source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.admin.model.RepositoryAdminException;
  23 import org.apache.archiva.admin.model.beans.ManagedRepository;
  24 import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
  25 import org.apache.archiva.redback.authentication.AuthenticationResult;
  26 import org.apache.archiva.redback.authorization.AuthorizationException;
  27 import org.apache.archiva.redback.role.RoleManager;
  28 import org.apache.archiva.redback.role.RoleManagerException;
  29 import org.apache.archiva.redback.system.DefaultSecuritySession;
  30 import org.apache.archiva.redback.system.SecuritySession;
  31 import org.apache.archiva.redback.system.SecuritySystem;
  32 import org.apache.archiva.redback.users.User;
  33 import org.apache.archiva.redback.users.UserNotFoundException;
  34 import org.apache.archiva.security.common.ArchivaRoleConstants;
  35 import org.slf4j.Logger;
  36 import org.slf4j.LoggerFactory;
  37 import org.springframework.stereotype.Service;
  38
  39 import javax.inject.Inject;
  40 import java.util.ArrayList;
  41 import java.util.List;
  42
  43 /**
  44  * DefaultUserRepositories
  45  */
  46 @Service ( "userRepositories" )
  47 public class DefaultUserRepositories
  48     implements UserRepositories
  49 {
  50
  51     @Inject
  52     private SecuritySystem securitySystem;
  53
  54     @Inject
  55     private RoleManager roleManager;
  56
  57     @Inject
  58     private ManagedRepositoryAdmin managedRepositoryAdmin;
  59
  60     private Logger log = LoggerFactory.getLogger( getClass() );
  61
  62     public List<String> getObservableRepositoryIds( String principal )
  63         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  64     {
  65         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  66
  67         return getAccessibleRepositoryIds( principal, operation );
  68     }
  69
  70     public List<String> getManagableRepositoryIds( String principal )
  71         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  72     {
  73         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  74
  75         return getAccessibleRepositoryIds( principal, operation );
  76     }
  77
  78     private List<String> getAccessibleRepositoryIds( String principal, String operation )
  79         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  80     {
  81
  82         List<ManagedRepository> managedRepositories = getAccessibleRepositories( principal, operation );
  83         List<String> repoIds = new ArrayList<String>( managedRepositories.size() );
  84         for ( ManagedRepository managedRepository : managedRepositories )
  85         {
  86             repoIds.add( managedRepository.getId() );
  87         }
  88
  89         return repoIds;
  90     }
  91
  92     public List<ManagedRepository> getAccessibleRepositories( String principal )
  93         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  94     {
  95         return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
  96     }
  97
  98     private List<ManagedRepository> getAccessibleRepositories( String principal, String operation )
  99         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
 100     {
 101         SecuritySession securitySession = createSession( principal );
 102
 103         List<ManagedRepository> managedRepositories = new ArrayList<ManagedRepository>();
 104
 105         try
 106         {
 107             List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();
 108
 109             for ( ManagedRepository repo : repos )
 110             {
 111                 try
 112                 {
 113                     String repoId = repo.getId();
 114                     if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
 115                     {
 116                         managedRepositories.add( repo );
 117                     }
 118                 }
 119                 catch ( AuthorizationException e )
 120                 {
 121                     // swallow.
 122
 123                     log.debug( "Not authorizing '{}' for repository '{}': {}", principal, repo.getId(),
 124                                e.getMessage() );
 125
 126                 }
 127             }
 128
 129             return managedRepositories;
 130         }
 131         catch ( RepositoryAdminException e )
 132         {
 133             throw new ArchivaSecurityException( e.getMessage(), e );
 134         }
 135     }
 136
 137     private SecuritySession createSession( String principal )
 138         throws ArchivaSecurityException, AccessDeniedException
 139     {
 140         User user;
 141         try
 142         {
 143             user = securitySystem.getUserManager().findUser( principal );
 144             if ( user == null )
 145             {
 146                 throw new ArchivaSecurityException(
 147                     "The security system had an internal error - please check your system logs" );
 148             }
 149         }
 150         catch ( UserNotFoundException e )
 151         {
 152             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "", e );
 153         }
 154
 155         if ( user.isLocked() )
 156         {
 157             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 158         }
 159
 160         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 161         return new DefaultSecuritySession( authn, user );
 162     }
 163
 164     public void createMissingRepositoryRoles( String repoId )
 165         throws ArchivaSecurityException
 166     {
 167         try
 168         {
 169             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 170             {
 171                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 172             }
 173
 174             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 175             {
 176                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 177             }
 178         }
 179         catch ( RoleManagerException e )
 180         {
 181             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
 182                                                 e );
 183         }
 184     }
 185
 186     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 187         throws PrincipalNotFoundException, ArchivaSecurityException
 188     {
 189         try
 190         {
 191             SecuritySession securitySession = createSession( principal );
 192
 193             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 194                                                 repoId );
 195
 196         }
 197         catch ( AuthorizationException e )
 198         {
 199             throw new ArchivaSecurityException( e.getMessage() );
 200         }
 201     }
 202
 203     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 204         throws ArchivaSecurityException
 205     {
 206         try
 207         {
 208             SecuritySession securitySession = createSession( principal );
 209
 210             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
 211                                                 repoId );
 212
 213         }
 214         catch ( AuthorizationException e )
 215         {
 216             throw new ArchivaSecurityException( e.getMessage() );
 217         }
 218     }
 219
 220     public SecuritySystem getSecuritySystem()
 221     {
 222         return securitySystem;
 223     }
 224
 225     public void setSecuritySystem( SecuritySystem securitySystem )
 226     {
 227         this.securitySystem = securitySystem;
 228     }
 229
 230     public RoleManager getRoleManager()
 231     {
 232         return roleManager;
 233     }
 234
 235     public void setRoleManager( RoleManager roleManager )
 236     {
 237         this.roleManager = roleManager;
 238     }
 239 }