📄 wikisession.java
字号:
} } } /** * Invalidates the WikiSession and resets its Subject's * Principals to the equivalent of a "guest session". */ public final void invalidate() { m_subject.getPrincipals().clear(); m_subject.getPrincipals().add( WikiPrincipal.GUEST ); m_subject.getPrincipals().add( Role.ANONYMOUS ); m_subject.getPrincipals().add( Role.ALL ); m_userPrincipal = WikiPrincipal.GUEST; m_loginPrincipal = WikiPrincipal.GUEST; } /** * Injects GroupPrincipal objects into the user's Principal set based on the * groups the user belongs to. For Groups, the algorithm first calls the * {@link GroupManager#getRoles()} to obtain the array of GroupPrincipals * the authorizer knows about. Then, the method * {@link GroupManager#isUserInRole(WikiSession, Principal)} is called for * each Principal. If the user is a member of the group, an equivalent * GroupPrincipal is injected into the user's principal set. Existing * GroupPrincipals are flushed and replaced. This method should generally be * called after a user's {@link com.ecyrd.jspwiki.auth.user.UserProfile} is * saved. If the wiki session is null, or there is no matching user profile, * the method returns silently. */ protected final void injectGroupPrincipals() { // Flush the existing GroupPrincipals m_subject.getPrincipals().removeAll( m_subject.getPrincipals(GroupPrincipal.class) ); // Get the GroupManager and test for each Group GroupManager manager = m_engine.getGroupManager(); for ( Principal group : manager.getRoles() ) { if ( manager.isUserInRole( this, group ) ) { m_subject.getPrincipals().add( group ); } } } /** * Adds Principal objects to the Subject that correspond to the * logged-in user's profile attributes for the wiki name, full name * and login name. These Principals will be WikiPrincipals, and they * will replace all other WikiPrincipals in the Subject. <em>Note: * this method is never called during anonymous or asserted sessions.</em> */ protected final void injectUserProfilePrincipals() { // Search for the user profile String searchId = m_loginPrincipal.getName(); if ( searchId == null ) { // Oh dear, this wasn't an authenticated user after all log.info("Refresh principals failed because WikiSession had no user Principal; maybe not logged in?"); return; } // Look up the user and go get the new Principals UserDatabase database = m_engine.getUserManager().getUserDatabase(); if ( database == null ) { throw new IllegalStateException( "User database cannot be null." ); } try { UserProfile profile = database.find( searchId ); Principal[] principals = database.getPrincipals( profile.getLoginName() ); for ( Principal principal : principals ) { // Add the Principal to the Subject m_subject.getPrincipals().add( principal ); // Set the user principal if needed; we prefer FullName, but the WikiName will also work boolean isFullNamePrincipal = ( principal instanceof WikiPrincipal && ((WikiPrincipal)principal).getType() == WikiPrincipal.FULL_NAME ); if ( isFullNamePrincipal ) { m_userPrincipal = principal; } else if ( !( m_userPrincipal instanceof WikiPrincipal ) ) { m_userPrincipal = principal; } } } catch ( NoSuchPrincipalException e ) { // We will get here if the user has a principal but not a profile // For example, it's a container-managed user who hasn't set up a profile yet log.warn("User profile '" + searchId + "' not found. This is normal for container-auth users who haven't set up a profile yet."); } } /** * <p>Returns the status of the wiki session as a text string. Valid values are:</p> * <ul> * <li>{@link #AUTHENTICATED}</li> * <li>{@link #ASSERTED}</li> * <li>{@link #ANONYMOUS}</li> * </ul> * @return the user's session status */ public final String getStatus() { return m_status; } /** * <p>Static factory method that returns the WikiSession object associated with * the current HTTP request. This method looks up the associated HttpSession * in an internal WeakHashMap and attempts to retrieve the WikiSession. If * not found, one is created. This method is guaranteed to always return a * WikiSession, although the authentication status is unpredictable until * the user attempts to log in. If the servlet request parameter is * <code>null</code>, a synthetic {@link #guestSession(WikiEngine)}is returned.</p> * <p>When a session is created, this method attaches a WikiEventListener * to the GroupManager so that changes to groups are detected automatically.</p> * @param engine the wiki engine * @param request the servlet request object * @return the existing (or newly created) wiki session */ public static final WikiSession getWikiSession( WikiEngine engine, HttpServletRequest request ) { // If request is null, return guest session if ( request == null ) { if ( log.isDebugEnabled() ) { log.debug( "Looking up WikiSession for NULL HttpRequest: returning guestSession()" ); } return staticGuestSession( engine ); } // Look for a WikiSession associated with the user's Http Session // and create one if it isn't there yet. HttpSession session = request.getSession(); SessionMonitor monitor = SessionMonitor.getInstance( engine ); WikiSession wikiSession = monitor.find( session ); // Attach reference to wiki engine wikiSession.m_engine = engine; wikiSession.m_cachedLocale = request.getLocale(); return wikiSession; } /** * Static factory method that creates a new "guest" session containing a single * user Principal {@link com.ecyrd.jspwiki.auth.WikiPrincipal#GUEST}, * plus the role principals {@link Role#ALL} and * {@link Role#ANONYMOUS}. This method also adds the session as a listener * for GroupManager, AuthenticationManager and UserManager events. * @param engine the wiki engine * @return the guest wiki session */ public static final WikiSession guestSession( WikiEngine engine ) { WikiSession session = new WikiSession(); session.m_engine = engine; session.invalidate(); // Add the session as listener for GroupManager, AuthManager, UserManager events GroupManager groupMgr = engine.getGroupManager(); AuthenticationManager authMgr = engine.getAuthenticationManager(); UserManager userMgr = engine.getUserManager(); groupMgr.addWikiEventListener( session ); authMgr.addWikiEventListener( session ); userMgr.addWikiEventListener( session ); return session; } /** * Returns a static guest session, which is available for this * thread only. This guest session is used internally whenever * there is no HttpServletRequest involved, but the request is * done e.g. when embedding JSPWiki code. * * @param engine WikiEngine for this session * @return A static WikiSession which is shared by all in this * same Thread. */ // FIXME: Should really use WeakReferences to clean away unused sessions. private static WikiSession staticGuestSession( WikiEngine engine ) { WikiSession session = c_guestSession.get(); if( session == null ) { session = guestSession( engine ); c_guestSession.set( session ); } return session; } /** * Returns the total number of active wiki sessions for a * particular wiki. This method delegates to the wiki's * {@link SessionMonitor#sessions()} method. * @param engine the wiki session * @return the number of sessions */ public static final int sessions( WikiEngine engine ) { SessionMonitor monitor = SessionMonitor.getInstance( engine ); return monitor.sessions(); } /** * Returns Principals representing the current users known * to a particular wiki. Each Principal will correspond to the * value returned by each WikiSession's {@link #getUserPrincipal()} * method. This method delegates to {@link SessionMonitor#userPrincipals()}. * @param engine the wiki engine * @return an array of Principal objects, sorted by name */ public static final Principal[] userPrincipals( WikiEngine engine ) { SessionMonitor monitor = SessionMonitor.getInstance( engine ); return monitor.userPrincipals(); } /** * Wrapper for * {@link javax.security.auth.Subject#doAsPrivileged(Subject, java.security.PrivilegedExceptionAction, java.security.AccessControlContext)} * that executes an action with the privileges posssessed by a * WikiSession's Subject. The action executes with a <code>null</code> * AccessControlContext, which has the effect of running it "cleanly" * without the AccessControlContexts of the caller. * @param session the wiki session * @param action the privileged action * @return the result of the privileged action; may be <code>null</code> * @throws java.security.AccessControlException if the action is not permitted * by the security policy */ public static final Object doPrivileged( WikiSession session, PrivilegedAction<?> action ) throws AccessControlException { return Subject.doAsPrivileged( session.m_subject, action, null ); } /** * Verifies whether a String represents an IPv4 address. The algorithm is * extremely efficient and does not allocate any objects. * @param name the address to test * @return the result */ protected static final boolean isIPV4Address( String name ) { if ( name.charAt( 0 ) == DOT || name.charAt( name.length() - 1 ) == DOT ) { return false; } int[] addr = new int[] { 0, 0, 0, 0 }; int currentOctet = 0; for( int i = 0; i < name.length(); i++ ) { int ch = name.charAt( i ); boolean isDigit = ch >= ONE && ch <= NINE; boolean isDot = ch == DOT; if ( !isDigit && !isDot ) { return false; } if ( isDigit ) { addr[currentOctet] = 10 * addr[currentOctet] + ( ch - ONE ); if ( addr[currentOctet] > 255 ) { return false; } } else if ( name.charAt( i - 1 ) == DOT ) { return false; } else { currentOctet++; } } return currentOctet == 3; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -