]> source.dussan.org Git - archiva.git/blob
projects / archiva.git / blob
? search:


896ade572370adc49b43fa959203497438e265ec
[archiva.git] /
1 package org.apache.archiva.redback.authorization.rbac;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import org.apache.archiva.redback.rbac.Permission;
23 import org.apache.archiva.redback.rbac.RBACManager;
24 import org.apache.archiva.redback.rbac.RbacManagerException;
25 import org.apache.archiva.redback.users.UserNotFoundException;
26 import org.apache.archiva.redback.authorization.AuthorizationDataSource;
27 import org.apache.archiva.redback.authorization.AuthorizationException;
28 import org.apache.archiva.redback.authorization.AuthorizationResult;
29 import org.apache.archiva.redback.authorization.Authorizer;
30 import org.apache.archiva.redback.authorization.NotAuthorizedException;
31 import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluationException;
32 import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluator;
33 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
34 import org.apache.archiva.redback.users.User;
35 import org.apache.archiva.redback.users.UserManager;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38 import org.springframework.stereotype.Service;
39
40 import javax.inject.Inject;
41 import javax.inject.Named;
42 import java.util.Arrays;
43 import java.util.List;
44 import java.util.Map;
45
46 /**
47  * RbacAuthorizer:
48  *
49  * @author Jesse McConnell <jmcconnell@apache.org>
50  * @version $Id$
51  */
52 @Service( "authorizer#rbac" )
53 public class RbacAuthorizer
54     implements Authorizer
55 {
56     private Logger log = LoggerFactory.getLogger( getClass() );
57
58     @Inject
59     @Named( value = "rBACManager#cached" )
60     private RBACManager manager;
61
62     @Inject
63     @Named( value = "userManager#configurable" )
64     private UserManager userManager;
65
66     @Inject
67     private PermissionEvaluator evaluator;
68
69     public String getId()
70     {
71         return "RBAC Authorizer - " + this.getClass().getName();
72     }
73
74     /**
75      * @param source
76      * @return
77      * @throws AuthorizationException
78      */
79     public AuthorizationResult isAuthorized( AuthorizationDataSource source )
80         throws AuthorizationException
81     {
82         Object principal = source.getPrincipal();
83         Object operation = source.getPermission();
84         Object resource = source.getResource();
85
86         try
87         {
88             if ( principal != null )
89             {
90                 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
91                 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( principal.toString() );
92
93                 if ( permissionMap.keySet().contains( operation.toString() ) )
94                 {
95                     for ( Permission permission : permissionMap.get( operation.toString() ) )
96                     {
97                         if ( log.isDebugEnabled() )
98                         {
99                             log.debug( "checking permission {} for operation {} resource {}",
100                                        Arrays.asList( permission != null ? permission.getName() : "null", operation,
101                                                       resource ).toArray() );
102                         }
103                         if ( evaluator.evaluate( permission, operation, resource, principal ) )
104                         {
105                             return new AuthorizationResult( true, permission, null );
106                         }
107                     }
108
109                     log.debug( "no permission found for operation {} resource {}", operation.toString(), resource );
110                 }
111                 else
112                 {
113                     log.debug( "permission map does not contain operation: {}", operation.toString() );
114                 }
115             }
116             // check if guest user is enabled, if so check the global permissions
117             User guest = userManager.getGuestUser();
118
119             if ( !guest.isLocked() )
120             {
121                 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
122                 Map<String, List<Permission>> permissionMap =
123                     manager.getAssignedPermissionMap( guest.getPrincipal().toString() );
124
125                 if ( permissionMap.keySet().contains( operation.toString() ) )
126                 {
127                     for ( Permission permission : permissionMap.get( operation.toString() ) )
128                     {
129                         log.debug( "checking permission {}", permission.getName() );
130
131                         if ( evaluator.evaluate( permission, operation, resource, guest.getPrincipal() ) )
132                         {
133                             return new AuthorizationResult( true, permission, null );
134                         }
135                     }
136                 }
137             }
138
139             return new AuthorizationResult( false, null, new NotAuthorizedException( "no matching permissions" ) );
140         }
141         catch ( PermissionEvaluationException pe )
142         {
143             return new AuthorizationResult( false, null, pe );
144         }
145         catch ( RbacObjectNotFoundException nfe )
146         {
147             return new AuthorizationResult( false, null, nfe );
148         }
149         catch ( UserNotFoundException ne )
150         {
151             return new AuthorizationResult( false, null,
152                                             new NotAuthorizedException( "no matching permissions, guest not found" ) );
153         }
154         catch ( RbacManagerException rme )
155         {
156             return new AuthorizationResult( false, null, rme );
157         }
158     }
159
160     public RBACManager getManager()
161     {
162         return manager;
163     }
164
165     public void setManager( RBACManager manager )
166     {
167         this.manager = manager;
168     }
169
170     public UserManager getUserManager()
171     {
172         return userManager;
173     }
174
175     public void setUserManager( UserManager userManager )
176     {
177         this.userManager = userManager;
178     }
179
180     public PermissionEvaluator getEvaluator()
181     {
182         return evaluator;
183     }
184
185     public void setEvaluator( PermissionEvaluator evaluator )
186     {
187         this.evaluator = evaluator;
188     }
189 }
Apache Archiva Repository: https://github.com/apache/archiva