Examples of org.apache.wiki.WikiSession

• org.apache.wiki.WikiSession

  Represents a long-running wiki session, with an associated user Principal, user Subject, and authentication status. This class is initialized with minimal, default-deny values: authentication is set to false, and the user principal is set to null.

  The WikiSession class allows callers to:

  • Obtain the authentication status of the user via {@link #isAnonymous()} and {@link #isAuthenticated()}
  • Query the session for Principals representing the user's identity via {@link #getLoginPrincipal()}, {@link #getUserPrincipal()} and {@link #getPrincipals()}
  • Store, retrieve and clear UI messages via {@link #addMessage(String)}, {@link #getMessages(String)}and {@link #clearMessages(String)}

  To keep track of the Principals each user posseses, each WikiSession stores a JAAS Subject. Various login processes add or remove Principals when users authenticate or log out.

  WikiSession implements the {@link org.apache.wiki.event.WikiEventListener}interface and listens for group add/change/delete events fired by event sources the WikiSession is registered with. Normally, {@link org.apache.wiki.auth.AuthenticationManager} registers each WikiSessionwith the {@link org.apache.wiki.auth.authorize.GroupManager}so it can catch group events. Thus, when a user is added to a {@link org.apache.wiki.auth.authorize.Group}, a corresponding {@link org.apache.wiki.auth.GroupPrincipal} is injected intothe Subject's Principal set. Likewise, when the user is removed from the Group or the Group is deleted, the GroupPrincipal is removed from the Subject. The effect that this strategy produces is extremely beneficial: when someone adds a user to a wiki group, that user immediately gains the privileges associated with that group; he or she does not need to re-authenticate.

  In addition to methods for examining individual WikiSession objects, this class also contains a number of static methods for managing WikiSessions for an entire wiki. These methods allow callers to find, query and remove WikiSession objects, and to obtain a list of the current wiki session users.

  WikiSession encloses a protected static class, {@link SessionMonitor}, to keep track of WikiSessions registered with each wiki.

        Principal alice = new WikiPrincipal( Users.ALICE );
        Role it = new Role( "IT" );
        Role engineering = new Role( "Engineering" );
        Role finance = new Role( "Finance" );
        Principal admin = new GroupPrincipal( "Admin" );
        WikiSession session = WikiSessionTest.containerAuthenticatedSession(
                m_engine,
                Users.ALICE,
                new Principal[] { it, engineering, admin } );

        // Create two groups: Alice should be part of group Bar, but not Foo

        Attachment p = (Attachment) m_engine.getPage( "Test/test1.txt" );
        Permission view = PermissionFactory.getPagePermission( p, "view" );
        Permission edit = PermissionFactory.getPagePermission( p, "edit" );

        // Create authenticated session with user 'Alice', who can read & edit (in ACL)
        WikiSession session;
        session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
        assertTrue( "Alice view Test/test1.txt", m_auth.checkPermission( session, view ) );
        assertTrue( "Alice edit Test/test1.txt", m_auth.checkPermission( session, edit ) );

        // Create authenticated session with user 'Bob', who can't read or edit (not in ACL)

        Attachment p = (Attachment) m_engine.getPage( "Test/test1.txt" );
        Permission view = PermissionFactory.getPagePermission( p, "view" );
        Permission edit = PermissionFactory.getPagePermission( p, "edit" );

        // Create session with user 'Alice', who can read (in ACL)
        WikiSession session;
        session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
        assertTrue( "Foo view Test", m_auth.checkPermission( session, view ) );
        assertFalse( "Foo !edit Test", m_auth.checkPermission( session, edit ) );

        // Create session with user 'Bob', who can't read or edit (not in ACL)

        Principal alice = new WikiPrincipal( Users.ALICE );
        Role it = new Role( "IT" );
        Role finance = new Role( "Finance" );

        // Create Group1 with Alice in it, Group2 without
        WikiSession session = WikiSessionTest.adminSession( m_engine );
        Group g1 = m_groupMgr.parseGroup( "Group1", "Alice", true );
        m_groupMgr.setGroup( session, g1 );
        Principal group1 = g1.getPrincipal();
        Group g2 = m_groupMgr.parseGroup( "Group2", "Bob", true );
        m_groupMgr.setGroup( session, g2 );

        Principal alice = new WikiPrincipal( Users.ALICE );
        Role it = new Role( "IT" );
        Role finance = new Role( "Finance" );

        // Create Group1 with Alice in it, Group2 without
        WikiSession session = WikiSessionTest.adminSession( m_engine );
        Group g1 = m_groupMgr.parseGroup( "Group1", "Alice", true );
        m_groupMgr.setGroup( session, g1 );
        Principal group1 = g1.getPrincipal();
        Group g2 = m_groupMgr.parseGroup( "Group2", "Bob", true );
        m_groupMgr.setGroup( session, g2 );

        WikiPage p = m_engine.getPage( "Test" );
        Permission view = PermissionFactory.getPagePermission( p, "view" );
        Permission edit = PermissionFactory.getPagePermission( p, "edit" );

        // Create session with authenticated user 'Alice', who can read & edit (in ACL)
        WikiSession session;
        session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
        assertTrue( "Alice view Test", m_auth.checkPermission( session, view ) );
        assertTrue( "Alice edit Test", m_auth.checkPermission( session, edit ) );

        // Create session with authenticated user 'Bob', who can't read or edit (not in ACL)

        WikiPage p = m_engine.getPage( "Test" );
        Permission view = PermissionFactory.getPagePermission( p, "view" );
        Permission edit = PermissionFactory.getPagePermission( p, "edit" );

        // Create session with authenticated user 'Alice', who can read & edit
        WikiSession session;
        session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
        assertTrue( "Alice view Test", m_auth.checkPermission( session, view ) );
        assertTrue( "Alice edit Test", m_auth.checkPermission( session, edit ) );

        // Create session with asserted user 'Bob', who can't read or edit (not in ACL)

        }
    }

    public void testStaticPermission() throws Exception
    {
        WikiSession s = WikiSessionTest.anonymousSession( m_engine );
        assertTrue( "Anonymous view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
        assertTrue( "Anonymous edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
        assertTrue( "Anonymous comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
        assertFalse( "Anonymous modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
        assertFalse( "Anonymous upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );

       throws Exception
    {
        m_engine.saveText( "TestDefaultPage", "Foo [{ALLOW view FooBar}]" );

        Principal admin = new GroupPrincipal( "Admin" );
        WikiSession session = WikiSessionTest.containerAuthenticatedSession(
                m_engine,
                Users.ALICE,
                new Principal[] { admin } );

        assertTrue( "Alice has AllPermission", m_auth.checkPermission( session,

    public void testAdminView2() throws Exception
    {
        m_engine.saveText( "TestDefaultPage", "Foo [{ALLOW view FooBar}]" );

        WikiSession session = WikiSessionTest.adminSession(m_engine);

        assertTrue( "Alice has AllPermission", m_auth.checkPermission( session,
                                                                       new AllPermission( m_engine.getApplicationName() )));
        assertTrue( "Alice cannot read", m_auth.checkPermission( session,
                                                                 new PagePermission("TestDefaultPage","view") ) );