source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.admin.model.RepositoryAdminException;
  23 import org.apache.archiva.admin.model.beans.ManagedRepository;
  24 import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
  25 import org.apache.archiva.redback.authentication.AuthenticationResult;
  26 import org.apache.archiva.redback.authorization.AuthorizationException;
  27 import org.apache.archiva.redback.role.RoleManager;
  28 import org.apache.archiva.redback.role.RoleManagerException;
  29 import org.apache.archiva.redback.system.DefaultSecuritySession;
  30 import org.apache.archiva.redback.system.SecuritySession;
  31 import org.apache.archiva.redback.system.SecuritySystem;
  32 import org.apache.archiva.redback.users.User;
  33 import org.apache.archiva.redback.users.UserManagerException;
  34 import org.apache.archiva.redback.users.UserNotFoundException;
  35 import org.apache.archiva.security.common.ArchivaRoleConstants;
  36 import org.slf4j.Logger;
  37 import org.slf4j.LoggerFactory;
  38 import org.springframework.stereotype.Service;
  39
  40 import javax.inject.Inject;
  41 import java.util.ArrayList;
  42 import java.util.List;
  43
  44 /**
  45  * DefaultUserRepositories
  46  */
  47 @Service( "userRepositories" )
  48 public class DefaultUserRepositories
  49     implements UserRepositories
  50 {
  51
  52     @Inject
  53     private SecuritySystem securitySystem;
  54
  55     @Inject
  56     private RoleManager roleManager;
  57
  58     @Inject
  59     private ManagedRepositoryAdmin managedRepositoryAdmin;
  60
  61     private Logger log = LoggerFactory.getLogger( getClass() );
  62
  63     @Override
  64     public List<String> getObservableRepositoryIds( String principal )
  65         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  66     {
  67         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  68
  69         return getAccessibleRepositoryIds( principal, operation );
  70     }
  71
  72     @Override
  73     public List<String> getManagableRepositoryIds( String principal )
  74         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  75     {
  76         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  77
  78         return getAccessibleRepositoryIds( principal, operation );
  79     }
  80
  81     private List<String> getAccessibleRepositoryIds( String principal, String operation )
  82         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  83     {
  84
  85         List<ManagedRepository> managedRepositories = getAccessibleRepositories( principal, operation );
  86         List<String> repoIds = new ArrayList<>( managedRepositories.size() );
  87         for ( ManagedRepository managedRepository : managedRepositories )
  88         {
  89             repoIds.add( managedRepository.getId() );
  90         }
  91
  92         return repoIds;
  93     }
  94
  95     @Override
  96     public List<ManagedRepository> getAccessibleRepositories( String principal )
  97         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  98     {
  99         return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
 100     }
 101
 102     private List<ManagedRepository> getAccessibleRepositories( String principal, String operation )
 103         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
 104     {
 105         SecuritySession securitySession = createSession( principal );
 106
 107         List<ManagedRepository> managedRepositories = new ArrayList<>();
 108
 109         try
 110         {
 111             List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();
 112
 113             for ( ManagedRepository repo : repos )
 114             {
 115                 try
 116                 {
 117                     String repoId = repo.getId();
 118                     if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
 119                     {
 120                         managedRepositories.add( repo );
 121                     }
 122                 }
 123                 catch ( AuthorizationException e )
 124                 {
 125                     // swallow.
 126
 127                     log.debug( "Not authorizing '{}' for repository '{}': {}", principal, repo.getId(),
 128                                e.getMessage() );
 129
 130                 }
 131             }
 132
 133             return managedRepositories;
 134         }
 135         catch ( RepositoryAdminException e )
 136         {
 137             throw new ArchivaSecurityException( e.getMessage(), e );
 138         }
 139     }
 140
 141     private SecuritySession createSession( String principal )
 142         throws ArchivaSecurityException, AccessDeniedException
 143     {
 144         User user;
 145         try
 146         {
 147             user = securitySystem.getUserManager().findUser( principal );
 148             if ( user == null )
 149             {
 150                 throw new ArchivaSecurityException(
 151                     "The security system had an internal error - please check your system logs" );
 152             }
 153         }
 154         catch ( UserNotFoundException e )
 155         {
 156             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "", e );
 157         }
 158         catch ( UserManagerException e )
 159         {
 160             throw new ArchivaSecurityException( e.getMessage(), e );
 161         }
 162
 163         if ( user.isLocked() )
 164         {
 165             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 166         }
 167
 168         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 169         authn.setUser( user );
 170         return new DefaultSecuritySession( authn, user );
 171     }
 172
 173     @Override
 174     public void createMissingRepositoryRoles( String repoId )
 175         throws ArchivaSecurityException
 176     {
 177         try
 178         {
 179             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 180             {
 181                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 182             }
 183
 184             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 185             {
 186                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 187             }
 188         }
 189         catch ( RoleManagerException e )
 190         {
 191             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
 192                                                 e );
 193         }
 194     }
 195
 196     @Override
 197     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 198         throws PrincipalNotFoundException, ArchivaSecurityException
 199     {
 200         try
 201         {
 202             SecuritySession securitySession = createSession( principal );
 203
 204             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 205                                                 repoId );
 206
 207         }
 208         catch ( AuthorizationException e )
 209         {
 210             throw new ArchivaSecurityException( e.getMessage(), e);
 211         }
 212     }
 213
 214     @Override
 215     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 216         throws ArchivaSecurityException
 217     {
 218         try
 219         {
 220             SecuritySession securitySession = createSession( principal );
 221
 222             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
 223                                                 repoId );
 224
 225         }
 226         catch ( AuthorizationException e )
 227         {
 228             throw new ArchivaSecurityException( e.getMessage(), e);
 229         }
 230     }
 231
 232     public SecuritySystem getSecuritySystem()
 233     {
 234         return securitySystem;
 235     }
 236
 237     public void setSecuritySystem( SecuritySystem securitySystem )
 238     {
 239         this.securitySystem = securitySystem;
 240     }
 241
 242     public RoleManager getRoleManager()
 243     {
 244         return roleManager;
 245     }
 246
 247     public void setRoleManager( RoleManager roleManager )
 248     {
 249         this.roleManager = roleManager;
 250     }
 251 }