You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2020/03/06 18:04:27 UTC
[jspwiki] 25/35: JSPWIKI-303: use Session instead of WikiSession (1)
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit aec837ee2fc0ea830ee7695e9c088472df8e9138
Author: juanpablo <ju...@apache.org>
AuthorDate: Thu Mar 5 17:17:36 2020 +0100
JSPWIKI-303: use Session instead of WikiSession (1)
---
.../src/main/java/org/apache/wiki/WikiContext.java | 10 +-
.../src/main/java/org/apache/wiki/WikiSession.java | 4 +-
.../java/org/apache/wiki/api/core/Session.java | 12 +-
.../apache/wiki/auth/AuthenticationManager.java | 18 +--
.../org/apache/wiki/auth/AuthorizationManager.java | 12 +-
.../main/java/org/apache/wiki/auth/Authorizer.java | 5 +-
.../wiki/auth/DefaultAuthenticationManager.java | 12 +-
.../java/org/apache/wiki/auth/SessionMonitor.java | 78 +++++------
.../java/org/apache/wiki/auth/UserManager.java | 13 +-
.../java/org/apache/wiki/auth/WikiPrincipal.java | 2 +-
.../wiki/auth/authorize/DefaultGroupManager.java | 3 +-
.../java/org/apache/wiki/auth/authorize/Group.java | 151 +++++++++------------
.../apache/wiki/auth/authorize/GroupManager.java | 8 +-
.../auth/authorize/WebContainerAuthorizer.java | 12 +-
.../apache/wiki/auth/user/DefaultUserProfile.java | 3 +-
.../org/apache/wiki/auth/user/UserDatabase.java | 2 +-
.../org/apache/wiki/auth/user/UserProfile.java | 3 +-
17 files changed, 158 insertions(+), 190 deletions(-)
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java
index 8b9e53d..b80f222 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java
@@ -185,7 +185,7 @@ public class WikiContext implements Cloneable, Command {
* Creates a new WikiContext for the given Engine, Command and HttpServletRequest.
* </p>
* <p>
- * This constructor will also look up the HttpSession associated with the request, and determine if a WikiSession object is present.
+ * This constructor will also look up the HttpSession associated with the request, and determine if a Session object is present.
* If not, a new one is created.
* </p>
* @param engine The Engine that is handling the request
@@ -652,11 +652,11 @@ public class WikiContext implements Cloneable, Command {
}
/**
- * Returns the WikiSession associated with the context. This method is guaranteed to always return a valid WikiSession.
+ * Returns the Session associated with the context. This method is guaranteed to always return a valid Session.
* If this context was constructed without an associated HttpServletRequest, it will return
* {@link org.apache.wiki.WikiSession#guestSession(Engine)}.
*
- * @return The WikiSession associate with this context.
+ * @return The Session associated with this context.
*/
public Session getWikiSession()
{
@@ -672,8 +672,8 @@ public class WikiContext implements Cloneable, Command {
* @return Current WikiContext, or null, of no context exists.
*/
public static WikiContext findContext( final PageContext pageContext ) {
- final HttpServletRequest request = (HttpServletRequest) pageContext.getRequest();
- return (WikiContext)request.getAttribute( ATTR_CONTEXT );
+ final HttpServletRequest request = ( HttpServletRequest )pageContext.getRequest();
+ return ( WikiContext )request.getAttribute( ATTR_CONTEXT );
}
/**
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
index 12e6f36..5f68e60 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java
@@ -382,7 +382,7 @@ public final class WikiSession implements Session {
/**
* Injects GroupPrincipal objects into the user's Principal set based on the groups the user belongs to. For Groups, the algorithm
* first calls the {@link GroupManager#getRoles()} to obtain the array of GroupPrincipals the authorizer knows about. Then, the
- * method {@link GroupManager#isUserInRole(WikiSession, Principal)} is called for each Principal. If the user is a member of the
+ * method {@link GroupManager#isUserInRole(Session, Principal)} is called for each Principal. If the user is a member of the
* group, an equivalent GroupPrincipal is injected into the user's principal set. Existing GroupPrincipals are flushed and replaced.
* This method should generally be called after a user's {@link org.apache.wiki.auth.user.UserProfile} is saved. If the wiki session
* is null, or there is no matching user profile, the method returns silently.
@@ -493,7 +493,7 @@ public final class WikiSession implements Session {
// Look for a WikiSession associated with the user's Http Session and create one if it isn't there yet.
final HttpSession session = request.getSession();
final SessionMonitor monitor = SessionMonitor.getInstance( engine );
- final WikiSession wikiSession = monitor.find( session );
+ final WikiSession wikiSession = ( WikiSession )monitor.find( session );
// Attach reference to wiki engine
wikiSession.m_engine = engine;
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/api/core/Session.java b/jspwiki-main/src/main/java/org/apache/wiki/api/core/Session.java
index 8dce0d8..f2704e7 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/api/core/Session.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/api/core/Session.java
@@ -54,7 +54,7 @@ import java.util.Locale;
* re-authenticate.
* </p>
* <p>In addition to methods for examining individual <code>Session</code> objects, this class also contains a number of static
- * methods for managing WikiSessions for an entire wiki. These methods allow callers to find, query and remove WikiSession objects, and
+ * methods for managing Sessions for an entire wiki. These methods allow callers to find, query and remove Session objects, and
* to obtain a list of the current wiki session users.</p>
*/
public interface Session extends WikiEventListener {
@@ -126,7 +126,7 @@ public interface Session extends WikiEventListener {
/**
* Returns a cached Locale object for this user. It's better to use WikiContext's corresponding getBundle() method, since that
* will actually react if the user changes the locale in the middle, but if that's not available (or, for some reason, you need
- * the speed), this method can also be used. The Locale expires when the WikiSession expires, and currently there is no way to
+ * the speed), this method can also be used. The Locale expires when the Session expires, and currently there is no way to
* reset the Locale.
*
* @return A cached Locale object
@@ -190,7 +190,7 @@ public interface Session extends WikiEventListener {
Principal[] getPrincipals();
/**
- * Returns an array of Principal objects that represents the groups and roles that the user associated with a WikiSession possesses.
+ * Returns an array of Principal objects that represents the groups and roles that the user associated with a Session possesses.
* The array is built by iterating through the Subject's Principal set and extracting all Role and GroupPrincipal objects into a
* list. The list is returned as an array sorted in the natural order implied by each Principal's <code>getName</code> method. Note
* that this method does <em>not</em> consult the external Authorizer or GroupManager; it relies on the Principals that have been
@@ -201,7 +201,7 @@ public interface Session extends WikiEventListener {
Principal[] getRoles();
/**
- * Returns <code>true</code> if the WikiSession's Subject possess a supplied Principal. This method eliminates the need to externally
+ * Returns <code>true</code> if the Session's Subject possess a supplied Principal. This method eliminates the need to externally
* request and inspect the JAAS subject.
*
* @param principal the Principal to test
@@ -209,7 +209,7 @@ public interface Session extends WikiEventListener {
*/
boolean hasPrincipal( Principal principal );
- /** Invalidates the WikiSession and resets its Subject's Principals to the equivalent of a "guest session". */
+ /** Invalidates the Session and resets its Subject's Principals to the equivalent of a "guest session". */
void invalidate();
/**
@@ -233,7 +233,7 @@ public interface Session extends WikiEventListener {
/**
* Wrapper for {@link Subject#doAsPrivileged(Subject, PrivilegedAction, java.security.AccessControlContext)}
- * that executes an action with the privileges posssessed by a WikiSession's Subject. The action executes with a <code>null</code>
+ * that executes an action with the privileges posssessed by a Session's Subject. The action executes with a <code>null</code>
* AccessControlContext, which has the effect of running it "cleanly" without the AccessControlContexts of the caller.
*
* @param session the wiki session
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java
index 9360124..143c180 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java
@@ -88,24 +88,24 @@ public interface AuthenticationManager {
boolean isContainerAuthenticated();
/**
- * <p>Logs in the user by attempting to populate a WikiSession Subject from a web servlet request by examining the request
+ * <p>Logs in the user by attempting to populate a Session Subject from a web servlet request by examining the request
* for the presence of container credentials and user cookies. The processing logic is as follows:
* </p>
* <ul>
- * <li>If the WikiSession had previously been unauthenticated, check to see if user has subsequently authenticated. To be considered
+ * <li>If the Session had previously been unauthenticated, check to see if user has subsequently authenticated. To be considered
* "authenticated," the request must supply one of the following (in order of preference): the container <code>userPrincipal</code>,
* container <code>remoteUser</code>, or authentication cookie. If the user is authenticated, this method fires event
* {@link org.apache.wiki.event.WikiSecurityEvent#LOGIN_AUTHENTICATED} with two parameters: a Principal representing the login principal,
- * and the current WikiSession. In addition, if the authorizer is of type WebContainerAuthorizer, this method iterates through the
+ * and the current Session. In addition, if the authorizer is of type WebContainerAuthorizer, this method iterates through the
* container roles returned by {@link org.apache.wiki.auth.authorize.WebContainerAuthorizer#getRoles()}, tests for membership in each
* one, and adds those that pass to the Subject's principal set.</li>
- * <li>If, after checking for authentication, the WikiSession is still Anonymous, this method next checks to see if the user has
+ * <li>If, after checking for authentication, the Session is still Anonymous, this method next checks to see if the user has
* "asserted" an identity by supplying an assertion cookie. If the user is found to be asserted, this method fires event
* {@link org.apache.wiki.event.WikiSecurityEvent#LOGIN_ASSERTED} with two parameters: <code>WikiPrincipal(<em>cookievalue</em>)</code>,
- * and the current WikiSession.</li>
- * <li>If, after checking for authenticated and asserted status, the WikiSession is <em>still</em> anonymous, this method fires event
+ * and the current Session.</li>
+ * <li>If, after checking for authenticated and asserted status, the Session is <em>still</em> anonymous, this method fires event
* {@link org.apache.wiki.event.WikiSecurityEvent#LOGIN_ANONYMOUS} with two parameters: <code>WikiPrincipal(<em>remoteAddress</em>)</code>,
- * and the current WikiSession </li>
+ * and the current Session </li>
* </ul>
*
* @param request servlet request for this user
@@ -116,7 +116,7 @@ public interface AuthenticationManager {
boolean login( HttpServletRequest request ) throws WikiSecurityException;
/**
- * Attempts to perform a WikiSession login for the given username/password combination using JSPWiki's custom authentication mode. In
+ * Attempts to perform a Session login for the given username/password combination using JSPWiki's custom authentication mode. In
* order to log in, the JAAS LoginModule supplied by the Engine property {@link #PROP_LOGIN_MODULE} will be instantiated, and its
* {@link javax.security.auth.spi.LoginModule#initialize(Subject, CallbackHandler, Map, Map)} method will be invoked. By default,
* the {@link org.apache.wiki.auth.login.UserDatabaseLoginModule} class will be used. When the LoginModule's <code>initialize</code>
@@ -134,7 +134,7 @@ public interface AuthenticationManager {
boolean login( Session session, HttpServletRequest request, String username, String password ) throws WikiSecurityException;
/**
- * Logs the user out by retrieving the WikiSession associated with the HttpServletRequest and unbinding all of the Subject's Principals,
+ * Logs the user out by retrieving the Session associated with the HttpServletRequest and unbinding all of the Subject's Principals,
* except for {@link Role#ALL}, {@link Role#ANONYMOUS}. is a cheap-and-cheerful way to do it without invoking JAAS LoginModules.
* The logout operation will also flush the JSESSIONID cookie from the user's browser session, if it was set.
*
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java
index c10128e..198cf80 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java
@@ -45,7 +45,7 @@ import java.util.Properties;
* <em>e.g.,</em> reading, editing, renaming
* </ul>
* <p>Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first,
- * then passing it and the current {@link org.apache.wiki.WikiSession} to the {@link #checkPermission(Session, Permission)} method. If
+ * then passing it and the current {@link Session} to the {@link #checkPermission(Session, Permission)} method. If
* the session's Subject possesses the permission, the action is allowed.</p>
* <p>For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki
* security policy -- or not.</p>
@@ -75,10 +75,10 @@ public interface AuthorizationManager {
/**
* Returns <code>true</code> or <code>false</code>, depending on whether a Permission is allowed for the Subject associated with
- * a supplied WikiSession. The access control algorithm works this way:
+ * a supplied Session. The access control algorithm works this way:
* <ol>
* <li>The {@link org.apache.wiki.auth.acl.Acl} for the page is obtained</li>
- * <li>The Subject associated with the current {@link org.apache.wiki.WikiSession} is obtained</li>
+ * <li>The Subject associated with the current {@link org.apache.wiki.api.core.Session} is obtained</li>
* <li>If the Subject's Principal set includes the Role Principal that is the administrator group, always allow the Permission</li>
* <li>For all permissions, check to see if the Permission is allowed according to the default security policy. If it isn't, deny
* the permission and halt further processing.</li>
@@ -106,7 +106,7 @@ public interface AuthorizationManager {
boolean checkPermission( Session session, Permission permission );
/**
- * <p>Determines if the Subject associated with a supplied WikiSession contains a desired Role or GroupPrincipal. The algorithm
+ * <p>Determines if the Subject associated with a supplied Session contains a desired Role or GroupPrincipal. The algorithm
* simply checks to see if the Subject possesses the Role or GroupPrincipal it in its Principal set. Note that any user (anonymous,
* asserted, authenticated) can possess a built-in role. But a user <em>must</em> be authenticated to possess a role other than one
* of the built-in ones. We do this to prevent privilege escalation.</p>
@@ -146,7 +146,7 @@ public interface AuthorizationManager {
Authorizer getAuthorizer() throws WikiSecurityException;
/**
- * <p>Determines if the Subject associated with a supplied WikiSession contains a desired user Principal or built-in Role principal,
+ * <p>Determines if the Subject associated with a supplied Session contains a desired user Principal or built-in Role principal,
* OR is a member a Group or external Role. The rules are as follows:</p>
* <ol>
* <li>First, if desired Principal is a Role or GroupPrincipal, delegate to {@link #isUserInRole(Session, Principal)} and
@@ -226,7 +226,7 @@ public interface AuthorizationManager {
*
* @see AccessController#checkPermission(Permission) . A caught exception (or lack thereof) determines whether the
* privilege is absent (or present).
- * @param session the WikiSession whose permission status is being queried
+ * @param session the Session whose permission status is being queried
* @param permission the Permission the Subject must possess
* @return <code>true</code> if the Subject possesses the permission, <code>false</code> otherwise
*/
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java
index 534d6a5..84468d7 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java
@@ -18,7 +18,6 @@
*/
package org.apache.wiki.auth;
-import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
import org.apache.wiki.api.core.Session;
@@ -29,9 +28,9 @@ import java.util.Properties;
/**
* Interface for service providers of authorization information. After a user successfully logs in, the
* {@link org.apache.wiki.auth.AuthenticationManager} consults the configured Authorizer to determine which additional
- * {@link org.apache.wiki.auth.authorize.Role} principals should be added to the user's WikiSession. To determine which roles should be
+ * {@link org.apache.wiki.auth.authorize.Role} principals should be added to the user's Session. To determine which roles should be
* injected, the Authorizer is queried for the roles it knows about by calling {@link org.apache.wiki.auth.Authorizer#getRoles()}. Then,
- * each role returned by the Authorizer is tested by calling {@link org.apache.wiki.auth.Authorizer#isUserInRole(WikiSession, Principal)}.
+ * each role returned by the Authorizer is tested by calling {@link org.apache.wiki.auth.Authorizer#isUserInRole(Session, Principal)}.
* If this check fails, and the Authorizer is of type WebAuthorizer, AuthenticationManager checks the role again by calling
* {@link org.apache.wiki.auth.authorize.WebAuthorizer#isUserInRole(javax.servlet.http.HttpServletRequest, Principal)}).
* Any roles that pass the test are injected into the Subject by firing appropriate authentication events.
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java
index 8056db8..b46b227 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java
@@ -154,7 +154,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
@Override
public boolean login( final HttpServletRequest request ) throws WikiSecurityException {
final HttpSession httpSession = request.getSession();
- final WikiSession session = SessionMonitor.getInstance( m_engine ).find( httpSession );
+ final Session session = SessionMonitor.getInstance( m_engine ).find( httpSession );
final AuthenticationManager authenticationMgr = m_engine.getManager( AuthenticationManager.class );
final AuthorizationManager authorizationMgr = m_engine.getManager( AuthorizationManager.class );
CallbackHandler handler = null;
@@ -171,7 +171,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
principals = authenticationMgr.doJAASLogin( CookieAuthenticationLoginModule.class, handler, options );
}
- // If the container logged the user in successfully, tell the WikiSession (and add all of the Principals)
+ // If the container logged the user in successfully, tell the Session (and add all of the Principals)
if ( principals.size() > 0 ) {
fireEvent( WikiSecurityEvent.LOGIN_AUTHENTICATED, getLoginPrincipal( principals ), session );
for( final Principal principal : principals ) {
@@ -274,9 +274,9 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
final HttpSession session = request.getSession();
final String sid = ( session == null ) ? "(null)" : session.getId();
if( log.isDebugEnabled() ) {
- log.debug( "Invalidating WikiSession for session ID=" + sid );
+ log.debug( "Invalidating Session for session ID=" + sid );
}
- // Retrieve the associated WikiSession and clear the Principal set
+ // Retrieve the associated Session and clear the Principal set
final Session wikiSession = WikiSession.getWikiSession( m_engine, request );
final Principal originalPrincipal = wikiSession.getLoginPrincipal();
wikiSession.invalidate();
@@ -393,14 +393,14 @@ public class DefaultAuthenticationManager implements AuthenticationManager {
}
/**
- * After successful login, this method is called to inject authorized role Principals into the WikiSession. To determine which roles
+ * After successful login, this method is called to inject authorized role Principals into the Session. To determine which roles
* should be injected, the configured Authorizer is queried for the roles it knows about by calling {@link Authorizer#getRoles()}.
* Then, each role returned by the authorizer is tested by calling {@link Authorizer#isUserInRole(Session, Principal)}. If this
* check fails, and the Authorizer is of type WebAuthorizer, the role is checked again by calling
* {@link WebAuthorizer#isUserInRole(HttpServletRequest, Principal)}). Any roles that pass the test are injected into the Subject by
* firing appropriate authentication events.
*
- * @param session the user's current WikiSession
+ * @param session the user's current Session
* @param authorizer the Engine's configured Authorizer
* @param request the user's HTTP session, which may be <code>null</code>
*/
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java
index 0ddc03e..155d235 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java
@@ -21,6 +21,7 @@ package org.apache.wiki.auth;
import org.apache.log4j.Logger;
import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
+import org.apache.wiki.api.core.Session;
import org.apache.wiki.event.WikiEventListener;
import org.apache.wiki.event.WikiEventManager;
import org.apache.wiki.event.WikiSecurityEvent;
@@ -51,7 +52,7 @@ public class SessionMonitor implements HttpSessionListener {
private static ConcurrentHashMap< Engine, SessionMonitor > c_monitors = new ConcurrentHashMap<>();
/** Weak hashmap with HttpSessions as keys, and WikiSessions as values. */
- private final Map< String, WikiSession > m_sessions = new WeakHashMap<>();
+ private final Map< String, Session > m_sessions = new WeakHashMap<>();
private Engine m_engine;
@@ -92,16 +93,14 @@ public class SessionMonitor implements HttpSessionListener {
* @param session the user's HTTP session
* @return the WikiSession, if found
*/
- private WikiSession findSession( final HttpSession session ) {
- WikiSession wikiSession = null;
+ private Session findSession( final HttpSession session ) {
+ Session wikiSession = null;
final String sid = ( session == null ) ? "(null)" : session.getId();
- final WikiSession storedSession = m_sessions.get( sid );
+ final Session storedSession = m_sessions.get( sid );
// If the weak reference returns a wiki session, return it
- if( storedSession != null )
- {
- if( log.isDebugEnabled() )
- {
+ if( storedSession != null ) {
+ if( log.isDebugEnabled() ) {
log.debug( "Looking up WikiSession for session ID=" + sid + "... found it" );
}
wikiSession = storedSession;
@@ -110,19 +109,17 @@ public class SessionMonitor implements HttpSessionListener {
return wikiSession;
}
/**
- * <p>Looks up the wiki session associated with a user's Http session
- * and adds it to the session cache. This method will return the
- * "guest session" as constructed by {@link org.apache.wiki.WikiSession#guestSession(Engine)}
- * if the HttpSession is not currently associated with a WikiSession.
- * This method is guaranteed to return a non-<code>null</code> WikiSession.</p>
- * <p>Internally, the session is stored in a HashMap; keys are
- * the HttpSession objects, while the values are
+ * <p>Looks up the wiki session associated with a user's Http session and adds it to the session cache. This method will return the
+ * "guest session" as constructed by {@link org.apache.wiki.WikiSession#guestSession(Engine)} if the HttpSession is not currently
+ * associated with a WikiSession. This method is guaranteed to return a non-<code>null</code> WikiSession.</p>
+ * <p>Internally, the session is stored in a HashMap; keys are the HttpSession objects, while the values are
* {@link java.lang.ref.WeakReference}-wrapped WikiSessions.</p>
+ *
* @param session the HTTP session
* @return the wiki session
*/
- public final WikiSession find( final HttpSession session ) {
- WikiSession wikiSession = findSession(session);
+ public final Session find( final HttpSession session ) {
+ Session wikiSession = findSession( session );
final String sid = ( session == null ) ? "(null)" : session.getId();
// Otherwise, create a new guest session and stash it.
@@ -130,7 +127,7 @@ public class SessionMonitor implements HttpSessionListener {
if( log.isDebugEnabled() ) {
log.debug( "Looking up WikiSession for session ID=" + sid + "... not found. Creating guestSession()" );
}
- wikiSession = (WikiSession)WikiSession.guestSession( m_engine );
+ wikiSession = WikiSession.guestSession( m_engine );
synchronized( m_sessions ) {
m_sessions.put( sid, wikiSession );
}
@@ -175,63 +172,57 @@ public class SessionMonitor implements HttpSessionListener {
}
/**
- * <p>Returns the current wiki users as a sorted array of
- * Principal objects. The principals are those returned by
- * each WikiSession's {@link WikiSession#getUserPrincipal()}'s
- * method.</p>
- * <p>To obtain the list of current WikiSessions, we iterate
- * through our session Map and obtain the list of values,
- * which are WikiSessions wrapped in {@link java.lang.ref.WeakReference}
- * objects. Those <code>WeakReference</code>s whose <code>get()</code>
- * method returns non-<code>null</code> values are valid
- * sessions.</p>
+ * <p>Returns the current wiki users as a sorted array of Principal objects. The principals are those returned by
+ * each WikiSession's {@link Session#getUserPrincipal()}'s method.</p>
+ * <p>To obtain the list of current WikiSessions, we iterate through our session Map and obtain the list of values,
+ * which are WikiSessions wrapped in {@link java.lang.ref.WeakReference} objects. Those <code>WeakReference</code>s
+ * whose <code>get()</code> method returns non-<code>null</code> values are valid sessions.</p>
+ *
* @return the array of user principals
*/
- public final Principal[] userPrincipals()
- {
+ public final Principal[] userPrincipals() {
final Collection<Principal> principals = new ArrayList<>();
synchronized ( m_sessions ) {
- for ( final WikiSession session : m_sessions.values()) {
+ for ( final Session session : m_sessions.values()) {
principals.add( session.getUserPrincipal() );
}
}
- final Principal[] p = principals.toArray( new Principal[principals.size()] );
+ final Principal[] p = principals.toArray( new Principal[ principals.size() ] );
Arrays.sort( p, m_comparator );
return p;
}
/**
* Registers a WikiEventListener with this instance.
+ *
* @param listener the event listener
* @since 2.4.75
*/
- public final synchronized void addWikiEventListener( final WikiEventListener listener )
- {
+ public final synchronized void addWikiEventListener( final WikiEventListener listener ) {
WikiEventManager.addWikiEventListener( this, listener );
}
/**
* Un-registers a WikiEventListener with this instance.
+ *
* @param listener the event listener
* @since 2.4.75
*/
- public final synchronized void removeWikiEventListener( final WikiEventListener listener )
- {
+ public final synchronized void removeWikiEventListener( final WikiEventListener listener ) {
WikiEventManager.removeWikiEventListener( this, listener );
}
/**
* Fires a WikiSecurityEvent to all registered listeners.
+ *
* @param type the event type
* @param principal the user principal associated with this session
* @param session the wiki session
* @since 2.4.75
*/
- protected final void fireEvent( final int type, final Principal principal, final WikiSession session )
- {
- if( WikiEventManager.isListening(this) )
- {
- WikiEventManager.fireEvent(this,new WikiSecurityEvent(this,type,principal,session));
+ protected final void fireEvent( final int type, final Principal principal, final Session session ) {
+ if( WikiEventManager.isListening( this ) ) {
+ WikiEventManager.fireEvent( this, new WikiSecurityEvent( this, type, principal, session ) );
}
}
@@ -241,8 +232,7 @@ public class SessionMonitor implements HttpSessionListener {
* @param se the HTTP session event
*/
@Override
- public void sessionCreated( final HttpSessionEvent se )
- {
+ public void sessionCreated( final HttpSessionEvent se ) {
final HttpSession session = se.getSession();
log.debug( "Created session: " + session.getId() + "." );
}
@@ -256,7 +246,7 @@ public class SessionMonitor implements HttpSessionListener {
public void sessionDestroyed( final HttpSessionEvent se ) {
final HttpSession session = se.getSession();
for( final SessionMonitor monitor : c_monitors.values() ) {
- final WikiSession storedSession = monitor.findSession( session );
+ final Session storedSession = monitor.findSession( session );
monitor.remove( session );
log.debug( "Removed session " + session.getId() + "." );
if( storedSession != null ) {
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java
index bc0f66c..fc62bb1 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java
@@ -19,7 +19,6 @@
package org.apache.wiki.auth;
import org.apache.wiki.WikiContext;
-import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.WikiException;
@@ -89,15 +88,15 @@ public interface UserManager {
* and the user's credential set is refreshed; if custom authentication is used, this means the user will be automatically be logged in.
* </p>
* <p>
- * When the user's profile is saved successfully, this method fires a {@link WikiSecurityEvent#PROFILE_SAVE} event with the WikiSession
+ * When the user's profile is saved successfully, this method fires a {@link WikiSecurityEvent#PROFILE_SAVE} event with the Session
* as the source and the UserProfile as target. For existing profiles, if the user's full name changes, this method also fires a
- * "name changed" event ({@link WikiSecurityEvent#PROFILE_NAME_CHANGED}) with the WikiSession as the source and an array containing
+ * "name changed" event ({@link WikiSecurityEvent#PROFILE_NAME_CHANGED}) with the Session as the source and an array containing
* the old and new UserProfiles, respectively. The <code>NAME_CHANGED</code> event allows the GroupManager and PageManager can change
* group memberships and ACLs if needed.
* </p>
* <p>
- * Note that WikiSessions normally attach event listeners to the UserManager, so changes to the profile will automatically cause the
- * correct Principals to be reloaded into the current WikiSession's Subject.
+ * Note that Sessions normally attach event listeners to the UserManager, so changes to the profile will automatically cause the
+ * correct Principals to be reloaded into the current Session's Subject.
* </p>
*
* @param session the wiki session, which may not be <code>null</code>
@@ -126,7 +125,7 @@ public interface UserManager {
* <li>In all cases, the created/last modified timestamps of the user's existing or new profile always override whatever values the user
* supplied.</li>
* <li>If container authentication is used, the login name property of the profile is set to the name of
- * {@link org.apache.wiki.WikiSession#getLoginPrincipal()}. Otherwise, the value of the <code>loginname</code> parameter is used.</li>
+ * {@link org.apache.wiki.api.core.Session#getLoginPrincipal()}. Otherwise, the value of the <code>loginname</code> parameter is used.</li>
* </ul>
*
* @param context the current wiki context
@@ -139,7 +138,7 @@ public interface UserManager {
* make sure it isn't null. Otherwise, the password is checked for length and that it matches the value of the 'password2' HTTP
* parameter. Note that we have a special case when container-managed authentication is used and the user is not authenticated;
* this will always cause validation to fail. Any validation errors are added to the wiki session's messages collection
- * (see {@link WikiSession#getMessages()}.
+ * (see {@link org.apache.wiki.api.core.Session#getMessages()}.
*
* @param context the current wiki context
* @param profile the supplied UserProfile
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/WikiPrincipal.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/WikiPrincipal.java
index 5ade711..787fa84 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/WikiPrincipal.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/WikiPrincipal.java
@@ -29,7 +29,7 @@ import java.util.Comparator;
/**
* A lightweight, immutable Principal class. WikiPrincipals can be created with and optional "type" to denote what type of user
* profile Principal it represents (FULL_NAME, WIKI_NAME, LOGIN_NAME). Types are used to determine suitable user and login Principals in
- * classes like WikiSession. However, the type property of a WikiPrincipal does not affect a WikiPrincipal's logical equality
+ * classes like Session. However, the type property of a WikiPrincipal does not affect a WikiPrincipal's logical equality
* or hash code; two WikiPrincipals with the same name but different types are still considered equal.
*
* @since 2.2
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java
index 227c453..b4f8d29 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java
@@ -20,7 +20,6 @@ package org.apache.wiki.auth.authorize;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.log4j.Logger;
-import org.apache.wiki.WikiSession;
import org.apache.wiki.api.core.Engine;
import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.exceptions.NoRequiredPropertyException;
@@ -365,7 +364,7 @@ public class DefaultGroupManager implements GroupManager, Authorizer, WikiEventL
final WikiSecurityEvent se = ( WikiSecurityEvent )event;
if( se.getType() == WikiSecurityEvent.PROFILE_NAME_CHANGED ) {
- final WikiSession session = se.getSrc();
+ final Session session = se.getSrc();
final UserProfile[] profiles = ( UserProfile[] )se.getTarget();
final Principal[] oldPrincipals = new Principal[] { new WikiPrincipal( profiles[ 0 ].getLoginName() ),
new WikiPrincipal( profiles[ 0 ].getFullname() ), new WikiPrincipal( profiles[ 0 ].getWikiName() ) };
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/Group.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/Group.java
index 50f7cfa..50cdf24 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/Group.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/Group.java
@@ -18,12 +18,12 @@
*/
package org.apache.wiki.auth.authorize;
+import org.apache.wiki.auth.GroupPrincipal;
+
import java.security.Principal;
import java.util.Date;
import java.util.Vector;
-import org.apache.wiki.auth.GroupPrincipal;
-
/**
* <p>
* Groups are a specialized type of ad-hoc role used by the wiki system. Unlike
@@ -48,7 +48,7 @@ import org.apache.wiki.auth.GroupPrincipal;
* </p>
* <p>
* Groups are related to {@link GroupPrincipal}s. A GroupPrincipal, when
- * injected into the Principal set of a WikiSession's Subject, means that the
+ * injected into the Principal set of a Session's Subject, means that the
* user is a member of a Group of the same name -- it is, in essence, an
* "authorization token." GroupPrincipals, unlike Groups, are thread-safe,
* lightweight and immutable. That's why we use them in Subjects rather than the
@@ -57,13 +57,11 @@ import org.apache.wiki.auth.GroupPrincipal;
*
* @since 2.3
*/
-public class Group
-{
+public class Group {
- static final String[] RESTRICTED_GROUPNAMES = new String[]
- { "Anonymous", "All", "Asserted", "Authenticated" };
+ static final String[] RESTRICTED_GROUPNAMES = new String[] { "Anonymous", "All", "Asserted", "Authenticated" };
- private final Vector<Principal> m_members = new Vector<Principal>();
+ private final Vector<Principal> m_members = new Vector<>();
private String m_creator = null;
@@ -88,8 +86,7 @@ public class Group
* @param name the name of the group
* @param wiki the wiki the group belongs to
*/
- protected Group( String name, String wiki )
- {
+ protected Group( final String name, final String wiki ) {
m_name = name;
m_wiki = wiki;
m_principal = new GroupPrincipal( name );
@@ -101,10 +98,8 @@ public class Group
* @param user the principal to add
* @return <code>true</code> if the operation was successful
*/
- public synchronized boolean add( Principal user )
- {
- if ( isMember( user ) )
- {
+ public synchronized boolean add( final Principal user ) {
+ if( isMember( user ) ) {
return false;
}
@@ -115,8 +110,7 @@ public class Group
/**
* Clears all Principals from the group list.
*/
- public synchronized void clear()
- {
+ public synchronized void clear() {
m_members.clear();
}
@@ -126,29 +120,26 @@ public class Group
* @param o the object to compare
* @return the comparison
*/
- public boolean equals( Object o )
- {
- if ( o == null || !( o instanceof Group ) )
+ @Override
+ public boolean equals( final Object o ) {
+ if( !( o instanceof Group ) ) {
return false;
+ }
- Group g = (Group) o; // Just a shortcut.
+ final Group g = ( Group )o; // Just a shortcut.
- if ( g.m_members.size() != m_members.size() )
+ if( g.m_members.size() != m_members.size() ) {
return false;
+ }
- if ( getName() != null && !getName().equals( g.getName() ) )
- {
+ if( getName() != null && !getName().equals( g.getName() ) ) {
return false;
- }
- else if ( getName() == null && g.getName() != null )
- {
+ } else if( getName() == null && g.getName() != null ) {
return false;
}
- for( Principal principal : m_members )
- {
- if ( !g.isMember( principal ) )
- {
+ for( final Principal principal : m_members ) {
+ if( !g.isMember( principal ) ) {
return false;
}
}
@@ -157,15 +148,14 @@ public class Group
}
/**
- * The hashcode is calculated as a XOR sum over all members of
- * the Group.
+ * The hashcode is calculated as a XOR sum over all members of the Group.
+ *
* @return the hash code
*/
- public int hashCode()
- {
+ @Override
+ public int hashCode() {
int hc = 0;
- for( Principal member : m_members )
- {
+ for( final Principal member : m_members ) {
hc ^= member.hashCode();
}
return hc;
@@ -173,113 +163,109 @@ public class Group
/**
* Returns the creation date.
+ *
* @return the creation date
*/
- public synchronized Date getCreated()
- {
+ public synchronized Date getCreated() {
return m_created;
}
/**
* Returns the creator of this Group.
+ *
* @return the creator
*/
- public final synchronized String getCreator()
- {
+ public final synchronized String getCreator() {
return m_creator;
}
/**
* Returns the last-modified date.
+ *
* @return the date and time of last modification
*/
- public synchronized Date getLastModified()
- {
+ public synchronized Date getLastModified() {
return m_modified;
}
/**
* Returns the name of the user who last modified this group.
+ *
* @return the modifier
*/
- public final synchronized String getModifier()
- {
+ public final synchronized String getModifier() {
return m_modifier;
}
/**
* The name of the group. This is set in the class constructor.
+ *
* @return the name of the Group
*/
- public String getName()
- {
+ public String getName() {
return m_name;
}
/**
* Returns the GroupPrincipal that represents this Group.
+ *
* @return the group principal
*/
- public Principal getPrincipal()
- {
+ public Principal getPrincipal() {
return m_principal;
}
/**
* Returns the wiki name.
+ *
* @return the wiki name
*/
- public String getWiki()
- {
+ public String getWiki() {
return m_wiki;
}
/**
- * Returns <code>true</code> if a Principal is a member of the group.
- * Specifically, the Principal's <code>getName()</code> method must return
- * the same value as one of the Principals in the group member list. The
- * Principal's type does <em>not</em> need to match.
+ * Returns <code>true</code> if a Principal is a member of the group. Specifically, the Principal's <code>getName()</code> method must
+ * return the same value as one of the Principals in the group member list. The Principal's type does <em>not</em> need to match.
+ *
* @param principal the principal about whom membeship status is sought
* @return the result of the operation
*/
- public boolean isMember( Principal principal )
- {
+ public boolean isMember( final Principal principal ) {
return findMember( principal.getName() ) != null;
}
/**
* Returns the members of the group as an array of Principal objects.
+ *
* @return the members
*/
- public Principal[] members()
- {
- return m_members.toArray( new Principal[m_members.size()] );
+ public Principal[] members() {
+ return m_members.toArray( new Principal[ m_members.size() ] );
}
/**
- * Removes a Principal from the group.
- *
+ * Removes a Principal from the group.
+ *
* @param user the principal to remove
* @return <code>true</code> if the operation was successful
*/
- public synchronized boolean remove( Principal user )
- {
+ public synchronized boolean remove( Principal user ) {
user = findMember( user.getName() );
-
- if ( user == null )
+ if( user == null )
return false;
m_members.remove( user );
-
+
return true;
}
/**
* Sets the created date.
+ *
* @param date the creation date
*/
- public synchronized void setCreated( Date date )
- {
+ public synchronized void setCreated( final Date date ) {
m_created = date;
}
@@ -287,47 +273,42 @@ public class Group
* Sets the creator of this Group.
* @param creator the creator
*/
- public final synchronized void setCreator( String creator )
- {
+ public final synchronized void setCreator( final String creator ) {
this.m_creator = creator;
}
/**
* Sets the last-modified date
+ *
* @param date the last-modified date
*/
- public synchronized void setLastModified( Date date )
- {
+ public synchronized void setLastModified( final Date date ) {
m_modified = date;
}
/**
* Sets the name of the user who last modified this group.
+ *
* @param modifier the modifier
*/
- public final synchronized void setModifier( String modifier )
- {
+ public final synchronized void setModifier( final String modifier ) {
this.m_modifier = modifier;
}
/**
* Returns a string representation of the Group.
+ *
* @return the string
* @see java.lang.Object#toString()
*/
- public String toString()
- {
- StringBuilder sb = new StringBuilder();
- sb.append( "(Group " + getName() + ")" );
- return sb.toString();
+ @Override
+ public String toString() {
+ return "(Group " + getName() + ")";
}
- private Principal findMember( String name )
- {
- for( Principal member : m_members )
- {
- if ( member.getName().equals( name ) )
- {
+ private Principal findMember( final String name ) {
+ for( final Principal member : m_members ) {
+ if( member.getName().equals( name ) ) {
return member;
}
}
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java
index d6a0866..ce8b856 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java
@@ -46,7 +46,7 @@ import java.security.Principal;
*/
public interface GroupManager extends Authorizer, WikiEventListener {
- /** Key used for adding UI messages to a user's WikiSession. */
+ /** Key used for adding UI messages to a user's Session. */
String MESSAGES_KEY = "group";
String PROP_GROUPDATABASE = "jspwiki.groupdatabase";
@@ -168,8 +168,8 @@ public interface GroupManager extends Authorizer, WikiEventListener {
* </p>
* <p>
* This method will register the new Group with the GroupManager. For example, {@link org.apache.wiki.auth.AuthenticationManager}
- * attaches each WikiSession as a GroupManager listener. Thus, the act of registering a Group with <code>setGroup</code> means that
- * all WikiSessions will automatically receive group add/change/delete events immediately.
+ * attaches each Session as a GroupManager listener. Thus, the act of registering a Group with <code>setGroup</code> means that
+ * all Sessions will automatically receive group add/change/delete events immediately.
* </p>
*
* @param session the wiki session, which may not be <code>null</code>
@@ -203,7 +203,7 @@ public interface GroupManager extends Authorizer, WikiEventListener {
/**
- * Checks if a String is blank or a restricted Group name, and if it is, appends an error to the WikiSession's message list.
+ * Checks if a String is blank or a restricted Group name, and if it is, appends an error to the Session's message list.
*
* @param context the wiki context
* @param name the Group name to test
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java
index 0353266..c2b8e60 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java
@@ -146,23 +146,23 @@ public class WebContainerAuthorizer implements WebAuthorizer {
}
/**
- * Determines whether the Subject associated with a WikiSession is in a
- * particular role. This method takes two parameters: the WikiSession
+ * Determines whether the Subject associated with a Session is in a
+ * particular role. This method takes two parameters: the Session
* containing the subject and the desired role ( which may be a Role or a
* Group). If either parameter is <code>null</code>, this method must
* return <code>false</code>.
- * This method simply examines the WikiSession subject to see if it
+ * This method simply examines the Session subject to see if it
* possesses the desired Principal. We assume that the method
* {@link org.apache.wiki.ui.WikiServletFilter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)}
- * previously executed, and that it has set the WikiSession
+ * previously executed, and that it has set the Session
* subject correctly by logging in the user with the various login modules,
* in particular {@link org.apache.wiki.auth.login.WebContainerLoginModule}}.
* This is definitely a hack,
- * but it eliminates the need for WikiSession to keep dangling
+ * but it eliminates the need for Session to keep dangling
* references to the last WikiContext hanging around, just
* so we can look up the HttpServletRequest.
*
- * @param session the current WikiSession
+ * @param session the current Session
* @param role the role to check
* @return <code>true</code> if the user is considered to be in the role,
* <code>false</code> otherwise
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/DefaultUserProfile.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/DefaultUserProfile.java
index 416cca4..9ba0121 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/DefaultUserProfile.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/DefaultUserProfile.java
@@ -19,7 +19,6 @@
package org.apache.wiki.auth.user;
import org.apache.commons.lang3.StringUtils;
-import org.apache.wiki.WikiSession;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;
@@ -223,7 +222,7 @@ public final class DefaultUserProfile implements UserProfile {
/**
* Sets the name by which the user logs in. The login name is used as the username for custom authentication (see
- * {@link org.apache.wiki.auth.AuthenticationManager#login(WikiSession,HttpServletRequest, String, String)}).
+ * {@link org.apache.wiki.auth.AuthenticationManager#login(org.apache.wiki.api.core.Session,HttpServletRequest, String, String)}).
* The login name is typically a short name ("jannej"). In contrast, the wiki name is typically of type
* FirstnameLastName ("JanneJalkanen").
*
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserDatabase.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserDatabase.java
index 906c54b..cf649b2 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserDatabase.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserDatabase.java
@@ -53,7 +53,7 @@ public interface UserDatabase {
* Note that if an implememtation wishes to mark one of the returned Principals as representing the user's common name, it should
* instantiate this Principal using {@link org.apache.wiki.auth.WikiPrincipal#WikiPrincipal(String, String)} with the <code>type</code>
* parameter set to {@link org.apache.wiki.auth.WikiPrincipal#WIKI_NAME}. The method
- * {@link org.apache.wiki.WikiSession#getUserPrincipal()} will return this principal as the "primary" principal. Note that this method
+ * {@link org.apache.wiki.api.core.Session#getUserPrincipal()} will return this principal as the "primary" principal. Note that this method
* can also be used to mark a WikiPrincipal as a login name or a wiki name.
* </p>
*
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserProfile.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserProfile.java
index cb39278..ec8afa4 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserProfile.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserProfile.java
@@ -161,7 +161,7 @@ public interface UserProfile extends Serializable
/**
* Sets the name by which the user logs in. The login name is used as the
* username for custom authentication (see
- * {@link org.apache.wiki.auth.AuthenticationManager#login(WikiSession,HttpServletRequest, String, String)},
+ * {@link org.apache.wiki.auth.AuthenticationManager#login(org.apache.wiki.api.core.Session, javax.servlet.http.HttpServletRequest, String, String)},
* {@link org.apache.wiki.auth.login.UserDatabaseLoginModule}). The login
* name is typically a short name ("jannej"). In contrast, the wiki name is
* typically of type FirstnameLastName ("JanneJalkanen").
@@ -192,5 +192,6 @@ public interface UserProfile extends Serializable
* Returns a string representation of this user profile.
* @return the string
*/
+ @Override
String toString();
}