Class WikiSession
- All Implemented Interfaces:
EventListener
,Session
,WikiEventListener
Default implementation for Session
.
In addition to methods for examining individual WikiSession
objects, this class also contains a number of static
methods for managing WikiSessions for an entire wiki. These methods allow callers to find, query and remove WikiSession objects, and
to obtain a list of the current wiki session users.
-
Field Summary
Fields inherited from interface org.apache.wiki.api.core.Session
ANONYMOUS, ASSERTED, AUTHENTICATED
-
Method Summary
Modifier and TypeMethodDescriptionvoid
actionPerformed
(WikiEvent event) Listens for WikiEvents generated by source objects such as the GroupManager, UserManager or AuthenticationManager.void
addMessage
(String message) void
addMessage
(String topic, String message) void
void
clearMessages
(String topic) String[]
String[]
getMessages
(String topic) getRoles()
static Session
getWikiSession
(Engine engine, javax.servlet.http.HttpServletRequest request) Static factory method that returns the Session object associated with the current HTTP request.static Session
guestSession
(Engine engine) Static factory method that creates a new "guest" session containing a single user PrincipalWikiPrincipal.GUEST
, plus the role principalsRole.ALL
andRole.ANONYMOUS
.boolean
hasPrincipal
(Principal principal) protected void
Injects GroupPrincipal objects into the user's Principal set based on the groups the user belongs to.protected void
Adds Principal objects to the Subject that correspond to the logged-in user's profile attributes for the wiki name, full name and login name.void
boolean
boolean
boolean
protected boolean
Returnstrue
if one of this WikiSession's user Principals can be shown to belong to a particular wiki group.static void
removeWikiSession
(Engine engine, javax.servlet.http.HttpServletRequest request) Removes the wiki session associated with the user's HTTP request from the cache of wiki sessions, typically as part of a logout process.static int
Deprecated.static Principal[]
userPrincipals
(Engine engine) Deprecated.useSessionMonitor.userPrincipals()
instead
-
Method Details
-
isInGroup
Returnstrue
if one of this WikiSession's user Principals can be shown to belong to a particular wiki group. If the user is not authenticated, this method will always returnfalse
.- Parameters:
group
- the group to test- Returns:
- the result
-
isAsserted
- Specified by:
isAsserted
in interfaceSession
-
isAuthenticated
- Specified by:
isAuthenticated
in interfaceSession
-
isAnonymous
- Specified by:
isAnonymous
in interfaceSession
-
getLoginPrincipal
- Specified by:
getLoginPrincipal
in interfaceSession
-
getUserPrincipal
- Specified by:
getUserPrincipal
in interfaceSession
-
antiCsrfToken
- Specified by:
antiCsrfToken
in interfaceSession
-
getLocale
-
addMessage
- Specified by:
addMessage
in interfaceSession
-
addMessage
- Specified by:
addMessage
in interfaceSession
-
clearMessages
- Specified by:
clearMessages
in interfaceSession
-
clearMessages
- Specified by:
clearMessages
in interfaceSession
-
getMessages
- Specified by:
getMessages
in interfaceSession
-
getMessages
- Specified by:
getMessages
in interfaceSession
-
getPrincipals
- Specified by:
getPrincipals
in interfaceSession
-
getRoles
-
hasPrincipal
- Specified by:
hasPrincipal
in interfaceSession
-
actionPerformed
Listens for WikiEvents generated by source objects such as the GroupManager, UserManager or AuthenticationManager. This method adds Principals to the private Subject managed by the WikiSession.- Specified by:
actionPerformed
in interfaceWikiEventListener
- See Also:
-
invalidate
- Specified by:
invalidate
in interfaceSession
-
injectGroupPrincipals
Injects GroupPrincipal objects into the user's Principal set based on the groups the user belongs to. For Groups, the algorithm first calls theAuthorizer.getRoles()
to obtain the array of GroupPrincipals the authorizer knows about. Then, the methodAuthorizer.isUserInRole(Session, Principal)
is called for each Principal. If the user is a member of the group, an equivalent GroupPrincipal is injected into the user's principal set. Existing GroupPrincipals are flushed and replaced. This method should generally be called after a user'sUserProfile
is saved. If the wiki session is null, or there is no matching user profile, the method returns silently. -
injectUserProfilePrincipals
Adds Principal objects to the Subject that correspond to the logged-in user's profile attributes for the wiki name, full name and login name. These Principals will be WikiPrincipals, and they will replace all other WikiPrincipals in the Subject. Note: this method is never called during anonymous or asserted sessions. -
getStatus
-
getSubject
- Specified by:
getSubject
in interfaceSession
-
removeWikiSession
Removes the wiki session associated with the user's HTTP request from the cache of wiki sessions, typically as part of a logout process.- Parameters:
engine
- the wiki enginerequest
- the user's HTTP request
-
getWikiSession
Static factory method that returns the Session object associated with the current HTTP request. This method looks up the associated HttpSession in an internal WeakHashMap and attempts to retrieve the WikiSession. If not found, one is created. This method is guaranteed to always return a Session, although the authentication status is unpredictable until the user attempts to log in. If the servlet request parameter is
null
, a syntheticguestSession(Engine)
is returned.When a session is created, this method attaches a WikiEventListener to the GroupManager, UserManager and AuthenticationManager, so that changes to users, groups, logins, etc. are detected automatically.
- Parameters:
engine
- the enginerequest
- the servlet request object- Returns:
- the existing (or newly created) session
-
guestSession
Static factory method that creates a new "guest" session containing a single user PrincipalWikiPrincipal.GUEST
, plus the role principalsRole.ALL
andRole.ANONYMOUS
. This method also adds the session as a listener for GroupManager, AuthenticationManager and UserManager events.- Parameters:
engine
- the wiki engine- Returns:
- the guest wiki session
-
sessions
Deprecated.useSessionMonitor.sessions()
insteadReturns the total number of active wiki sessions for a particular wiki. This method delegates to the wiki'sSessionMonitor.sessions()
method.- Parameters:
engine
- the wiki session- Returns:
- the number of sessions
- See Also:
-
userPrincipals
Deprecated.useSessionMonitor.userPrincipals()
insteadReturns Principals representing the current users known to a particular wiki. Each Principal will correspond to the value returned by each WikiSession'sgetUserPrincipal()
method. This method delegates toSessionMonitor.userPrincipals()
.- Parameters:
engine
- the wiki engine- Returns:
- an array of Principal objects, sorted by name
- See Also:
-
SessionMonitor.sessions()
instead