source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import com.google.common.collect.Lists;
  23 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  24 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
  25 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  26 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  27 import org.codehaus.plexus.redback.role.RoleManager;
  28 import org.codehaus.plexus.redback.role.RoleManagerException;
  29 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
  30 import org.codehaus.plexus.redback.system.SecuritySession;
  31 import org.codehaus.plexus.redback.system.SecuritySystem;
  32 import org.codehaus.plexus.redback.users.User;
  33 import org.codehaus.plexus.redback.users.UserNotFoundException;
  34 import org.slf4j.Logger;
  35 import org.slf4j.LoggerFactory;
  36 import org.springframework.stereotype.Service;
  37
  38 import javax.inject.Inject;
  39 import java.util.ArrayList;
  40 import java.util.List;
  41
  42 /**
  43  * DefaultUserRepositories
  44  *
  45  * @version $Id$
  46  */
  47 @Service( "userRepositories" )
  48 public class DefaultUserRepositories
  49     implements UserRepositories
  50 {
  51     /**
  52      * plexus.requirement
  53      */
  54     @Inject
  55     private SecuritySystem securitySystem;
  56
  57     /**
  58      * plexus.requirement role-hint="default"
  59      */
  60     @Inject
  61     private RoleManager roleManager;
  62
  63     /**
  64      * plexus.requirement
  65      */
  66     @Inject
  67     private ArchivaConfiguration archivaConfiguration;
  68
  69     private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
  70
  71     public List<String> getObservableRepositoryIds( String principal )
  72         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  73     {
  74         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  75
  76         return getAccessibleRepositoryIds( principal, operation );
  77     }
  78
  79     public List<String> getManagableRepositoryIds( String principal )
  80         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  81     {
  82         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  83
  84         return getAccessibleRepositoryIds( principal, operation );
  85     }
  86
  87     private List<String> getAccessibleRepositoryIds( String principal, String operation )
  88         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  89     {
  90         SecuritySession securitySession = createSession( principal );
  91
  92         List<String> repoIds = new ArrayList<String>();
  93
  94         List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories();
  95
  96         for ( ManagedRepositoryConfiguration repo : repos )
  97         {
  98             try
  99             {
 100                 String repoId = repo.getId();
 101                 if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
 102                 {
 103                     repoIds.add( repoId );
 104                 }
 105             }
 106             catch ( AuthorizationException e )
 107             {
 108                 // swallow.
 109                 if ( log.isDebugEnabled() )
 110                 {
 111                     log.debug( "Not authorizing '{}' for repository '{}': {}",
 112                                Lists.<Object>newArrayList( principal, repo.getId(), e.getMessage() ) );
 113                 }
 114             }
 115         }
 116
 117         return repoIds;
 118     }
 119
 120     private SecuritySession createSession( String principal )
 121         throws ArchivaSecurityException, AccessDeniedException
 122     {
 123         User user;
 124         try
 125         {
 126             user = securitySystem.getUserManager().findUser( principal );
 127             if ( user == null )
 128             {
 129                 throw new ArchivaSecurityException(
 130                     "The security system had an internal error - please check your system logs" );
 131             }
 132         }
 133         catch ( UserNotFoundException e )
 134         {
 135             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
 136         }
 137
 138         if ( user.isLocked() )
 139         {
 140             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 141         }
 142
 143         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 144         return new DefaultSecuritySession( authn, user );
 145     }
 146
 147     public void createMissingRepositoryRoles( String repoId )
 148         throws ArchivaSecurityException
 149     {
 150         try
 151         {
 152             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 153             {
 154                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 155             }
 156
 157             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 158             {
 159                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 160             }
 161         }
 162         catch ( RoleManagerException e )
 163         {
 164             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
 165                                                 e );
 166         }
 167     }
 168
 169     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 170         throws PrincipalNotFoundException, ArchivaSecurityException
 171     {
 172         try
 173         {
 174             SecuritySession securitySession = createSession( principal );
 175
 176             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 177                                                 repoId );
 178
 179         }
 180         catch ( AuthorizationException e )
 181         {
 182             throw new ArchivaSecurityException( e.getMessage() );
 183         }
 184     }
 185
 186     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 187         throws AccessDeniedException, ArchivaSecurityException
 188     {
 189         try
 190         {
 191             SecuritySession securitySession = createSession( principal );
 192
 193             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
 194                                                 repoId );
 195
 196         }
 197         catch ( AuthorizationException e )
 198         {
 199             throw new ArchivaSecurityException( e.getMessage() );
 200         }
 201     }
 202
 203     public SecuritySystem getSecuritySystem()
 204     {
 205         return securitySystem;
 206     }
 207
 208     public void setSecuritySystem( SecuritySystem securitySystem )
 209     {
 210         this.securitySystem = securitySystem;
 211     }
 212
 213     public RoleManager getRoleManager()
 214     {
 215         return roleManager;
 216     }
 217
 218     public void setRoleManager( RoleManager roleManager )
 219     {
 220         this.roleManager = roleManager;
 221     }
 222
 223     public ArchivaConfiguration getArchivaConfiguration()
 224     {
 225         return archivaConfiguration;
 226     }
 227
 228     public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration )
 229     {
 230         this.archivaConfiguration = archivaConfiguration;
 231     }
 232 }