]> source.dussan.org Git - archiva.git/blob
0b37c299ad1c162096207ec7acd775e1a2c7336e
[archiva.git] /
1 package org.apache.archiva.redback.authorization.rbac;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import org.apache.archiva.redback.authorization.AuthorizationDataSource;
23 import org.apache.archiva.redback.authorization.AuthorizationException;
24 import org.apache.archiva.redback.authorization.AuthorizationResult;
25 import org.apache.archiva.redback.authorization.Authorizer;
26 import org.apache.archiva.redback.authorization.NotAuthorizedException;
27 import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluationException;
28 import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluator;
29 import org.apache.archiva.redback.rbac.Permission;
30 import org.apache.archiva.redback.rbac.RBACManager;
31 import org.apache.archiva.redback.rbac.RbacManagerException;
32 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
33 import org.apache.archiva.redback.users.User;
34 import org.apache.archiva.redback.users.UserManager;
35 import org.apache.archiva.redback.users.UserManagerException;
36 import org.apache.archiva.redback.users.UserNotFoundException;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39 import org.springframework.stereotype.Service;
40
41 import javax.inject.Inject;
42 import javax.inject.Named;
43 import java.util.List;
44 import java.util.Map;
45
46 /**
47  * RbacAuthorizer:
48  *
49  * @author Jesse McConnell <jmcconnell@apache.org>
50  */
51 @Service("authorizer#rbac")
52 public class RbacAuthorizer
53     implements Authorizer
54 {
55     private Logger log = LoggerFactory.getLogger( getClass() );
56
57     @Inject
58     @Named(value = "rbacManager#cached")
59     private RBACManager manager;
60
61     @Inject
62     @Named(value = "userManager#configurable")
63     private UserManager userManager;
64
65     @Inject
66     private PermissionEvaluator evaluator;
67
68     public String getId()
69     {
70         return "RBAC Authorizer - " + this.getClass().getName();
71     }
72
73     /**
74      * @param source
75      * @return
76      * @throws AuthorizationException
77      */
78     public AuthorizationResult isAuthorized( AuthorizationDataSource source )
79         throws AuthorizationException
80     {
81         String principal = source.getPrincipal();
82         String operation = source.getPermission();
83         String resource = source.getResource();
84
85         try
86         {
87             if ( principal != null )
88             {
89                 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
90                 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( principal );
91
92                 if ( permissionMap.keySet().contains( operation ) )
93                 {
94                     for ( Permission permission : permissionMap.get( operation ) )
95                     {
96
97                         log.debug( "checking permission {} for operation {} resource {}",
98                                    ( permission != null ? permission.getName() : "null" ), operation, resource );
99
100                         if ( evaluator.evaluate( permission, operation, resource, principal ) )
101                         {
102                             return new AuthorizationResult( true, permission, null );
103                         }
104                     }
105
106                     log.debug( "no permission found for operation {} resource {}", operation, resource );
107                 }
108                 else
109                 {
110                     log.debug( "permission map does not contain operation: {}", operation );
111                 }
112             }
113             // check if guest user is enabled, if so check the global permissions
114             User guest = userManager.getGuestUser();
115
116             if ( !guest.isLocked() )
117             {
118                 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
119                 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( guest.getUsername() );
120
121                 if ( permissionMap.keySet().contains( operation ) )
122                 {
123                     for ( Permission permission : permissionMap.get( operation ) )
124                     {
125                         log.debug( "checking permission {}", permission.getName() );
126
127                         if ( evaluator.evaluate( permission, operation, resource, guest.getUsername() ) )
128                         {
129                             return new AuthorizationResult( true, permission, null );
130                         }
131                     }
132                 }
133             }
134
135             return new AuthorizationResult( false, null, new NotAuthorizedException( "no matching permissions" ) );
136         }
137         catch ( PermissionEvaluationException pe )
138         {
139             return new AuthorizationResult( false, null, pe );
140         }
141         catch ( RbacObjectNotFoundException nfe )
142         {
143             return new AuthorizationResult( false, null, nfe );
144         }
145         catch ( UserNotFoundException ne )
146         {
147             return new AuthorizationResult( false, null,
148                                             new NotAuthorizedException( "no matching permissions, guest not found" ) );
149         }
150         catch ( RbacManagerException rme )
151         {
152             return new AuthorizationResult( false, null, rme );
153         }
154         catch ( UserManagerException e )
155         {
156             return new AuthorizationResult( false, null, e );
157         }
158     }
159
160     public RBACManager getManager()
161     {
162         return manager;
163     }
164
165     public void setManager( RBACManager manager )
166     {
167         this.manager = manager;
168     }
169
170     public UserManager getUserManager()
171     {
172         return userManager;
173     }
174
175     public void setUserManager( UserManager userManager )
176     {
177         this.userManager = userManager;
178     }
179
180     public PermissionEvaluator getEvaluator()
181     {
182         return evaluator;
183     }
184
185     public void setEvaluator( PermissionEvaluator evaluator )
186     {
187         this.evaluator = evaluator;
188     }
189 }