📄 usermanager.java
字号:
// should really cache the information. // FIXME: Should really query the page manager. public List getGroupsForPrincipal( Principal user ) throws NoSuchPrincipalException { List list = null; // // Add the groups ONLY if the user has been authenticated. // // FIXME: This is probably the wrong place, since this prevents // us from querying stuff later on. if( user instanceof UserProfile && ((UserProfile)user).isAuthenticated() ) { if( m_database != null ) list = m_database.getGroupsForPrincipal( user ); } if( list == null ) list = new ArrayList(); // // Add the default groups. // synchronized( m_groups ) { for( Iterator i = m_groups.values().iterator(); i.hasNext(); ) { WikiGroup g = (WikiGroup) i.next(); if( g.isMember( user ) ) { log.debug("User "+user.getName()+" is a member of "+g.getName()); list.add( g ); } } } return list; } /** * Attempts to find a Principal from the list of known principals. */ public Principal getPrincipal( String name ) { Principal p = getWikiGroup( name ); if( p == null ) { p = getUserProfile( name ); if( p == null ) { log.debug("No such principal defined: "+name+", using UndefinedPrincipal"); p = new UndefinedPrincipal( name ); } } return p; } /** * Attempts to perform a login for the given username/password * combination. Also sets the attribute UserManager.WIKIUSER in the current session, * which can then be used to fetch the current UserProfile. Or you can be lazy and * just call getUserProfile()... * * @param username The user name. This is an user name, not a WikiName. In most cases * they are the same, but in some cases, they might not be. * @param password The password. * @return true, if the username/password is valid. * @throws PasswordException, if password has expired */ public boolean login( String username, String password, HttpSession session ) throws WikiSecurityException { if( m_authenticator == null ) return false; if( session == null ) { log.error("No session provided, cannot log in."); return false; } UserProfile wup = getUserProfile( username ); if( wup != null ) { wup.setPassword( password ); boolean isValid = false; boolean expired = false; try { isValid = m_authenticator.authenticate( wup ); } catch( PasswordExpiredException e ) { isValid = true; expired = true; } if( isValid ) { wup.setLoginStatus( UserProfile.PASSWORD ); session.setAttribute( WIKIUSER, wup ); log.info("Logged in user "+username); if( expired ) throw new PasswordExpiredException(""); //FIXME! } else { log.info("Username "+username+" attempted to log in with the wrong password."); } return isValid; } return false; } /** * Logs a web user out, clearing the session. * * @param session The current HTTP session for this user. */ public void logout( HttpSession session ) { if( session != null ) { UserProfile wup = (UserProfile)session.getAttribute( WIKIUSER ); if( wup != null ) { log.info( "logged out user " + wup.getName() ); wup.setLoginStatus( UserProfile.NONE ); } session.invalidate(); } } /** * Gets a UserProfile, either from the request (presumably * authenticated and with auth information) or a new one * (with default permissions). * * @param request The servlet request for this user. * @return A valid UserProfile. Can also return null in case it is not possible * to get an UserProfile. * @since 2.1.10. */ public UserProfile getUserProfile( HttpServletRequest request ) { // First, see if we already have a user profile. HttpSession session = request.getSession( true ); UserProfile wup = (UserProfile)session.getAttribute( UserManager.WIKIUSER ); if( wup != null ) { return wup; } // Try to get a limited login. This will be inserted into the request. wup = limitedLogin( request ); if( wup != null ) { return wup; } log.error( "Unable to get a default UserProfile!" ); return null; } /** * Performs a "limited" login: sniffs for a user name from a cookie or the * client, and creates a limited user profile based on it. */ protected UserProfile limitedLogin( HttpServletRequest request ) { UserProfile wup = null; String role = null; // // First, checks whether container has done authentication for us. // String uid = request.getRemoteUser(); if( uid != null ) { wup = getUserProfile( uid ); if( wup != null ) { wup.setLoginStatus( UserProfile.CONTAINER ); HttpSession session = request.getSession( true ); session.setAttribute( WIKIUSER, wup ); } } else { // // See if a cookie exists, and create a default account. // uid = HttpUtil.retrieveCookieValue( request, WikiEngine.PREFS_COOKIE_NAME ); log.debug("Stored username="+uid); if( uid != null ) { try { wup = UserProfile.parseStringRepresentation( uid ); if( wup != null ) { wup.setLoginStatus( UserProfile.COOKIE ); } } catch( NoSuchElementException e ) { // We fail silently, as the cookie is invalid. } } } // If the UserDatabase declined to give us a UserPrincipal, // we manufacture one here explicitly. if( wup == null ) { wup = new UserProfile(); wup.setLoginName( GROUP_GUEST ); wup.setLoginStatus( UserProfile.NONE ); // // No username either, so fall back to the IP address. // if( m_storeIPAddress ) { wup.setName( request.getRemoteHost() ); } else { wup.setName( wup.getLoginName() ); } } // // FIXME: // // We cannot store the UserProfile into the session, because of the following: // Assume that Edit.jsp is protected through container auth. // // User without a cookie arrives through Wiki.jsp. A // UserProfile is created, which essentially contains his IP // address. If this is stored in the session, then, when the user // tries to access the Edit.jsp page and container does auth, he will // always be then known by his IP address, regardless of what the // request.getRemoteUser() says. // So, until this is solved, we create a new UserProfile on each // access. Ouch. // Limited login hasn't been authenticated. Just to emphasize the point: // wup.setPassword( null ); // HttpSession session = request.getSession( true ); // session.setAttribute( WIKIUSER, wup ); return wup; } /** * Sets the username cookie. * * @since 2.1.47. */ public void setUserCookie( HttpServletResponse response, String name ) { UserProfile profile = getUserProfile( name ); String uname = null; if( profile != null ) { Cookie prefs = new Cookie( WikiEngine.PREFS_COOKIE_NAME, profile.getStringRepresentation() ); prefs.setMaxAge( 1001*24*60*60 ); // 1001 days is default. response.addCookie( prefs ); } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -