com.ecyrd.jspwiki.auth
Class SecurityVerifier

java.lang.Object
  extended by com.ecyrd.jspwiki.auth.SecurityVerifier

public class SecurityVerifier
extends Object

Helper class for verifying JSPWiki's security configuration. Invoked by admin/SecurityConfig.jsp.

Since:
2.4
Version:
$Revision: 1.6 $ $Date: 2006/06/04 19:51:12 $
Author:
Andrew Jaquith

Field Summary
static String ERROR
           
static String ERROR_DB
           
static String ERROR_JAAS
           
static String ERROR_POLICY
           
static String ERROR_ROLES
           
static String INFO
           
static String INFO_DB
           
static String INFO_JAAS
           
static String INFO_POLICY
           
static String INFO_ROLES
           
static String WARNING
           
static String WARNING_DB
           
static String WARNING_JAAS
           
static String WARNING_POLICY
           
 
Constructor Summary
SecurityVerifier(WikiEngine engine, WikiSession session)
           
 
Method Summary
 String containerRoleTable()
          Formats and returns an HTML table containing the roles the web container is aware of, and whether each role maps to particular JSPs.
protected  File getFileFromProperty(String property)
           
protected  boolean isJaasConfigurationAvailable(String config)
          Returns true if JSPWiki can locate a named JAAS login configuration.
 boolean isJaasConfigured()
          Returns true if JAAS is configured correctly.
 boolean isJaasConfiguredAtStartup()
          Returns true if the JAAS login configuration was already set when JSPWiki started up.
 boolean isSecurityPolicyConfigured()
          Returns true if the Java security policy is configured correctly, and it verifies as valid.
 boolean isSecurityPolicyConfiguredAtStartup()
          Returns true if the Java security policy file was already set when JSPWiki started up.
 File jaasConfiguration()
          Returns the location of the JAAS configuration file if and only if the java.security.auth.login.config is set and the file it points to exists in the file system; returns null in all other cases.
 Principal[] policyPrincipals()
          Returns an array of unique Principals from the JSPWIki security policy file.
 String policyRoleTable()
          Formats and returns an HTML table containing sample permissions and what roles are allowed to have them.
 File securityPolicy()
          Returns the location of the Java security policy file if and only if the java.security.policy is set and the file it points to exists in the file system; returns null in all other cases.
protected  void verifyJaas()
          Verfies the JAAS configuration.
protected  void verifyPolicy()
          Verfies the Java security policy configuration.
protected  void verifyPolicyAndContainerRoles()
          Verifies that the roles given in the security policy are reflected by the container web.xml file.
protected  boolean verifyStaticPermission(Principal principal, Permission permission)
          Verifies that a particular Principal possesses a Permission, as defined in the security policy file.
protected  void verifyUserDatabase()
          Verifies that the user datbase was initialized properly, and that user add and delete operations work as they should.
 Principal[] webContainerRoles()
          If the active Authorizer is the WebContainerAuthorizer, returns the roles it knows about; otherwise, a zero-length array.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ERROR

public static final String ERROR
See Also:
Constant Field Values

WARNING

public static final String WARNING
See Also:
Constant Field Values

INFO

public static final String INFO
See Also:
Constant Field Values

ERROR_POLICY

public static final String ERROR_POLICY
See Also:
Constant Field Values

WARNING_POLICY

public static final String WARNING_POLICY
See Also:
Constant Field Values

INFO_POLICY

public static final String INFO_POLICY
See Also:
Constant Field Values

ERROR_JAAS

public static final String ERROR_JAAS
See Also:
Constant Field Values

WARNING_JAAS

public static final String WARNING_JAAS
See Also:
Constant Field Values

ERROR_ROLES

public static final String ERROR_ROLES
See Also:
Constant Field Values

INFO_ROLES

public static final String INFO_ROLES
See Also:
Constant Field Values

ERROR_DB

public static final String ERROR_DB
See Also:
Constant Field Values

WARNING_DB

public static final String WARNING_DB
See Also:
Constant Field Values

INFO_DB

public static final String INFO_DB
See Also:
Constant Field Values

INFO_JAAS

public static final String INFO_JAAS
See Also:
Constant Field Values
Constructor Detail

SecurityVerifier

public SecurityVerifier(WikiEngine engine,
                        WikiSession session)
Method Detail

policyPrincipals

public final Principal[] policyPrincipals()
Returns an array of unique Principals from the JSPWIki security policy file. This array will be zero-length if the policy file was not successfully located, or if the file did not specify any Principals in the policy.


policyRoleTable

public String policyRoleTable()
Formats and returns an HTML table containing sample permissions and what roles are allowed to have them.

Throws:
IllegalStateException - if the authorizer is not of type WebContainerAuthorizer

containerRoleTable

public String containerRoleTable()
Formats and returns an HTML table containing the roles the web container is aware of, and whether each role maps to particular JSPs.

Throws:
IllegalStateException - if the authorizer is not of type WebContainerAuthorizer

isJaasConfigured

public final boolean isJaasConfigured()
Returns true if JAAS is configured correctly.

Returns:
the result of the configuration check

isJaasConfiguredAtStartup

public final boolean isJaasConfiguredAtStartup()
Returns true if the JAAS login configuration was already set when JSPWiki started up. We determine this value by consulting a protected member field of AuthenticationManager, which was set at in initialization by PolicyLoader.

Returns:
true if PolicyLoader successfully set the policy, or false for any other reason.

isJaasConfigurationAvailable

protected boolean isJaasConfigurationAvailable(String config)
Returns true if JSPWiki can locate a named JAAS login configuration.

Parameters:
config - the name of the application (e.g., JSPWiki-container).
Returns:
true if found; false otherwise

isSecurityPolicyConfigured

public final boolean isSecurityPolicyConfigured()
Returns true if the Java security policy is configured correctly, and it verifies as valid.

Returns:
the result of the configuration check

isSecurityPolicyConfiguredAtStartup

public final boolean isSecurityPolicyConfiguredAtStartup()
Returns true if the Java security policy file was already set when JSPWiki started up. We determine this value by consulting a protected member field of AuthenticationManager, which was set at in initialization by PolicyLoader.

Returns:
true if PolicyLoader successfully set the policy, or false for any other reason.

webContainerRoles

public final Principal[] webContainerRoles()
If the active Authorizer is the WebContainerAuthorizer, returns the roles it knows about; otherwise, a zero-length array.

Returns:
the roles parsed from web.xml, or a zero-length array

verifyPolicyAndContainerRoles

protected void verifyPolicyAndContainerRoles()
Verifies that the roles given in the security policy are reflected by the container web.xml file.


verifyJaas

protected void verifyJaas()
Verfies the JAAS configuration. The configuration is valid if value of the system property java.security.auth.login.config resolves to an existing file, and we can find the JAAS login configurations for JSPWiki-container and JSPWiki-custom.


getFileFromProperty

protected File getFileFromProperty(String property)

verifyPolicy

protected void verifyPolicy()
Verfies the Java security policy configuration. The configuration is valid if value of the system property java.security.policy resolves to an existing file, and the policy file that this file represents a valid policy.


verifyStaticPermission

protected boolean verifyStaticPermission(Principal principal,
                                         Permission permission)
Verifies that a particular Principal possesses a Permission, as defined in the security policy file.

Parameters:
principal - the principal
permission - the permission
Returns:
the result, based on consultation with the active Java security policy

verifyUserDatabase

protected void verifyUserDatabase()
Verifies that the user datbase was initialized properly, and that user add and delete operations work as they should.


jaasConfiguration

public final File jaasConfiguration()
Returns the location of the JAAS configuration file if and only if the java.security.auth.login.config is set and the file it points to exists in the file system; returns null in all other cases.

Returns:
the location of the JAAS configuration file

securityPolicy

public final File securityPolicy()
Returns the location of the Java security policy file if and only if the java.security.policy is set and the file it points to exists in the file system; returns null in all other cases.

Returns:
the location of the Java security polifile