]> source.dussan.org Git - archiva.git/blob
6a97d961de04e1fef6f83e6ae808c41511542527
[archiva.git] /
1 package org.apache.archiva.security;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  *  http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import com.google.common.collect.Lists;
23 import org.apache.archiva.admin.model.RepositoryAdminException;
24 import org.apache.archiva.admin.model.beans.ManagedRepository;
25 import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
26 import org.apache.archiva.redback.users.User;
27 import org.apache.archiva.redback.users.UserNotFoundException;
28 import org.apache.archiva.security.common.ArchivaRoleConstants;
29 import org.apache.archiva.redback.authentication.AuthenticationResult;
30 import org.apache.archiva.redback.authorization.AuthorizationException;
31 import org.apache.archiva.redback.role.RoleManager;
32 import org.apache.archiva.redback.role.RoleManagerException;
33 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
34 import org.codehaus.plexus.redback.system.SecuritySession;
35 import org.codehaus.plexus.redback.system.SecuritySystem;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38 import org.springframework.stereotype.Service;
39
40 import javax.inject.Inject;
41 import java.util.ArrayList;
42 import java.util.List;
43
44 /**
45  * DefaultUserRepositories
46  *
47  * @version $Id$
48  */
49 @Service( "userRepositories" )
50 public class DefaultUserRepositories
51     implements UserRepositories
52 {
53
54     @Inject
55     private SecuritySystem securitySystem;
56
57     @Inject
58     private RoleManager roleManager;
59
60     @Inject
61     private ManagedRepositoryAdmin managedRepositoryAdmin;
62
63     private Logger log = LoggerFactory.getLogger( getClass() );
64
65     public List<String> getObservableRepositoryIds( String principal )
66         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
67     {
68         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
69
70         return getAccessibleRepositoryIds( principal, operation );
71     }
72
73     public List<String> getManagableRepositoryIds( String principal )
74         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
75     {
76         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
77
78         return getAccessibleRepositoryIds( principal, operation );
79     }
80
81     private List<String> getAccessibleRepositoryIds( String principal, String operation )
82         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
83     {
84
85         List<ManagedRepository> managedRepositories = getAccessibleRepositories( principal, operation );
86         List<String> repoIds = new ArrayList<String>( managedRepositories.size() );
87         for ( ManagedRepository managedRepository : managedRepositories )
88         {
89             repoIds.add( managedRepository.getId() );
90         }
91
92         return repoIds;
93     }
94
95     public List<ManagedRepository> getAccessibleRepositories( String principal )
96         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
97     {
98         return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
99     }
100
101     private List<ManagedRepository> getAccessibleRepositories( String principal, String operation )
102         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
103     {
104         SecuritySession securitySession = createSession( principal );
105
106         List<ManagedRepository> managedRepositories = new ArrayList<ManagedRepository>();
107
108         try
109         {
110             List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();
111
112             for ( ManagedRepository repo : repos )
113             {
114                 try
115                 {
116                     String repoId = repo.getId();
117                     if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
118                     {
119                         managedRepositories.add( repo );
120                     }
121                 }
122                 catch ( AuthorizationException e )
123                 {
124                     // swallow.
125                     if ( log.isDebugEnabled() )
126                     {
127                         log.debug( "Not authorizing '{}' for repository '{}': {}",
128                                    Lists.<Object>newArrayList( principal, repo.getId(), e.getMessage() ) );
129                     }
130                 }
131             }
132
133             return managedRepositories;
134         }
135         catch ( RepositoryAdminException e )
136         {
137             throw new ArchivaSecurityException( e.getMessage(), e );
138         }
139     }
140
141     private SecuritySession createSession( String principal )
142         throws ArchivaSecurityException, AccessDeniedException
143     {
144         User user;
145         try
146         {
147             user = securitySystem.getUserManager().findUser( principal );
148             if ( user == null )
149             {
150                 throw new ArchivaSecurityException(
151                     "The security system had an internal error - please check your system logs" );
152             }
153         }
154         catch ( UserNotFoundException e )
155         {
156             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
157         }
158
159         if ( user.isLocked() )
160         {
161             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
162         }
163
164         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
165         return new DefaultSecuritySession( authn, user );
166     }
167
168     public void createMissingRepositoryRoles( String repoId )
169         throws ArchivaSecurityException
170     {
171         try
172         {
173             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
174             {
175                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
176             }
177
178             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
179             {
180                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
181             }
182         }
183         catch ( RoleManagerException e )
184         {
185             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
186                                                 e );
187         }
188     }
189
190     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
191         throws PrincipalNotFoundException, ArchivaSecurityException
192     {
193         try
194         {
195             SecuritySession securitySession = createSession( principal );
196
197             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
198                                                 repoId );
199
200         }
201         catch ( AuthorizationException e )
202         {
203             throw new ArchivaSecurityException( e.getMessage() );
204         }
205     }
206
207     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
208         throws ArchivaSecurityException
209     {
210         try
211         {
212             SecuritySession securitySession = createSession( principal );
213
214             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
215                                                 repoId );
216
217         }
218         catch ( AuthorizationException e )
219         {
220             throw new ArchivaSecurityException( e.getMessage() );
221         }
222     }
223
224     public SecuritySystem getSecuritySystem()
225     {
226         return securitySystem;
227     }
228
229     public void setSecuritySystem( SecuritySystem securitySystem )
230     {
231         this.securitySystem = securitySystem;
232     }
233
234     public RoleManager getRoleManager()
235     {
236         return roleManager;
237     }
238
239     public void setRoleManager( RoleManager roleManager )
240     {
241         this.roleManager = roleManager;
242     }
243 }