org.apache.wiki

Class WikiSession

java.lang.Object

org.apache.wiki.WikiSession

All Implemented Interfaces:

java.util.EventListener, Session, WikiEventListener

public class WikiSession
extends java.lang.Object
implements Session

Default implementation for Session.

In addition to methods for examining individual WikiSession objects, this class also contains a number of static methods for managing WikiSessions for an entire wiki. These methods allow callers to find, query and remove WikiSession objects, and to obtain a list of the current wiki session users.

Field Summary

Fields inherited from interface org.apache.wiki.api.core.Session

ANONYMOUS, ASSERTED, AUTHENTICATED

Method Summary

Modifier and Type	Method and Description
void	actionPerformed(WikiEvent event) Listens for WikiEvents generated by source objects such as the GroupManager, UserManager or AuthenticationManager.
void	addMessage(java.lang.String message)
void	addMessage(java.lang.String topic, java.lang.String message)
void	clearMessages()
void	clearMessages(java.lang.String topic)
java.util.Locale	getLocale()
java.security.Principal	getLoginPrincipal()
java.lang.String[]	getMessages()
java.lang.String[]	getMessages(java.lang.String topic)
java.security.Principal[]	getPrincipals()
java.security.Principal[]	getRoles()
java.lang.String	getStatus()
javax.security.auth.Subject	getSubject()
java.security.Principal	getUserPrincipal()
static Session	getWikiSession(Engine engine, javax.servlet.http.HttpServletRequest request) Static factory method that returns the Session object associated with the current HTTP request.
static Session	guestSession(Engine engine) Static factory method that creates a new "guest" session containing a single user Principal WikiPrincipal.GUEST, plus the role principals Role.ALL and Role.ANONYMOUS.
boolean	hasPrincipal(java.security.Principal principal)
protected void	injectGroupPrincipals() Injects GroupPrincipal objects into the user's Principal set based on the groups the user belongs to.
protected void	injectUserProfilePrincipals() Adds Principal objects to the Subject that correspond to the logged-in user's profile attributes for the wiki name, full name and login name.
void	invalidate()
boolean	isAnonymous()
boolean	isAsserted()
boolean	isAuthenticated()
protected boolean	isInGroup(Group group) Returns true if one of this WikiSession's user Principals can be shown to belong to a particular wiki group.
static void	removeWikiSession(Engine engine, javax.servlet.http.HttpServletRequest request) Removes the wiki session associated with the user's HTTP request from the cache of wiki sessions, typically as part of a logout process.
static int	sessions(Engine engine) Deprecated. use SessionMonitor.sessions() instead
static java.security.Principal[]	userPrincipals(Engine engine) Deprecated. use SessionMonitor.userPrincipals() instead

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.wiki.api.core.Session

doPrivileged

Method Detail

isInGroup

protected boolean isInGroup(Group group)

Returns true if one of this WikiSession's user Principals can be shown to belong to a particular wiki group. If the user is not authenticated, this method will always return false.

Parameters:

group - the group to test

Returns:

the result

isAsserted

public boolean isAsserted()

Specified by:

isAsserted in interface Session

isAuthenticated

public boolean isAuthenticated()

Specified by:

isAuthenticated in interface Session

isAnonymous

public boolean isAnonymous()

Specified by:

isAnonymous in interface Session

getLoginPrincipal

public java.security.Principal getLoginPrincipal()

Specified by:

getLoginPrincipal in interface Session

getUserPrincipal

public java.security.Principal getUserPrincipal()

Specified by:

getUserPrincipal in interface Session

getLocale

public java.util.Locale getLocale()

Specified by:

getLocale in interface Session

addMessage

public void addMessage(java.lang.String message)

Specified by:

addMessage in interface Session

addMessage

public void addMessage(java.lang.String topic,
                       java.lang.String message)

Specified by:

addMessage in interface Session

clearMessages

public void clearMessages()

Specified by:

clearMessages in interface Session

clearMessages

public void clearMessages(java.lang.String topic)

Specified by:

clearMessages in interface Session

getMessages

public java.lang.String[] getMessages()

Specified by:

getMessages in interface Session

getMessages

public java.lang.String[] getMessages(java.lang.String topic)

Specified by:

getMessages in interface Session

getPrincipals

public java.security.Principal[] getPrincipals()

Specified by:

getPrincipals in interface Session

getRoles

public java.security.Principal[] getRoles()

Specified by:

getRoles in interface Session

hasPrincipal

public boolean hasPrincipal(java.security.Principal principal)

Specified by:

hasPrincipal in interface Session

actionPerformed

public void actionPerformed(WikiEvent event)

Listens for WikiEvents generated by source objects such as the GroupManager, UserManager or AuthenticationManager. This method adds Principals to the private Subject managed by the WikiSession.

Specified by:

actionPerformed in interface WikiEventListener

See Also:

WikiEventListener.actionPerformed(WikiEvent)

invalidate

public void invalidate()

Specified by:

invalidate in interface Session

injectGroupPrincipals

protected void injectGroupPrincipals()

Injects GroupPrincipal objects into the user's Principal set based on the groups the user belongs to. For Groups, the algorithm first calls the Authorizer.getRoles() to obtain the array of GroupPrincipals the authorizer knows about. Then, the method Authorizer.isUserInRole(Session, Principal) is called for each Principal. If the user is a member of the group, an equivalent GroupPrincipal is injected into the user's principal set. Existing GroupPrincipals are flushed and replaced. This method should generally be called after a user's UserProfile is saved. If the wiki session is null, or there is no matching user profile, the method returns silently.

injectUserProfilePrincipals

protected void injectUserProfilePrincipals()

Adds Principal objects to the Subject that correspond to the logged-in user's profile attributes for the wiki name, full name and login name. These Principals will be WikiPrincipals, and they will replace all other WikiPrincipals in the Subject. Note: this method is never called during anonymous or asserted sessions.

getStatus

public java.lang.String getStatus()

Specified by:

getStatus in interface Session

getSubject

public javax.security.auth.Subject getSubject()

Specified by:

getSubject in interface Session

removeWikiSession

public static void removeWikiSession(Engine engine,
                                     javax.servlet.http.HttpServletRequest request)

Removes the wiki session associated with the user's HTTP request from the cache of wiki sessions, typically as part of a logout process.

Parameters:

engine - the wiki engine

request - the user's HTTP request

getWikiSession

public static Session getWikiSession(Engine engine,
                                     javax.servlet.http.HttpServletRequest request)

Static factory method that returns the Session object associated with the current HTTP request. This method looks up the associated HttpSession in an internal WeakHashMap and attempts to retrieve the WikiSession. If not found, one is created. This method is guaranteed to always return a Session, although the authentication status is unpredictable until the user attempts to log in. If the servlet request parameter is null, a synthetic guestSession(Engine) is returned.

When a session is created, this method attaches a WikiEventListener to the GroupManager, UserManager and AuthenticationManager, so that changes to users, groups, logins, etc. are detected automatically.

Parameters:

engine - the engine

request - the servlet request object

Returns:

the existing (or newly created) session

guestSession

public static Session guestSession(Engine engine)

Static factory method that creates a new "guest" session containing a single user Principal WikiPrincipal.GUEST, plus the role principals Role.ALL and Role.ANONYMOUS. This method also adds the session as a listener for GroupManager, AuthenticationManager and UserManager events.

Parameters:

engine - the wiki engine

Returns:

the guest wiki session

sessions

@Deprecated
public static int sessions(Engine engine)

Deprecated. use SessionMonitor.sessions() instead

Returns the total number of active wiki sessions for a particular wiki. This method delegates to the wiki's SessionMonitor.sessions() method.

Parameters:

engine - the wiki session

Returns:

the number of sessions

See Also:

SessionMonitor.sessions()

userPrincipals

@Deprecated
public static java.security.Principal[] userPrincipals(Engine engine)

Deprecated. use SessionMonitor.userPrincipals() instead

Returns Principals representing the current users known to a particular wiki. Each Principal will correspond to the value returned by each WikiSession's getUserPrincipal() method. This method delegates to SessionMonitor.userPrincipals().

Parameters:

engine - the wiki engine

Returns:

an array of Principal objects, sorted by name

See Also:

SessionMonitor.userPrincipals()