1 package org.apache.archiva.web.security;
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
21 import org.apache.archiva.admin.model.RepositoryAdminException;
22 import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
23 import org.apache.archiva.redback.components.cache.Cache;
24 import org.apache.archiva.redback.rbac.AbstractRBACManager;
25 import org.apache.archiva.redback.rbac.Operation;
26 import org.apache.archiva.redback.rbac.Permission;
27 import org.apache.archiva.redback.rbac.RBACManager;
28 import org.apache.archiva.redback.rbac.RbacManagerException;
29 import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
30 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
31 import org.apache.archiva.redback.rbac.Resource;
32 import org.apache.archiva.redback.rbac.Role;
33 import org.apache.archiva.redback.rbac.UserAssignment;
34 import org.springframework.context.ApplicationContext;
35 import org.springframework.stereotype.Service;
37 import javax.inject.Inject;
38 import javax.inject.Named;
39 import java.util.ArrayList;
40 import java.util.Collection;
41 import java.util.HashMap;
42 import java.util.LinkedHashMap;
43 import java.util.List;
48 * @author Olivier Lamy
51 @Service( "rbacManager#archiva" )
52 public class ArchivaRbacManager
53 extends AbstractRBACManager
54 implements RBACManager
57 private Map<String, RBACManager> rbacManagersPerId;
60 private ApplicationContext applicationContext;
63 private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
66 @Named( value = "cache#operations" )
67 private Cache<String, Operation> operationsCache;
70 @Named( value = "cache#permissions" )
71 private Cache<String, Permission> permissionsCache;
74 @Named( value = "cache#resources" )
75 private Cache<String, Resource> resourcesCache;
78 @Named( value = "cache#roles" )
79 private Cache<String, Role> rolesCache;
82 @Named( value = "cache#userAssignments" )
83 private Cache<String, UserAssignment> userAssignmentsCache;
86 @Named( value = "cache#userPermissions" )
87 private Cache<String, Map<String, List<Permission>>> userPermissionsCache;
90 @Named( value = "cache#effectiveRoleSet" )
91 private Cache<String, Set<Role>> effectiveRoleSetCache;
94 public void initialize()
98 List<String> rbacManagerIds =
99 redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getRbacManagerImpls();
101 if ( rbacManagerIds.isEmpty() )
103 rbacManagerIds.add( RedbackRuntimeConfigurationAdmin.DEFAULT_RBAC_MANAGER_IMPL );
106 log.info( "use rbacManagerIds: '{}'", rbacManagerIds );
108 this.rbacManagersPerId = new LinkedHashMap<>( rbacManagerIds.size() );
110 for ( String id : rbacManagerIds )
112 RBACManager rbacManager = applicationContext.getBean( "rbacManager#" + id, RBACManager.class );
114 rbacManagersPerId.put( id, rbacManager );
117 catch ( RepositoryAdminException e )
120 log.error( e.getMessage(), e );
121 throw new RuntimeException( e.getMessage(), e );
125 protected RBACManager getRbacManagerForWrite()
127 for ( RBACManager rbacManager : this.rbacManagersPerId.values() )
129 if ( !rbacManager.isReadOnly() )
134 return this.rbacManagersPerId.isEmpty() ? applicationContext.getBean(
135 "rbacManager#" + RedbackRuntimeConfigurationAdmin.DEFAULT_RBAC_MANAGER_IMPL, RBACManager.class ) //
136 : this.rbacManagersPerId.values().iterator().next();
140 public Role createRole( String name )
142 return getRbacManagerForWrite().createRole( name );
146 public Role saveRole( Role role )
147 throws RbacObjectInvalidException, RbacManagerException
149 Exception lastException = null;
150 boolean allFailed = true;
151 for ( RBACManager rbacManager : rbacManagersPerId.values() )
155 if ( !rbacManager.isReadOnly() )
157 role = rbacManager.saveRole( role );
161 catch ( Exception e )
166 if ( lastException != null && allFailed )
168 throw new RbacManagerException( lastException.getMessage(), lastException );
174 public void saveRoles( Collection<Role> roles )
175 throws RbacObjectInvalidException, RbacManagerException
177 Exception lastException = null;
178 boolean allFailed = true;
179 for ( RBACManager rbacManager : rbacManagersPerId.values() )
183 if ( !rbacManager.isReadOnly() )
185 rbacManager.saveRoles( roles );
189 catch ( Exception e )
194 if ( lastException != null && allFailed )
196 throw new RbacManagerException( lastException.getMessage(), lastException );
201 public Role getRole( String roleName )
202 throws RbacObjectNotFoundException, RbacManagerException
205 Role el = rolesCache.get( roleName );
211 Exception lastException = null;
212 for ( RBACManager rbacManager : rbacManagersPerId.values() )
216 Role role = rbacManager.getRole( roleName );
219 rolesCache.put( role.getName(), role );
223 catch ( Exception e )
228 log.debug( "cannot find role for name: ‘{}", roleName );
229 if ( lastException != null )
231 throw new RbacManagerException( lastException.getMessage(), lastException );
237 public List<Role> getAllRoles()
238 throws RbacManagerException
240 Map<String, Role> allRoles = new HashMap<>();
241 boolean allFailed = true;
242 Exception lastException = null;
243 for ( RBACManager rbacManager : rbacManagersPerId.values() )
247 List<Role> roles = rbacManager.getAllRoles();
248 for ( Role role : roles )
250 allRoles.put( role.getName(), role );
254 catch ( Exception e )
260 if ( lastException != null && allFailed )
262 throw new RbacManagerException( lastException.getMessage(), lastException );
265 return new ArrayList<>( allRoles.values() );
269 public void removeRole( Role role )
270 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
272 boolean allFailed = true;
273 Exception lastException = null;
274 for ( RBACManager rbacManager : rbacManagersPerId.values() )
278 rbacManager.removeRole( role );
279 rolesCache.remove( role.getName() );
282 catch ( Exception e )
288 if ( lastException != null && allFailed )
290 throw new RbacManagerException( lastException.getMessage(), lastException );
295 public Permission createPermission( String name )
296 throws RbacManagerException
298 return getRbacManagerForWrite().createPermission( name );
302 public Permission createPermission( String name, String operationName, String resourceIdentifier )
303 throws RbacManagerException
305 return getRbacManagerForWrite().createPermission( name, operationName, resourceIdentifier );
309 public Permission savePermission( Permission permission )
310 throws RbacObjectInvalidException, RbacManagerException
312 boolean allFailed = true;
313 Exception lastException = null;
314 for ( RBACManager rbacManager : rbacManagersPerId.values() )
318 if ( rbacManager.isReadOnly() )
320 permission = rbacManager.savePermission( permission );
324 catch ( Exception e )
330 if ( lastException != null && allFailed )
332 throw new RbacManagerException( lastException.getMessage(), lastException );
339 public Permission getPermission( String permissionName )
340 throws RbacObjectNotFoundException, RbacManagerException
343 Permission el = permissionsCache.get( permissionName );
349 Exception lastException = null;
350 for ( RBACManager rbacManager : rbacManagersPerId.values() )
354 Permission p = rbacManager.getPermission( permissionName );
357 permissionsCache.put( permissionName, p );
361 catch ( Exception e )
367 if ( lastException != null )
369 throw new RbacManagerException( lastException.getMessage(), lastException );
375 public List<Permission> getAllPermissions()
376 throws RbacManagerException
378 Map<String, Permission> allPermissions = new HashMap<>();
379 boolean allFailed = true;
380 Exception lastException = null;
381 for ( RBACManager rbacManager : rbacManagersPerId.values() )
385 List<Permission> permissions = rbacManager.getAllPermissions();
386 for ( Permission p : permissions )
388 allPermissions.put( p.getName(), p );
392 catch ( Exception e )
398 if ( lastException != null && allFailed )
400 throw new RbacManagerException( lastException.getMessage(), lastException );
402 return new ArrayList<>( allPermissions.values() );
406 public void removePermission( Permission permission )
407 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
409 boolean allFailed = true;
410 Exception lastException = null;
411 for ( RBACManager rbacManager : rbacManagersPerId.values() )
415 rbacManager.removePermission( permission );
416 permissionsCache.remove( permission.getName() );
419 catch ( Exception e )
425 if ( lastException != null && allFailed )
427 throw new RbacManagerException( lastException.getMessage(), lastException );
432 public Operation createOperation( String name )
433 throws RbacManagerException
435 return getRbacManagerForWrite().createOperation( name );
439 public Operation saveOperation( Operation operation )
440 throws RbacObjectInvalidException, RbacManagerException
442 boolean allFailed = true;
443 Exception lastException = null;
444 for ( RBACManager rbacManager : rbacManagersPerId.values() )
448 if ( !rbacManager.isReadOnly() )
450 operation = rbacManager.saveOperation( operation );
454 catch ( Exception e )
460 if ( lastException != null && allFailed )
462 throw new RbacManagerException( lastException.getMessage(), lastException );
468 public Operation getOperation( String operationName )
469 throws RbacObjectNotFoundException, RbacManagerException
472 Operation el = operationsCache.get( operationName );
478 Exception lastException = null;
479 for ( RBACManager rbacManager : rbacManagersPerId.values() )
483 Operation o = rbacManager.getOperation( operationName );
486 operationsCache.put( operationName, o );
490 catch ( Exception e )
496 if ( lastException != null )
498 throw new RbacManagerException( lastException.getMessage(), lastException );
504 public List<Operation> getAllOperations()
505 throws RbacManagerException
507 Map<String, Operation> allOperations = new HashMap<>();
508 boolean allFailed = true;
509 Exception lastException = null;
510 for ( RBACManager rbacManager : rbacManagersPerId.values() )
514 List<Operation> operations = rbacManager.getAllOperations();
515 for ( Operation o : operations )
517 allOperations.put( o.getName(), o );
521 catch ( Exception e )
527 if ( lastException != null && allFailed )
529 throw new RbacManagerException( lastException.getMessage(), lastException );
531 return new ArrayList<>( allOperations.values() );
535 public void removeOperation( Operation operation )
536 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
538 boolean allFailed = true;
539 Exception lastException = null;
540 for ( RBACManager rbacManager : rbacManagersPerId.values() )
544 rbacManager.removeOperation( operation );
545 operationsCache.remove( operation.getName() );
548 catch ( Exception e )
554 if ( lastException != null && allFailed )
556 throw new RbacManagerException( lastException.getMessage(), lastException );
561 public Resource createResource( String identifier )
562 throws RbacManagerException
564 return getRbacManagerForWrite().createResource( identifier );
568 public Resource saveResource( Resource resource )
569 throws RbacObjectInvalidException, RbacManagerException
571 boolean allFailed = true;
572 Exception lastException = null;
573 for ( RBACManager rbacManager : rbacManagersPerId.values() )
577 if ( !rbacManager.isReadOnly() )
579 resource = rbacManager.saveResource( resource );
583 catch ( Exception e )
589 if ( lastException != null && allFailed )
591 throw new RbacManagerException( lastException.getMessage(), lastException );
597 public Resource getResource( String resourceIdentifier )
598 throws RbacObjectNotFoundException, RbacManagerException
601 Resource el = resourcesCache.get( resourceIdentifier );
607 Exception lastException = null;
608 for ( RBACManager rbacManager : rbacManagersPerId.values() )
612 Resource r = rbacManager.getResource( resourceIdentifier );
615 resourcesCache.put( resourceIdentifier, r );
619 catch ( Exception e )
625 if ( lastException != null )
627 throw new RbacManagerException( lastException.getMessage(), lastException );
633 public List<Resource> getAllResources()
634 throws RbacManagerException
636 Map<String, Resource> allResources = new HashMap<>();
637 boolean allFailed = true;
638 Exception lastException = null;
639 for ( RBACManager rbacManager : rbacManagersPerId.values() )
643 List<Resource> resources = rbacManager.getAllResources();
644 for ( Resource r : resources )
646 allResources.put( r.getIdentifier(), r );
650 catch ( Exception e )
656 if ( lastException != null && allFailed )
658 throw new RbacManagerException( lastException.getMessage(), lastException );
660 return new ArrayList<>( allResources.values() );
664 public void removeResource( Resource resource )
665 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
667 boolean allFailed = true;
668 Exception lastException = null;
669 for ( RBACManager rbacManager : rbacManagersPerId.values() )
673 rbacManager.removeResource( resource );
674 resourcesCache.remove( resource.getIdentifier() );
677 catch ( Exception e )
683 if ( lastException != null && allFailed )
685 throw new RbacManagerException( lastException.getMessage(), lastException );
690 public UserAssignment createUserAssignment( String principal )
691 throws RbacManagerException
693 return getRbacManagerForWrite().createUserAssignment( principal );
697 public UserAssignment saveUserAssignment( UserAssignment userAssignment )
698 throws RbacObjectInvalidException, RbacManagerException
700 boolean allFailed = true;
701 Exception lastException = null;
702 for ( RBACManager rbacManager : rbacManagersPerId.values() )
706 if ( !rbacManager.isReadOnly() )
708 userAssignment = rbacManager.saveUserAssignment( userAssignment );
712 catch ( Exception e )
718 if ( lastException != null && allFailed )
720 throw new RbacManagerException( lastException.getMessage(), lastException );
722 return userAssignment;
726 public UserAssignment getUserAssignment( String principal )
727 throws RbacObjectNotFoundException, RbacManagerException
729 UserAssignment el = userAssignmentsCache.get( principal );
734 UserAssignment ua = null;
735 Exception lastException = null;
736 for ( RBACManager rbacManager : rbacManagersPerId.values() )
742 ua = rbacManager.getUserAssignment( principal );
746 UserAssignment userAssignment = rbacManager.getUserAssignment( principal );
747 if ( userAssignment != null )
749 for ( String roleName : userAssignment.getRoleNames() )
751 ua.addRoleName( roleName );
756 catch ( Exception e )
764 userAssignmentsCache.put( principal, ua );
768 if ( lastException != null )
770 throw new RbacManagerException( lastException.getMessage(), lastException );
776 public boolean userAssignmentExists( String principal )
779 for ( RBACManager rbacManager : rbacManagersPerId.values() )
783 boolean exists = rbacManager.userAssignmentExists( principal );
789 catch ( Exception e )
799 public boolean userAssignmentExists( UserAssignment assignment )
801 for ( RBACManager rbacManager : rbacManagersPerId.values() )
805 boolean exists = rbacManager.userAssignmentExists( assignment );
811 catch ( Exception e )
821 public List<UserAssignment> getAllUserAssignments()
822 throws RbacManagerException
824 Map<String, UserAssignment> allUserAssignments = new HashMap<>();
825 boolean allFailed = true;
826 Exception lastException = null;
827 for ( RBACManager rbacManager : rbacManagersPerId.values() )
831 List<UserAssignment> userAssignments = rbacManager.getAllUserAssignments();
832 for ( UserAssignment ua : userAssignments )
834 UserAssignment userAssignment = allUserAssignments.get( ua.getPrincipal() );
835 if ( userAssignment != null )
837 for ( String roleName : ua.getRoleNames() )
839 userAssignment.addRoleName( roleName );
842 allUserAssignments.put( ua.getPrincipal(), ua );
846 catch ( Exception e )
852 if ( lastException != null && allFailed )
854 throw new RbacManagerException( lastException.getMessage(), lastException );
856 return new ArrayList<>( allUserAssignments.values() );
860 public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
861 throws RbacManagerException
863 List<UserAssignment> allUserAssignments = new ArrayList<>();
864 boolean allFailed = true;
865 Exception lastException = null;
866 for ( RBACManager rbacManager : rbacManagersPerId.values() )
870 List<UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles( roleNames );
872 allUserAssignments.addAll( userAssignments );
876 catch ( Exception e )
882 if ( lastException != null && allFailed )
884 throw new RbacManagerException( lastException.getMessage(), lastException );
886 return allUserAssignments;
890 public void removeUserAssignment( UserAssignment userAssignment )
891 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
893 boolean allFailed = true;
894 Exception lastException = null;
895 for ( RBACManager rbacManager : rbacManagersPerId.values() )
899 rbacManager.removeUserAssignment( userAssignment );
900 userAssignmentsCache.remove( userAssignment.getPrincipal() );
903 catch ( Exception e )
909 if ( lastException != null && allFailed )
911 throw new RbacManagerException( lastException.getMessage(), lastException );
916 public boolean roleExists( String name )
917 throws RbacManagerException
919 Role r = rolesCache.get( name );
925 boolean allFailed = true;
926 Exception lastException = null;
927 for ( RBACManager rbacManager : rbacManagersPerId.values() )
931 boolean exists = rbacManager.roleExists( name );
937 catch ( Exception e )
943 if ( lastException != null && allFailed )
945 throw new RbacManagerException( lastException.getMessage(), lastException );
951 public boolean roleExists( Role role )
952 throws RbacManagerException
954 return roleExists( role.getName() );
958 public void eraseDatabase()
960 log.warn( "eraseDatabase not implemented" );
964 public boolean isFinalImplementation()
970 public String getDescriptionKey()
972 return "archiva.redback.rbacmanager.archiva";
976 public boolean isReadOnly()