source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.web.security;
   2 /*
   3  * Licensed to the Apache Software Foundation (ASF) under one
   4  * or more contributor license agreements.  See the NOTICE file
   5  * distributed with this work for additional information
   6  * regarding copyright ownership.  The ASF licenses this file
   7  * to you under the Apache License, Version 2.0 (the
   8  * "License"); you may not use this file except in compliance
   9  * with the License.  You may obtain a copy of the License at
  10  *
  11  * http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing,
  14  * software distributed under the License is distributed on an
  15  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  16  * KIND, either express or implied.  See the License for the
  17  * specific language governing permissions and limitations
  18  * under the License.
  19  */
  20
  21 import org.apache.archiva.admin.model.RepositoryAdminException;
  22 import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
  23 import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
  24 import org.apache.archiva.redback.rbac.RBACManager;
  25 import org.apache.archiva.redback.rbac.RbacManagerException;
  26 import org.apache.archiva.redback.rbac.UserAssignment;
  27 import org.apache.archiva.redback.system.check.EnvironmentCheck;
  28 import org.apache.archiva.redback.users.User;
  29 import org.apache.archiva.redback.users.UserManager;
  30 import org.apache.archiva.redback.users.UserManagerException;
  31 import org.apache.archiva.redback.users.UserNotFoundException;
  32 import org.slf4j.Logger;
  33 import org.slf4j.LoggerFactory;
  34 import org.springframework.context.ApplicationContext;
  35 import org.springframework.stereotype.Service;
  36
  37 import javax.annotation.PostConstruct;
  38 import javax.inject.Inject;
  39 import javax.inject.Named;
  40 import java.util.ArrayList;
  41 import java.util.List;
  42
  43 /**
  44  * @author Olivier Lamy
  45  */
  46 @Service( "environmentCheck#archiva-locked-admin-check" )
  47 public class ArchivaLockedAdminEnvironmentCheck
  48     implements EnvironmentCheck
  49 {
  50
  51     protected Logger log = LoggerFactory.getLogger( getClass() );
  52
  53
  54     @Inject
  55     @Named( value = "rBACManager#cached" )
  56     private RBACManager rbacManager;
  57
  58     /**
  59      * boolean detailing if this environment check has been executed
  60      */
  61     private boolean checked = false;
  62
  63     @Inject
  64     private ApplicationContext applicationContext;
  65
  66     @Inject
  67     private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
  68
  69     private List<UserManager> userManagers;
  70
  71     @PostConstruct
  72     protected void initialize()
  73         throws RepositoryAdminException
  74     {
  75         List<String> userManagerImpls =
  76             redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
  77
  78         userManagers = new ArrayList<UserManager>( userManagerImpls.size() );
  79
  80         for ( String beanId : userManagerImpls )
  81         {
  82             userManagers.add( applicationContext.getBean( "userManager#" + beanId, UserManager.class ) );
  83         }
  84     }
  85
  86     /**
  87      * This environment check will unlock system administrator accounts that are locked on the restart of the
  88      * application when the environment checks are processed.
  89      *
  90      * @param violations
  91      */
  92     public void validateEnvironment( List<String> violations )
  93     {
  94         if ( !checked )
  95         {
  96
  97             for ( UserManager userManager : userManagers )
  98             {
  99                 if ( userManager.isReadOnly() )
 100                 {
 101                     continue;
 102                 }
 103                 List<String> roles = new ArrayList<String>();
 104                 roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
 105
 106                 List<UserAssignment> systemAdminstrators;
 107                 try
 108                 {
 109                     systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
 110
 111                     for ( UserAssignment userAssignment : systemAdminstrators )
 112                     {
 113                         try
 114                         {
 115                             User admin = userManager.findUser( userAssignment.getPrincipal() );
 116
 117                             if ( admin.isLocked() )
 118                             {
 119                                 log.info( "Unlocking system administrator: {}", admin.getUsername() );
 120                                 admin.setLocked( false );
 121                                 userManager.updateUser( admin );
 122                             }
 123                         }
 124                         catch ( UserNotFoundException ne )
 125                         {
 126                             log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
 127                         }
 128                         catch ( UserManagerException e )
 129                         {
 130                             log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
 131                                       e.getMessage() );
 132                         }
 133                     }
 134                 }
 135                 catch ( RbacManagerException e )
 136                 {
 137                     log.warn( "Exception when checking for locked admin user: " + e.getMessage(), e );
 138                 }
 139
 140                 checked = true;
 141             }
 142
 143         }
 144
 145     }
 146 }