source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.web.security;
   2 /*
   3  * Licensed to the Apache Software Foundation (ASF) under one
   4  * or more contributor license agreements.  See the NOTICE file
   5  * distributed with this work for additional information
   6  * regarding copyright ownership.  The ASF licenses this file
   7  * to you under the Apache License, Version 2.0 (the
   8  * "License"); you may not use this file except in compliance
   9  * with the License.  You may obtain a copy of the License at
  10  *
  11  * http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing,
  14  * software distributed under the License is distributed on an
  15  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  16  * KIND, either express or implied.  See the License for the
  17  * specific language governing permissions and limitations
  18  * under the License.
  19  */
  20
  21 import org.apache.archiva.admin.model.RepositoryAdminException;
  22 import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
  23 import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
  24 import org.apache.archiva.redback.rbac.RBACManager;
  25 import org.apache.archiva.redback.rbac.RbacManagerException;
  26 import org.apache.archiva.redback.rbac.UserAssignment;
  27 import org.apache.archiva.redback.system.check.EnvironmentCheck;
  28 import org.apache.archiva.redback.users.User;
  29 import org.apache.archiva.redback.users.UserManager;
  30 import org.apache.archiva.redback.users.UserManagerException;
  31 import org.apache.archiva.redback.users.UserNotFoundException;
  32 import org.apache.commons.lang3.StringUtils;
  33 import org.slf4j.Logger;
  34 import org.slf4j.LoggerFactory;
  35 import org.springframework.context.ApplicationContext;
  36 import org.springframework.stereotype.Service;
  37
  38 import javax.annotation.PostConstruct;
  39 import javax.inject.Inject;
  40 import javax.inject.Named;
  41 import java.util.ArrayList;
  42 import java.util.List;
  43
  44 /**
  45  * @author Olivier Lamy
  46  */
  47 @Service( "environmentCheck#archiva-locked-admin-check" )
  48 public class ArchivaLockedAdminEnvironmentCheck
  49     implements EnvironmentCheck
  50 {
  51
  52     protected Logger log = LoggerFactory.getLogger( getClass() );
  53
  54
  55     @Inject
  56     @Named( value = "rbacManager#cached" )
  57     private RBACManager rbacManager;
  58
  59     /**
  60      * boolean detailing if this environment check has been executed
  61      */
  62     private boolean checked = false;
  63
  64     @Inject
  65     private ApplicationContext applicationContext;
  66
  67     @Inject
  68     private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
  69
  70     private List<UserManager> userManagers;
  71
  72     @PostConstruct
  73     protected void initialize()
  74         throws RepositoryAdminException
  75     {
  76         List<String> userManagerImpls =
  77             redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
  78
  79         List<String> updated = new ArrayList<>(  );
  80         userManagers = new ArrayList<>( userManagerImpls.size() );
  81
  82         for ( String beanId : userManagerImpls )
  83         {
  84             // for migration purpose to help users
  85             if ( StringUtils.equalsIgnoreCase( beanId, "jdo" ))
  86             {
  87                 log.info( "jdo is not anymore supported we auto update to jpa" );
  88                 beanId = "jpa";
  89             }
  90             updated.add( beanId );
  91             userManagers.add( applicationContext.getBean( "userManager#" + beanId, UserManager.class ) );
  92         }
  93         redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().setUserManagerImpls( updated );
  94     }
  95
  96     /**
  97      * This environment check will unlock system administrator accounts that are locked on the restart of the
  98      * application when the environment checks are processed.
  99      *
 100      * @param violations
 101      */
 102     @Override
 103     public void validateEnvironment( List<String> violations )
 104     {
 105         if ( !checked )
 106         {
 107
 108             for ( UserManager userManager : userManagers )
 109             {
 110                 if ( userManager.isReadOnly() )
 111                 {
 112                     continue;
 113                 }
 114                 List<String> roles = new ArrayList<>();
 115                 roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
 116
 117                 List<? extends UserAssignment> systemAdminstrators;
 118                 try
 119                 {
 120                     systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
 121
 122                     for ( UserAssignment userAssignment : systemAdminstrators )
 123                     {
 124                         try
 125                         {
 126                             User admin = userManager.findUser( userAssignment.getPrincipal() );
 127
 128                             if ( admin.isLocked() )
 129                             {
 130                                 log.info( "Unlocking system administrator: {}", admin.getUsername() );
 131                                 admin.setLocked( false );
 132                                 userManager.updateUser( admin );
 133                             }
 134                         }
 135                         catch ( UserNotFoundException ne )
 136                         {
 137                             log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
 138                         }
 139                         catch ( UserManagerException e )
 140                         {
 141                             log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
 142                                       e.getMessage() );
 143                         }
 144                     }
 145                 }
 146                 catch ( RbacManagerException e )
 147                 {
 148                     log.warn( "Exception when checking for locked admin user: {}", e.getMessage(), e );
 149                 }
 150
 151                 checked = true;
 152             }
 153
 154         }
 155
 156     }
 157 }