1 package org.apache.archiva.security;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import java.util.List;
24 import org.codehaus.plexus.redback.rbac.RBACManager;
25 import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
26 import org.slf4j.Logger;
27 import org.slf4j.LoggerFactory;
28 import org.springframework.stereotype.Service;
30 import javax.inject.Inject;
31 import javax.inject.Named;
34 * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.
38 @Service("environmentCheck#archiva-required-roles")
39 public class ArchivaStandardRolesCheck
40 implements EnvironmentCheck
42 private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class );
45 * plexus.requirement role-hint="cached"
47 @Inject @Named(value = "rBACManager#cached")
48 private RBACManager rbacManager;
51 * boolean detailing if this environment check has been executed
53 private boolean checked = false;
55 public void validateEnvironment( List<String> violations )
59 String expectedRoles[] = new String[] {
60 ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
61 ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
62 ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE,
63 ArchivaRoleConstants.GUEST_ROLE,
64 ArchivaRoleConstants.REGISTERED_USER_ROLE,
65 ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
67 log.info( "Checking the existance of required roles." );
69 for ( String roleName : expectedRoles )
71 if ( !rbacManager.roleExists( roleName ) )
73 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
77 String expectedOperations[] = new String[] {
78 ArchivaRoleConstants.OPERATION_MANAGE_USERS,
79 ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION,
80 ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
81 ArchivaRoleConstants.OPERATION_RUN_INDEXER,
82 ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
83 ArchivaRoleConstants.OPERATION_ADD_REPOSITORY,
84 ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
85 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
86 ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
87 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
88 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
91 log.info( "Checking the existance of required operations." );
93 for ( String operation : expectedOperations )
95 if ( !rbacManager.operationExists( operation ) )
97 violations.add( "Unable to validate the existances of the '" + operation + "' operation." );