected static final String SECURITY_CONTAINER = "container";
+ /**
+ * The superuser username.
+ */
+ protected static final String SUPERUSER = "su";
+
/** The default {@link javax.security.auth.spi.LoginModule} class name to use for custom authentication. */
private static final String DEFAULT_LOGIN_MODULE = "org.apache.wiki.auth.login.UserDatabaseLoginModule";
@@ -495,6 +499,29 @@
delayLogin(username);
}
+ // Did the user log in as the superuser?
+ boolean isSu = false;
+ if ( SUPERUSER.equals( username ) )
+ {
+ String passwordHash = m_engine.getWikiProperties().getProperty( InstallActionBean.PROP_ADMIN_PASSWORD_HASH );
+ if ( passwordHash != null && passwordHash.length() > 0 )
+ {
+ try
+ {
+ isSu = CryptoUtil.verifySaltedPassword( password.getBytes(), passwordHash );
+ }
+ catch( NoSuchAlgorithmException e ) { }
+ catch( UnsupportedEncodingException e ) { }
+ }
+ }
+ if ( isSu )
+ {
+ fireEvent(WikiSecurityEvent.LOGIN_AUTHENTICATED, new WikiPrincipal( "su", WikiPrincipal.LOGIN_NAME ), session );
+ fireEvent( WikiSecurityEvent.PRINCIPAL_ADD, Role.SUPERUSER, session );
+ return true;
+ }
+
+ // No, so try logging in with JAAS
CallbackHandler handler = new WikiCallbackHandler(
m_engine,
request,
Modified: incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java?rev=814357&r1=814356&r2=814357&view=diff
==============================================================================
--- incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java (original)
+++ incubator/jspwiki/trunk/src/java/org/apache/wiki/auth/AuthorizationManager.java Sun Sep 13 17:47:40 2009
@@ -192,6 +192,13 @@
Principal user = session.getLoginPrincipal();
+ // Always allow the action if user is superuser
+ if ( hasRoleOrPrincipal( session, Role.SUPERUSER ) )
+ {
+ fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission );
+ return true;
+ }
+
// Always allow the action if user has AllPermission
Permission allPermission = new AllPermission( m_engine.getApplicationName() );
boolean hasAllPermission = checkStaticPermission( session, allPermission );