1 package org.apache.archiva.security;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import java.util.List;
24 import org.apache.archiva.redback.system.check.EnvironmentCheck;
25 import org.apache.archiva.security.common.ArchivaRoleConstants;
26 import org.apache.archiva.redback.rbac.RBACManager;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29 import org.springframework.stereotype.Service;
31 import javax.inject.Inject;
32 import javax.inject.Named;
35 * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.
39 @Service("environmentCheck#archiva-required-roles")
40 public class ArchivaStandardRolesCheck
41 implements EnvironmentCheck
43 private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class );
48 @Inject @Named(value = "rbacManager#cached")
49 private RBACManager rbacManager;
52 * boolean detailing if this environment check has been executed
54 private boolean checked = false;
56 public void validateEnvironment( List<String> violations )
60 String expectedRoles[] = new String[] {
61 ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
62 ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
63 ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE,
64 ArchivaRoleConstants.GUEST_ROLE,
65 ArchivaRoleConstants.REGISTERED_USER_ROLE,
66 ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
68 log.info( "Checking the existance of required roles." );
70 for ( String roleName : expectedRoles )
72 if ( !rbacManager.roleExists( roleName ) )
74 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
78 String expectedOperations[] = new String[] {
79 ArchivaRoleConstants.OPERATION_MANAGE_USERS,
80 ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION,
81 ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
82 ArchivaRoleConstants.OPERATION_RUN_INDEXER,
83 ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
84 ArchivaRoleConstants.OPERATION_ADD_REPOSITORY,
85 ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
86 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
87 ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
88 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
89 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
92 log.info( "Checking the existance of required operations." );
94 for ( String operation : expectedOperations )
96 if ( !rbacManager.operationExists( operation ) )
98 violations.add( "Unable to validate the existances of the '" + operation + "' operation." );