📄 securityverifier.java
字号:
/* JSPWiki - a JSP-based WikiWiki clone. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */package com.ecyrd.jspwiki.auth;import java.io.File;import java.io.IOException;import java.net.MalformedURLException;import java.net.URL;import java.security.*;import java.util.LinkedHashSet;import java.util.List;import java.util.Set;import javax.security.auth.Subject;import javax.security.auth.spi.LoginModule;import org.apache.commons.lang.ArrayUtils;import org.apache.log4j.Logger;import org.freshcookies.security.policy.PolicyReader;import org.jdom.JDOMException;import com.ecyrd.jspwiki.InternalWikiException;import com.ecyrd.jspwiki.WikiEngine;import com.ecyrd.jspwiki.WikiException;import com.ecyrd.jspwiki.WikiSession;import com.ecyrd.jspwiki.auth.authorize.*;import com.ecyrd.jspwiki.auth.permissions.AllPermission;import com.ecyrd.jspwiki.auth.permissions.GroupPermission;import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;import com.ecyrd.jspwiki.auth.permissions.WikiPermission;import com.ecyrd.jspwiki.auth.user.UserDatabase;import com.ecyrd.jspwiki.auth.user.UserProfile;/** * Helper class for verifying JSPWiki's security configuration. Invoked by * <code>admin/SecurityConfig.jsp</code>. * @author Andrew Jaquith * @since 2.4 */public final class SecurityVerifier{ private static final long serialVersionUID = -3859563355089169941L; private WikiEngine m_engine; private boolean m_isSecurityPolicyConfigured = false; private Principal[] m_policyPrincipals = new Principal[0]; private WikiSession m_session; /** Message prefix for errors. */ public static final String ERROR = "Error."; /** Message prefix for warnings. */ public static final String WARNING = "Warning."; /** Message prefix for information messages. */ public static final String INFO = "Info."; /** Message topic for policy errors. */ public static final String ERROR_POLICY = "Error.Policy"; /** Message topic for policy warnings. */ public static final String WARNING_POLICY = "Warning.Policy"; /** Message topic for policy information messages. */ public static final String INFO_POLICY = "Info.Policy"; /** Message topic for JAAS errors. */ public static final String ERROR_JAAS = "Error.Jaas"; /** Message topic for JAAS warnings. */ public static final String WARNING_JAAS = "Warning.Jaas"; /** Message topic for role-checking errors. */ public static final String ERROR_ROLES = "Error.Roles"; /** Message topic for role-checking information messages. */ public static final String INFO_ROLES = "Info.Roles"; /** Message topic for user database errors. */ public static final String ERROR_DB = "Error.UserDatabase"; /** Message topic for user database warnings. */ public static final String WARNING_DB = "Warning.UserDatabase"; /** Message topic for user database information messages. */ public static final String INFO_DB = "Info.UserDatabase"; /** Message topic for group database errors. */ public static final String ERROR_GROUPS = "Error.GroupDatabase"; /** Message topic for group database warnings. */ public static final String WARNING_GROUPS = "Warning.GroupDatabase"; /** Message topic for group database information messages. */ public static final String INFO_GROUPS = "Info.GroupDatabase"; /** Message topic for JAAS information messages. */ public static final String INFO_JAAS = "Info.Jaas"; private static final String[] CONTAINER_ACTIONS = new String[] { "View pages", "Comment on existing pages", "Edit pages", "Upload attachments", "Create a new group", "Rename an existing page", "Delete pages" }; private static final String[] CONTAINER_JSPS = new String[] { "/Wiki.jsp", "/Comment.jsp", "/Edit.jsp", "/Upload.jsp", "/NewGroup.jsp", "/Rename.jsp", "/Delete.jsp" }; private static final String BG_GREEN = "bgcolor=\"#c0ffc0\""; private static final String BG_RED = "bgcolor=\"#ffc0c0\""; private static final Logger LOG = Logger.getLogger( SecurityVerifier.class.getName() ); /** * Constructs a new SecurityVerifier for a supplied WikiEngine and WikiSession. * @param engine the wiki engine * @param session the wiki session (typically, that of an administrator) */ public SecurityVerifier( WikiEngine engine, WikiSession session ) { super(); m_engine = engine; m_session = session; m_session.clearMessages(); verifyJaas(); verifyPolicy(); try { verifyPolicyAndContainerRoles(); } catch ( WikiException e ) { m_session.addMessage( ERROR_ROLES, e.getMessage() ); } verifyGroupDatabase(); verifyUserDatabase(); } /** * Returns an array of unique Principals from the JSPWIki security policy * file. This array will be zero-length if the policy file was not * successfully located, or if the file did not specify any Principals in * the policy. * @return the array of principals */ public final Principal[] policyPrincipals() { return m_policyPrincipals; } /** * Formats and returns an HTML table containing sample permissions and what * roles are allowed to have them. This method will throw an * {@link IllegalStateException} if the authorizer is not of type * {@link com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer} * @return the formatted HTML table containing the result of the tests */ public final String policyRoleTable() { Principal[] roles = m_policyPrincipals; String wiki = m_engine.getApplicationName(); String[] pages = new String[] { "Main", "Index", "GroupTest", "GroupAdmin" }; String[] pageActions = new String[] { "view", "edit", "modify", "rename", "delete" }; String[] groups = new String[] { "Admin", "TestGroup", "Foo" }; String[] groupActions = new String[] { "view", "edit", null, null, "delete" }; // Calculate column widths String colWidth; if ( pageActions.length > 0 && roles.length > 0 ) { colWidth = String.valueOf( 67f / ( pageActions.length * roles.length ) ) + "%"; } else { colWidth = "67%"; } StringBuffer s = new StringBuffer(); // Write the table header s.append( "<table class=\"wikitable\" border=\"1\">\n" ); s.append( " <colgroup span=\"1\" width=\"33%\"/>\n" ); s.append( " <colgroup span=\"" + pageActions.length * roles.length + "\" width=\"" + colWidth + "\" align=\"center\"/>\n" ); s.append( " <tr>\n" ); s.append( " <th rowspan=\"2\" valign=\"bottom\">Permission</th>\n" ); for( int i = 0; i < roles.length; i++ ) { s.append( " <th colspan=\"" + pageActions.length + "\" title=\"" + roles[i].getClass().getName() + "\">" + roles[i].getName() + "</th>\n" ); } s.append( " </tr>\n" ); // Print a column for each role s.append( " <tr>\n" ); for( int i = 0; i < roles.length; i++ ) { for( String pageAction : pageActions ) { String action = pageAction.substring( 0, 1 ); s.append( " <th title=\"" + pageAction + "\">" + action + "</th>\n" ); } } s.append( " </tr>\n" ); // Write page permission tests first for( String page : pages ) { s.append( " <tr>\n" ); s.append( " <td>PagePermission \"" + wiki + ":" + page + "\"</td>\n" ); for( Principal role : roles ) { for( String pageAction : pageActions ) { Permission permission = PermissionFactory.getPagePermission( wiki + ":" + page, pageAction ); s.append( printPermissionTest( permission, role, 1 ) ); } } s.append( " </tr>\n" ); } // Now do the group tests for( String group : groups ) { s.append( " <tr>\n" ); s.append( " <td>GroupPermission \"" + wiki + ":" + group + "\"</td>\n" ); for( Principal role : roles ) { for( String groupAction : groupActions ) { Permission permission = null; if ( groupAction != null) { permission = new GroupPermission( wiki + ":" + group, groupAction ); } s.append( printPermissionTest( permission, role, 1 ) ); } } s.append( " </tr>\n" ); } // Now check the wiki-wide permissions String[] wikiPerms = new String[] { "createGroups", "createPages", "login", "editPreferences", "editProfile" }; for( String wikiPerm : wikiPerms ) { s.append( " <tr>\n" ); s.append( " <td>WikiPermission \"" + wiki + "\",\"" + wikiPerm + "\"</td>\n" ); for( Principal role : roles ) { Permission permission = new WikiPermission( wiki, wikiPerm ); s.append( printPermissionTest( permission, role, pageActions.length ) ); } s.append( " </tr>\n" ); } // Lastly, check for AllPermission s.append( " <tr>\n" ); s.append( " <td>AllPermission \"" + wiki + "\"</td>\n" ); for( Principal role : roles ) { Permission permission = new AllPermission( wiki ); s.append( printPermissionTest( permission, role, pageActions.length ) ); } s.append( " </tr>\n" ); // We're done! s.append( "</table>" ); return s.toString(); } /** * Prints a <td> HTML element with the results of a permission test. * @param perm the permission to format * @param allowed whether the permission is allowed */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -