This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 49af134fd57f249f46cfcd1bf9f5159816463727 Author: juanpablo <[email protected]> AuthorDate: Tue Mar 24 15:45:22 2020 +0100 JSPWIKI-303: add Pages' ACLs --- .../main/java/org/apache/wiki/api/core/Acl.java | 4 +- .../main/java/org/apache/wiki/api/core/Page.java | 4 +- .../src/main/java/org/apache/wiki/WikiPage.java | 18 +++- .../org/apache/wiki/auth/AuthorizationManager.java | 2 +- .../wiki/auth/DefaultAuthorizationManager.java | 10 +- .../main/java/org/apache/wiki/auth/acl/Acl.java | 116 +++++++++------------ .../java/org/apache/wiki/auth/acl/AclEntry.java | 87 ++-------------- .../java/org/apache/wiki/auth/acl/AclImpl.java | 110 +++++++------------ .../java/org/apache/wiki/auth/acl/AclManager.java | 9 +- .../apache/wiki/auth/acl/DefaultAclManager.java | 18 ++-- .../org/apache/wiki/pages/DefaultPageManager.java | 12 +-- .../apache/wiki/parser/JSPWikiMarkupParser.java | 2 +- .../wiki/auth/acl/DefaultAclManagerTest.java | 10 +- .../AccessRuleLinkNodePostProcessorState.java | 6 +- 14 files changed, 155 insertions(+), 253 deletions(-) diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/core/Acl.java b/jspwiki-api/src/main/java/org/apache/wiki/api/core/Acl.java index be51eb9..71f798f 100644 --- a/jspwiki-api/src/main/java/org/apache/wiki/api/core/Acl.java +++ b/jspwiki-api/src/main/java/org/apache/wiki/api/core/Acl.java @@ -62,7 +62,7 @@ public interface Acl { * * @return an enumeration of the entries in this ACL. */ - Enumeration< AclEntry > entries(); + Enumeration< AclEntry > aclEntries(); /** * Returns <code>true</code>, if this Acl is empty. @@ -88,7 +88,7 @@ public interface Acl { * @param principal the principal to search for * @return the AclEntry associated with the principal, or <code>null</code> */ - AclEntry getEntry( Principal principal ); + AclEntry getAclEntry( Principal principal ); /** * Removes an ACL entry from this ACL. diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/core/Page.java b/jspwiki-api/src/main/java/org/apache/wiki/api/core/Page.java index 65975e5..a83ecd8 100644 --- a/jspwiki-api/src/main/java/org/apache/wiki/api/core/Page.java +++ b/jspwiki-api/src/main/java/org/apache/wiki/api/core/Page.java @@ -169,7 +169,7 @@ public interface Page extends Cloneable, Comparable< Page > { * * @return The access control list. May return null, if there is no acl. */ - //Acl getAcl(); + Acl getAcl(); /** * Sets the Acl for this page. Note that method does <em>not</em> persist the Acl itself to back-end storage or in page markup; @@ -178,7 +178,7 @@ public interface Page extends Cloneable, Comparable< Page > { * * @param acl The Acl to set */ - //void setAcl( Acl acl ); + void setAcl( Acl acl ); /** {@inheritDoc} */ Page clone(); diff --git a/jspwiki-main/src/main/java/org/apache/wiki/WikiPage.java b/jspwiki-main/src/main/java/org/apache/wiki/WikiPage.java index ce0d220..f278d5b 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/WikiPage.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/WikiPage.java @@ -203,7 +203,7 @@ public class WikiPage implements Page { * @return The access control list. May return null, if there is no acl. */ public Acl getAcl() { - return m_accessList; + return (org.apache.wiki.auth.acl.Acl)m_accessList; } /** @@ -212,9 +212,23 @@ public class WikiPage implements Page { * {@link org.apache.wiki.auth.acl.AclManager#setPermissions(WikiPage, Acl)}. * * @param acl The Acl to set + * @deprecated use {@link #setAcl(org.apache.wiki.api.core.Acl)} + * @see #setAcl(org.apache.wiki.api.core.Acl) */ + @Deprecated public void setAcl( final Acl acl ) { - m_accessList = acl; + setAcl( ( org.apache.wiki.api.core.Acl )acl ); + } + + /** + * Sets the Acl for this page. Note that method does <em>not</em> persist the Acl itself to back-end storage or in page markup; + * it merely sets the internal field that stores the Acl. To persist the Acl, callers should invoke + * {@link org.apache.wiki.auth.acl.AclManager#setPermissions(WikiPage, Acl)}. + * + * @param acl The Acl to set + */ + public void setAcl( final org.apache.wiki.api.core.Acl acl ) { + m_accessList = ( Acl )acl; } /** diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java index a0c1e80..328d266 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/AuthorizationManager.java @@ -77,7 +77,7 @@ public interface AuthorizationManager { * Returns <code>true</code> or <code>false</code>, depending on whether a Permission is allowed for the Subject associated with * a supplied Session. The access control algorithm works this way: * <ol> - * <li>The {@link org.apache.wiki.auth.acl.Acl} for the page is obtained</li> + * <li>The {@link org.apache.wiki.api.core.Acl} for the page is obtained</li> * <li>The Subject associated with the current {@link org.apache.wiki.api.core.Session} is obtained</li> * <li>If the Subject's Principal set includes the Role Principal that is the administrator group, always allow the Permission</li> * <li>For all permissions, check to see if the Permission is allowed according to the default security policy. If it isn't, deny diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java index 5ca590a..fef2949 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/DefaultAuthorizationManager.java @@ -20,14 +20,14 @@ package org.apache.wiki.auth; import org.apache.log4j.Logger; import org.apache.wiki.WikiContext; -import org.apache.wiki.WikiPage; +import org.apache.wiki.api.core.Acl; +import org.apache.wiki.api.core.AclEntry; import org.apache.wiki.api.core.Context; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Page; import org.apache.wiki.api.core.Session; import org.apache.wiki.api.exceptions.NoRequiredPropertyException; import org.apache.wiki.api.exceptions.WikiException; -import org.apache.wiki.auth.acl.Acl; -import org.apache.wiki.auth.acl.AclEntry; import org.apache.wiki.auth.acl.AclManager; import org.apache.wiki.auth.acl.UnresolvedPrincipal; import org.apache.wiki.auth.authorize.GroupManager; @@ -127,7 +127,7 @@ public class DefaultAuthorizationManager implements AuthorizationManager { // If the page or ACL is null, it's allowed. final String pageName = ((PagePermission)permission).getPage(); - final WikiPage page = ( WikiPage )m_engine.getManager( PageManager.class ).getPage( pageName ); + final Page page = m_engine.getManager( PageManager.class ).getPage( pageName ); final Acl acl = ( page == null) ? null : m_engine.getManager( AclManager.class ).getPermissions( page ); if( page == null || acl == null || acl.isEmpty() ) { fireEvent( WikiSecurityEvent.ACCESS_ALLOWED, user, permission ); @@ -146,7 +146,7 @@ public class DefaultAuthorizationManager implements AuthorizationManager { for( Principal aclPrincipal : aclPrincipals ) { // If the ACL principal we're looking at is unresolved, try to resolve it here & correct the Acl if ( aclPrincipal instanceof UnresolvedPrincipal ) { - final AclEntry aclEntry = acl.getEntry( aclPrincipal ); + final AclEntry aclEntry = acl.getAclEntry( aclPrincipal ); aclPrincipal = resolvePrincipal( aclPrincipal.getName() ); if ( aclEntry != null && !( aclPrincipal instanceof UnresolvedPrincipal ) ) { aclEntry.setPrincipal( aclPrincipal ); diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/Acl.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/Acl.java index 91b398a..5237bcc 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/Acl.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/Acl.java @@ -18,97 +18,81 @@ */ package org.apache.wiki.auth.acl; -import java.security.Permission; import java.security.Principal; +import java.util.Collections; import java.util.Enumeration; +import java.util.List; +import java.util.stream.Collectors; + /** * <p> - * Defines an access control list (ACL) for wiki pages. An Access Control List - * is a data structure used to guard access to resources. An ACL can be thought - * of as a data structure with multiple ACL entries. Each ACL entry, of - * interface type AclEntry, contains a set of positive permissions associated - * with a particular principal. (A principal represents an entity such as an - * individual user or a group). The ACL Entries in each ACL observe the - * following rules: - * </p> - * <ul> - * <li>Each principal can have at most one ACL entry; that is, multiple ACL - * entries are not allowed for any principal. Each entry specifies the set of - * permissions that are to be granted</li> - * <li>If there is no entry for a particular principal, then the principal is - * considered to have a null (empty) permission set</li> - * </ul> - * <p> - * This interface is a highly stripped-down derivation of the - * java.security.acl.Acl interface. In particular, the notion of an Acl "owner" - * has been eliminated, since JWPWiki pages do not have owners. An additional - * simplification compared to the standard Java package is that negative - * permissions have been eliminated. Instead, JSPWiki assumes a "default-deny" - * security stance: principals are granted no permissions by default, and - * posesses only those that have been explicitly granted to them. And finally, - * the getPermissions() and checkPermission() methods have been eliminated due - * to the complexities associated with resolving Role principal membership. + * Deprecated, interface kept in order to keep backwards compatibility with versions up to 2.11.0.M6. {@link org.apache.wiki.api.core.Acl} + * should be used instead. * </p> + * {@inheritDoc} * @since 2.3 + * @deprecated use {@link org.apache.wiki.api.core.Acl} insteaad + * @see org.apache.wiki.api.core.Acl */ -public interface Acl -{ +@Deprecated +public interface Acl extends org.apache.wiki.api.core.Acl { + /** - * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an - * individual or a group) with a set of permissions. Each principal can have - * at most one positive ACL entry, specifying permissions to be granted to - * the principal. If there is already an ACL entry already in the ACL, false - * is returned. + * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) with a set of permissions. Each + * principal can have at most one positive ACL entry, specifying permissions to be granted to the principal. If there is already an + * ACL entry already in the ACL, false is returned. + * * @param entry - the ACL entry to be added to this ACL - * @return true on success, false if an entry of the same type (positive or - * negative) for the same principal is already present in this ACL + * @return true on success, false if an entry of the same type (positive or negative) for the same principal is already present in this ACL + * @deprecated use {@link #addEntry(org.apache.wiki.api.core.AclEntry)} instead. + * @see #addEntry(org.apache.wiki.api.core.AclEntry */ - boolean addEntry( AclEntry entry ); + @Deprecated + default boolean addEntry( final AclEntry entry ) { + return addEntry( ( org.apache.wiki.api.core.AclEntry )entry ); + } /** - * Returns an enumeration of the entries in this ACL. Each element in the - * enumeration is of type AclEntry. + * Returns an enumeration of the entries in this ACL. Each element in the enumeration is of type AclEntry. + * * @return an enumeration of the entries in this ACL. + * @deprecated use {@link #aclEntries()} instead. + * @see #aclEntries() */ - Enumeration< AclEntry > entries(); - - /** - * Returns <code>true</code>, if this Acl is empty. - * @return the result - * @since 2.4.68 - */ - boolean isEmpty(); + @Deprecated + default Enumeration< AclEntry > entries() { + final List< AclEntry> entries = Collections.list( aclEntries() ) // iterates list two times - this is ok as we don't expect too many elements inside aclEntries() + .stream() + .map( entry -> ( AclEntry )entry ) + .collect( Collectors.toList() ); + return Collections.enumeration( entries ); + } /** - * Returns all Principal objects assigned a given Permission in the access - * control list. The Princiapls returned are those that have been granted - * either the supplied permission, or a permission implied by the supplied - * permission. Principals are not "expanded" if they are a role or group. - * @param permission the permission to search for - * @return an array of Principals posessing the permission - */ - Principal[] findPrincipals( Permission permission ); - - /** - * Returns an AclEntry for a supplied Principal, or <code>null</code> if - * the Principal does not have a matching AclEntry. + * Returns an AclEntry for a supplied Principal, or <code>null</code> if the Principal does not have a matching AclEntry. + * * @param principal the principal to search for * @return the AclEntry associated with the principal, or <code>null</code> + * @deprecated use {@link #getAclEntry(Principal)} instead. + * @see #getAclEntry(Principal) */ - AclEntry getEntry( Principal principal ); + @Deprecated + default AclEntry getEntry( final Principal principal ) { + return ( AclEntry )getAclEntry( principal ); + } /** * Removes an ACL entry from this ACL. + * * @param entry the ACL entry to be removed from this ACL * @return true on success, false if the entry is not part of this ACL + * @deprecated use {@link #removeEntry(org.apache.wiki.api.core.AclEntry)} instead. + * @see #removeEntry(org.apache.wiki.api.core.AclEntry */ - boolean removeEntry( AclEntry entry ); - - /** - * Returns a string representation of the contents of this Acl. - * @return the string representation - */ - String toString(); + @Deprecated + default boolean removeEntry( final AclEntry entry ) { + return removeEntry( ( org.apache.wiki.api.core.AclEntry )entry ); + } } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclEntry.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclEntry.java index 0946720..f46d2b4 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclEntry.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclEntry.java @@ -18,88 +18,19 @@ */ package org.apache.wiki.auth.acl; -import java.security.Permission; -import java.security.Principal; -import java.util.Enumeration; - /** * <p> - * Represents one entry in an Access Control List (ACL). - * </p> - * <p> - * An ACL can be thought of as a data structure with multiple ACL entry objects. - * Each ACL entry object contains a set of positive page permissions associated - * with a particular principal. (A principal represents an entity such as an - * individual user, group, or role). Each principal can have at most one ACL - * entry; that is, multiple ACL entries are not allowed for any principal. - * </p> - * <p> - * This interface is functionally equivalent to the java.security.acl.AclEntry - * interface, minus negative permissions. + * Deprecated, interface kept in order to keep backwards compatibility with versions up to 2.11.0.M6. {@link org.apache.wiki.api.core.AclEntry} + * should be used instead. * </p> + * + * {@inheritDoc} + * * @see Acl * @since 2.3 + * @deprecated use {@link org.apache.wiki.api.core.AclEntry} insteaad + * @see org.apache.wiki.api.core.AclEntry */ -public interface AclEntry -{ - - /** - * Adds the specified permission to this ACL entry. The permission - * <em>must</em> be of type - * {@link org.apache.wiki.auth.permissions.PagePermission}. Note: An entry - * can have multiple permissions. - * @param permission the permission to be associated with the principal in - * this entry - * @return <code>true</code> if the permission was added, - * <code>false</code> if the permission was - * already part of this entry's permission set, and <code>false</code> if - * the permission is not of type PagePermission - */ - boolean addPermission(Permission permission); - - /** - * Checks if the specified permission is part of the permission set in this - * entry. - * @param permission the permission to be checked for. - * @return true if the permission is part of the permission set in this entry, - * false otherwise. - */ - boolean checkPermission(Permission permission); - - /** - * Returns the principal for which permissions are granted by this - * ACL entry. Returns null if there is no principal set for this entry yet. - * @return the principal associated with this entry. - */ - Principal getPrincipal(); - - /** - * Returns an enumeration of the permissions in this ACL entry. - * @return an enumeration of the permissions - */ - Enumeration< Permission > permissions(); - - /** - * Removes the specified permission from this ACL entry. - * @param permission the permission to be removed from this entry. - * @return true if the permission is removed, false if the permission was not - * part of this entry's permission set. - */ - boolean removePermission(Permission permission); - - /** - * Specifies the principal for which permissions are granted or denied by - * this ACL entry. If a principal was already set for this ACL entry, false - * is returned, otherwise true is returned. - * @param user the principal to be set for this entry - * @return true if the principal is set, false if there was already a - * principal set for this entry - */ - boolean setPrincipal(Principal user); - - /** - * Returns a string representation of the contents of this ACL entry. - * @return a string representation of the contents. - */ - String toString(); +@Deprecated +public interface AclEntry extends org.apache.wiki.api.core.AclEntry { } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclImpl.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclImpl.java index 0a5d0ab..8688e0b 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclImpl.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclImpl.java @@ -18,67 +18,62 @@ */ package org.apache.wiki.auth.acl; +import org.apache.wiki.api.core.AclEntry; + import java.io.Serializable; import java.security.Permission; import java.security.Principal; import java.util.Enumeration; import java.util.Vector; + /** - * JSPWiki implementation of an Access Control List. + * JSPWiki implementation of an Access Control List. * - * @since 2.3 + * @since 2.3 */ -public class AclImpl implements Acl, Serializable -{ +public class AclImpl implements Acl, Serializable { + private static final long serialVersionUID = 1L; - private final Vector<AclEntry> m_entries = new Vector<>(); + private final Vector< AclEntry > m_entries = new Vector<>(); /** * Constructs a new AclImpl instance. */ - public AclImpl() - { + public AclImpl() { } - - /** - * Returns all Principal objects assigned a given Permission in the access control list. The Principals returned are those that have - * been granted either the supplied permission, or a permission implied by the supplied permission. Principals are not "expanded" if - * they are a role or group. - * - * @param permission the permission to search for - * @return an array of Principals possessing the permission - */ + + /** {@inheritDoc} */ + @Override public Principal[] findPrincipals( final Permission permission ) { final Vector< Principal > principals = new Vector<>(); - final Enumeration< AclEntry > entries = entries(); - + final Enumeration< AclEntry > entries = aclEntries(); while( entries.hasMoreElements() ) { final AclEntry entry = entries.nextElement(); final Enumeration< Permission > permissions = entry.permissions(); while( permissions.hasMoreElements() ) { final Permission perm = permissions.nextElement(); - if ( perm.implies( permission ) ) { + if( perm.implies( permission ) ) { principals.add( entry.getPrincipal() ); } } } return principals.toArray( new Principal[ principals.size() ] ); } - + private boolean hasEntry( final AclEntry entry ) { if( entry == null ) { return false; } for( final AclEntry e : m_entries ) { - final Principal ep = e.getPrincipal(); + final Principal ep = e.getPrincipal(); final Principal entryp = entry.getPrincipal(); if( ep == null || entryp == null ) { - throw new IllegalArgumentException( "Entry is null; check code, please (entry="+entry+"; e="+e+")" ); + throw new IllegalArgumentException( "Entry is null; check code, please (entry=" + entry + "; e=" + e + ")" ); } - + if( ep.getName().equals( entryp.getName() ) ) { return true; } @@ -87,15 +82,8 @@ public class AclImpl implements Acl, Serializable return false; } - /** - * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) with a set of permissions. Each - * principal can have at most one positive ACL entry, specifying permissions to be granted to the principal. If there is already an - * ACL entry already in the ACL, false is returned. - * - * @param entry - the ACL entry to be added to this ACL - * @return true on success, false if an entry of the same type (positive or negative) for the same principal is already present in - * this ACL - */ + /** {@inheritDoc} */ + @Override public synchronized boolean addEntry( final AclEntry entry ) { if( entry.getPrincipal() == null ) { throw new IllegalArgumentException( "Entry principal cannot be null" ); @@ -104,39 +92,27 @@ public class AclImpl implements Acl, Serializable if( hasEntry( entry ) ) { return false; } - + m_entries.add( entry ); return true; } - /** - * Removes an ACL entry from this ACL. - * @param entry the ACL entry to be removed from this ACL - * @return true on success, false if the entry is not part of this ACL - */ - public synchronized boolean removeEntry( final AclEntry entry ) - { + /** {@inheritDoc} */ + @Override + public synchronized boolean removeEntry( final AclEntry entry ) { return m_entries.remove( entry ); } - /** - * Returns an enumeration of the entries in this ACL. Each element in the - * enumeration is of type AclEntry. - * @return an enumeration of the entries in this ACL. - */ - public Enumeration< AclEntry > entries() - { + /** {@inheritDoc} */ + @Override + public Enumeration< AclEntry > aclEntries() { return m_entries.elements(); } - /** - * Returns an AclEntry for a supplied Principal, or <code>null</code> if the Principal does not have a matching AclEntry. - * - * @param principal the principal to search for - * @return the AclEntry associated with the principal, or <code>null</code> - */ - public AclEntry getEntry( final Principal principal ) { + /** {@inheritDoc} */ + @Override + public AclEntry getAclEntry( final Principal principal ) { for( final AclEntry entry : m_entries ) { if( entry.getPrincipal().getName().equals( principal.getName() ) ) { return entry; @@ -146,13 +122,16 @@ public class AclImpl implements Acl, Serializable return null; } - /** - * Returns a string representation of the contents of this Acl. - * - * @return the string representation - */ + /** {@inheritDoc} */ + @Override + public boolean isEmpty() { + return m_entries.isEmpty(); + } + + /** {@inheritDoc} */ + @Override public String toString() { - final StringBuilder sb = new StringBuilder(); + final StringBuilder sb = new StringBuilder(); for( final AclEntry entry : m_entries ) { final Principal pal = entry.getPrincipal(); if( pal != null ) { @@ -167,19 +146,8 @@ public class AclImpl implements Acl, Serializable } sb.append( ")\n" ); } - return sb.toString(); } - /** - * Returns <code>true</code>, if this Acl is empty. - * - * @return the result - * @since 2.4.68 - */ - public boolean isEmpty() { - return m_entries.isEmpty(); - } - } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclManager.java index 17ae713..357db2e 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/AclManager.java @@ -18,8 +18,9 @@ */ package org.apache.wiki.auth.acl; -import org.apache.wiki.WikiPage; +import org.apache.wiki.api.core.Acl; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Page; import org.apache.wiki.auth.WikiSecurityException; import java.util.Properties; @@ -50,7 +51,7 @@ public interface AclManager { * @throws WikiSecurityException if the ruleLine was faulty somehow. * @since 2.1.121 */ - Acl parseAcl( WikiPage page, String ruleLine ) throws WikiSecurityException; + Acl parseAcl( Page page, String ruleLine ) throws WikiSecurityException; /** * Returns the access control list for the page. If the ACL has not been parsed yet, it is done on-the-fly. If the page has a @@ -61,7 +62,7 @@ public interface AclManager { * @since 2.2.121 * @return the Acl representing permissions for the page */ - Acl getPermissions( WikiPage page ); + Acl getPermissions( Page page ); /** * Sets the access control list for the page and persists it. @@ -71,6 +72,6 @@ public interface AclManager { * @since 2.5 * @throws WikiSecurityException if the ACL cannot be set or persisted */ - void setPermissions( WikiPage page, Acl acl ) throws WikiSecurityException; + void setPermissions( Page page, Acl acl ) throws WikiSecurityException; } diff --git a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/DefaultAclManager.java b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/DefaultAclManager.java index 5f9a531..3ecda49 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/DefaultAclManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/auth/acl/DefaultAclManager.java @@ -20,11 +20,13 @@ package org.apache.wiki.auth.acl; import org.apache.log4j.Logger; import org.apache.wiki.WikiContext; -import org.apache.wiki.WikiPage; +import org.apache.wiki.api.core.Acl; +import org.apache.wiki.api.core.AclEntry; +import org.apache.wiki.api.core.Attachment; import org.apache.wiki.api.core.Context; import org.apache.wiki.api.core.Engine; +import org.apache.wiki.api.core.Page; import org.apache.wiki.api.exceptions.ProviderException; -import org.apache.wiki.attachment.Attachment; import org.apache.wiki.auth.AuthorizationManager; import org.apache.wiki.auth.WikiSecurityException; import org.apache.wiki.auth.permissions.PagePermission; @@ -85,7 +87,7 @@ public class DefaultAclManager implements AclManager { /** {@inheritDoc} */ @Override - public Acl parseAcl( final WikiPage page, final String ruleLine ) throws WikiSecurityException { + public Acl parseAcl( final Page page, final String ruleLine ) throws WikiSecurityException { Acl acl = page.getAcl(); if (acl == null) { acl = new AclImpl(); @@ -99,7 +101,7 @@ public class DefaultAclManager implements AclManager { while( fieldToks.hasMoreTokens() ) { final String principalName = fieldToks.nextToken(",").trim(); final Principal principal = m_auth.resolvePrincipal(principalName); - final AclEntry oldEntry = acl.getEntry(principal); + final AclEntry oldEntry = acl.getAclEntry(principal); if( oldEntry != null ) { log.debug( "Adding to old acl list: " + principal + ", " + actions ); @@ -129,7 +131,7 @@ public class DefaultAclManager implements AclManager { /** {@inheritDoc} */ @Override - public Acl getPermissions( final WikiPage page ) { + public Acl getPermissions( final Page page ) { // Does the page already have cached ACLs? Acl acl = page.getAcl(); log.debug( "page=" + page.getName() + "\n" + acl ); @@ -137,7 +139,7 @@ public class DefaultAclManager implements AclManager { if( acl == null ) { // If null, try the parent. if( page instanceof Attachment ) { - final WikiPage parent = ( WikiPage )m_engine.getManager( PageManager.class ).getPage( ( ( Attachment ) page ).getParentName() ); + final Page parent = m_engine.getManager( PageManager.class ).getPage( ( ( Attachment ) page ).getParentName() ); acl = getPermissions(parent); } else { // Or, try parsing the page @@ -157,7 +159,7 @@ public class DefaultAclManager implements AclManager { /** {@inheritDoc} */ @Override - public void setPermissions( final WikiPage page, final Acl acl ) throws WikiSecurityException { + public void setPermissions( final Page page, final Acl acl ) throws WikiSecurityException { final PageManager pageManager = m_engine.getManager( PageManager.class ); // Forcibly expire any page locks @@ -188,7 +190,7 @@ public class DefaultAclManager implements AclManager { protected static String printAcl( final Acl acl ) { // Extract the ACL entries into a Map with keys == permissions, values == principals final Map< String, List< Principal > > permissionPrincipals = new TreeMap<>(); - final Enumeration< AclEntry > entries = acl.entries(); + final Enumeration< AclEntry > entries = acl.aclEntries(); while( entries.hasMoreElements() ) { final AclEntry entry = entries.nextElement(); final Principal principal = entry.getPrincipal(); diff --git a/jspwiki-main/src/main/java/org/apache/wiki/pages/DefaultPageManager.java b/jspwiki-main/src/main/java/org/apache/wiki/pages/DefaultPageManager.java index eaa8934..0b17008 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/pages/DefaultPageManager.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/pages/DefaultPageManager.java @@ -22,6 +22,8 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.log4j.Logger; import org.apache.wiki.WikiBackgroundThread; import org.apache.wiki.WikiPage; +import org.apache.wiki.api.core.Acl; +import org.apache.wiki.api.core.AclEntry; import org.apache.wiki.api.core.Attachment; import org.apache.wiki.api.core.Context; import org.apache.wiki.api.core.Engine; @@ -34,8 +36,6 @@ import org.apache.wiki.api.providers.WikiProvider; import org.apache.wiki.attachment.AttachmentManager; import org.apache.wiki.auth.WikiPrincipal; import org.apache.wiki.auth.WikiSecurityException; -import org.apache.wiki.auth.acl.Acl; -import org.apache.wiki.auth.acl.AclEntry; import org.apache.wiki.auth.acl.AclEntryImpl; import org.apache.wiki.auth.acl.AclManager; import org.apache.wiki.auth.user.UserProfile; @@ -707,11 +707,11 @@ public class DefaultPageManager implements PageManager { int pagesChanged = 0; final Collection< Page > pages = getAllPages(); for( final Page page : pages ) { - final boolean aclChanged = changeAcl( ( WikiPage )page, oldPrincipals, newPrincipal ); + final boolean aclChanged = changeAcl( page, oldPrincipals, newPrincipal ); if( aclChanged ) { // If the Acl needed changing, change it now try { - m_engine.getManager( AclManager.class ).setPermissions( ( WikiPage )page, ( ( WikiPage )page ).getAcl() ); + m_engine.getManager( AclManager.class ).setPermissions( page, page.getAcl() ); } catch( final WikiSecurityException e ) { LOG.error("Could not change page ACL for page " + page.getName() + ": " + e.getMessage(), e); } @@ -735,11 +735,11 @@ public class DefaultPageManager implements PageManager { * @param newPrincipal the Principal that should receive the old Principals' permissions * @return <code>true</code> if the Acl was actually changed; <code>false</code> otherwise */ - protected boolean changeAcl( final WikiPage page, final Principal[] oldPrincipals, final Principal newPrincipal ) { + protected boolean changeAcl( final Page page, final Principal[] oldPrincipals, final Principal newPrincipal ) { final Acl acl = page.getAcl(); boolean pageChanged = false; if( acl != null ) { - final Enumeration< AclEntry > entries = acl.entries(); + final Enumeration< AclEntry > entries = acl.aclEntries(); final Collection< AclEntry > entriesToAdd = new ArrayList<>(); final Collection< AclEntry > entriesToRemove = new ArrayList<>(); while( entries.hasMoreElements() ) { diff --git a/jspwiki-main/src/main/java/org/apache/wiki/parser/JSPWikiMarkupParser.java b/jspwiki-main/src/main/java/org/apache/wiki/parser/JSPWikiMarkupParser.java index 9aee850..17669f9 100644 --- a/jspwiki-main/src/main/java/org/apache/wiki/parser/JSPWikiMarkupParser.java +++ b/jspwiki-main/src/main/java/org/apache/wiki/parser/JSPWikiMarkupParser.java @@ -32,6 +32,7 @@ import org.apache.wiki.InternalWikiException; import org.apache.wiki.StringTransmutator; import org.apache.wiki.WikiContext; import org.apache.wiki.WikiPage; +import org.apache.wiki.api.core.Acl; import org.apache.wiki.api.core.Context; import org.apache.wiki.api.exceptions.PluginException; import org.apache.wiki.api.plugin.Plugin; @@ -39,7 +40,6 @@ import org.apache.wiki.attachment.AttachmentManager; import org.apache.wiki.auth.AuthorizationManager; import org.apache.wiki.auth.UserManager; import org.apache.wiki.auth.WikiSecurityException; -import org.apache.wiki.auth.acl.Acl; import org.apache.wiki.auth.acl.AclManager; import org.apache.wiki.i18n.InternationalizationManager; import org.apache.wiki.preferences.Preferences; diff --git a/jspwiki-main/src/test/java/org/apache/wiki/auth/acl/DefaultAclManagerTest.java b/jspwiki-main/src/test/java/org/apache/wiki/auth/acl/DefaultAclManagerTest.java index d1fccb7..37323ba 100644 --- a/jspwiki-main/src/test/java/org/apache/wiki/auth/acl/DefaultAclManagerTest.java +++ b/jspwiki-main/src/test/java/org/apache/wiki/auth/acl/DefaultAclManagerTest.java @@ -20,7 +20,9 @@ package org.apache.wiki.auth.acl; import org.apache.commons.lang3.ArrayUtils; import org.apache.wiki.TestEngine; -import org.apache.wiki.WikiPage; +import org.apache.wiki.api.core.Acl; +import org.apache.wiki.api.core.AclEntry; +import org.apache.wiki.api.core.Page; import org.apache.wiki.api.exceptions.ProviderException; import org.apache.wiki.auth.WikiPrincipal; import org.apache.wiki.auth.permissions.PermissionFactory; @@ -55,12 +57,12 @@ public class DefaultAclManagerTest @Test public void testGetPermissions() { - WikiPage page = ( WikiPage )m_engine.getManager( PageManager.class ).getPage( "TestDefaultPage" ); + Page page = m_engine.getManager( PageManager.class ).getPage( "TestDefaultPage" ); Acl acl = m_engine.getManager( AclManager.class ).getPermissions( page ); Assertions.assertNotNull( page.getAcl() ); Assertions.assertTrue(page.getAcl().isEmpty()); - page = ( WikiPage )m_engine.getManager( PageManager.class ).getPage( "TestAclPage" ); + page = m_engine.getManager( PageManager.class ).getPage( "TestAclPage" ); acl = m_engine.getManager( AclManager.class ).getPermissions( page ); Assertions.assertNotNull( page.getAcl() ); Assertions.assertFalse(page.getAcl().isEmpty()); @@ -161,7 +163,7 @@ public class DefaultAclManagerTest public void testPrintAcl() { // Verify that the printed Acl for the test page is OK - final WikiPage page = ( WikiPage )m_engine.getManager( PageManager.class ).getPage( "TestAclPage" ); + final Page page = m_engine.getManager( PageManager.class ).getPage( "TestAclPage" ); Acl acl = m_engine.getManager( AclManager.class ).getPermissions( page ); final String aclString = DefaultAclManager.printAcl( acl ); Assertions.assertEquals( "[{ALLOW edit Charlie,Herman}]\n", aclString ); diff --git a/jspwiki-markdown/src/main/java/org/apache/wiki/markdown/extensions/jspwikilinks/postprocessor/AccessRuleLinkNodePostProcessorState.java b/jspwiki-markdown/src/main/java/org/apache/wiki/markdown/extensions/jspwikilinks/postprocessor/AccessRuleLinkNodePostProcessorState.java index 3ee509e..86abb70 100755 --- a/jspwiki-markdown/src/main/java/org/apache/wiki/markdown/extensions/jspwikilinks/postprocessor/AccessRuleLinkNodePostProcessorState.java +++ b/jspwiki-markdown/src/main/java/org/apache/wiki/markdown/extensions/jspwikilinks/postprocessor/AccessRuleLinkNodePostProcessorState.java @@ -21,10 +21,10 @@ package org.apache.wiki.markdown.extensions.jspwikilinks.postprocessor; import com.vladsch.flexmark.util.ast.Node; import com.vladsch.flexmark.util.ast.NodeTracker; import org.apache.log4j.Logger; -import org.apache.wiki.WikiPage; +import org.apache.wiki.api.core.Acl; import org.apache.wiki.api.core.Context; +import org.apache.wiki.api.core.Page; import org.apache.wiki.auth.WikiSecurityException; -import org.apache.wiki.auth.acl.Acl; import org.apache.wiki.auth.acl.AclManager; import org.apache.wiki.markdown.nodes.JSPWikiLink; import org.apache.wiki.render.RenderingManager; @@ -54,7 +54,7 @@ public class AccessRuleLinkNodePostProcessorState implements NodePostProcessorSt public void process( final NodeTracker state, final JSPWikiLink link ) { String ruleLine = NodePostProcessorStateCommonOperations.inlineLinkTextOnWysiwyg( state, link, m_wysiwygEditorMode ); if( wikiContext.getEngine().getManager( RenderingManager.class ).getParser( wikiContext, link.getUrl().toString() ).isParseAccessRules() ) { - final WikiPage page = ( WikiPage )wikiContext.getRealPage(); + final Page page = wikiContext.getRealPage(); if( ruleLine.startsWith( "{" ) ) { ruleLine = ruleLine.substring( 1 ); }
