This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 1cceed45ddea79676450dd7ee2e3d519eacd190b Author: juanpablo <[email protected]> AuthorDate: Thu Feb 20 17:18:33 2020 +0100 JSPWIKI-120: promote DefaultAuthenticationManager#findConfigFile( Engine, String ) to Engine#findConfigFile( String ) as default method --- .../main/java/org/apache/wiki/api/core/Engine.java | 73 ++++++++ .../apache/wiki/auth/AuthenticationManager.java | 10 +- .../org/apache/wiki/auth/AuthorizationManager.java | 76 ++++---- .../wiki/auth/DefaultAuthenticationManager.java | 73 -------- .../org/apache/wiki/auth/SecurityVerifier.java | 196 ++++++++++----------- 5 files changed, 203 insertions(+), 225 deletions(-) diff --git a/jspwiki-main/src/main/java/org/apache/wiki/api/core/Engine.java b/jspwiki-main/src/main/java/org/apache/wiki/api/core/Engine.java index a336542..fdcb187 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/api/core/Engine.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/api/core/Engine.java @@ -18,11 +18,21 @@ */ package org.apache.wiki.api.core; +import org.apache.log4j.Logger; import org.apache.wiki.WatchDog; import org.apache.wiki.api.exceptions.ProviderException; +import org.apache.wiki.auth.AuthenticationManager; import org.apache.wiki.event.WikiEventListener; import javax.servlet.ServletContext; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.MalformedURLException; +import java.net.URL; import java.nio.charset.Charset; import java.util.Collection; import java.util.Date; @@ -192,6 +202,69 @@ public interface Engine { ServletContext getServletContext(); /** + * Looks up and obtains a configuration file inside the WEB-INF folder of a wiki webapp. + * + * @param name the file to obtain, <em>e.g.</em>, <code>jspwiki.policy</code> + * @return the URL to the file + */ + default URL findConfigFile( final String name ) { + Logger.getLogger( AuthenticationManager.class ).info( "looking for " + name + " inside WEB-INF " ); + // Try creating an absolute path first + File defaultFile = null; + if( getRootPath() != null ) { + defaultFile = new File( getRootPath() + "/WEB-INF/" + name ); + } + if ( defaultFile != null && defaultFile.exists() ) { + try { + return defaultFile.toURI().toURL(); + } catch ( final MalformedURLException e ) { + // Shouldn't happen, but log it if it does + Logger.getLogger( Engine.class ).warn( "Malformed URL: " + e.getMessage() ); + } + } + + // Ok, the absolute path didn't work; try other methods + URL path = null; + + if( getServletContext() != null ) { + final File tmpFile; + try { + tmpFile = File.createTempFile( "temp." + name, "" ); + } catch( final IOException e ) { + Logger.getLogger( Engine.class ).error( "unable to create a temp file to load onto the policy", e ); + return null; + } + tmpFile.deleteOnExit(); + Logger.getLogger( Engine.class ).info( "looking for /" + name + " on classpath" ); + // create a tmp file of the policy loaded as an InputStream and return the URL to it + try( final InputStream is = AuthenticationManager.class.getResourceAsStream( "/" + name ); + final OutputStream os = new FileOutputStream( tmpFile ) ) { + if( is == null ) { + throw new FileNotFoundException( name + " not found" ); + } + final URL url = getServletContext().getResource( "/WEB-INF/" + name ); + if( url != null ) { + return url; + } + + final byte[] buff = new byte[1024]; + int bytes; + while( ( bytes = is.read( buff ) ) != -1 ) { + os.write( buff, 0, bytes ); + } + + path = tmpFile.toURI().toURL(); + } catch( final MalformedURLException e ) { + // This should never happen unless I screw up + Logger.getLogger( Engine.class ).fatal( "Your code is b0rked. You are a bad person.", e ); + } catch( final IOException e ) { + Logger.getLogger( Engine.class ).error( "failed to load security policy from file " + name + ",stacktrace follows", e ); + } + } + return path; + } + + /** * Returns a collection of all supported InterWiki links. * * @return A Collection of Strings. diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java index 197619a..bd06cd6 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthenticationManager.java @@ -20,8 +20,6 @@ package org.apache.wiki.auth; import org.apache.wiki.WikiSession; import org.apache.wiki.auth.authorize.Role; -import org.apache.wiki.auth.login.CookieAssertionLoginModule; -import org.apache.wiki.auth.login.CookieAuthenticationLoginModule; import org.apache.wiki.event.WikiEventListener; import org.apache.wiki.event.WikiEventManager; import org.apache.wiki.event.WikiSecurityEvent; @@ -48,12 +46,6 @@ import java.util.Set; */ public interface AuthenticationManager { - /** The name of the built-in cookie assertion module */ - String COOKIE_MODULE = CookieAssertionLoginModule.class.getName(); - - /** The name of the built-in cookie authentication module */ - String COOKIE_AUTHENTICATION_MODULE = CookieAuthenticationLoginModule.class.getName(); - /** If this jspwiki.properties property is <code>true</code>, logs the IP address of the editor on saving. */ String PROP_STOREIPADDRESS = "jspwiki.storeIPAddress"; @@ -165,7 +157,7 @@ public interface AuthenticationManager { * @return the set of Principals returned by the JAAS method {@link Subject#getPrincipals()} * @throws WikiSecurityException if the LoginModule could not be instantiated for any reason */ - Set< Principal > doJAASLogin( Class<? extends LoginModule> clazz, CallbackHandler handler, Map< String, String > options) throws WikiSecurityException; + Set< Principal > doJAASLogin( Class< ? extends LoginModule > clazz, CallbackHandler handler, Map< String, String > options) throws WikiSecurityException; /** * Determines whether the supplied Principal is a "role principal". diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java index f7fb9c4..265cef2 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java @@ -115,7 +115,7 @@ public class AuthorizationManager { private Authorizer m_authorizer = null; /** Cache for storing ProtectionDomains used to evaluate the local policy. */ - private Map<Principal, ProtectionDomain> m_cachedPds = new WeakHashMap<Principal, ProtectionDomain>(); + private Map<Principal, ProtectionDomain> m_cachedPds = new WeakHashMap<>(); private WikiEngine m_engine = null; @@ -171,7 +171,7 @@ public class AuthorizationManager { * @see #hasRoleOrPrincipal(WikiSession, Principal) * @return the result of the Permission check */ - public boolean checkPermission( WikiSession session, Permission permission ) + public boolean checkPermission( final WikiSession session, final Permission permission ) { // // A slight sanity check. @@ -182,11 +182,11 @@ public class AuthorizationManager { return false; } - Principal user = session.getLoginPrincipal(); + final Principal user = session.getLoginPrincipal(); // Always allow the action if user has AllPermission - Permission allPermission = new AllPermission( m_engine.getApplicationName() ); - boolean hasAllPermission = checkStaticPermission( session, allPermission ); + final Permission allPermission = new AllPermission( m_engine.getApplicationName() ); + final boolean hasAllPermission = checkStaticPermission( session, allPermission ); if ( hasAllPermission ) { fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission ); @@ -195,7 +195,7 @@ public class AuthorizationManager { // If the user doesn't have *at least* the permission // granted by policy, return false. - boolean hasPolicyPermission = checkStaticPermission( session, permission ); + final boolean hasPolicyPermission = checkStaticPermission( session, permission ); if ( !hasPolicyPermission ) { fireEvent( WikiSecurityEvent.ACCESS_DENIED, user, permission ); @@ -212,9 +212,9 @@ public class AuthorizationManager { // // If the page or ACL is null, it's allowed. // - String pageName = ((PagePermission)permission).getPage(); - WikiPage page = m_engine.getPageManager().getPage( pageName ); - Acl acl = ( page == null) ? null : m_engine.getAclManager().getPermissions( page ); + final String pageName = ((PagePermission)permission).getPage(); + final WikiPage page = m_engine.getPageManager().getPage( pageName ); + final Acl acl = ( page == null) ? null : m_engine.getAclManager().getPermissions( page ); if ( page == null || acl == null || acl.isEmpty() ) { fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission ); @@ -226,7 +226,7 @@ public class AuthorizationManager { // this permission. If the context's subject possesses // any of these, the action is allowed. - Principal[] aclPrincipals = acl.findPrincipals( permission ); + final Principal[] aclPrincipals = acl.findPrincipals( permission ); log.debug( "Checking ACL entries..." ); log.debug( "Acl for this page is: " + acl ); @@ -239,7 +239,7 @@ public class AuthorizationManager { // try to resolve it here & correct the Acl if ( aclPrincipal instanceof UnresolvedPrincipal ) { - AclEntry aclEntry = acl.getEntry( aclPrincipal ); + final AclEntry aclEntry = acl.getEntry( aclPrincipal ); aclPrincipal = resolvePrincipal( aclPrincipal.getName() ); if ( aclEntry != null && !( aclPrincipal instanceof UnresolvedPrincipal ) ) { @@ -279,7 +279,7 @@ public class AuthorizationManager { * @return <code>true</code> if the Subject supplied with the WikiContext * posesses the Role or GroupPrincipal, <code>false</code> otherwise */ - public boolean isUserInRole( WikiSession session, Principal principal ) + public boolean isUserInRole( final WikiSession session, final Principal principal ) { if ( session == null || principal == null || AuthenticationManager.isUserPrincipal( principal ) ) @@ -343,7 +343,7 @@ public class AuthorizationManager { * posesses the Role, GroupPrincipal or desired * user Principal, <code>false</code> otherwise */ - protected boolean hasRoleOrPrincipal( WikiSession session, Principal principal ) + protected boolean hasRoleOrPrincipal( final WikiSession session, final Principal principal ) { // If either parameter is null, always deny if( session == null || principal == null ) @@ -362,9 +362,9 @@ public class AuthorizationManager { // So just look for a name match. if( session.isAuthenticated() && AuthenticationManager.isUserPrincipal( principal ) ) { - String principalName = principal.getName(); - Principal[] userPrincipals = session.getPrincipals(); - for( Principal userPrincipal : userPrincipals ) + final String principalName = principal.getName(); + final Principal[] userPrincipals = session.getPrincipals(); + for( final Principal userPrincipal : userPrincipals ) { if( userPrincipal.getName().equals( principalName ) ) { @@ -392,7 +392,7 @@ public class AuthorizationManager { * @return the result of the access check * @throws IOException In case something goes wrong */ - public boolean hasAccess( WikiContext context, HttpServletResponse response ) throws IOException + public boolean hasAccess( final WikiContext context, final HttpServletResponse response ) throws IOException { return hasAccess( context, response, true ); } @@ -457,7 +457,7 @@ public class AuthorizationManager { // Initialize local security policy try { final String policyFileName = properties.getProperty( POLICY, DEFAULT_POLICY ); - final URL policyURL = AuthenticationManager.findConfigFile( engine, policyFileName ); + final URL policyURL = engine.findConfigFile( policyFileName ); if (policyURL != null) { final File policyFile = new File( policyURL.toURI().getPath() ); @@ -489,7 +489,7 @@ public class AuthorizationManager { * @return a Authorizer used to get page authorization information * @throws WikiException */ - private Authorizer getAuthorizerImplementation( Properties props ) throws WikiException { + private Authorizer getAuthorizerImplementation( final Properties props ) throws WikiException { final String authClassName = props.getProperty( PROP_AUTHORIZER, DEFAULT_AUTHORIZER ); return ( Authorizer )locateImplementation( authClassName ); } @@ -497,16 +497,16 @@ public class AuthorizationManager { private Object locateImplementation( final String clazz ) throws WikiException { if ( clazz != null ) { try { - Class< ? > authClass = ClassUtil.findClass( "org.apache.wiki.auth.authorize", clazz ); - Object impl = authClass.newInstance(); + final Class< ? > authClass = ClassUtil.findClass( "org.apache.wiki.auth.authorize", clazz ); + final Object impl = authClass.newInstance(); return impl; - } catch( ClassNotFoundException e ) { + } catch( final ClassNotFoundException e ) { log.fatal( "Authorizer " + clazz + " cannot be found", e ); throw new WikiException( "Authorizer " + clazz + " cannot be found", e ); - } catch( InstantiationException e ) { + } catch( final InstantiationException e ) { log.fatal( "Authorizer " + clazz + " cannot be created", e ); throw new WikiException( "Authorizer " + clazz + " cannot be created", e ); - } catch( IllegalAccessException e ) { + } catch( final IllegalAccessException e ) { log.fatal( "You are not allowed to access this authorizer class", e ); throw new WikiException( "You are not allowed to access this authorizer class", e ); } @@ -524,16 +524,16 @@ public class AuthorizationManager { * @param permission the Permission * @return the result */ - protected boolean allowedByLocalPolicy( Principal[] principals, Permission permission ) + protected boolean allowedByLocalPolicy( final Principal[] principals, final Permission permission ) { - for ( Principal principal : principals ) + for ( final Principal principal : principals ) { // Get ProtectionDomain for this Principal from cache, or create new one ProtectionDomain pd = m_cachedPds.get( principal ); if ( pd == null ) { - ClassLoader cl = this.getClass().getClassLoader(); - CodeSource cs = new CodeSource( null, (Certificate[])null ); + final ClassLoader cl = this.getClass().getClassLoader(); + final CodeSource cs = new CodeSource( null, (Certificate[])null ); pd = new ProtectionDomain( cs, null, cl, new Principal[]{ principal } ); m_cachedPds.put( principal, pd ); } @@ -567,9 +567,9 @@ public class AuthorizationManager { */ protected boolean checkStaticPermission( final WikiSession session, final Permission permission ) { - Boolean allowed = (Boolean) WikiSession.doPrivileged( session, new PrivilegedAction<Boolean>() + final Boolean allowed = (Boolean) WikiSession.doPrivileged( session, new PrivilegedAction<Boolean>() { - public Boolean run() + @Override public Boolean run() { try { @@ -577,7 +577,7 @@ public class AuthorizationManager { AccessController.checkPermission( permission ); return Boolean.TRUE; } - catch( AccessControlException e ) + catch( final AccessControlException e ) { // Global policy denied the permission } @@ -616,10 +616,10 @@ public class AuthorizationManager { * @param name the name of the Principal to resolve * @return the fully-resolved Principal */ - public Principal resolvePrincipal( String name ) + public Principal resolvePrincipal( final String name ) { // Check built-in Roles first - Role role = new Role(name); + final Role role = new Role(name); if ( Role.isBuiltInRole( role ) ) { return role; @@ -642,7 +642,7 @@ public class AuthorizationManager { // Ok, no luck---this must be a user principal Principal[] principals = null; UserProfile profile = null; - UserDatabase db = m_engine.getUserManager().getUserDatabase(); + final UserDatabase db = m_engine.getUserManager().getUserDatabase(); try { profile = db.find( name ); @@ -656,7 +656,7 @@ public class AuthorizationManager { } } } - catch( NoSuchPrincipalException e ) + catch( final NoSuchPrincipalException e ) { // We couldn't find the user... } @@ -671,7 +671,7 @@ public class AuthorizationManager { * Registers a WikiEventListener with this instance. * @param listener the event listener */ - public synchronized void addWikiEventListener( WikiEventListener listener ) + public synchronized void addWikiEventListener( final WikiEventListener listener ) { WikiEventManager.addWikiEventListener( this, listener ); } @@ -680,7 +680,7 @@ public class AuthorizationManager { * Un-registers a WikiEventListener with this instance. * @param listener the event listener */ - public synchronized void removeWikiEventListener( WikiEventListener listener ) + public synchronized void removeWikiEventListener( final WikiEventListener listener ) { WikiEventManager.removeWikiEventListener( this, listener ); } @@ -694,7 +694,7 @@ public class AuthorizationManager { * @param user the user associated with the event * @param permission the permission the subject must possess */ - protected void fireEvent( int type, Principal user, Object permission ) + protected void fireEvent( final int type, final Principal user, final Object permission ) { if ( WikiEventManager.isListening(this) ) { diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java index 547d28b..ee5e284 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthenticationManager.java @@ -44,15 +44,7 @@ import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; import java.lang.reflect.InvocationTargetException; -import java.net.MalformedURLException; -import java.net.URL; import java.security.Principal; import java.util.Collections; import java.util.HashMap; @@ -360,71 +352,6 @@ public class DefaultAuthenticationManager implements AuthenticationManager { return NO_PRINCIPALS; } - /** - * Looks up and obtains a configuration file inside the WEB-INF folder of a wiki webapp. - * - * @param engine the wiki engine - * @param name the file to obtain, <em>e.g.</em>, <code>jspwiki.policy</code> - * @return the URL to the file - */ - protected static URL findConfigFile( final Engine engine, final String name ) { - log.info( "looking for " + name + " inside WEB-INF " ); - // Try creating an absolute path first - File defaultFile = null; - if( engine.getRootPath() != null ) { - defaultFile = new File( engine.getRootPath() + "/WEB-INF/" + name ); - } - if ( defaultFile != null && defaultFile.exists() ) { - try { - return defaultFile.toURI().toURL(); - } catch ( final MalformedURLException e ) { - // Shouldn't happen, but log it if it does - log.warn( "Malformed URL: " + e.getMessage() ); - } - } - - - // Ok, the absolute path didn't work; try other methods - URL path = null; - - if( engine.getServletContext() != null ) { - final File tmpFile; - try { - tmpFile = File.createTempFile( "temp." + name, "" ); - } catch( final IOException e ) { - log.error( "unable to create a temp file to load onto the policy", e ); - return null; - } - tmpFile.deleteOnExit(); - log.info( "looking for /" + name + " on classpath" ); - // create a tmp file of the policy loaded as an InputStream and return the URL to it - try( final InputStream is = DefaultAuthenticationManager.class.getResourceAsStream( "/" + name ); - final OutputStream os = new FileOutputStream( tmpFile ) ) { - if( is == null ) { - throw new FileNotFoundException( name + " not found" ); - } - final URL url = engine.getServletContext().getResource( "/WEB-INF/" + name ); - if( url != null ) { - return url; - } - - final byte[] buff = new byte[1024]; - int bytes; - while( ( bytes = is.read( buff ) ) != -1 ) { - os.write( buff, 0, bytes ); - } - - path = tmpFile.toURI().toURL(); - } catch( final MalformedURLException e ) { - // This should never happen unless I screw up - log.fatal( "Your code is b0rked. You are a bad person.", e ); - } catch( final IOException e ) { - log.error( "failed to load security policy from file " + name + ",stacktrace follows", e ); - } - } - return path; - } - // events processing ....................................................... /** diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java index 748f5eb..6946732 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/SecurityVerifier.java @@ -138,7 +138,7 @@ public final class SecurityVerifier { * @param engine the wiki engine * @param session the wiki session (typically, that of an administrator) */ - public SecurityVerifier( WikiEngine engine, WikiSession session ) + public SecurityVerifier( final WikiEngine engine, final WikiSession session ) { super(); m_engine = engine; @@ -150,7 +150,7 @@ public final class SecurityVerifier { { verifyPolicyAndContainerRoles(); } - catch ( WikiException e ) + catch ( final WikiException e ) { m_session.addMessage( ERROR_ROLES, e.getMessage() ); } @@ -179,21 +179,21 @@ public final class SecurityVerifier { */ public String policyRoleTable() { - Principal[] roles = m_policyPrincipals; - String wiki = m_engine.getApplicationName(); + final Principal[] roles = m_policyPrincipals; + final String wiki = m_engine.getApplicationName(); - String[] pages = new String[] + final String[] pages = new String[] { "Main", "Index", "GroupTest", "GroupAdmin" }; - String[] pageActions = new String[] + final String[] pageActions = new String[] { "view", "edit", "modify", "rename", "delete" }; - String[] groups = new String[] + final String[] groups = new String[] { "Admin", "TestGroup", "Foo" }; - String[] groupActions = new String[] + final String[] groupActions = new String[] { "view", "edit", null, null, "delete" }; // Calculate column widths - String colWidth; + final String colWidth; if ( pageActions.length > 0 && roles.length > 0 ) { colWidth = (67f / ( pageActions.length * roles.length )) + "%"; @@ -203,7 +203,7 @@ public final class SecurityVerifier { colWidth = "67%"; } - StringBuilder s = new StringBuilder(); + final StringBuilder s = new StringBuilder(); // Write the table header s.append( "<table class=\"wikitable\" border=\"1\">\n" ); @@ -223,24 +223,24 @@ public final class SecurityVerifier { s.append( " <tr>\n" ); for( int i = 0; i < roles.length; i++ ) { - for( String pageAction : pageActions ) + for( final String pageAction : pageActions ) { - String action = pageAction.substring( 0, 1 ); + final String action = pageAction.substring( 0, 1 ); s.append( " <th title=\"" + pageAction + "\">" + action + "</th>\n" ); } } s.append( " </tr>\n" ); // Write page permission tests first - for( String page : pages ) + for( final String page : pages ) { s.append( " <tr>\n" ); s.append( " <td>PagePermission \"" + wiki + ":" + page + "\"</td>\n" ); - for( Principal role : roles ) + for( final Principal role : roles ) { - for( String pageAction : pageActions ) + for( final String pageAction : pageActions ) { - Permission permission = PermissionFactory.getPagePermission( wiki + ":" + page, pageAction ); + final Permission permission = PermissionFactory.getPagePermission( wiki + ":" + page, pageAction ); s.append( printPermissionTest( permission, role, 1 ) ); } } @@ -248,13 +248,13 @@ public final class SecurityVerifier { } // Now do the group tests - for( String group : groups ) + for( final String group : groups ) { s.append( " <tr>\n" ); s.append( " <td>GroupPermission \"" + wiki + ":" + group + "\"</td>\n" ); - for( Principal role : roles ) + for( final Principal role : roles ) { - for( String groupAction : groupActions ) + for( final String groupAction : groupActions ) { Permission permission = null; if ( groupAction != null) @@ -269,15 +269,15 @@ public final class SecurityVerifier { // Now check the wiki-wide permissions - String[] wikiPerms = new String[] + final String[] wikiPerms = new String[] { "createGroups", "createPages", "login", "editPreferences", "editProfile" }; - for( String wikiPerm : wikiPerms ) + for( final String wikiPerm : wikiPerms ) { s.append( " <tr>\n" ); s.append( " <td>WikiPermission \"" + wiki + "\",\"" + wikiPerm + "\"</td>\n" ); - for( Principal role : roles ) + for( final Principal role : roles ) { - Permission permission = new WikiPermission( wiki, wikiPerm ); + final Permission permission = new WikiPermission( wiki, wikiPerm ); s.append( printPermissionTest( permission, role, pageActions.length ) ); } s.append( " </tr>\n" ); @@ -286,9 +286,9 @@ public final class SecurityVerifier { // Lastly, check for AllPermission s.append( " <tr>\n" ); s.append( " <td>AllPermission \"" + wiki + "\"</td>\n" ); - for( Principal role : roles ) + for( final Principal role : roles ) { - Permission permission = new AllPermission( wiki ); + final Permission permission = new AllPermission( wiki ); s.append( printPermissionTest( permission, role, pageActions.length ) ); } s.append( " </tr>\n" ); @@ -304,9 +304,9 @@ public final class SecurityVerifier { * @param principal * @param cols */ - private String printPermissionTest( Permission permission, Principal principal, int cols ) + private String printPermissionTest( final Permission permission, final Principal principal, final int cols ) { - StringBuilder s = new StringBuilder(); + final StringBuilder s = new StringBuilder(); if ( permission == null ) { s.append( " <td colspan=\"" + cols + "\" align=\"center\" title=\"N/A\">" ); @@ -314,7 +314,7 @@ public final class SecurityVerifier { } else { - boolean allowed = verifyStaticPermission( principal, permission ); + final boolean allowed = verifyStaticPermission( principal, permission ); s.append( " <td colspan=\"" + cols + "\" align=\"center\" title=\"" ); s.append( allowed ? "ALLOW: " : "DENY: " ); s.append( permission.getClass().getName() ); @@ -350,8 +350,8 @@ public final class SecurityVerifier { public String containerRoleTable() throws WikiException { - AuthorizationManager authorizationManager = m_engine.getAuthorizationManager(); - Authorizer authorizer = authorizationManager.getAuthorizer(); + final AuthorizationManager authorizationManager = m_engine.getAuthorizationManager(); + final Authorizer authorizer = authorizationManager.getAuthorizer(); // If authorizer not WebContainerAuthorizer, print error message if ( !( authorizer instanceof WebContainerAuthorizer ) ) @@ -362,8 +362,8 @@ public final class SecurityVerifier { // Now, print a table with JSP pages listed on the left, and // an evaluation of each pages' constraints for each role // we discovered - StringBuilder s = new StringBuilder(); - Principal[] roles = authorizer.getRoles(); + final StringBuilder s = new StringBuilder(); + final Principal[] roles = authorizer.getRoles(); s.append( "<table class=\"wikitable\" border=\"1\">\n" ); s.append( "<thead>\n" ); s.append( " <tr>\n" ); @@ -373,7 +373,7 @@ public final class SecurityVerifier { s.append( " </tr>\n" ); s.append( " <tr>\n" ); s.append( " <th>Anonymous</th>\n" ); - for( Principal role : roles ) + for( final Principal role : roles ) { s.append( " <th>" + role.getName() + "</th>\n" ); } @@ -381,14 +381,14 @@ public final class SecurityVerifier { s.append( "</thead>\n" ); s.append( "<tbody>\n" ); - WebContainerAuthorizer wca = (WebContainerAuthorizer) authorizer; + final WebContainerAuthorizer wca = (WebContainerAuthorizer) authorizer; for( int i = 0; i < CONTAINER_ACTIONS.length; i++ ) { - String action = CONTAINER_ACTIONS[i]; - String jsp = CONTAINER_JSPS[i]; + final String action = CONTAINER_ACTIONS[i]; + final String jsp = CONTAINER_JSPS[i]; // Print whether the page is constrained for each role - boolean allowsAnonymous = !wca.isConstrained( jsp, Role.ALL ); + final boolean allowsAnonymous = !wca.isConstrained( jsp, Role.ALL ); s.append( " <tr>\n" ); s.append( " <td>" + action + "</td>\n" ); s.append( " <td>" + jsp + "</td>\n" ); @@ -399,9 +399,9 @@ public final class SecurityVerifier { s.append( "\"" ); s.append( allowsAnonymous ? BG_GREEN + ">" : BG_RED + ">" ); s.append( " </td>\n" ); - for( Principal role : roles ) + for( final Principal role : roles ) { - boolean allowed = allowsAnonymous || wca.isConstrained( jsp, (Role)role ); + final boolean allowed = allowsAnonymous || wca.isConstrained( jsp, (Role)role ); s.append( " <td title=\"" ); s.append( allowed ? "ALLOW: " : "DENY: " ); s.append( jsp ); @@ -440,7 +440,7 @@ public final class SecurityVerifier { */ public Principal[] webContainerRoles() throws WikiException { - Authorizer authorizer = m_engine.getAuthorizationManager().getAuthorizer(); + final Authorizer authorizer = m_engine.getAuthorizationManager().getAuthorizer(); if ( authorizer instanceof WebContainerAuthorizer ) { return ( (WebContainerAuthorizer) authorizer ).getRoles(); @@ -455,15 +455,15 @@ public final class SecurityVerifier { */ protected void verifyPolicyAndContainerRoles() throws WikiException { - Authorizer authorizer = m_engine.getAuthorizationManager().getAuthorizer(); - Principal[] containerRoles = authorizer.getRoles(); + final Authorizer authorizer = m_engine.getAuthorizationManager().getAuthorizer(); + final Principal[] containerRoles = authorizer.getRoles(); boolean missing = false; - for( Principal principal : m_policyPrincipals ) + for( final Principal principal : m_policyPrincipals ) { if ( principal instanceof Role ) { - Role role = (Role) principal; - boolean isContainerRole = ArrayUtils.contains( containerRoles, role ); + final Role role = (Role) principal; + final boolean isContainerRole = ArrayUtils.contains( containerRoles, role ); if ( !Role.isBuiltInRole( role ) && !isContainerRole ) { m_session.addMessage( ERROR_ROLES, "Role '" + role.getName() + "' is defined in security policy but not in web.xml." ); @@ -483,13 +483,13 @@ public final class SecurityVerifier { */ protected void verifyGroupDatabase() { - GroupManager mgr = m_engine.getGroupManager(); + final GroupManager mgr = m_engine.getGroupManager(); GroupDatabase db = null; try { db = m_engine.getGroupManager().getGroupDatabase(); } - catch ( WikiSecurityException e ) + catch ( final WikiSecurityException e ) { m_session.addMessage( ERROR_GROUPS, "Could not retrieve GroupManager: " + e.getMessage() ); } @@ -520,24 +520,24 @@ public final class SecurityVerifier { int oldGroupCount = 0; try { - Group[] groups = db.groups(); + final Group[] groups = db.groups(); oldGroupCount = groups.length; m_session.addMessage( INFO_GROUPS, "The group database contains " + oldGroupCount + " groups." ); } - catch ( WikiSecurityException e ) + catch ( final WikiSecurityException e ) { m_session.addMessage( ERROR_GROUPS, "Could not obtain a list of current groups: " + e.getMessage() ); return; } // Try adding a bogus group with random name - String name = "TestGroup" + System.currentTimeMillis(); + final String name = "TestGroup" + System.currentTimeMillis(); Group group = null; try { // Create dummy test group group = mgr.parseGroup( name, "", true ); - Principal user = new WikiPrincipal( "TestUser" ); + final Principal user = new WikiPrincipal( "TestUser" ); group.add( user ); db.save( group, new WikiPrincipal("SecurityVerifier") ); @@ -549,7 +549,7 @@ public final class SecurityVerifier { } m_session.addMessage( INFO_GROUPS, "The group database allows new groups to be created, as it should." ); } - catch ( WikiSecurityException e ) + catch ( final WikiSecurityException e ) { m_session.addMessage( ERROR_GROUPS, "Could not add a group to the database: " + e.getMessage() ); return; @@ -566,7 +566,7 @@ public final class SecurityVerifier { } m_session.addMessage( INFO_GROUPS, "The group database allows groups to be deleted, as it should." ); } - catch ( WikiSecurityException e ) + catch ( final WikiSecurityException e ) { m_session.addMessage( ERROR_GROUPS, "Could not delete a test group from the database: " + e.getMessage() ); return; @@ -584,7 +584,7 @@ public final class SecurityVerifier { protected void verifyJaas() { // Verify that the specified JAAS moduie corresponds to a class we can load successfully. - String jaasClass = m_engine.getWikiProperties().getProperty( AuthenticationManager.PROP_LOGIN_MODULE ); + final String jaasClass = m_engine.getWikiProperties().getProperty( AuthenticationManager.PROP_LOGIN_MODULE ); if ( jaasClass == null || jaasClass.length() == 0 ) { m_session.addMessage( ERROR_JAAS, "The value of the '" + AuthenticationManager.PROP_LOGIN_MODULE + @@ -601,7 +601,7 @@ public final class SecurityVerifier { "' specified the class '" + jaasClass + ".'" ); c = Class.forName( jaasClass ); } - catch( ClassNotFoundException e ) + catch( final ClassNotFoundException e ) { m_session.addMessage( ERROR_JAAS, "We could not find the the class '" + jaasClass + "' on the " + "classpath. This is fatal error." ); @@ -628,7 +628,7 @@ public final class SecurityVerifier { * @param property the system property to look up * @return the file object, or <code>null</code> if not found */ - protected File getFileFromProperty( String property ) + protected File getFileFromProperty( final String property ) { String propertyValue = null; try @@ -659,15 +659,15 @@ public final class SecurityVerifier { { propertyValue = "file:" + propertyValue; } - URL url = new URL( propertyValue ); - File file = new File( url.getPath() ); + final URL url = new URL( propertyValue ); + final File file = new File( url.getPath() ); if ( file.exists() ) { m_session.addMessage( "Info." + property, "File '" + propertyValue + "' exists in the filesystem." ); return file; } } - catch( MalformedURLException e ) + catch( final MalformedURLException e ) { // Swallow exception because we can't find it anyway } @@ -675,7 +675,7 @@ public final class SecurityVerifier { + "' doesn't seem to exist. This might be a problem." ); return null; } - catch( SecurityException e ) + catch( final SecurityException e ) { m_session.addMessage( "Error." + property, "We could not read system property '" + property + "'. This is probably because you are running with a security manager." ); @@ -690,73 +690,59 @@ public final class SecurityVerifier { * represents a valid policy. */ @SuppressWarnings("unchecked") - protected void verifyPolicy() - { + protected void verifyPolicy() { // Look up the policy file and set the status text. - URL policyURL = AuthenticationManager.findConfigFile( m_engine, AuthorizationManager.DEFAULT_POLICY ); + final URL policyURL = m_engine.findConfigFile( AuthorizationManager.DEFAULT_POLICY ); String path = policyURL.getPath(); - if ( path.startsWith("file:") ) - { + if ( path.startsWith("file:") ) { path = path.substring( 5 ); } - File policyFile = new File( path ); + final File policyFile = new File( path ); // Next, verify the policy - try - { + try { // Get the file - PolicyReader policy = new PolicyReader( policyFile ); + final PolicyReader policy = new PolicyReader( policyFile ); m_session.addMessage( INFO_POLICY, "The security policy '" + policy.getFile() + "' exists." ); // See if there is a keystore that's valid - KeyStore ks = policy.getKeyStore(); - if ( ks == null ) - { + final KeyStore ks = policy.getKeyStore(); + if ( ks == null ) { m_session.addMessage( WARNING_POLICY, "Policy file does not have a keystore... at least not one that we can locate. If your policy file " + "does not contain any 'signedBy' blocks, this is probably ok." ); - } - else - { + } else { m_session.addMessage( INFO_POLICY, "The security policy specifies a keystore, and we were able to locate it in the filesystem." ); } // Verify the file policy.read(); - List<Exception> errors = policy.getMessages(); - if ( errors.size() > 0 ) - { - for( Exception e : errors ) - { + final List<Exception> errors = policy.getMessages(); + if ( errors.size() > 0 ) { + for( final Exception e : errors ) { m_session.addMessage( ERROR_POLICY, e.getMessage() ); } - } - else - { + } else { m_session.addMessage( INFO_POLICY, "The security policy looks fine." ); m_isSecurityPolicyConfigured = true; } // Stash the unique principals mentioned in the file, // plus our standard roles. - Set<Principal> principals = new LinkedHashSet<Principal>(); + final Set<Principal> principals = new LinkedHashSet<>(); principals.add( Role.ALL ); principals.add( Role.ANONYMOUS ); principals.add( Role.ASSERTED ); principals.add( Role.AUTHENTICATED ); - ProtectionDomain[] domains = policy.getProtectionDomains(); - for ( ProtectionDomain domain : domains ) - { - for( Principal principal : domain.getPrincipals() ) - { + final ProtectionDomain[] domains = policy.getProtectionDomains(); + for ( final ProtectionDomain domain : domains ) { + for( final Principal principal : domain.getPrincipals() ) { principals.add( principal ); } } m_policyPrincipals = principals.toArray( new Principal[principals.size()] ); - } - catch( IOException e ) - { + } catch( final IOException e ) { m_session.addMessage( ERROR_POLICY, e.getMessage() ); } } @@ -769,21 +755,21 @@ public final class SecurityVerifier { * @return the result, based on consultation with the active Java security * policy */ - protected boolean verifyStaticPermission( Principal principal, final Permission permission ) + protected boolean verifyStaticPermission( final Principal principal, final Permission permission ) { - Subject subject = new Subject(); + final Subject subject = new Subject(); subject.getPrincipals().add( principal ); - boolean allowedByGlobalPolicy = ((Boolean) + final boolean allowedByGlobalPolicy = ((Boolean) Subject.doAsPrivileged( subject, new PrivilegedAction<Object>() { - public Object run() + @Override public Object run() { try { AccessController.checkPermission( permission ); return Boolean.TRUE; } - catch ( AccessControlException e ) + catch ( final AccessControlException e ) { return Boolean.FALSE; } @@ -796,7 +782,7 @@ public final class SecurityVerifier { } // Check local policy - Principal[] principals = new Principal[]{ principal }; + final Principal[] principals = new Principal[]{ principal }; return m_engine.getAuthorizationManager().allowedByLocalPolicy( principals, permission ); } @@ -806,7 +792,7 @@ public final class SecurityVerifier { */ protected void verifyUserDatabase() { - UserDatabase db = m_engine.getUserManager().getUserDatabase(); + final UserDatabase db = m_engine.getUserManager().getUserDatabase(); // Check for obvious error conditions if ( db == null ) @@ -832,21 +818,21 @@ public final class SecurityVerifier { int oldUserCount = 0; try { - Principal[] users = db.getWikiNames(); + final Principal[] users = db.getWikiNames(); oldUserCount = users.length; m_session.addMessage( INFO_DB, "The user database contains " + oldUserCount + " users." ); } - catch ( WikiSecurityException e ) + catch ( final WikiSecurityException e ) { m_session.addMessage( ERROR_DB, "Could not obtain a list of current users: " + e.getMessage() ); return; } // Try adding a bogus user with random name - String loginName = "TestUser" + System.currentTimeMillis(); + final String loginName = "TestUser" + System.currentTimeMillis(); try { - UserProfile profile = db.newProfile(); + final UserProfile profile = db.newProfile(); profile.setEmail( "[email protected]" ); profile.setLoginName( loginName ); profile.setFullname( "FullName"+loginName ); @@ -861,7 +847,7 @@ public final class SecurityVerifier { } m_session.addMessage( INFO_DB, "The user database allows new users to be created, as it should." ); } - catch ( WikiSecurityException e ) + catch ( final WikiSecurityException e ) { m_session.addMessage( ERROR_DB, "Could not add a test user to the database: " + e.getMessage() ); return; @@ -878,7 +864,7 @@ public final class SecurityVerifier { } m_session.addMessage( INFO_DB, "The user database allows users to be deleted, as it should." ); } - catch ( WikiSecurityException e ) + catch ( final WikiSecurityException e ) { m_session.addMessage( ERROR_DB, "Could not delete a test user to the database: " + e.getMessage() ); return;
