1 package org.apache.archiva.web.startup;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import org.apache.archiva.common.ArchivaException;
23 import org.apache.archiva.configuration.ArchivaConfiguration;
24 import org.apache.archiva.configuration.ConfigurationNames;
25 import org.apache.archiva.configuration.ManagedRepositoryConfiguration;
26 import org.apache.archiva.components.registry.RegistryListener;
27 import org.apache.archiva.redback.rbac.RBACManager;
28 import org.apache.archiva.redback.rbac.RbacManagerException;
29 import org.apache.archiva.redback.rbac.UserAssignment;
30 import org.apache.archiva.redback.role.RoleManager;
31 import org.apache.archiva.redback.role.RoleManagerException;
32 import org.apache.archiva.redback.system.check.EnvironmentCheck;
33 import org.apache.archiva.redback.users.UserManager;
34 import org.apache.archiva.security.common.ArchivaRoleConstants;
35 import org.apache.commons.collections4.CollectionUtils;
36 import org.apache.commons.lang3.StringUtils;
37 import org.apache.commons.lang3.time.StopWatch;
38 import org.slf4j.Logger;
39 import org.slf4j.LoggerFactory;
40 import org.springframework.context.ApplicationContext;
41 import org.springframework.stereotype.Service;
43 import javax.annotation.PostConstruct;
44 import javax.inject.Inject;
45 import javax.inject.Named;
46 import java.util.ArrayList;
47 import java.util.HashMap;
48 import java.util.List;
50 import java.util.Map.Entry;
53 * ConfigurationSynchronization
56 public class SecuritySynchronization
57 implements RegistryListener
59 private Logger log = LoggerFactory.getLogger( SecuritySynchronization.class );
62 private RoleManager roleManager;
65 @Named(value = "rbacManager#cached")
66 private RBACManager rbacManager;
68 private Map<String, EnvironmentCheck> checkers;
71 private ArchivaConfiguration archivaConfiguration;
74 private ApplicationContext applicationContext;
77 public void initialize()
79 checkers = getBeansOfType( EnvironmentCheck.class );
82 protected <T> Map<String, T> getBeansOfType( Class<T> clazz )
84 //TODO do some caching here !!!
85 // olamy : with plexus we get only roleHint
86 // as per convention we named spring bean role#hint remove role# if exists
87 Map<String, T> springBeans = applicationContext.getBeansOfType( clazz );
89 Map<String, T> beans = new HashMap<>( springBeans.size() );
91 for ( Entry<String, T> entry : springBeans.entrySet() )
93 String key = StringUtils.substringAfterLast( entry.getKey(), "#" );
94 beans.put( key, entry.getValue() );
100 public void afterConfigurationChange( org.apache.archiva.components.registry.Registry registry,
101 String propertyName, Object propertyValue )
103 if ( ConfigurationNames.isManagedRepositories( propertyName ) && propertyName.endsWith( ".id" ) )
105 if ( propertyValue != null )
107 syncRepoConfiguration( (String) propertyValue );
113 public void beforeConfigurationChange( org.apache.archiva.components.registry.Registry registry,
114 String propertyName, Object propertyValue )
119 private void synchConfiguration( List<ManagedRepositoryConfiguration> repos )
121 // NOTE: Remote Repositories do not have roles or security placed around them.
123 for ( ManagedRepositoryConfiguration repoConfig : repos )
125 syncRepoConfiguration( repoConfig.getId() );
129 private void syncRepoConfiguration( String id )
131 // manage roles for repositories
134 if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, id ) )
136 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, id );
140 roleManager.verifyTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, id );
143 if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, id ) )
145 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, id );
149 roleManager.verifyTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, id );
152 catch ( RoleManagerException e )
155 log.error( "Unable to create roles for configured repositories: {}", e.getMessage(), e );
159 public void startup()
160 throws ArchivaException
162 executeEnvironmentChecks();
164 synchConfiguration( archivaConfiguration.getConfiguration().getManagedRepositories() );
165 archivaConfiguration.addChangeListener( this );
167 if ( archivaConfiguration.isDefaulted() )
169 assignRepositoryObserverToGuestUser( archivaConfiguration.getConfiguration().getManagedRepositories() );
173 private void executeEnvironmentChecks()
174 throws ArchivaException
176 if ( ( checkers == null ) || CollectionUtils.isEmpty( checkers.values() ) )
178 throw new ArchivaException(
179 "Unable to initialize the Redback Security Environment, " + "no Environment Check components found." );
182 StopWatch stopWatch = new StopWatch();
186 List<String> violations = new ArrayList<>();
188 for ( Entry<String, EnvironmentCheck> entry : checkers.entrySet() )
190 EnvironmentCheck check = entry.getValue();
191 List<String> v = new ArrayList<>();
192 check.validateEnvironment( v );
193 log.info( "Environment Check: {} -> {} violation(s)", entry.getKey(), v.size() );
196 violations.add( "[" + entry.getKey() + "] " + s );
200 if ( CollectionUtils.isNotEmpty( violations ) )
202 StringBuilder msg = new StringBuilder();
203 msg.append( "EnvironmentCheck Failure.\n" );
204 msg.append( "======================================================================\n" );
205 msg.append( " ENVIRONMENT FAILURE !! \n" );
208 for ( String violation : violations )
210 msg.append( violation ).append( "\n" );
214 msg.append( "======================================================================" );
215 log.error( msg.toString() );
217 throw new ArchivaException( "Unable to initialize Redback Security Environment, [" + violations.size()
218 + "] violation(s) encountered, See log for details." );
222 log.info( "time to execute all EnvironmentCheck: {} ms", stopWatch.getTime() );
226 private void assignRepositoryObserverToGuestUser( List<ManagedRepositoryConfiguration> repos )
228 for ( ManagedRepositoryConfiguration repoConfig : repos )
230 String repoId = repoConfig.getId();
232 String principal = UserManager.GUEST_USERNAME;
238 if ( rbacManager.userAssignmentExists( principal ) )
240 ua = rbacManager.getUserAssignment( principal );
244 ua = rbacManager.createUserAssignment( principal );
247 ua.addRoleName( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) );
248 rbacManager.saveUserAssignment( ua );
250 catch ( RbacManagerException e )
252 log.warn( "Unable to add role [{}] to {} user.", ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ), principal, e );