Examples of com.ecyrd.jspwiki.WikiSession

• com.ecyrd.jspwiki.WikiSession

  Represents a long-running wiki session, with an associated user Principal, user Subject, and authentication status. This class is initialized with minimal, default-deny values: authentication is set to false, and the user principal is set to null.

  The WikiSession class allows callers to:

  • Obtain the authentication status of the user via {@link #isAnonymous()} and {@link #isAuthenticated()}
  • Query the session for Principals representing the user's identity via {@link #getLoginPrincipal()}, {@link #getUserPrincipal()} and {@link #getPrincipals()}
  • Store, retrieve and clear UI messages via {@link #addMessage(String)}, {@link #getMessages(String)}and {@link #clearMessages(String)}

  To keep track of the Principals each user posseses, each WikiSession stores a JAAS Subject. Various login processes add or remove Principals when users authenticate or log out.

  WikiSession implements the {@link com.ecyrd.jspwiki.event.WikiEventListener}interface and listens for group add/change/delete events fired by event sources the WikiSession is registered with. Normally, {@link com.ecyrd.jspwiki.auth.AuthenticationManager} registers each WikiSessionwith the {@link com.ecyrd.jspwiki.auth.authorize.GroupManager}so it can catch group events. Thus, when a user is added to a {@link com.ecyrd.jspwiki.auth.authorize.Group}, a corresponding {@link com.ecyrd.jspwiki.auth.GroupPrincipal} is injected intothe Subject's Principal set. Likewise, when the user is removed from the Group or the Group is deleted, the GroupPrincipal is removed from the Subject. The effect that this strategy produces is extremely beneficial: when someone adds a user to a wiki group, that user immediately gains the privileges associated with that group; he or she does not need to re-authenticate.

  In addition to methods for examining individual WikiSession objects, this class also contains a number of static methods for managing WikiSessions for an entire wiki. These methods allow callers to find, query and remove WikiSession objects, and to obtain a list of the current wiki session users.

  WikiSession encloses a protected static class, {@link SessionMonitor}, to keep track of WikiSessions registered with each wiki.

  @author Andrew R. Jaquith

     */
    @Override
    public final int doWikiStartTag()
        throws IOException
    {
        WikiSession session = m_wikiContext.getWikiSession();
        String status = session.getStatus();
        AuthenticationManager mgr = m_wikiContext.getEngine().getAuthenticationManager();
        boolean containerAuth = mgr.isContainerAuthenticated();
        boolean cookieAssertions = mgr.allowsCookieAssertions();

        if( m_status != null )
        {
            if ( ANONYMOUS.equals( m_status ))
            {
                if (status.equals(WikiSession.ANONYMOUS))
                {
                    return EVAL_BODY_INCLUDE;
                }
            }
            else if( AUTHENTICATED.equals( m_status ))
            {
                if (status.equals(WikiSession.AUTHENTICATED))
                {
                    return EVAL_BODY_INCLUDE;
                }
            }
            else if( ASSERTED.equals( m_status ))
            {
                if (status.equals(WikiSession.ASSERTED))
                {
                    return EVAL_BODY_INCLUDE;
                }
            }
            else if( ASSERTIONS_ALLOWED.equals( m_status ))
            {
                if ( cookieAssertions )
                {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            }
            else if( ASSERTIONS_NOT_ALLOWED.equals( m_status ))
            {
                if ( !cookieAssertions )
                {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            }
            else if( CONTAINER_AUTH.equals( m_status ))
            {
                if ( containerAuth )
                {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            }
            else if( CUSTOM_AUTH.equals( m_status ))
            {
                if ( !containerAuth )
                {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            }
            else if( KNOWN.equals( m_status ))
            {
                if ( !session.isAnonymous() )
                {
                    return EVAL_BODY_INCLUDE;
                }
                return SKIP_BODY;
            }

            {
                //
                //  Default back to the declared user name
                //
                WikiEngine engine = this.m_wikiContext.getEngine();
                WikiSession wikiSession = WikiSession.getWikiSession( engine, (HttpServletRequest)pageContext.getRequest() );
                Principal user = wikiSession.getUserPrincipal();

                if( user != null )
                {
                    result = user.getName();
                }

    private static final Pattern VALID_USER_NAME_PATTERN = Pattern.compile(notStartWithBlankOrColon + noColons);

    public final int doWikiStartTag() throws IOException
    {
        WikiEngine engine = this.m_wikiContext.getEngine();
        WikiSession wikiSession = WikiSession.getWikiSession(engine, (HttpServletRequest) pageContext.getRequest());
        Principal user = wikiSession.getUserPrincipal();

        if (user != null)
        {
            if (VALID_USER_NAME_PATTERN.matcher(user.getName()).matches())
            {

        m_action = action.toLowerCase();
    }

    public final int doWikiStartTag() throws IOException
    {
        WikiSession session = m_wikiContext.getWikiSession();
        if ( CLEAR.equals( m_action ) )
        {
            if ( m_topic == null )
            {
                session.clearMessages();
            }
            else
            {
                session.clearMessages( m_topic );
            }
        }
        else
        {
            String[] messages = ( m_topic == null ) ? session.getMessages() : session.getMessages( m_topic );
            if ( messages.length > 0 )
            {
                StringBuffer sb = new StringBuffer();
                if ( messages.length == 1 )
                {

    public String doPost(WikiContext context)
    {
        HttpServletRequest request = context.getHttpRequest();
        WikiSession session = context.getWikiSession();
        UserManager mgr = context.getEngine().getUserManager();

        String loginid   = request.getParameter("loginid");
        String loginname = request.getParameter("loginname");
        String fullname  = request.getParameter("fullname");
        String password  = request.getParameter("password");
        String password2 = request.getParameter("password2");
        String email     = request.getParameter("email");


        if( request.getParameter("action").equalsIgnoreCase("remove") )
        {
            try
            {
                mgr.getUserDatabase().deleteByLoginName(loginid);
                session.addMessage("User profile "+loginid+" ("+fullname+") has been deleted");
            }
            catch (NoSuchPrincipalException e)
            {
                session.addMessage("User profile has already been removed");
            }
            catch (WikiSecurityException e)
            {
                session.addMessage("Security problem: "+e);
            }
            return "";
        }


        if( password != null && password.length() > 0 && !password.equals(password2) )
        {
            session.addMessage("Passwords do not match!");
            return "";
        }

        UserProfile p;

        if( loginid.equals("--New--") )
        {
            // Create new user

            p = mgr.getUserDatabase().newProfile();
            p.setCreated( new Date() );
        }
        else
        {
            try
            {
                p = mgr.getUserDatabase().findByLoginName( loginid );
            }
            catch (NoSuchPrincipalException e)
            {
                session.addMessage("I could not find user profile "+loginid);
                return "";
            }
        }

        p.setEmail(email);
        p.setFullname(fullname);
        if( password != null && password.length() > 0 ) p.setPassword(password);
        p.setLoginName(loginname);

        try
        {
            mgr.getUserDatabase().save( p );
        }
        catch( WikiSecurityException e )
        {
            session.addMessage("Unable to save "+e.getMessage());
        }

        session.addMessage("User profile has been updated");

        return "";
    }

        }

        WikiSecurityEvent se = (WikiSecurityEvent)event;
        if ( se.getType() == WikiSecurityEvent.PROFILE_NAME_CHANGED )
        {
            WikiSession session = (WikiSession)se.getSource();
            UserProfile[] profiles = (UserProfile[])se.getTarget();
            Principal[] oldPrincipals = new Principal[] {
                new WikiPrincipal( profiles[0].getLoginName() ),
                new WikiPrincipal( profiles[0].getFullname() ),
                new WikiPrincipal( profiles[0].getWikiName() ) };

        {
            // Prepare the WikiSession
            try
            {
                m_engine.getAuthenticationManager().login( httpRequest );
                WikiSession wikiSession = SessionMonitor.getInstance( m_engine ).find( httpRequest.getSession() );
                httpRequest = new WikiRequestWrapper( m_engine, httpRequest );
                if ( log.isDebugEnabled() )
                {
                    log.debug( "Executed security filters for user=" + wikiSession.getLoginPrincipal().getName() + ", path=" + httpRequest.getRequestURI() );
                }
            }
            catch ( WikiSecurityException e )
            {
                throw new ServletException( e );