source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.web.security;
   2 /*
   3  * Licensed to the Apache Software Foundation (ASF) under one
   4  * or more contributor license agreements.  See the NOTICE file
   5  * distributed with this work for additional information
   6  * regarding copyright ownership.  The ASF licenses this file
   7  * to you under the Apache License, Version 2.0 (the
   8  * "License"); you may not use this file except in compliance
   9  * with the License.  You may obtain a copy of the License at
  10  *
  11  * http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing,
  14  * software distributed under the License is distributed on an
  15  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  16  * KIND, either express or implied.  See the License for the
  17  * specific language governing permissions and limitations
  18  * under the License.
  19  */
  20
  21 import org.apache.archiva.admin.model.RepositoryAdminException;
  22 import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
  23 import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
  24 import org.apache.archiva.redback.rbac.RBACManager;
  25 import org.apache.archiva.redback.rbac.RbacManagerException;
  26 import org.apache.archiva.redback.rbac.UserAssignment;
  27 import org.apache.archiva.redback.system.check.EnvironmentCheck;
  28 import org.apache.archiva.redback.users.User;
  29 import org.apache.archiva.redback.users.UserManager;
  30 import org.apache.archiva.redback.users.UserManagerException;
  31 import org.apache.archiva.redback.users.UserNotFoundException;
  32 import org.slf4j.Logger;
  33 import org.slf4j.LoggerFactory;
  34 import org.springframework.context.ApplicationContext;
  35 import org.springframework.stereotype.Service;
  36
  37 import javax.annotation.PostConstruct;
  38 import javax.inject.Inject;
  39 import javax.inject.Named;
  40 import java.util.ArrayList;
  41 import java.util.List;
  42
  43 /**
  44  * @author Olivier Lamy
  45  */
  46 @Service( "environmentCheck#archiva-locked-admin-check" )
  47 public class ArchivaLockedAdminEnvironmentCheck
  48     implements EnvironmentCheck
  49 {
  50
  51     protected Logger log = LoggerFactory.getLogger( getClass() );
  52
  53
  54     @Inject
  55     @Named( value = "rbacManager#cached" )
  56     private RBACManager rbacManager;
  57
  58     /**
  59      * boolean detailing if this environment check has been executed
  60      */
  61     private boolean checked = false;
  62
  63     @Inject
  64     private ApplicationContext applicationContext;
  65
  66     @Inject
  67     private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
  68
  69     private List<UserManager> userManagers;
  70
  71     @PostConstruct
  72     protected void initialize()
  73         throws RepositoryAdminException
  74     {
  75         List<String> userManagerImpls =
  76             redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
  77
  78         userManagers = new ArrayList<>( userManagerImpls.size() );
  79
  80         for ( String beanId : userManagerImpls )
  81         {
  82             userManagers.add( applicationContext.getBean( "userManager#" + beanId, UserManager.class ) );
  83         }
  84     }
  85
  86     /**
  87      * This environment check will unlock system administrator accounts that are locked on the restart of the
  88      * application when the environment checks are processed.
  89      *
  90      * @param violations
  91      */
  92     @Override
  93     public void validateEnvironment( List<String> violations )
  94     {
  95         if ( !checked )
  96         {
  97
  98             for ( UserManager userManager : userManagers )
  99             {
 100                 if ( userManager.isReadOnly() )
 101                 {
 102                     continue;
 103                 }
 104                 List<String> roles = new ArrayList<>();
 105                 roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
 106
 107                 List<UserAssignment> systemAdminstrators;
 108                 try
 109                 {
 110                     systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
 111
 112                     for ( UserAssignment userAssignment : systemAdminstrators )
 113                     {
 114                         try
 115                         {
 116                             User admin = userManager.findUser( userAssignment.getPrincipal() );
 117
 118                             if ( admin.isLocked() )
 119                             {
 120                                 log.info( "Unlocking system administrator: {}", admin.getUsername() );
 121                                 admin.setLocked( false );
 122                                 userManager.updateUser( admin );
 123                             }
 124                         }
 125                         catch ( UserNotFoundException ne )
 126                         {
 127                             log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
 128                         }
 129                         catch ( UserManagerException e )
 130                         {
 131                             log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
 132                                       e.getMessage() );
 133                         }
 134                     }
 135                 }
 136                 catch ( RbacManagerException e )
 137                 {
 138                     log.warn( "Exception when checking for locked admin user: {}", e.getMessage(), e );
 139                 }
 140
 141                 checked = true;
 142             }
 143
 144         }
 145
 146     }
 147 }