]> source.dussan.org Git - archiva.git/blob
36e3d799245b48174e2b45c8236388c09a50a635
[archiva.git] /
1 package org.apache.maven.archiva.security;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  *  http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import java.util.ArrayList;
23 import java.util.List;
24
25 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
26 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
27 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
28 import org.codehaus.plexus.redback.authorization.AuthorizationException;
29 import org.codehaus.plexus.redback.role.RoleManager;
30 import org.codehaus.plexus.redback.role.RoleManagerException;
31 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
32 import org.codehaus.plexus.redback.system.SecuritySession;
33 import org.codehaus.plexus.redback.system.SecuritySystem;
34 import org.codehaus.plexus.redback.users.User;
35 import org.codehaus.plexus.redback.users.UserNotFoundException;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38 import org.springframework.stereotype.Service;
39
40 import javax.inject.Inject;
41
42 /**
43  * DefaultUserRepositories
44  * 
45  * @version $Id$
46  * @plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
47  */
48 @Service("userRepositories")
49 public class DefaultUserRepositories
50     implements UserRepositories
51 {
52     /**
53      * @plexus.requirement
54      */
55     @Inject
56     private SecuritySystem securitySystem;
57
58     /**
59      * @plexus.requirement role-hint="default"
60      */
61     @Inject
62     private RoleManager roleManager;
63
64     /**
65      * @plexus.requirement
66      */
67     @Inject
68     private ArchivaConfiguration archivaConfiguration;
69     
70     private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
71
72     public List<String> getObservableRepositoryIds( String principal )
73         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
74     {
75         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
76
77         return getAccessibleRepositoryIds( principal, operation );
78     }
79
80     public List<String> getManagableRepositoryIds( String principal )
81         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
82     {
83         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
84
85         return getAccessibleRepositoryIds( principal, operation );
86     }
87
88     private List<String> getAccessibleRepositoryIds( String principal, String operation )
89         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
90     {
91         SecuritySession securitySession = createSession( principal );
92
93         List<String> repoIds = new ArrayList<String>();
94
95         List<ManagedRepositoryConfiguration> repos =
96             archivaConfiguration.getConfiguration().getManagedRepositories();
97
98         for ( ManagedRepositoryConfiguration repo : repos )
99         {
100             try
101             {
102                 String repoId = repo.getId();
103                 if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
104                 {
105                     repoIds.add( repoId );
106                 }
107             }
108             catch ( AuthorizationException e )
109             {
110                 // swallow.
111                 log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': "
112                     + e.getMessage() );
113             }
114         }
115
116         return repoIds;
117     }
118
119     private SecuritySession createSession( String principal )
120         throws ArchivaSecurityException, AccessDeniedException
121     {
122         User user;
123         try
124         {
125             user = securitySystem.getUserManager().findUser( principal );
126             if ( user == null )
127             {
128                 throw new ArchivaSecurityException(
129                     "The security system had an internal error - please check your system logs" );
130             }
131         }
132         catch ( UserNotFoundException e )
133         {
134             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
135         }
136
137         if ( user.isLocked() )
138         {
139             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
140         }
141
142         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
143         return new DefaultSecuritySession( authn, user );
144     }
145
146     public void createMissingRepositoryRoles( String repoId )
147         throws ArchivaSecurityException
148     {
149         try
150         {
151             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
152             {
153                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
154             }
155
156             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
157             {
158                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
159             }
160         }
161         catch ( RoleManagerException e )
162         {
163             throw new ArchivaSecurityException(
164                                                 "Unable to create roles for configured repositories: " + e.getMessage(),
165                                                 e );
166         }
167     }
168
169     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
170         throws PrincipalNotFoundException, ArchivaSecurityException
171     {
172         try
173         {
174             SecuritySession securitySession = createSession( principal );
175
176             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
177                                                 repoId );
178
179         }
180         catch ( AuthorizationException e )
181         {
182             throw new ArchivaSecurityException( e.getMessage() );
183         }
184     }
185     
186     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
187         throws AccessDeniedException, ArchivaSecurityException
188     {
189         try
190         {
191             SecuritySession securitySession = createSession( principal );
192
193             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
194                                                 repoId );
195
196         }
197         catch ( AuthorizationException e )
198         {
199             throw new ArchivaSecurityException( e.getMessage() );
200         }
201     }
202
203     public SecuritySystem getSecuritySystem()
204     {
205         return securitySystem;
206     }
207
208     public void setSecuritySystem( SecuritySystem securitySystem )
209     {
210         this.securitySystem = securitySystem;
211     }
212
213     public RoleManager getRoleManager()
214     {
215         return roleManager;
216     }
217
218     public void setRoleManager( RoleManager roleManager )
219     {
220         this.roleManager = roleManager;
221     }
222
223     public ArchivaConfiguration getArchivaConfiguration()
224     {
225         return archivaConfiguration;
226     }
227
228     public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration )
229     {
230         this.archivaConfiguration = archivaConfiguration;
231     }
232 }