]> source.dussan.org Git - archiva.git/blob
36dd46269e3fab61a62084a96ac417d0edbd8ac2
[archiva.git] /
1 package org.apache.archiva.rest.api.services.v2;/*
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements.  See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership.  The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License.  You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  * Unless required by applicable law or agreed to in writing,
12  * software distributed under the License is distributed on an
13  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14  * KIND, either express or implied.  See the License for the
15  * specific language governing permissions and limitations
16  * under the License.
17  */
18
19 import io.swagger.v3.oas.annotations.Operation;
20 import io.swagger.v3.oas.annotations.Parameter;
21 import io.swagger.v3.oas.annotations.Parameters;
22 import io.swagger.v3.oas.annotations.enums.ParameterIn;
23 import io.swagger.v3.oas.annotations.media.ArraySchema;
24 import io.swagger.v3.oas.annotations.media.Content;
25 import io.swagger.v3.oas.annotations.media.Schema;
26 import io.swagger.v3.oas.annotations.parameters.RequestBody;
27 import io.swagger.v3.oas.annotations.responses.ApiResponse;
28 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
29 import io.swagger.v3.oas.annotations.tags.Tag;
30 import org.apache.archiva.components.rest.model.PagedResult;
31 import org.apache.archiva.components.rest.model.PropertyEntry;
32 import org.apache.archiva.redback.authorization.RedbackAuthorization;
33 import org.apache.archiva.rest.api.model.v2.BeanInformation;
34 import org.apache.archiva.rest.api.model.v2.CacheConfiguration;
35 import org.apache.archiva.rest.api.model.v2.LdapConfiguration;
36 import org.apache.archiva.rest.api.model.v2.SecurityConfiguration;
37 import org.apache.archiva.security.common.ArchivaRoleConstants;
38
39 import javax.ws.rs.Consumes;
40 import javax.ws.rs.DELETE;
41 import javax.ws.rs.DefaultValue;
42 import javax.ws.rs.GET;
43 import javax.ws.rs.POST;
44 import javax.ws.rs.PUT;
45 import javax.ws.rs.Path;
46 import javax.ws.rs.PathParam;
47 import javax.ws.rs.Produces;
48 import javax.ws.rs.QueryParam;
49 import javax.ws.rs.core.MediaType;
50 import javax.ws.rs.core.Response;
51 import java.util.List;
52
53 import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
54 import static org.apache.archiva.rest.api.services.v2.Configuration.DEFAULT_PAGE_LIMIT;
55
56 /**
57  *
58  * Service for configuration of redback and security related settings.
59  *
60  * @author Martin Stockhammer <martin_s@apache.org>
61  * @since 3.0
62  */
63 @Path( "/security" )
64 @Tag(name = "v2")
65 @Tag(name = "v2/Security")
66 @SecurityRequirement(name = "BearerAuth")
67 public interface SecurityConfigurationService
68 {
69     @Path("config")
70     @GET
71     @Produces({ APPLICATION_JSON })
72     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
73     @Operation( summary = "Returns the security configuration that is currently active.",
74         security = {
75             @SecurityRequirement(
76                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
77             )
78         },
79         responses = {
80             @ApiResponse( responseCode = "200",
81                 description = "If the configuration could be retrieved",
82                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = SecurityConfiguration.class))
83             ),
84             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
85                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
86         }
87     )
88     SecurityConfiguration getConfiguration()
89         throws ArchivaRestServiceException;
90
91     @Path("config")
92     @PUT
93     @Consumes({ APPLICATION_JSON })
94     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
95     @Operation( summary = "Updates the security configuration.",
96         security = {
97             @SecurityRequirement(
98                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
99             )
100         },
101         responses = {
102             @ApiResponse( responseCode = "200",
103                 description = "If the configuration was updated"
104             ),
105             @ApiResponse( responseCode = "422", description = "Invalid content data",
106                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) ),
107             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to update the configuration",
108                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
109         }
110     )
111     SecurityConfiguration updateConfiguration( SecurityConfiguration newConfiguration)
112         throws ArchivaRestServiceException;
113
114
115     @Path( "config/properties" )
116     @GET
117     @Produces( { APPLICATION_JSON } )
118     @RedbackAuthorization( permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION )
119     @Operation( summary = "Returns all configuration properties. The result is paged.",
120         parameters = {
121             @Parameter(name = "q", description = "Search term"),
122             @Parameter(name = "offset", description = "The offset of the first element returned"),
123             @Parameter(name = "limit", description = "Maximum number of items to return in the response"),
124             @Parameter(name = "orderBy", description = "List of attribute used for sorting (key, value)"),
125             @Parameter(name = "order", description = "The sort order. Either ascending (asc) or descending (desc)")
126         },
127         security = {
128             @SecurityRequirement(
129                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
130             )
131         },
132         responses = {
133             @ApiResponse( responseCode = "200",
134                 description = "If the list could be returned",
135                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = PagedResult.class))
136             ),
137             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
138                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
139         }
140     )
141     PagedResult<PropertyEntry> getConfigurationProperties( @QueryParam("q") @DefaultValue( "" ) String searchTerm,
142                                                            @QueryParam( "offset" ) @DefaultValue( "0" ) Integer offset,
143                                                            @QueryParam( "limit" ) @DefaultValue( value = DEFAULT_PAGE_LIMIT ) Integer limit,
144                                                            @QueryParam( "orderBy") @DefaultValue( "key" ) List<String> orderBy,
145                                                            @QueryParam("order") @DefaultValue( "asc" ) String order ) throws ArchivaRestServiceException;
146
147     @Path("config/properties/{propertyName}")
148     @GET
149     @Produces({ APPLICATION_JSON })
150     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
151     @Operation( summary = "Returns a single configuration property value.",
152         security = {
153             @SecurityRequirement(
154                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
155             )
156         },
157         parameters = {
158             @Parameter(in = ParameterIn.PATH, name="propertyName", description = "The name of the property to get the value for")
159         },
160         responses = {
161             @ApiResponse( responseCode = "200",
162                 description = "If the configuration could be retrieved",
163                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = PropertyEntry.class))
164             ),
165             @ApiResponse( responseCode = "404", description = "The given property name does not exist",
166                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) ),
167             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
168                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
169         }
170     )
171     PropertyEntry getConfigurationProperty( @PathParam ( "propertyName" )  String propertyName)
172         throws ArchivaRestServiceException;
173
174
175     @Path("config/properties/{propertyName}")
176     @PUT
177     @Consumes({ APPLICATION_JSON})
178     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
179     @Operation( summary = "Updates a single property value of the security configuration.",
180         security = {
181             @SecurityRequirement(
182                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
183             )
184         },
185         parameters = {
186             @Parameter(in = ParameterIn.PATH, name="propertyName", description = "The name of the property to update")
187         },
188         responses = {
189             @ApiResponse( responseCode = "200",
190                 description = "If the property value was updated."
191             ),
192             @ApiResponse( responseCode = "400", description = "The body data is not valid",
193                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) ),
194             @ApiResponse( responseCode = "404", description = "The given property name does not exist",
195                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) ),
196             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
197                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
198         }
199     )
200     Response updateConfigurationProperty( @PathParam ( "propertyName" )  String propertyName, PropertyEntry propertyValue)
201         throws ArchivaRestServiceException;
202
203     @Path("config/ldap")
204     @GET
205     @Produces({ APPLICATION_JSON })
206     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
207     @Operation( summary = "Returns the LDAP configuration that is currently active.",
208         security = {
209             @SecurityRequirement(
210                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
211             )
212         },
213         responses = {
214             @ApiResponse( responseCode = "200",
215                 description = "If the configuration could be retrieved",
216                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = LdapConfiguration.class))
217             ),
218             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
219                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
220         }
221     )
222     LdapConfiguration getLdapConfiguration( ) throws ArchivaRestServiceException;
223
224     @Path("config/ldap")
225     @PUT
226     @Consumes({ APPLICATION_JSON })
227     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
228     @Operation( summary = "Updates the LDAP configuration that is currently active.",
229         security = {
230             @SecurityRequirement(
231                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
232             )
233         },
234         responses = {
235             @ApiResponse( responseCode = "200",
236                 description = "If the configuration was updated"
237             ),
238             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to update the information",
239                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
240         }
241     )
242     LdapConfiguration updateLdapConfiguration( LdapConfiguration configuration ) throws ArchivaRestServiceException;
243
244     @Path("config/ldap/verify")
245     @POST
246     @Consumes({ APPLICATION_JSON })
247     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
248     @Operation( summary = "Checks the given LDAP configuration.",
249         security = {
250             @SecurityRequirement(
251                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
252             )
253         },
254         responses = {
255             @ApiResponse( responseCode = "200",
256                 description = "If the check was successful"
257             ),
258             @ApiResponse( responseCode = "400",
259                 description = "If the check was not successful",
260                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class ))
261             ),
262             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to update the information",
263                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
264         }
265     )
266     Response verifyLdapConfiguration( LdapConfiguration configuration ) throws ArchivaRestServiceException;
267
268     @Path("config/cache")
269     @GET
270     @Produces({ APPLICATION_JSON })
271     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
272     @Operation( summary = "Returns the cache configuration that is currently active.",
273         security = {
274             @SecurityRequirement(
275                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
276             )
277         },
278         responses = {
279             @ApiResponse( responseCode = "200",
280                 description = "If the configuration could be retrieved",
281                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = CacheConfiguration.class))
282             ),
283             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
284                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
285         }
286     )
287     CacheConfiguration getCacheConfiguration( ) throws ArchivaRestServiceException;
288
289     @Path("config/cache")
290     @PUT
291     @Consumes({ APPLICATION_JSON })
292     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
293     @Operation( summary = "Updates the LDAP configuration that is currently active.",
294         security = {
295             @SecurityRequirement(
296                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
297             )
298         },
299         responses = {
300             @ApiResponse( responseCode = "200",
301                 description = "If the configuration was updated"
302             ),
303             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to update the information",
304                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
305         }
306     )
307     CacheConfiguration updateCacheConfiguration( CacheConfiguration cacheConfiguration ) throws ArchivaRestServiceException;
308
309
310     @Path("user_managers")
311     @GET
312     @Produces({ APPLICATION_JSON })
313     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
314     @Operation( summary = "Returns the available user manager implementations.",
315         security = {
316             @SecurityRequirement(
317                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
318             )
319         },
320         responses = {
321             @ApiResponse( responseCode = "200",
322                 description = "If the list could be retrieved",
323                 content = @Content(mediaType = APPLICATION_JSON, array = @ArraySchema(
324                     schema = @Schema(implementation = BeanInformation.class)))
325             ),
326             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
327                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
328         }
329     )
330     List<BeanInformation> getAvailableUserManagers()
331         throws ArchivaRestServiceException;
332
333     @Path("rbac_managers")
334     @GET
335     @Produces({ APPLICATION_JSON })
336     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
337     @Operation( summary = "Returns the available RBAC manager implementations.",
338         security = {
339             @SecurityRequirement(
340                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
341             )
342         },
343         responses = {
344             @ApiResponse( responseCode = "200",
345                 description = "If the list could be retrieved",
346                 content = @Content(mediaType = APPLICATION_JSON, array = @ArraySchema(
347                     schema = @Schema(implementation = BeanInformation.class)))
348             ),
349             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
350                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
351         }
352     )
353     List<BeanInformation> getAvailableRbacManagers()
354         throws ArchivaRestServiceException;
355
356 }