source.dussan.org Git - archiva.git/blob

   1 package org.apache.maven.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import java.util.ArrayList;
  23 import java.util.Collection;
  24 import java.util.List;
  25
  26 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  27 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
  28 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  29 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  30 import org.codehaus.plexus.redback.rbac.RBACManager;
  31 import org.codehaus.plexus.redback.rbac.RbacManagerException;
  32 import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
  33 import org.codehaus.plexus.redback.rbac.Role;
  34 import org.codehaus.plexus.redback.role.RoleManager;
  35 import org.codehaus.plexus.redback.role.RoleManagerException;
  36 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
  37 import org.codehaus.plexus.redback.system.SecuritySession;
  38 import org.codehaus.plexus.redback.system.SecuritySystem;
  39 import org.codehaus.plexus.redback.users.User;
  40 import org.codehaus.plexus.redback.users.UserNotFoundException;
  41
  42 /**
  43  * DefaultUserRepositories
  44  *
  45  * @version $Id$
  46  * @plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
  47  */
  48 public class DefaultUserRepositories
  49     implements UserRepositories
  50 {
  51     /**
  52      * @plexus.requirement
  53      */
  54     private SecuritySystem securitySystem;
  55
  56     /**
  57      * @plexus.requirement role-hint="cached"
  58      */
  59     private RBACManager rbacManager;
  60
  61     /**
  62      * @plexus.requirement role-hint="default"
  63      */
  64     private RoleManager roleManager;
  65
  66     /**
  67      * @plexus.requirement
  68      */
  69     private ArchivaConfiguration archivaConfiguration;
  70
  71     public List<String> getObservableRepositoryIds( String principal )
  72         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  73     {
  74         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  75
  76         return getAccessibleRepositoryIds( principal, operation );
  77     }
  78
  79     public List<String> getManagableRepositoryIds( String principal )
  80         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  81     {
  82         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  83
  84         return getAccessibleRepositoryIds( principal, operation );
  85     }
  86
  87     private List<String> getAccessibleRepositoryIds( String principal, String operation )
  88         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  89     {
  90         try
  91         {
  92             User user = securitySystem.getUserManager().findUser( principal );
  93             if ( user == null )
  94             {
  95                 throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
  96             }
  97
  98             if ( user.isLocked() )
  99             {
 100                 throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 101             }
 102
 103             AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 104             SecuritySession securitySession = new DefaultSecuritySession( authn, user );
 105
 106             List<String> repoIds = new ArrayList<String>();
 107
 108             List<ManagedRepositoryConfiguration> repos =
 109                 archivaConfiguration.getConfiguration().getManagedRepositories();
 110
 111             for ( ManagedRepositoryConfiguration repo : repos )
 112             {
 113                 try
 114                 {
 115                     String repoId = repo.getId();
 116                     if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
 117                     {
 118                         repoIds.add( repoId );
 119                     }
 120                 }
 121                 catch ( AuthorizationException e )
 122                 {
 123                     // swallow.
 124                 }
 125             }
 126
 127             return repoIds;
 128         }
 129         catch ( UserNotFoundException e )
 130         {
 131             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
 132         }
 133     }
 134
 135     public void createMissingRepositoryRoles( String repoId )
 136         throws ArchivaSecurityException
 137     {
 138         try
 139         {
 140             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 141             {
 142                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 143             }
 144
 145             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 146             {
 147                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 148             }
 149         }
 150         catch ( RoleManagerException e )
 151         {
 152             throw new ArchivaSecurityException(
 153                                                 "Unable to create roles for configured repositories: " + e.getMessage(),
 154                                                 e );
 155         }
 156     }
 157
 158     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 159         throws PrincipalNotFoundException, ArchivaSecurityException
 160     {
 161         try
 162         {
 163             User user = securitySystem.getUserManager().findUser( principal );
 164             if ( user == null )
 165             {
 166                 throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
 167             }
 168
 169             if ( user.isLocked() )
 170             {
 171                 throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 172             }
 173
 174             AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 175             SecuritySession securitySession = new DefaultSecuritySession( authn, user );
 176
 177             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 178                                                 repoId );
 179
 180         }
 181         catch ( UserNotFoundException e )
 182         {
 183             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
 184         }
 185         catch ( AuthorizationException e )
 186         {
 187             throw new ArchivaSecurityException( e.getMessage() );
 188         }
 189     }
 190
 191     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 192         throws RbacManagerException, RbacObjectNotFoundException
 193     {
 194         boolean isAuthorized = false;
 195         String delimiter = " - ";
 196
 197         try
 198         {
 199             Collection<Role> roleList = rbacManager.getEffectivelyAssignedRoles( principal );
 200
 201             for ( Role role : roleList )
 202             {
 203                 String roleName = role.getName();
 204
 205                 if ( roleName.startsWith( ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX ) )
 206                 {
 207                     int delimiterIndex = roleName.indexOf( delimiter );
 208                     String resourceName = roleName.substring( delimiterIndex + delimiter.length() );
 209
 210                     if ( resourceName.equals( repoId ) )
 211                     {
 212                         isAuthorized = true;
 213                         break;
 214                     }
 215                 }
 216             }
 217         }
 218         catch ( RbacObjectNotFoundException e )
 219         {
 220             throw new RbacObjectNotFoundException( "Unable to find user " + principal + "" );
 221         }
 222         catch ( RbacManagerException e )
 223         {
 224             throw new RbacManagerException( "Unable to get roles for user " + principal + "" );
 225         }
 226
 227         return isAuthorized;
 228     }
 229 }