source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.admin.model.RepositoryAdminException;
  23 import org.apache.archiva.admin.model.beans.ManagedRepository;
  24 import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
  25 import org.apache.archiva.redback.authentication.AuthenticationResult;
  26 import org.apache.archiva.redback.authorization.AuthorizationException;
  27 import org.apache.archiva.redback.role.RoleManager;
  28 import org.apache.archiva.redback.role.RoleManagerException;
  29 import org.apache.archiva.redback.system.DefaultSecuritySession;
  30 import org.apache.archiva.redback.system.SecuritySession;
  31 import org.apache.archiva.redback.system.SecuritySystem;
  32 import org.apache.archiva.redback.users.User;
  33 import org.apache.archiva.redback.users.UserManagerException;
  34 import org.apache.archiva.redback.users.UserNotFoundException;
  35 import org.apache.archiva.security.common.ArchivaRoleConstants;
  36 import org.slf4j.Logger;
  37 import org.slf4j.LoggerFactory;
  38 import org.springframework.stereotype.Service;
  39
  40 import javax.inject.Inject;
  41 import java.util.ArrayList;
  42 import java.util.List;
  43
  44 /**
  45  * DefaultUserRepositories
  46  */
  47 @Service( "userRepositories" )
  48 public class DefaultUserRepositories
  49     implements UserRepositories
  50 {
  51
  52     @Inject
  53     private SecuritySystem securitySystem;
  54
  55     @Inject
  56     private RoleManager roleManager;
  57
  58     @Inject
  59     private ManagedRepositoryAdmin managedRepositoryAdmin;
  60
  61     private Logger log = LoggerFactory.getLogger( getClass() );
  62
  63     public List<String> getObservableRepositoryIds( String principal )
  64         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  65     {
  66         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  67
  68         return getAccessibleRepositoryIds( principal, operation );
  69     }
  70
  71     public List<String> getManagableRepositoryIds( String principal )
  72         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  73     {
  74         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  75
  76         return getAccessibleRepositoryIds( principal, operation );
  77     }
  78
  79     private List<String> getAccessibleRepositoryIds( String principal, String operation )
  80         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  81     {
  82
  83         List<ManagedRepository> managedRepositories = getAccessibleRepositories( principal, operation );
  84         List<String> repoIds = new ArrayList<String>( managedRepositories.size() );
  85         for ( ManagedRepository managedRepository : managedRepositories )
  86         {
  87             repoIds.add( managedRepository.getId() );
  88         }
  89
  90         return repoIds;
  91     }
  92
  93     public List<ManagedRepository> getAccessibleRepositories( String principal )
  94         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  95     {
  96         return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
  97     }
  98
  99     private List<ManagedRepository> getAccessibleRepositories( String principal, String operation )
 100         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
 101     {
 102         SecuritySession securitySession = createSession( principal );
 103
 104         List<ManagedRepository> managedRepositories = new ArrayList<ManagedRepository>();
 105
 106         try
 107         {
 108             List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();
 109
 110             for ( ManagedRepository repo : repos )
 111             {
 112                 try
 113                 {
 114                     String repoId = repo.getId();
 115                     if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
 116                     {
 117                         managedRepositories.add( repo );
 118                     }
 119                 }
 120                 catch ( AuthorizationException e )
 121                 {
 122                     // swallow.
 123
 124                     log.debug( "Not authorizing '{}' for repository '{}': {}", principal, repo.getId(),
 125                                e.getMessage() );
 126
 127                 }
 128             }
 129
 130             return managedRepositories;
 131         }
 132         catch ( RepositoryAdminException e )
 133         {
 134             throw new ArchivaSecurityException( e.getMessage(), e );
 135         }
 136     }
 137
 138     private SecuritySession createSession( String principal )
 139         throws ArchivaSecurityException, AccessDeniedException
 140     {
 141         User user;
 142         try
 143         {
 144             user = securitySystem.getUserManager().findUser( principal );
 145             if ( user == null )
 146             {
 147                 throw new ArchivaSecurityException(
 148                     "The security system had an internal error - please check your system logs" );
 149             }
 150         }
 151         catch ( UserNotFoundException e )
 152         {
 153             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "", e );
 154         }
 155         catch ( UserManagerException e )
 156         {
 157             throw new ArchivaSecurityException( e.getMessage(), e );
 158         }
 159
 160         if ( user.isLocked() )
 161         {
 162             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 163         }
 164
 165         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 166         authn.setUser( user );
 167         return new DefaultSecuritySession( authn, user );
 168     }
 169
 170     public void createMissingRepositoryRoles( String repoId )
 171         throws ArchivaSecurityException
 172     {
 173         try
 174         {
 175             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 176             {
 177                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 178             }
 179
 180             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 181             {
 182                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 183             }
 184         }
 185         catch ( RoleManagerException e )
 186         {
 187             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
 188                                                 e );
 189         }
 190     }
 191
 192     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 193         throws PrincipalNotFoundException, ArchivaSecurityException
 194     {
 195         try
 196         {
 197             SecuritySession securitySession = createSession( principal );
 198
 199             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 200                                                 repoId );
 201
 202         }
 203         catch ( AuthorizationException e )
 204         {
 205             throw new ArchivaSecurityException( e.getMessage() );
 206         }
 207     }
 208
 209     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 210         throws ArchivaSecurityException
 211     {
 212         try
 213         {
 214             SecuritySession securitySession = createSession( principal );
 215
 216             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
 217                                                 repoId );
 218
 219         }
 220         catch ( AuthorizationException e )
 221         {
 222             throw new ArchivaSecurityException( e.getMessage() );
 223         }
 224     }
 225
 226     public SecuritySystem getSecuritySystem()
 227     {
 228         return securitySystem;
 229     }
 230
 231     public void setSecuritySystem( SecuritySystem securitySystem )
 232     {
 233         this.securitySystem = securitySystem;
 234     }
 235
 236     public RoleManager getRoleManager()
 237     {
 238         return roleManager;
 239     }
 240
 241     public void setRoleManager( RoleManager roleManager )
 242     {
 243         this.roleManager = roleManager;
 244     }
 245 }