| java.lang.Object
 com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer
| WebContainerAuthorizer | | public class WebContainerAuthorizer implements WebAuthorizer(Code) | | Authorizes users by delegating role membership checks to the servlet
container. In addition to implementing methods for the
Authorizer interface, this class also provides a convenience
method
WebContainerAuthorizer.isContainerAuthorized() that queries the web application
descriptor to determine if the container manages authorization.
author:
Andrew Jaquith
since:
2.3 |
| Inner Class :public class LocalEntityResolver implements EntityResolver | |
| Field Summary | |
| final protected static Logger | log
| | protected boolean | m_containerAuthorized
Lazily-initialized boolean flag indicating whether the web container
protects JSPWiki resources. | | protected Role[] | m_containerRoles
A lazily-initialized array of Roles that the container knows about. | | protected WikiEngine | m_engine
|
| Constructor Summary | |
| public | WebContainerAuthorizer()
Constructs a new instance of the WebContainerAuthorizer class. |
| Method Summary | |
| public Principal | findRole(String role)
Looks up and returns a Role Principal matching a given String. | | public Principal[] | getRoles()
Returns an array of role Principals this Authorizer knows about. | | protected Role[] | getRoles(Document webxml)
Protected method that extracts the roles from JSPWiki's web application
deployment descriptor. | | protected Document | getWebXml()
Returns an
org.jdom.Document representing JSPWiki's web
application deployment descriptor. | | public void | initialize(WikiEngine engine, Properties props)
Initializes the authorizer for. | | public boolean | isConstrained(String url, Role role)
Protected method that identifies whether a particular webapp URL is
constrained to a particular Role. | | public boolean | isContainerAuthorized()
Returns true if the web container is configured to protect
certain JSPWiki resources by requiring authentication. | | public boolean | isUserInRole(HttpServletRequest request, Principal role)
Determines whether a user associated with an HTTP request possesses
a particular role. | | public boolean | isUserInRole(WikiSession session, Principal role)
Determines whether the Subject associated with a WikiSession is in a
particular role. |
| log | | final protected static Logger log(Code) | | |
| m_containerAuthorized | | protected boolean m_containerAuthorized(Code) | | Lazily-initialized boolean flag indicating whether the web container
protects JSPWiki resources.
|
| m_containerRoles | | protected Role[] m_containerRoles(Code) | | A lazily-initialized array of Roles that the container knows about. These
are parsed from JSPWiki's web.xml web application
deployment descriptor. If this file cannot be read for any reason, the
role list will be empty. This is a hack designed to get around the fact
that we have no direct way of querying the web container about which
roles it manages.
|
| WebContainerAuthorizer | | public WebContainerAuthorizer()(Code) | | Constructs a new instance of the WebContainerAuthorizer class.
|
| getRoles | | public Principal[] getRoles()(Code) | | Returns an array of role Principals this Authorizer knows about.
This method will return an array of Role objects corresponding to
the logical roles enumerated in the web.xml.
This method actually returns a defensive copy of an internally stored
array.
an array of Principals representing the roles |
| getRoles | | protected Role[] getRoles(Document webxml) throws JDOMException(Code) | | Protected method that extracts the roles from JSPWiki's web application
deployment descriptor. Each Role is constructed by using the String
representation of the Role, for example
new Role("Administrator").
Parameters:
webxml - the web application deployment descriptor an array of Role objects
throws:
JDOMException - if elements cannot be parsed correctly |
| getWebXml | | protected Document getWebXml() throws JDOMException, IOException(Code) | | Returns an
org.jdom.Document representing JSPWiki's web
application deployment descriptor. The document is obtained by calling
the servlet context's getResource() method and requesting
/WEB-INF/web.xml. For non-servlet applications, this
method calls this class'
ClassLoader.getResource(java.lang.String) and requesting
WEB-INF/web.xml.
the descriptor
throws:
IOException - if the deployment descriptor cannot be found or opened
throws:
JDOMException - if the deployment descriptor cannot be parsed correctly |
| initialize | | public void initialize(WikiEngine engine, Properties props)(Code) | | Initializes the authorizer for.
Parameters:
engine - the current wiki engine
Parameters:
props - the wiki engine initialization properties |
| isConstrained | | public boolean isConstrained(String url, Role role) throws JDOMException(Code) | |
Protected method that identifies whether a particular webapp URL is
constrained to a particular Role. The resource is considered constrained
if:
- the web application deployment descriptor contains a
security-constraint with a child
web-resource-collection/url-pattern element matching the
URL, and:
- this constraint also contains an
auth-constraint/role-name element equal to the supplied
Role's getName() method. If the supplied Role is Role.ALL,
it matches all roles
Parameters:
url - the web resource
Parameters:
role - the role true if the resource is constrained to the role,false otherwise
throws:
JDOMException - if elements cannot be parsed correctly |
| isContainerAuthorized | | public boolean isContainerAuthorized()(Code) | | Returns true if the web container is configured to protect
certain JSPWiki resources by requiring authentication. Specifically, this
method parses JSPWiki's web application descriptor (web.xml)
and identifies whether the string representation of
com.ecyrd.jspwiki.auth.authorize.Role.AUTHENTICATED is required
to access /Delete.jsp and LoginRedirect.jsp.
If the administrator has uncommented the large
<security-constraint> section of web.xml,
this will be true. This is admittedly an indirect way to go about it, but
it should be an accurate test for default installations, and also in 99%
of customized installs.
true if the container protects resources,false otherwise |
| isUserInRole | | public boolean isUserInRole(HttpServletRequest request, Principal role)(Code) | | Determines whether a user associated with an HTTP request possesses
a particular role. This method simply delegates to
javax.servlet.http.HttpServletRequest.isUserInRole(String) by converting the Principal's name to a String.
Parameters:
request - the HTTP request
Parameters:
role - the role to check true if the user is considered to be in the role,false otherwise |
| isUserInRole | | public boolean isUserInRole(WikiSession session, Principal role)(Code) | | Determines whether the Subject associated with a WikiSession is in a
particular role. This method takes two parameters: the WikiSession
containing the subject and the desired role ( which may be a Role or a
Group). If either parameter is null, this method must
return false.
This method simply examines the WikiSession subject to see if it
possesses the desired Principal. We assume that the method
com.ecyrd.jspwiki.auth.AuthenticationManager.login(HttpServletRequest) previously executed at user login time, and that it has injected
the role Principals that were in force at login time.
This is definitely a hack,
but it eliminates the need for WikiSession to keep dangling
references to the last WikiContext hanging around, just
so we can look up the HttpServletRequest.
Parameters:
session - the current WikiSession
Parameters:
role - the role to check true if the user is considered to be in the role,false otherwise
See Also: com.ecyrd.jspwiki.auth.Authorizer.isUserInRole(com.ecyrd.jspwiki.WikiSessionjava.security.Principal) |
|
|