You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by aj...@apache.org on 2008/04/01 05:46:32 UTC
svn commit: r643259 -
/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/WikiRequestWrapper.java
Author: ajaquith
Date: Mon Mar 31 20:46:31 2008
New Revision: 643259
URL: http://svn.apache.org/viewvc?rev=643259&view=rev
Log:
Re-factored the authentication subsystem to remove the need for JAAS configuration files. WEB-INF/jspwiki.jaas goes away, as does the need for PolicyLoader. Also, responsibilities for web authentication move to WikiServletFilter. Authentication is now configured via jspwiki.properties -- see that file for details. WikiSession API change: getLoginContext() vanishes.
Added:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/WikiRequestWrapper.java
Added: incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/WikiRequestWrapper.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/WikiRequestWrapper.java?rev=643259&view=auto
==============================================================================
--- incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/WikiRequestWrapper.java (added)
+++ incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/ui/WikiRequestWrapper.java Mon Mar 31 20:46:31 2008
@@ -0,0 +1,142 @@
+/*
+ JSPWiki - a JSP-based WikiWiki clone.
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
+package com.ecyrd.jspwiki.ui;
+
+import java.security.Principal;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+import com.ecyrd.jspwiki.WikiEngine;
+import com.ecyrd.jspwiki.WikiSession;
+import com.ecyrd.jspwiki.auth.SessionMonitor;
+import com.ecyrd.jspwiki.auth.authorize.Role;
+
+/**
+ * Servlet request wrapper that encapsulates an incoming HTTP request and
+ * overrides its security methods so that the request returns JSPWiki-specific
+ * values.
+ *
+ * @author Andrew Jaquith
+ * @since 2.8
+ */
+public class WikiRequestWrapper extends HttpServletRequestWrapper
+{
+ private final WikiSession m_session;
+
+ /**
+ * Constructs a new wrapped request.
+ *
+ * @param engine
+ * the wiki engine
+ * @param request
+ * the request to wrap
+ */
+ public WikiRequestWrapper(WikiEngine engine, HttpServletRequest request)
+ {
+ super(request);
+
+ // Get and stash a reference to the current WikiSession
+ m_session = SessionMonitor.getInstance(engine).find(request.getSession());
+ }
+
+ /**
+ * Returns the remote user for the HTTP request, taking into account both
+ * container and JSPWiki custom authentication status. Specifically, if the
+ * wrapped request contains a remote user, this method returns that remote
+ * user. Otherwise, if the user's WikiSession is an authenticated session
+ * (that is, {@link WikiSession#isAuthenticated()} returns <code>true</code>,
+ * this method returns the name of the principal returned by
+ * {@link WikiSession#getLoginPrincipal()}.
+ */
+ public String getRemoteUser()
+ {
+ if (super.getRemoteUser() != null)
+ {
+ return super.getRemoteUser();
+ }
+
+ if (m_session.isAuthenticated())
+ {
+ return m_session.getLoginPrincipal().getName();
+ }
+ return null;
+ }
+
+ /**
+ * Returns the user principal for the HTTP request, taking into account both
+ * container and JSPWiki custom authentication status. Specifically, if the
+ * wrapped request contains a user principal, this method returns that
+ * principal. Otherwise, if the user's WikiSession is an authenticated
+ * session (that is, {@link WikiSession#isAuthenticated()} returns
+ * <code>true</code>, this method returns the value of
+ * {@link WikiSession#getLoginPrincipal()}.
+ */
+ public Principal getUserPrincipal()
+ {
+ if (super.getUserPrincipal() != null)
+ {
+ return super.getUserPrincipal();
+ }
+
+ if (m_session.isAuthenticated())
+ {
+ return m_session.getLoginPrincipal();
+ }
+ return null;
+ }
+
+ /**
+ * Determines whether the current user possesses a supplied role, taking
+ * into account both container and JSPWIki custom authentication status.
+ * Specifically, if the wrapped request shows that the user possesses the
+ * role, this method returns <code>true</code>. If not, this method
+ * iterates through the built-in Role objects (<em>e.g.</em>, ANONYMOUS,
+ * ASSERTED, AUTHENTICATED) returned by {@link WikiSession#getRoles()} and
+ * checks to see if any of these principals' names match the supplied role.
+ */
+ public boolean isUserInRole(String role)
+ {
+ boolean hasContainerRole = super.isUserInRole(role);
+ if (hasContainerRole)
+ {
+ return true;
+ }
+
+ // Iterate through all of the built-in roles and look for a match
+ Principal[] principals = m_session.getRoles();
+ for (int i = 0; i < principals.length; i++)
+ {
+ if (principals[i] instanceof Role)
+ {
+ Role principal = (Role) principals[i];
+ if (Role.isBuiltInRole(principal) && principal.getName().equals(role))
+ {
+ return true;
+ }
+ }
+ }
+
+ // None of the built-in roles match, so no luck
+ return false;
+ }
+
+}