source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.redback.integration.checks.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.redback.rbac.RBACManager;
  23 import org.apache.archiva.redback.role.RoleManagerException;
  24 import org.apache.archiva.redback.users.UserNotFoundException;
  25 import org.apache.commons.lang.StringUtils;
  26 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
  27 import org.apache.archiva.redback.configuration.UserConfiguration;
  28 import org.apache.archiva.redback.rbac.RbacManagerException;
  29 import org.apache.archiva.redback.rbac.Role;
  30 import org.apache.archiva.redback.role.RoleManager;
  31 import org.apache.archiva.redback.system.SecuritySession;
  32 import org.apache.archiva.redback.system.SecuritySystem;
  33 import org.apache.archiva.redback.system.check.EnvironmentCheck;
  34 import org.apache.archiva.redback.users.User;
  35 import org.apache.archiva.redback.users.UserManager;
  36 import org.codehaus.plexus.util.IOUtil;
  37 import org.slf4j.Logger;
  38 import org.slf4j.LoggerFactory;
  39 import org.springframework.stereotype.Service;
  40
  41 import javax.inject.Inject;
  42 import javax.inject.Named;
  43 import java.io.File;
  44 import java.io.FileInputStream;
  45 import java.util.Collection;
  46 import java.util.Date;
  47 import java.util.List;
  48 import java.util.Properties;
  49
  50 /**
  51  * @author Olivier Lamy
  52  * @since 1.5
  53  */
  54 @Service( "AdminAutoCreateCheck" )
  55 public class AdminAutoCreateCheck
  56     implements EnvironmentCheck
  57 {
  58
  59     private Logger log = LoggerFactory.getLogger( getClass() );
  60
  61     public static final String FORCE_ADMIN_FILE_PATH = "redback.admin.creation.file";
  62
  63     public static final String ADMIN_FULL_NAME_KEY = "redback.admin.fullname";
  64
  65     public static final String ADMIN_EMAIL_KEY = "redback.admin.email";
  66
  67     public static final String ADMIN_PASSWORD_KEY = "redback.admin.password";
  68
  69     @Inject
  70     @Named( value = "userManager#configurable" )
  71     private UserManager userManager;
  72
  73     @Inject
  74     private UserConfiguration config;
  75
  76     @Inject
  77     protected SecuritySystem securitySystem;
  78
  79     @Inject
  80     private RoleManager roleManager;
  81
  82     @Inject
  83     @Named( value = "rBACManager#cached" )
  84     private RBACManager rbacManager;
  85
  86     public void validateEnvironment( List<String> violations )
  87     {
  88         try
  89         {
  90             User user = userManager.findUser( getAdminUid() );
  91             if ( user == null )
  92             {
  93                 useForceAdminCreationFile();
  94             }
  95
  96
  97         }
  98         catch ( UserNotFoundException e )
  99         {
 100             useForceAdminCreationFile();
 101         }
 102     }
 103
 104     private void checkAdminKarma( User u )
 105     {
 106         try
 107         {
 108             Collection<Role> roles = rbacManager.getEffectivelyAssignedRoles( getAdminUid() );
 109             boolean adminRole = false;
 110             for ( Role role : roles )
 111             {
 112                 if ( StringUtils.equals( "system-administrator", role.getName() ) )
 113                 {
 114                     adminRole = true;
 115                 }
 116             }
 117             if ( !adminRole )
 118             {
 119                 assignAdminRole( u );
 120             }
 121         }
 122         catch ( RbacManagerException e )
 123         {
 124             log.warn( "fail to checkAdminKarma {}", e, e.getMessage() );
 125         }
 126         catch ( RoleManagerException e )
 127         {
 128             log.warn( "fail to assignAdmin role {}", e, e.getMessage() );
 129         }
 130     }
 131
 132     private void useForceAdminCreationFile()
 133     {
 134         try
 135         {
 136             String forceAdminFilePath = System.getProperty( FORCE_ADMIN_FILE_PATH );
 137             if ( StringUtils.isBlank( forceAdminFilePath ) )
 138             {
 139                 log.info( FORCE_ADMIN_FILE_PATH + " system props is empty don't use an auto creation admin " );
 140                 return;
 141             }
 142             File file = new File( forceAdminFilePath );
 143             if ( !file.exists() )
 144             {
 145                 log.warn( "file set in sysprops " + FORCE_ADMIN_FILE_PATH + " not exists skip admin auto creation" );
 146                 return;
 147             }
 148             log.debug( "user {} not found try auto creation" );
 149             Properties properties = new Properties();
 150             FileInputStream fis = new FileInputStream( file );
 151             try
 152             {
 153                 properties.load( fis );
 154             }
 155             catch ( Exception e )
 156             {
 157                 log.warn( "error loading properties from file " + forceAdminFilePath + " skip admin auto creation" );
 158                 return;
 159             }
 160             finally
 161             {
 162                 IOUtil.close( fis );
 163             }
 164
 165             // ensure we have all properties
 166             String password = properties.getProperty( ADMIN_PASSWORD_KEY );
 167             String email = properties.getProperty( ADMIN_EMAIL_KEY );
 168             String fullName = properties.getProperty( ADMIN_FULL_NAME_KEY );
 169
 170             if ( StringUtils.isBlank( password ) )
 171             {
 172                 log.warn( "property " + ADMIN_PASSWORD_KEY + " not set skip auto admin creation" );
 173                 return;
 174             }
 175
 176             if ( StringUtils.isBlank( email ) )
 177             {
 178                 log.warn( "property " + ADMIN_EMAIL_KEY + " not set skip auto admin creation" );
 179                 return;
 180             }
 181
 182             if ( StringUtils.isBlank( fullName ) )
 183             {
 184                 log.warn( "property " + ADMIN_FULL_NAME_KEY + " not set skip auto admin creation" );
 185                 return;
 186             }
 187
 188             User u = userManager.createUser( getAdminUid(), fullName, email );
 189
 190             u.setPassword( password );
 191             u.setLocked( false );
 192             u.setPasswordChangeRequired( false );
 193             u.setPermanent( true );
 194             u.setValidated( true );
 195
 196             u = userManager.addUser( u );
 197             u.setPassword( password );
 198
 199             PasswordBasedAuthenticationDataSource authdatasource = new PasswordBasedAuthenticationDataSource();
 200             authdatasource.setPrincipal( u.getUsername() );
 201             authdatasource.setPassword( u.getPassword() );
 202             SecuritySession securitySession = securitySystem.authenticate( authdatasource );
 203             if ( securitySession.getAuthenticationResult().isAuthenticated() )
 204             {
 205                 // good add various tokens.
 206                 u = securitySession.getUser();
 207                 u.setLastLoginDate( new Date() );
 208                 securitySystem.getUserManager().updateUser( u );
 209             }
 210             assignAdminRole( u );
 211
 212         }
 213         catch ( Exception e )
 214         {
 215             log.warn( "failed to automatically create an admin account " + e.getMessage(), e );
 216         }
 217     }
 218
 219     private void assignAdminRole( User user )
 220         throws RoleManagerException
 221     {
 222         roleManager.assignRole( "system-administrator", user.getPrincipal().toString() );
 223     }
 224
 225     private String getAdminUid()
 226     {
 227         return config.getString( "redback.default.admin" );
 228     }
 229 }