source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import com.google.common.collect.Lists;
  23 import org.apache.archiva.admin.model.RepositoryAdminException;
  24 import org.apache.archiva.admin.model.beans.ManagedRepository;
  25 import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
  26 import org.apache.archiva.redback.users.User;
  27 import org.apache.archiva.redback.users.UserNotFoundException;
  28 import org.apache.archiva.security.common.ArchivaRoleConstants;
  29 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  30 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  31 import org.codehaus.plexus.redback.role.RoleManager;
  32 import org.codehaus.plexus.redback.role.RoleManagerException;
  33 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
  34 import org.codehaus.plexus.redback.system.SecuritySession;
  35 import org.codehaus.plexus.redback.system.SecuritySystem;
  36 import org.slf4j.Logger;
  37 import org.slf4j.LoggerFactory;
  38 import org.springframework.stereotype.Service;
  39
  40 import javax.inject.Inject;
  41 import java.util.ArrayList;
  42 import java.util.List;
  43
  44 /**
  45  * DefaultUserRepositories
  46  *
  47  * @version $Id$
  48  */
  49 @Service( "userRepositories" )
  50 public class DefaultUserRepositories
  51     implements UserRepositories
  52 {
  53
  54     @Inject
  55     private SecuritySystem securitySystem;
  56
  57     @Inject
  58     private RoleManager roleManager;
  59
  60     @Inject
  61     private ManagedRepositoryAdmin managedRepositoryAdmin;
  62
  63     private Logger log = LoggerFactory.getLogger( getClass() );
  64
  65     public List<String> getObservableRepositoryIds( String principal )
  66         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  67     {
  68         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  69
  70         return getAccessibleRepositoryIds( principal, operation );
  71     }
  72
  73     public List<String> getManagableRepositoryIds( String principal )
  74         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  75     {
  76         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  77
  78         return getAccessibleRepositoryIds( principal, operation );
  79     }
  80
  81     private List<String> getAccessibleRepositoryIds( String principal, String operation )
  82         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  83     {
  84
  85         List<ManagedRepository> managedRepositories = getAccessibleRepositories( principal, operation );
  86         List<String> repoIds = new ArrayList<String>( managedRepositories.size() );
  87         for ( ManagedRepository managedRepository : managedRepositories )
  88         {
  89             repoIds.add( managedRepository.getId() );
  90         }
  91
  92         return repoIds;
  93     }
  94
  95     public List<ManagedRepository> getAccessibleRepositories( String principal )
  96         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  97     {
  98         return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
  99     }
 100
 101     private List<ManagedRepository> getAccessibleRepositories( String principal, String operation )
 102         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
 103     {
 104         SecuritySession securitySession = createSession( principal );
 105
 106         List<ManagedRepository> managedRepositories = new ArrayList<ManagedRepository>();
 107
 108         try
 109         {
 110             List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();
 111
 112             for ( ManagedRepository repo : repos )
 113             {
 114                 try
 115                 {
 116                     String repoId = repo.getId();
 117                     if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
 118                     {
 119                         managedRepositories.add( repo );
 120                     }
 121                 }
 122                 catch ( AuthorizationException e )
 123                 {
 124                     // swallow.
 125                     if ( log.isDebugEnabled() )
 126                     {
 127                         log.debug( "Not authorizing '{}' for repository '{}': {}",
 128                                    Lists.<Object>newArrayList( principal, repo.getId(), e.getMessage() ) );
 129                     }
 130                 }
 131             }
 132
 133             return managedRepositories;
 134         }
 135         catch ( RepositoryAdminException e )
 136         {
 137             throw new ArchivaSecurityException( e.getMessage(), e );
 138         }
 139     }
 140
 141     private SecuritySession createSession( String principal )
 142         throws ArchivaSecurityException, AccessDeniedException
 143     {
 144         User user;
 145         try
 146         {
 147             user = securitySystem.getUserManager().findUser( principal );
 148             if ( user == null )
 149             {
 150                 throw new ArchivaSecurityException(
 151                     "The security system had an internal error - please check your system logs" );
 152             }
 153         }
 154         catch ( UserNotFoundException e )
 155         {
 156             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
 157         }
 158
 159         if ( user.isLocked() )
 160         {
 161             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 162         }
 163
 164         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 165         return new DefaultSecuritySession( authn, user );
 166     }
 167
 168     public void createMissingRepositoryRoles( String repoId )
 169         throws ArchivaSecurityException
 170     {
 171         try
 172         {
 173             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 174             {
 175                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 176             }
 177
 178             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 179             {
 180                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 181             }
 182         }
 183         catch ( RoleManagerException e )
 184         {
 185             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
 186                                                 e );
 187         }
 188     }
 189
 190     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 191         throws PrincipalNotFoundException, ArchivaSecurityException
 192     {
 193         try
 194         {
 195             SecuritySession securitySession = createSession( principal );
 196
 197             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 198                                                 repoId );
 199
 200         }
 201         catch ( AuthorizationException e )
 202         {
 203             throw new ArchivaSecurityException( e.getMessage() );
 204         }
 205     }
 206
 207     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 208         throws ArchivaSecurityException
 209     {
 210         try
 211         {
 212             SecuritySession securitySession = createSession( principal );
 213
 214             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
 215                                                 repoId );
 216
 217         }
 218         catch ( AuthorizationException e )
 219         {
 220             throw new ArchivaSecurityException( e.getMessage() );
 221         }
 222     }
 223
 224     public SecuritySystem getSecuritySystem()
 225     {
 226         return securitySystem;
 227     }
 228
 229     public void setSecuritySystem( SecuritySystem securitySystem )
 230     {
 231         this.securitySystem = securitySystem;
 232     }
 233
 234     public RoleManager getRoleManager()
 235     {
 236         return roleManager;
 237     }
 238
 239     public void setRoleManager( RoleManager roleManager )
 240     {
 241         this.roleManager = roleManager;
 242     }
 243 }