source.dussan.org Git - archiva.git/blob

   1 package org.apache.maven.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import java.util.ArrayList;
  23 import java.util.List;
  24
  25 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  26 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
  27 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  28 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  29 import org.codehaus.plexus.redback.role.RoleManager;
  30 import org.codehaus.plexus.redback.role.RoleManagerException;
  31 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
  32 import org.codehaus.plexus.redback.system.SecuritySession;
  33 import org.codehaus.plexus.redback.system.SecuritySystem;
  34 import org.codehaus.plexus.redback.users.User;
  35 import org.codehaus.plexus.redback.users.UserNotFoundException;
  36 import org.slf4j.Logger;
  37 import org.slf4j.LoggerFactory;
  38 import org.springframework.stereotype.Service;
  39
  40 import javax.inject.Inject;
  41
  42 /**
  43  * DefaultUserRepositories
  44  *
  45  * @version $Id$
  46  * plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
  47  */
  48 @Service("userRepositories")
  49 public class DefaultUserRepositories
  50     implements UserRepositories
  51 {
  52     /**
  53      * plexus.requirement
  54      */
  55     @Inject
  56     private SecuritySystem securitySystem;
  57
  58     /**
  59      * plexus.requirement role-hint="default"
  60      */
  61     @Inject
  62     private RoleManager roleManager;
  63
  64     /**
  65      * plexus.requirement
  66      */
  67     @Inject
  68     private ArchivaConfiguration archivaConfiguration;
  69
  70     private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
  71
  72     public List<String> getObservableRepositoryIds( String principal )
  73         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  74     {
  75         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  76
  77         return getAccessibleRepositoryIds( principal, operation );
  78     }
  79
  80     public List<String> getManagableRepositoryIds( String principal )
  81         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  82     {
  83         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  84
  85         return getAccessibleRepositoryIds( principal, operation );
  86     }
  87
  88     private List<String> getAccessibleRepositoryIds( String principal, String operation )
  89         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  90     {
  91         SecuritySession securitySession = createSession( principal );
  92
  93         List<String> repoIds = new ArrayList<String>();
  94
  95         List<ManagedRepositoryConfiguration> repos =
  96             archivaConfiguration.getConfiguration().getManagedRepositories();
  97
  98         for ( ManagedRepositoryConfiguration repo : repos )
  99         {
 100             try
 101             {
 102                 String repoId = repo.getId();
 103                 if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
 104                 {
 105                     repoIds.add( repoId );
 106                 }
 107             }
 108             catch ( AuthorizationException e )
 109             {
 110                 // swallow.
 111                 log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': "
 112                     + e.getMessage() );
 113             }
 114         }
 115
 116         return repoIds;
 117     }
 118
 119     private SecuritySession createSession( String principal )
 120         throws ArchivaSecurityException, AccessDeniedException
 121     {
 122         User user;
 123         try
 124         {
 125             user = securitySystem.getUserManager().findUser( principal );
 126             if ( user == null )
 127             {
 128                 throw new ArchivaSecurityException(
 129                     "The security system had an internal error - please check your system logs" );
 130             }
 131         }
 132         catch ( UserNotFoundException e )
 133         {
 134             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
 135         }
 136
 137         if ( user.isLocked() )
 138         {
 139             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 140         }
 141
 142         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 143         return new DefaultSecuritySession( authn, user );
 144     }
 145
 146     public void createMissingRepositoryRoles( String repoId )
 147         throws ArchivaSecurityException
 148     {
 149         try
 150         {
 151             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 152             {
 153                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 154             }
 155
 156             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 157             {
 158                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 159             }
 160         }
 161         catch ( RoleManagerException e )
 162         {
 163             throw new ArchivaSecurityException(
 164                                                 "Unable to create roles for configured repositories: " + e.getMessage(),
 165                                                 e );
 166         }
 167     }
 168
 169     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 170         throws PrincipalNotFoundException, ArchivaSecurityException
 171     {
 172         try
 173         {
 174             SecuritySession securitySession = createSession( principal );
 175
 176             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 177                                                 repoId );
 178
 179         }
 180         catch ( AuthorizationException e )
 181         {
 182             throw new ArchivaSecurityException( e.getMessage() );
 183         }
 184     }
 185
 186     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 187         throws AccessDeniedException, ArchivaSecurityException
 188     {
 189         try
 190         {
 191             SecuritySession securitySession = createSession( principal );
 192
 193             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
 194                                                 repoId );
 195
 196         }
 197         catch ( AuthorizationException e )
 198         {
 199             throw new ArchivaSecurityException( e.getMessage() );
 200         }
 201     }
 202
 203     public SecuritySystem getSecuritySystem()
 204     {
 205         return securitySystem;
 206     }
 207
 208     public void setSecuritySystem( SecuritySystem securitySystem )
 209     {
 210         this.securitySystem = securitySystem;
 211     }
 212
 213     public RoleManager getRoleManager()
 214     {
 215         return roleManager;
 216     }
 217
 218     public void setRoleManager( RoleManager roleManager )
 219     {
 220         this.roleManager = roleManager;
 221     }
 222
 223     public ArchivaConfiguration getArchivaConfiguration()
 224     {
 225         return archivaConfiguration;
 226     }
 227
 228     public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration )
 229     {
 230         this.archivaConfiguration = archivaConfiguration;
 231     }
 232 }