1 package org.apache.maven.archiva.security;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import java.util.ArrayList;
23 import java.util.List;
25 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
26 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
27 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
28 import org.codehaus.plexus.redback.authorization.AuthorizationException;
29 import org.codehaus.plexus.redback.role.RoleManager;
30 import org.codehaus.plexus.redback.role.RoleManagerException;
31 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
32 import org.codehaus.plexus.redback.system.SecuritySession;
33 import org.codehaus.plexus.redback.system.SecuritySystem;
34 import org.codehaus.plexus.redback.users.User;
35 import org.codehaus.plexus.redback.users.UserNotFoundException;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38 import org.springframework.stereotype.Service;
40 import javax.inject.Inject;
43 * DefaultUserRepositories
46 * @plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
48 @Service("userRepositories")
49 public class DefaultUserRepositories
50 implements UserRepositories
56 private SecuritySystem securitySystem;
59 * @plexus.requirement role-hint="default"
62 private RoleManager roleManager;
68 private ArchivaConfiguration archivaConfiguration;
70 private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
72 public List<String> getObservableRepositoryIds( String principal )
73 throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
75 String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
77 return getAccessibleRepositoryIds( principal, operation );
80 public List<String> getManagableRepositoryIds( String principal )
81 throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
83 String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
85 return getAccessibleRepositoryIds( principal, operation );
88 private List<String> getAccessibleRepositoryIds( String principal, String operation )
89 throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
91 SecuritySession securitySession = createSession( principal );
93 List<String> repoIds = new ArrayList<String>();
95 List<ManagedRepositoryConfiguration> repos =
96 archivaConfiguration.getConfiguration().getManagedRepositories();
98 for ( ManagedRepositoryConfiguration repo : repos )
102 String repoId = repo.getId();
103 if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
105 repoIds.add( repoId );
108 catch ( AuthorizationException e )
111 log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': "
119 private SecuritySession createSession( String principal )
120 throws ArchivaSecurityException, AccessDeniedException
125 user = securitySystem.getUserManager().findUser( principal );
128 throw new ArchivaSecurityException(
129 "The security system had an internal error - please check your system logs" );
132 catch ( UserNotFoundException e )
134 throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
137 if ( user.isLocked() )
139 throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
142 AuthenticationResult authn = new AuthenticationResult( true, principal, null );
143 return new DefaultSecuritySession( authn, user );
146 public void createMissingRepositoryRoles( String repoId )
147 throws ArchivaSecurityException
151 if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
153 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
156 if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
158 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
161 catch ( RoleManagerException e )
163 throw new ArchivaSecurityException(
164 "Unable to create roles for configured repositories: " + e.getMessage(),
169 public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
170 throws PrincipalNotFoundException, ArchivaSecurityException
174 SecuritySession securitySession = createSession( principal );
176 return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
180 catch ( AuthorizationException e )
182 throw new ArchivaSecurityException( e.getMessage() );
186 public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
187 throws AccessDeniedException, ArchivaSecurityException
191 SecuritySession securitySession = createSession( principal );
193 return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
197 catch ( AuthorizationException e )
199 throw new ArchivaSecurityException( e.getMessage() );
203 public SecuritySystem getSecuritySystem()
205 return securitySystem;
208 public void setSecuritySystem( SecuritySystem securitySystem )
210 this.securitySystem = securitySystem;
213 public RoleManager getRoleManager()
218 public void setRoleManager( RoleManager roleManager )
220 this.roleManager = roleManager;
223 public ArchivaConfiguration getArchivaConfiguration()
225 return archivaConfiguration;
228 public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration )
230 this.archivaConfiguration = archivaConfiguration;