This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit aec837ee2fc0ea830ee7695e9c088472df8e9138 Author: juanpablo <[email protected]> AuthorDate: Thu Mar 5 17:17:36 2020 +0100 JSPWIKI-303: use Session instead of WikiSession (1) --- .../src/main/java/org/apache/wiki/WikiContext.java | 10 +- .../src/main/java/org/apache/wiki/WikiSession.java | 4 +- .../java/org/apache/wiki/api/core/Session.java | 12 +- .../apache/wiki/auth/AuthenticationManager.java | 18 +-- .../org/apache/wiki/auth/AuthorizationManager.java | 12 +- .../main/java/org/apache/wiki/auth/Authorizer.java | 5 +- .../wiki/auth/DefaultAuthenticationManager.java | 12 +- .../java/org/apache/wiki/auth/SessionMonitor.java | 78 +++++------ .../java/org/apache/wiki/auth/UserManager.java | 13 +- .../java/org/apache/wiki/auth/WikiPrincipal.java | 2 +- .../wiki/auth/authorize/DefaultGroupManager.java | 3 +- .../java/org/apache/wiki/auth/authorize/Group.java | 151 +++++++++------------ .../apache/wiki/auth/authorize/GroupManager.java | 8 +- .../auth/authorize/WebContainerAuthorizer.java | 12 +- .../apache/wiki/auth/user/DefaultUserProfile.java | 3 +- .../org/apache/wiki/auth/user/UserDatabase.java | 2 +- .../org/apache/wiki/auth/user/UserProfile.java | 3 +- 17 files changed, 158 insertions(+), 190 deletions(-) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java index 8b9e53d..b80f222 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiContext.java @@ -185,7 +185,7 @@ public class WikiContext implements Cloneable, Command { * Creates a new WikiContext for the given Engine, Command and HttpServletRequest. * </p> * <p> - * This constructor will also look up the HttpSession associated with the request, and determine if a WikiSession object is present. + * This constructor will also look up the HttpSession associated with the request, and determine if a Session object is present. * If not, a new one is created. * </p> * @param engine The Engine that is handling the request @@ -652,11 +652,11 @@ public class WikiContext implements Cloneable, Command { } /** - * Returns the WikiSession associated with the context. This method is guaranteed to always return a valid WikiSession. + * Returns the Session associated with the context. This method is guaranteed to always return a valid Session. * If this context was constructed without an associated HttpServletRequest, it will return * {@link org.apache.wiki.WikiSession#guestSession(Engine)}. * - * @return The WikiSession associate with this context. + * @return The Session associated with this context. */ public Session getWikiSession() { @@ -672,8 +672,8 @@ public class WikiContext implements Cloneable, Command { * @return Current WikiContext, or null, of no context exists. */ public static WikiContext findContext( final PageContext pageContext ) { - final HttpServletRequest request = (HttpServletRequest) pageContext.getRequest(); - return (WikiContext)request.getAttribute( ATTR_CONTEXT ); + final HttpServletRequest request = ( HttpServletRequest )pageContext.getRequest(); + return ( WikiContext )request.getAttribute( ATTR_CONTEXT ); } /** diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java index 12e6f36..5f68e60 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiSession.java @@ -382,7 +382,7 @@ public final class WikiSession implements Session { /** * Injects GroupPrincipal objects into the user's Principal set based on the groups the user belongs to. For Groups, the algorithm * first calls the {@link GroupManager#getRoles()} to obtain the array of GroupPrincipals the authorizer knows about. Then, the - * method {@link GroupManager#isUserInRole(WikiSession, Principal)} is called for each Principal. If the user is a member of the + * method {@link GroupManager#isUserInRole(Session, Principal)} is called for each Principal. If the user is a member of the * group, an equivalent GroupPrincipal is injected into the user's principal set. Existing GroupPrincipals are flushed and replaced. * This method should generally be called after a user's {@link org.apache.wiki.auth.user.UserProfile} is saved. If the wiki session * is null, or there is no matching user profile, the method returns silently. @@ -493,7 +493,7 @@ public final class WikiSession implements Session { // Look for a WikiSession associated with the user's Http Session and create one if it isn't there yet. final HttpSession session = request.getSession(); final SessionMonitor monitor = SessionMonitor.getInstance( engine ); - final WikiSession wikiSession = monitor.find( session ); + final WikiSession wikiSession = ( WikiSession )monitor.find( session ); // Attach reference to wiki engine wikiSession.m_engine = engine; diff --git a/jspwiki-main/src/main/java/org/apache/wiki/api/core/Session.java b/jspwiki-main/src/main/java/org/apache/wiki/api/core/Session.java index 8dce0d8..f2704e7 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/api/core/Session.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/api/core/Session.java @@ -54,7 +54,7 @@ import java.util.Locale; * re-authenticate. * </p> * <p>In addition to methods for examining individual <code>Session</code> objects, this class also contains a number of static - * methods for managing WikiSessions for an entire wiki. These methods allow callers to find, query and remove WikiSession objects, and + * methods for managing Sessions for an entire wiki. These methods allow callers to find, query and remove Session objects, and * to obtain a list of the current wiki session users.</p> */ public interface Session extends WikiEventListener { @@ -126,7 +126,7 @@ public interface Session extends WikiEventListener { /** * Returns a cached Locale object for this user. It's better to use WikiContext's corresponding getBundle() method, since that * will actually react if the user changes the locale in the middle, but if that's not available (or, for some reason, you need - * the speed), this method can also be used. The Locale expires when the WikiSession expires, and currently there is no way to + * the speed), this method can also be used. The Locale expires when the Session expires, and currently there is no way to * reset the Locale. * * @return A cached Locale object @@ -190,7 +190,7 @@ public interface Session extends WikiEventListener { Principal[] getPrincipals(); /** - * Returns an array of Principal objects that represents the groups and roles that the user associated with a WikiSession possesses. + * Returns an array of Principal objects that represents the groups and roles that the user associated with a Session possesses. * The array is built by iterating through the Subject's Principal set and extracting all Role and GroupPrincipal objects into a * list. The list is returned as an array sorted in the natural order implied by each Principal's <code>getName</code> method. Note * that this method does <em>not</em> consult the external Authorizer or GroupManager; it relies on the Principals that have been @@ -201,7 +201,7 @@ public interface Session extends WikiEventListener { Principal[] getRoles(); /** - * Returns <code>true</code> if the WikiSession's Subject possess a supplied Principal. This method eliminates the need to externally + * Returns <code>true</code> if the Session's Subject possess a supplied Principal. This method eliminates the need to externally * request and inspect the JAAS subject. * * @param principal the Principal to test @@ -209,7 +209,7 @@ public interface Session extends WikiEventListener { */ boolean hasPrincipal( Principal principal ); - /** Invalidates the WikiSession and resets its Subject's Principals to the equivalent of a "guest session". */ + /** Invalidates the Session and resets its Subject's Principals to the equivalent of a "guest session". */ void invalidate(); /** @@ -233,7 +233,7 @@ public interface Session extends WikiEventListener { /** * Wrapper for {@link Subject#doAsPrivileged(Subject, PrivilegedAction, java.security.AccessControlContext)} - * that executes an action with the privileges posssessed by a WikiSession's Subject. The action executes with a <code>null</code> + * that executes an action with the privileges posssessed by a Session's Subject. The action executes with a <code>null</code> * AccessControlContext, which has the effect of running it "cleanly" without the AccessControlContexts of the caller. * * @param session the wiki session diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java index 9360124..143c180 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java @@ -88,24 +88,24 @@ public interface AuthenticationManager { boolean isContainerAuthenticated(); /** - * <p>Logs in the user by attempting to populate a WikiSession Subject from a web servlet request by examining the request + * <p>Logs in the user by attempting to populate a Session Subject from a web servlet request by examining the request * for the presence of container credentials and user cookies. The processing logic is as follows: * </p> * <ul> - * <li>If the WikiSession had previously been unauthenticated, check to see if user has subsequently authenticated. To be considered + * <li>If the Session had previously been unauthenticated, check to see if user has subsequently authenticated. To be considered * "authenticated," the request must supply one of the following (in order of preference): the container <code>userPrincipal</code>, * container <code>remoteUser</code>, or authentication cookie. If the user is authenticated, this method fires event * {@link org.apache.wiki.event.WikiSecurityEvent#LOGIN_AUTHENTICATED} with two parameters: a Principal representing the login principal, - * and the current WikiSession. In addition, if the authorizer is of type WebContainerAuthorizer, this method iterates through the + * and the current Session. In addition, if the authorizer is of type WebContainerAuthorizer, this method iterates through the * container roles returned by {@link org.apache.wiki.auth.authorize.WebContainerAuthorizer#getRoles()}, tests for membership in each * one, and adds those that pass to the Subject's principal set.</li> - * <li>If, after checking for authentication, the WikiSession is still Anonymous, this method next checks to see if the user has + * <li>If, after checking for authentication, the Session is still Anonymous, this method next checks to see if the user has * "asserted" an identity by supplying an assertion cookie. If the user is found to be asserted, this method fires event * {@link org.apache.wiki.event.WikiSecurityEvent#LOGIN_ASSERTED} with two parameters: <code>WikiPrincipal(<em>cookievalue</em>)</code>, - * and the current WikiSession.</li> - * <li>If, after checking for authenticated and asserted status, the WikiSession is <em>still</em> anonymous, this method fires event + * and the current Session.</li> + * <li>If, after checking for authenticated and asserted status, the Session is <em>still</em> anonymous, this method fires event * {@link org.apache.wiki.event.WikiSecurityEvent#LOGIN_ANONYMOUS} with two parameters: <code>WikiPrincipal(<em>remoteAddress</em>)</code>, - * and the current WikiSession </li> + * and the current Session </li> * </ul> * * @param request servlet request for this user @@ -116,7 +116,7 @@ public interface AuthenticationManager { boolean login( HttpServletRequest request ) throws WikiSecurityException; /** - * Attempts to perform a WikiSession login for the given username/password combination using JSPWiki's custom authentication mode. In + * Attempts to perform a Session login for the given username/password combination using JSPWiki's custom authentication mode. In * order to log in, the JAAS LoginModule supplied by the Engine property {@link #PROP_LOGIN_MODULE} will be instantiated, and its * {@link javax.security.auth.spi.LoginModule#initialize(Subject, CallbackHandler, Map, Map)} method will be invoked. By default, * the {@link org.apache.wiki.auth.login.UserDatabaseLoginModule} class will be used. When the LoginModule's <code>initialize</code> @@ -134,7 +134,7 @@ public interface AuthenticationManager { boolean login( Session session, HttpServletRequest request, String username, String password ) throws WikiSecurityException; /** - * Logs the user out by retrieving the WikiSession associated with the HttpServletRequest and unbinding all of the Subject's Principals, + * Logs the user out by retrieving the Session associated with the HttpServletRequest and unbinding all of the Subject's Principals, * except for {@link Role#ALL}, {@link Role#ANONYMOUS}. is a cheap-and-cheerful way to do it without invoking JAAS LoginModules. * The logout operation will also flush the JSESSIONID cookie from the user's browser session, if it was set. * diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java index c10128e..198cf80 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java @@ -45,7 +45,7 @@ import java.util.Properties; * <em>e.g.,</em> reading, editing, renaming * </ul> * <p>Calling classes determine whether they are entitled to perform a particular action by constructing the appropriate permission first, - * then passing it and the current {@link org.apache.wiki.WikiSession} to the {@link #checkPermission(Session, Permission)} method. If + * then passing it and the current {@link Session} to the {@link #checkPermission(Session, Permission)} method. If * the session's Subject possesses the permission, the action is allowed.</p> * <p>For WikiPermissions, the decision criteria is relatively simple: the caller either possesses the permission, as granted by the wiki * security policy -- or not.</p> @@ -75,10 +75,10 @@ public interface AuthorizationManager { /** * Returns <code>true</code> or <code>false</code>, depending on whether a Permission is allowed for the Subject associated with - * a supplied WikiSession. The access control algorithm works this way: + * a supplied Session. The access control algorithm works this way: * <ol> * <li>The {@link org.apache.wiki.auth.acl.Acl} for the page is obtained</li> - * <li>The Subject associated with the current {@link org.apache.wiki.WikiSession} is obtained</li> + * <li>The Subject associated with the current {@link org.apache.wiki.api.core.Session} is obtained</li> * <li>If the Subject's Principal set includes the Role Principal that is the administrator group, always allow the Permission</li> * <li>For all permissions, check to see if the Permission is allowed according to the default security policy. If it isn't, deny * the permission and halt further processing.</li> @@ -106,7 +106,7 @@ public interface AuthorizationManager { boolean checkPermission( Session session, Permission permission ); /** - * <p>Determines if the Subject associated with a supplied WikiSession contains a desired Role or GroupPrincipal. The algorithm + * <p>Determines if the Subject associated with a supplied Session contains a desired Role or GroupPrincipal. The algorithm * simply checks to see if the Subject possesses the Role or GroupPrincipal it in its Principal set. Note that any user (anonymous, * asserted, authenticated) can possess a built-in role. But a user <em>must</em> be authenticated to possess a role other than one * of the built-in ones. We do this to prevent privilege escalation.</p> @@ -146,7 +146,7 @@ public interface AuthorizationManager { Authorizer getAuthorizer() throws WikiSecurityException; /** - * <p>Determines if the Subject associated with a supplied WikiSession contains a desired user Principal or built-in Role principal, + * <p>Determines if the Subject associated with a supplied Session contains a desired user Principal or built-in Role principal, * OR is a member a Group or external Role. The rules are as follows:</p> * <ol> * <li>First, if desired Principal is a Role or GroupPrincipal, delegate to {@link #isUserInRole(Session, Principal)} and @@ -226,7 +226,7 @@ public interface AuthorizationManager { * * @see AccessController#checkPermission(Permission) . A caught exception (or lack thereof) determines whether the * privilege is absent (or present). - * @param session the WikiSession whose permission status is being queried + * @param session the Session whose permission status is being queried * @param permission the Permission the Subject must possess * @return <code>true</code> if the Subject possesses the permission, <code>false</code> otherwise */ diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java index 534d6a5..84468d7 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/Authorizer.java @@ -18,7 +18,6 @@ */ package org.apache.wiki.auth; -import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; import org.apache.wiki.api.core.Session; @@ -29,9 +28,9 @@ import java.util.Properties; /** * Interface for service providers of authorization information. After a user successfully logs in, the * {@link org.apache.wiki.auth.AuthenticationManager} consults the configured Authorizer to determine which additional - * {@link org.apache.wiki.auth.authorize.Role} principals should be added to the user's WikiSession. To determine which roles should be + * {@link org.apache.wiki.auth.authorize.Role} principals should be added to the user's Session. To determine which roles should be * injected, the Authorizer is queried for the roles it knows about by calling {@link org.apache.wiki.auth.Authorizer#getRoles()}. Then, - * each role returned by the Authorizer is tested by calling {@link org.apache.wiki.auth.Authorizer#isUserInRole(WikiSession, Principal)}. + * each role returned by the Authorizer is tested by calling {@link org.apache.wiki.auth.Authorizer#isUserInRole(Session, Principal)}. * If this check fails, and the Authorizer is of type WebAuthorizer, AuthenticationManager checks the role again by calling * {@link org.apache.wiki.auth.authorize.WebAuthorizer#isUserInRole(javax.servlet.http.HttpServletRequest, Principal)}). * Any roles that pass the test are injected into the Subject by firing appropriate authentication events. diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java index 8056db8..b46b227 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java @@ -154,7 +154,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager { @Override public boolean login( final HttpServletRequest request ) throws WikiSecurityException { final HttpSession httpSession = request.getSession(); - final WikiSession session = SessionMonitor.getInstance( m_engine ).find( httpSession ); + final Session session = SessionMonitor.getInstance( m_engine ).find( httpSession ); final AuthenticationManager authenticationMgr = m_engine.getManager( AuthenticationManager.class ); final AuthorizationManager authorizationMgr = m_engine.getManager( AuthorizationManager.class ); CallbackHandler handler = null; @@ -171,7 +171,7 @@ public class DefaultAuthenticationManager implements AuthenticationManager { principals = authenticationMgr.doJAASLogin( CookieAuthenticationLoginModule.class, handler, options ); } - // If the container logged the user in successfully, tell the WikiSession (and add all of the Principals) + // If the container logged the user in successfully, tell the Session (and add all of the Principals) if ( principals.size() > 0 ) { fireEvent( WikiSecurityEvent.LOGIN_AUTHENTICATED, getLoginPrincipal( principals ), session ); for( final Principal principal : principals ) { @@ -274,9 +274,9 @@ public class DefaultAuthenticationManager implements AuthenticationManager { final HttpSession session = request.getSession(); final String sid = ( session == null ) ? "(null)" : session.getId(); if( log.isDebugEnabled() ) { - log.debug( "Invalidating WikiSession for session ID=" + sid ); + log.debug( "Invalidating Session for session ID=" + sid ); } - // Retrieve the associated WikiSession and clear the Principal set + // Retrieve the associated Session and clear the Principal set final Session wikiSession = WikiSession.getWikiSession( m_engine, request ); final Principal originalPrincipal = wikiSession.getLoginPrincipal(); wikiSession.invalidate(); @@ -393,14 +393,14 @@ public class DefaultAuthenticationManager implements AuthenticationManager { } /** - * After successful login, this method is called to inject authorized role Principals into the WikiSession. To determine which roles + * After successful login, this method is called to inject authorized role Principals into the Session. To determine which roles * should be injected, the configured Authorizer is queried for the roles it knows about by calling {@link Authorizer#getRoles()}. * Then, each role returned by the authorizer is tested by calling {@link Authorizer#isUserInRole(Session, Principal)}. If this * check fails, and the Authorizer is of type WebAuthorizer, the role is checked again by calling * {@link WebAuthorizer#isUserInRole(HttpServletRequest, Principal)}). Any roles that pass the test are injected into the Subject by * firing appropriate authentication events. * - * @param session the user's current WikiSession + * @param session the user's current Session * @param authorizer the Engine's configured Authorizer * @param request the user's HTTP session, which may be <code>null</code> */ diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java index 0ddc03e..155d235 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/SessionMonitor.java @@ -21,6 +21,7 @@ package org.apache.wiki.auth; import org.apache.log4j.Logger; import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Session; import org.apache.wiki.event.WikiEventListener; import org.apache.wiki.event.WikiEventManager; import org.apache.wiki.event.WikiSecurityEvent; @@ -51,7 +52,7 @@ public class SessionMonitor implements HttpSessionListener { private static ConcurrentHashMap< Engine, SessionMonitor > c_monitors = new ConcurrentHashMap<>(); /** Weak hashmap with HttpSessions as keys, and WikiSessions as values. */ - private final Map< String, WikiSession > m_sessions = new WeakHashMap<>(); + private final Map< String, Session > m_sessions = new WeakHashMap<>(); private Engine m_engine; @@ -92,16 +93,14 @@ public class SessionMonitor implements HttpSessionListener { * @param session the user's HTTP session * @return the WikiSession, if found */ - private WikiSession findSession( final HttpSession session ) { - WikiSession wikiSession = null; + private Session findSession( final HttpSession session ) { + Session wikiSession = null; final String sid = ( session == null ) ? "(null)" : session.getId(); - final WikiSession storedSession = m_sessions.get( sid ); + final Session storedSession = m_sessions.get( sid ); // If the weak reference returns a wiki session, return it - if( storedSession != null ) - { - if( log.isDebugEnabled() ) - { + if( storedSession != null ) { + if( log.isDebugEnabled() ) { log.debug( "Looking up WikiSession for session ID=" + sid + "... found it" ); } wikiSession = storedSession; @@ -110,19 +109,17 @@ public class SessionMonitor implements HttpSessionListener { return wikiSession; } /** - * <p>Looks up the wiki session associated with a user's Http session - * and adds it to the session cache. This method will return the - * "guest session" as constructed by {@link org.apache.wiki.WikiSession#guestSession(Engine)} - * if the HttpSession is not currently associated with a WikiSession. - * This method is guaranteed to return a non-<code>null</code> WikiSession.</p> - * <p>Internally, the session is stored in a HashMap; keys are - * the HttpSession objects, while the values are + * <p>Looks up the wiki session associated with a user's Http session and adds it to the session cache. This method will return the + * "guest session" as constructed by {@link org.apache.wiki.WikiSession#guestSession(Engine)} if the HttpSession is not currently + * associated with a WikiSession. This method is guaranteed to return a non-<code>null</code> WikiSession.</p> + * <p>Internally, the session is stored in a HashMap; keys are the HttpSession objects, while the values are * {@link java.lang.ref.WeakReference}-wrapped WikiSessions.</p> + * * @param session the HTTP session * @return the wiki session */ - public final WikiSession find( final HttpSession session ) { - WikiSession wikiSession = findSession(session); + public final Session find( final HttpSession session ) { + Session wikiSession = findSession( session ); final String sid = ( session == null ) ? "(null)" : session.getId(); // Otherwise, create a new guest session and stash it. @@ -130,7 +127,7 @@ public class SessionMonitor implements HttpSessionListener { if( log.isDebugEnabled() ) { log.debug( "Looking up WikiSession for session ID=" + sid + "... not found. Creating guestSession()" ); } - wikiSession = (WikiSession)WikiSession.guestSession( m_engine ); + wikiSession = WikiSession.guestSession( m_engine ); synchronized( m_sessions ) { m_sessions.put( sid, wikiSession ); } @@ -175,63 +172,57 @@ public class SessionMonitor implements HttpSessionListener { } /** - * <p>Returns the current wiki users as a sorted array of - * Principal objects. The principals are those returned by - * each WikiSession's {@link WikiSession#getUserPrincipal()}'s - * method.</p> - * <p>To obtain the list of current WikiSessions, we iterate - * through our session Map and obtain the list of values, - * which are WikiSessions wrapped in {@link java.lang.ref.WeakReference} - * objects. Those <code>WeakReference</code>s whose <code>get()</code> - * method returns non-<code>null</code> values are valid - * sessions.</p> + * <p>Returns the current wiki users as a sorted array of Principal objects. The principals are those returned by + * each WikiSession's {@link Session#getUserPrincipal()}'s method.</p> + * <p>To obtain the list of current WikiSessions, we iterate through our session Map and obtain the list of values, + * which are WikiSessions wrapped in {@link java.lang.ref.WeakReference} objects. Those <code>WeakReference</code>s + * whose <code>get()</code> method returns non-<code>null</code> values are valid sessions.</p> + * * @return the array of user principals */ - public final Principal[] userPrincipals() - { + public final Principal[] userPrincipals() { final Collection<Principal> principals = new ArrayList<>(); synchronized ( m_sessions ) { - for ( final WikiSession session : m_sessions.values()) { + for ( final Session session : m_sessions.values()) { principals.add( session.getUserPrincipal() ); } } - final Principal[] p = principals.toArray( new Principal[principals.size()] ); + final Principal[] p = principals.toArray( new Principal[ principals.size() ] ); Arrays.sort( p, m_comparator ); return p; } /** * Registers a WikiEventListener with this instance. + * * @param listener the event listener * @since 2.4.75 */ - public final synchronized void addWikiEventListener( final WikiEventListener listener ) - { + public final synchronized void addWikiEventListener( final WikiEventListener listener ) { WikiEventManager.addWikiEventListener( this, listener ); } /** * Un-registers a WikiEventListener with this instance. + * * @param listener the event listener * @since 2.4.75 */ - public final synchronized void removeWikiEventListener( final WikiEventListener listener ) - { + public final synchronized void removeWikiEventListener( final WikiEventListener listener ) { WikiEventManager.removeWikiEventListener( this, listener ); } /** * Fires a WikiSecurityEvent to all registered listeners. + * * @param type the event type * @param principal the user principal associated with this session * @param session the wiki session * @since 2.4.75 */ - protected final void fireEvent( final int type, final Principal principal, final WikiSession session ) - { - if( WikiEventManager.isListening(this) ) - { - WikiEventManager.fireEvent(this,new WikiSecurityEvent(this,type,principal,session)); + protected final void fireEvent( final int type, final Principal principal, final Session session ) { + if( WikiEventManager.isListening( this ) ) { + WikiEventManager.fireEvent( this, new WikiSecurityEvent( this, type, principal, session ) ); } } @@ -241,8 +232,7 @@ public class SessionMonitor implements HttpSessionListener { * @param se the HTTP session event */ @Override - public void sessionCreated( final HttpSessionEvent se ) - { + public void sessionCreated( final HttpSessionEvent se ) { final HttpSession session = se.getSession(); log.debug( "Created session: " + session.getId() + "." ); } @@ -256,7 +246,7 @@ public class SessionMonitor implements HttpSessionListener { public void sessionDestroyed( final HttpSessionEvent se ) { final HttpSession session = se.getSession(); for( final SessionMonitor monitor : c_monitors.values() ) { - final WikiSession storedSession = monitor.findSession( session ); + final Session storedSession = monitor.findSession( session ); monitor.remove( session ); log.debug( "Removed session " + session.getId() + "." ); if( storedSession != null ) { diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java index bc0f66c..fc62bb1 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/UserManager.java @@ -19,7 +19,6 @@ package org.apache.wiki.auth; import org.apache.wiki.WikiContext; -import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.WikiException; @@ -89,15 +88,15 @@ public interface UserManager { * and the user's credential set is refreshed; if custom authentication is used, this means the user will be automatically be logged in. * </p> * <p> - * When the user's profile is saved successfully, this method fires a {@link WikiSecurityEvent#PROFILE_SAVE} event with the WikiSession + * When the user's profile is saved successfully, this method fires a {@link WikiSecurityEvent#PROFILE_SAVE} event with the Session * as the source and the UserProfile as target. For existing profiles, if the user's full name changes, this method also fires a - * "name changed" event ({@link WikiSecurityEvent#PROFILE_NAME_CHANGED}) with the WikiSession as the source and an array containing + * "name changed" event ({@link WikiSecurityEvent#PROFILE_NAME_CHANGED}) with the Session as the source and an array containing * the old and new UserProfiles, respectively. The <code>NAME_CHANGED</code> event allows the GroupManager and PageManager can change * group memberships and ACLs if needed. * </p> * <p> - * Note that WikiSessions normally attach event listeners to the UserManager, so changes to the profile will automatically cause the - * correct Principals to be reloaded into the current WikiSession's Subject. + * Note that Sessions normally attach event listeners to the UserManager, so changes to the profile will automatically cause the + * correct Principals to be reloaded into the current Session's Subject. * </p> * * @param session the wiki session, which may not be <code>null</code> @@ -126,7 +125,7 @@ public interface UserManager { * <li>In all cases, the created/last modified timestamps of the user's existing or new profile always override whatever values the user * supplied.</li> * <li>If container authentication is used, the login name property of the profile is set to the name of - * {@link org.apache.wiki.WikiSession#getLoginPrincipal()}. Otherwise, the value of the <code>loginname</code> parameter is used.</li> + * {@link org.apache.wiki.api.core.Session#getLoginPrincipal()}. Otherwise, the value of the <code>loginname</code> parameter is used.</li> * </ul> * * @param context the current wiki context @@ -139,7 +138,7 @@ public interface UserManager { * make sure it isn't null. Otherwise, the password is checked for length and that it matches the value of the 'password2' HTTP * parameter. Note that we have a special case when container-managed authentication is used and the user is not authenticated; * this will always cause validation to fail. Any validation errors are added to the wiki session's messages collection - * (see {@link WikiSession#getMessages()}. + * (see {@link org.apache.wiki.api.core.Session#getMessages()}. * * @param context the current wiki context * @param profile the supplied UserProfile diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/WikiPrincipal.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/WikiPrincipal.java index 5ade711..787fa84 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/WikiPrincipal.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/WikiPrincipal.java @@ -29,7 +29,7 @@ import java.util.Comparator; /** * A lightweight, immutable Principal class. WikiPrincipals can be created with and optional "type" to denote what type of user * profile Principal it represents (FULL_NAME, WIKI_NAME, LOGIN_NAME). Types are used to determine suitable user and login Principals in - * classes like WikiSession. However, the type property of a WikiPrincipal does not affect a WikiPrincipal's logical equality + * classes like Session. However, the type property of a WikiPrincipal does not affect a WikiPrincipal's logical equality * or hash code; two WikiPrincipals with the same name but different types are still considered equal. * * @since 2.2 diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java index 227c453..b4f8d29 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/DefaultGroupManager.java @@ -20,7 +20,6 @@ package org.apache.wiki.auth.authorize; import org.apache.commons.lang3.ArrayUtils; import org.apache.log4j.Logger; -import org.apache.wiki.WikiSession; import org.apache.wiki.api.core.Engine; import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.NoRequiredPropertyException; @@ -365,7 +364,7 @@ public class DefaultGroupManager implements GroupManager, Authorizer, WikiEventL final WikiSecurityEvent se = ( WikiSecurityEvent )event; if( se.getType() == WikiSecurityEvent.PROFILE_NAME_CHANGED ) { - final WikiSession session = se.getSrc(); + final Session session = se.getSrc(); final UserProfile[] profiles = ( UserProfile[] )se.getTarget(); final Principal[] oldPrincipals = new Principal[] { new WikiPrincipal( profiles[ 0 ].getLoginName() ), new WikiPrincipal( profiles[ 0 ].getFullname() ), new WikiPrincipal( profiles[ 0 ].getWikiName() ) }; diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/Group.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/Group.java index 50f7cfa..50cdf24 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/Group.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/Group.java @@ -18,12 +18,12 @@ */ package org.apache.wiki.auth.authorize; +import org.apache.wiki.auth.GroupPrincipal; + import java.security.Principal; import java.util.Date; import java.util.Vector; -import org.apache.wiki.auth.GroupPrincipal; - /** * <p> * Groups are a specialized type of ad-hoc role used by the wiki system. Unlike @@ -48,7 +48,7 @@ import org.apache.wiki.auth.GroupPrincipal; * </p> * <p> * Groups are related to {@link GroupPrincipal}s. A GroupPrincipal, when - * injected into the Principal set of a WikiSession's Subject, means that the + * injected into the Principal set of a Session's Subject, means that the * user is a member of a Group of the same name -- it is, in essence, an * "authorization token." GroupPrincipals, unlike Groups, are thread-safe, * lightweight and immutable. That's why we use them in Subjects rather than the @@ -57,13 +57,11 @@ import org.apache.wiki.auth.GroupPrincipal; * * @since 2.3 */ -public class Group -{ +public class Group { - static final String[] RESTRICTED_GROUPNAMES = new String[] - { "Anonymous", "All", "Asserted", "Authenticated" }; + static final String[] RESTRICTED_GROUPNAMES = new String[] { "Anonymous", "All", "Asserted", "Authenticated" }; - private final Vector<Principal> m_members = new Vector<Principal>(); + private final Vector<Principal> m_members = new Vector<>(); private String m_creator = null; @@ -88,8 +86,7 @@ public class Group * @param name the name of the group * @param wiki the wiki the group belongs to */ - protected Group( String name, String wiki ) - { + protected Group( final String name, final String wiki ) { m_name = name; m_wiki = wiki; m_principal = new GroupPrincipal( name ); @@ -101,10 +98,8 @@ public class Group * @param user the principal to add * @return <code>true</code> if the operation was successful */ - public synchronized boolean add( Principal user ) - { - if ( isMember( user ) ) - { + public synchronized boolean add( final Principal user ) { + if( isMember( user ) ) { return false; } @@ -115,8 +110,7 @@ public class Group /** * Clears all Principals from the group list. */ - public synchronized void clear() - { + public synchronized void clear() { m_members.clear(); } @@ -126,29 +120,26 @@ public class Group * @param o the object to compare * @return the comparison */ - public boolean equals( Object o ) - { - if ( o == null || !( o instanceof Group ) ) + @Override + public boolean equals( final Object o ) { + if( !( o instanceof Group ) ) { return false; + } - Group g = (Group) o; // Just a shortcut. + final Group g = ( Group )o; // Just a shortcut. - if ( g.m_members.size() != m_members.size() ) + if( g.m_members.size() != m_members.size() ) { return false; + } - if ( getName() != null && !getName().equals( g.getName() ) ) - { + if( getName() != null && !getName().equals( g.getName() ) ) { return false; - } - else if ( getName() == null && g.getName() != null ) - { + } else if( getName() == null && g.getName() != null ) { return false; } - for( Principal principal : m_members ) - { - if ( !g.isMember( principal ) ) - { + for( final Principal principal : m_members ) { + if( !g.isMember( principal ) ) { return false; } } @@ -157,15 +148,14 @@ public class Group } /** - * The hashcode is calculated as a XOR sum over all members of - * the Group. + * The hashcode is calculated as a XOR sum over all members of the Group. + * * @return the hash code */ - public int hashCode() - { + @Override + public int hashCode() { int hc = 0; - for( Principal member : m_members ) - { + for( final Principal member : m_members ) { hc ^= member.hashCode(); } return hc; @@ -173,113 +163,109 @@ public class Group /** * Returns the creation date. + * * @return the creation date */ - public synchronized Date getCreated() - { + public synchronized Date getCreated() { return m_created; } /** * Returns the creator of this Group. + * * @return the creator */ - public final synchronized String getCreator() - { + public final synchronized String getCreator() { return m_creator; } /** * Returns the last-modified date. + * * @return the date and time of last modification */ - public synchronized Date getLastModified() - { + public synchronized Date getLastModified() { return m_modified; } /** * Returns the name of the user who last modified this group. + * * @return the modifier */ - public final synchronized String getModifier() - { + public final synchronized String getModifier() { return m_modifier; } /** * The name of the group. This is set in the class constructor. + * * @return the name of the Group */ - public String getName() - { + public String getName() { return m_name; } /** * Returns the GroupPrincipal that represents this Group. + * * @return the group principal */ - public Principal getPrincipal() - { + public Principal getPrincipal() { return m_principal; } /** * Returns the wiki name. + * * @return the wiki name */ - public String getWiki() - { + public String getWiki() { return m_wiki; } /** - * Returns <code>true</code> if a Principal is a member of the group. - * Specifically, the Principal's <code>getName()</code> method must return - * the same value as one of the Principals in the group member list. The - * Principal's type does <em>not</em> need to match. + * Returns <code>true</code> if a Principal is a member of the group. Specifically, the Principal's <code>getName()</code> method must + * return the same value as one of the Principals in the group member list. The Principal's type does <em>not</em> need to match. + * * @param principal the principal about whom membeship status is sought * @return the result of the operation */ - public boolean isMember( Principal principal ) - { + public boolean isMember( final Principal principal ) { return findMember( principal.getName() ) != null; } /** * Returns the members of the group as an array of Principal objects. + * * @return the members */ - public Principal[] members() - { - return m_members.toArray( new Principal[m_members.size()] ); + public Principal[] members() { + return m_members.toArray( new Principal[ m_members.size() ] ); } /** - * Removes a Principal from the group. - * + * Removes a Principal from the group. + * * @param user the principal to remove * @return <code>true</code> if the operation was successful */ - public synchronized boolean remove( Principal user ) - { + public synchronized boolean remove( Principal user ) { user = findMember( user.getName() ); - - if ( user == null ) + if( user == null ) return false; m_members.remove( user ); - + return true; } /** * Sets the created date. + * * @param date the creation date */ - public synchronized void setCreated( Date date ) - { + public synchronized void setCreated( final Date date ) { m_created = date; } @@ -287,47 +273,42 @@ public class Group * Sets the creator of this Group. * @param creator the creator */ - public final synchronized void setCreator( String creator ) - { + public final synchronized void setCreator( final String creator ) { this.m_creator = creator; } /** * Sets the last-modified date + * * @param date the last-modified date */ - public synchronized void setLastModified( Date date ) - { + public synchronized void setLastModified( final Date date ) { m_modified = date; } /** * Sets the name of the user who last modified this group. + * * @param modifier the modifier */ - public final synchronized void setModifier( String modifier ) - { + public final synchronized void setModifier( final String modifier ) { this.m_modifier = modifier; } /** * Returns a string representation of the Group. + * * @return the string * @see java.lang.Object#toString() */ - public String toString() - { - StringBuilder sb = new StringBuilder(); - sb.append( "(Group " + getName() + ")" ); - return sb.toString(); + @Override + public String toString() { + return "(Group " + getName() + ")"; } - private Principal findMember( String name ) - { - for( Principal member : m_members ) - { - if ( member.getName().equals( name ) ) - { + private Principal findMember( final String name ) { + for( final Principal member : m_members ) { + if( member.getName().equals( name ) ) { return member; } } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java index d6a0866..ce8b856 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/GroupManager.java @@ -46,7 +46,7 @@ import java.security.Principal; */ public interface GroupManager extends Authorizer, WikiEventListener { - /** Key used for adding UI messages to a user's WikiSession. */ + /** Key used for adding UI messages to a user's Session. */ String MESSAGES_KEY = "group"; String PROP_GROUPDATABASE = "jspwiki.groupdatabase"; @@ -168,8 +168,8 @@ public interface GroupManager extends Authorizer, WikiEventListener { * </p> * <p> * This method will register the new Group with the GroupManager. For example, {@link org.apache.wiki.auth.AuthenticationManager} - * attaches each WikiSession as a GroupManager listener. Thus, the act of registering a Group with <code>setGroup</code> means that - * all WikiSessions will automatically receive group add/change/delete events immediately. + * attaches each Session as a GroupManager listener. Thus, the act of registering a Group with <code>setGroup</code> means that + * all Sessions will automatically receive group add/change/delete events immediately. * </p> * * @param session the wiki session, which may not be <code>null</code> @@ -203,7 +203,7 @@ public interface GroupManager extends Authorizer, WikiEventListener { /** - * Checks if a String is blank or a restricted Group name, and if it is, appends an error to the WikiSession's message list. + * Checks if a String is blank or a restricted Group name, and if it is, appends an error to the Session's message list. * * @param context the wiki context * @param name the Group name to test diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java index 0353266..c2b8e60 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/authorize/WebContainerAuthorizer.java @@ -146,23 +146,23 @@ public class WebContainerAuthorizer implements WebAuthorizer { } /** - * Determines whether the Subject associated with a WikiSession is in a - * particular role. This method takes two parameters: the WikiSession + * Determines whether the Subject associated with a Session is in a + * particular role. This method takes two parameters: the Session * containing the subject and the desired role ( which may be a Role or a * Group). If either parameter is <code>null</code>, this method must * return <code>false</code>. - * This method simply examines the WikiSession subject to see if it + * This method simply examines the Session subject to see if it * possesses the desired Principal. We assume that the method * {@link org.apache.wiki.ui.WikiServletFilter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)} - * previously executed, and that it has set the WikiSession + * previously executed, and that it has set the Session * subject correctly by logging in the user with the various login modules, * in particular {@link org.apache.wiki.auth.login.WebContainerLoginModule}}. * This is definitely a hack, - * but it eliminates the need for WikiSession to keep dangling + * but it eliminates the need for Session to keep dangling * references to the last WikiContext hanging around, just * so we can look up the HttpServletRequest. * - * @param session the current WikiSession + * @param session the current Session * @param role the role to check * @return <code>true</code> if the user is considered to be in the role, * <code>false</code> otherwise diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/DefaultUserProfile.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/DefaultUserProfile.java index 416cca4..9ba0121 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/DefaultUserProfile.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/DefaultUserProfile.java @@ -19,7 +19,6 @@ package org.apache.wiki.auth.user; import org.apache.commons.lang3.StringUtils; -import org.apache.wiki.WikiSession; import javax.servlet.http.HttpServletRequest; import java.io.Serializable; @@ -223,7 +222,7 @@ public final class DefaultUserProfile implements UserProfile { /** * Sets the name by which the user logs in. The login name is used as the username for custom authentication (see - * {@link org.apache.wiki.auth.AuthenticationManager#login(WikiSession,HttpServletRequest, String, String)}). + * {@link org.apache.wiki.auth.AuthenticationManager#login(org.apache.wiki.api.core.Session,HttpServletRequest, String, String)}). * The login name is typically a short name ("jannej"). In contrast, the wiki name is typically of type * FirstnameLastName ("JanneJalkanen"). * diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserDatabase.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserDatabase.java index 906c54b..cf649b2 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserDatabase.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserDatabase.java @@ -53,7 +53,7 @@ public interface UserDatabase { * Note that if an implememtation wishes to mark one of the returned Principals as representing the user's common name, it should * instantiate this Principal using {@link org.apache.wiki.auth.WikiPrincipal#WikiPrincipal(String, String)} with the <code>type</code> * parameter set to {@link org.apache.wiki.auth.WikiPrincipal#WIKI_NAME}. The method - * {@link org.apache.wiki.WikiSession#getUserPrincipal()} will return this principal as the "primary" principal. Note that this method + * {@link org.apache.wiki.api.core.Session#getUserPrincipal()} will return this principal as the "primary" principal. Note that this method * can also be used to mark a WikiPrincipal as a login name or a wiki name. * </p> * diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserProfile.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserProfile.java index cb39278..ec8afa4 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserProfile.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/user/UserProfile.java @@ -161,7 +161,7 @@ public interface UserProfile extends Serializable /** * Sets the name by which the user logs in. The login name is used as the * username for custom authentication (see - * {@link org.apache.wiki.auth.AuthenticationManager#login(WikiSession,HttpServletRequest, String, String)}, + * {@link org.apache.wiki.auth.AuthenticationManager#login(org.apache.wiki.api.core.Session, javax.servlet.http.HttpServletRequest, String, String)}, * {@link org.apache.wiki.auth.login.UserDatabaseLoginModule}). The login * name is typically a short name ("jannej"). In contrast, the wiki name is * typically of type FirstnameLastName ("JanneJalkanen"). @@ -192,5 +192,6 @@ public interface UserProfile extends Serializable * Returns a string representation of this user profile. * @return the string */ + @Override String toString(); }
