source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.rest.api.services.v2;/*
   2  * Licensed to the Apache Software Foundation (ASF) under one
   3  * or more contributor license agreements.  See the NOTICE file
   4  * distributed with this work for additional information
   5  * regarding copyright ownership.  The ASF licenses this file
   6  * to you under the Apache License, Version 2.0 (the
   7  * "License"); you may not use this file except in compliance
   8  * with the License.  You may obtain a copy of the License at
   9  *
  10  * http://www.apache.org/licenses/LICENSE-2.0
  11  * Unless required by applicable law or agreed to in writing,
  12  * software distributed under the License is distributed on an
  13  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  14  * KIND, either express or implied.  See the License for the
  15  * specific language governing permissions and limitations
  16  * under the License.
  17  */
  18
  19 import io.swagger.v3.oas.annotations.Operation;
  20 import io.swagger.v3.oas.annotations.Parameter;
  21 import io.swagger.v3.oas.annotations.Parameters;
  22 import io.swagger.v3.oas.annotations.enums.ParameterIn;
  23 import io.swagger.v3.oas.annotations.media.ArraySchema;
  24 import io.swagger.v3.oas.annotations.media.Content;
  25 import io.swagger.v3.oas.annotations.media.Schema;
  26 import io.swagger.v3.oas.annotations.parameters.RequestBody;
  27 import io.swagger.v3.oas.annotations.responses.ApiResponse;
  28 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
  29 import io.swagger.v3.oas.annotations.tags.Tag;
  30 import org.apache.archiva.components.rest.model.PagedResult;
  31 import org.apache.archiva.components.rest.model.PropertyEntry;
  32 import org.apache.archiva.redback.authorization.RedbackAuthorization;
  33 import org.apache.archiva.rest.api.model.v2.BeanInformation;
  34 import org.apache.archiva.rest.api.model.v2.CacheConfiguration;
  35 import org.apache.archiva.rest.api.model.v2.LdapConfiguration;
  36 import org.apache.archiva.rest.api.model.v2.SecurityConfiguration;
  37 import org.apache.archiva.security.common.ArchivaRoleConstants;
  38
  39 import javax.ws.rs.Consumes;
  40 import javax.ws.rs.DefaultValue;
  41 import javax.ws.rs.GET;
  42 import javax.ws.rs.POST;
  43 import javax.ws.rs.PUT;
  44 import javax.ws.rs.Path;
  45 import javax.ws.rs.PathParam;
  46 import javax.ws.rs.Produces;
  47 import javax.ws.rs.QueryParam;
  48 import javax.ws.rs.core.MediaType;
  49 import javax.ws.rs.core.Response;
  50 import java.util.List;
  51
  52 import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
  53 import static org.apache.archiva.rest.api.services.v2.Configuration.DEFAULT_PAGE_LIMIT;
  54
  55 /**
  56  *
  57  * Service for configuration of redback and security related settings.
  58  *
  59  * @author Martin Stockhammer <martin_s@apache.org>
  60  * @since 3.0
  61  */
  62 @Path( "/security" )
  63 @Tag(name = "v2")
  64 @Tag(name = "v2/Security")
  65 @SecurityRequirement(name = "BearerAuth")
  66 public interface SecurityConfigurationService
  67 {
  68     @Path("config")
  69     @GET
  70     @Produces({ APPLICATION_JSON })
  71     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
  72     @Operation( summary = "Returns the security configuration that is currently active.",
  73         security = {
  74             @SecurityRequirement(
  75                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
  76             )
  77         },
  78         responses = {
  79             @ApiResponse( responseCode = "200",
  80                 description = "If the configuration could be retrieved",
  81                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = SecurityConfiguration.class))
  82             ),
  83             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
  84                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
  85         }
  86     )
  87     SecurityConfiguration getConfiguration()
  88         throws ArchivaRestServiceException;
  89
  90     @Path("config")
  91     @PUT
  92     @Consumes({ APPLICATION_JSON })
  93     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
  94     @Operation( summary = "Updates the security configuration.",
  95         security = {
  96             @SecurityRequirement(
  97                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
  98             )
  99         },
 100         responses = {
 101             @ApiResponse( responseCode = "200",
 102                 description = "If the configuration was updated"
 103             ),
 104             @ApiResponse( responseCode = "422", description = "Invalid content data",
 105                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) ),
 106             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to update the configuration",
 107                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 108         }
 109     )
 110     SecurityConfiguration updateConfiguration( SecurityConfiguration newConfiguration)
 111         throws ArchivaRestServiceException;
 112
 113
 114     @Path( "config/properties" )
 115     @GET
 116     @Produces( { APPLICATION_JSON } )
 117     @RedbackAuthorization( permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION )
 118     @Operation( summary = "Returns all configuration properties. The result is paged.",
 119         parameters = {
 120             @Parameter(name = "q", description = "Search term"),
 121             @Parameter(name = "offset", description = "The offset of the first element returned"),
 122             @Parameter(name = "limit", description = "Maximum number of items to return in the response"),
 123             @Parameter(name = "orderBy", description = "List of attribute used for sorting (key, value)"),
 124             @Parameter(name = "order", description = "The sort order. Either ascending (asc) or descending (desc)")
 125         },
 126         security = {
 127             @SecurityRequirement(
 128                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 129             )
 130         },
 131         responses = {
 132             @ApiResponse( responseCode = "200",
 133                 description = "If the list could be returned",
 134                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = PagedResult.class))
 135             ),
 136             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
 137                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 138         }
 139     )
 140     PagedResult<PropertyEntry> getConfigurationProperties( @QueryParam("q") @DefaultValue( "" ) String searchTerm,
 141                                                            @QueryParam( "offset" ) @DefaultValue( "0" ) Integer offset,
 142                                                            @QueryParam( "limit" ) @DefaultValue( value = DEFAULT_PAGE_LIMIT ) Integer limit,
 143                                                            @QueryParam( "orderBy") @DefaultValue( "key" ) List<String> orderBy,
 144                                                            @QueryParam("order") @DefaultValue( "asc" ) String order ) throws ArchivaRestServiceException;
 145
 146     @Path("config/properties/{propertyName}")
 147     @GET
 148     @Produces({ APPLICATION_JSON })
 149     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 150     @Operation( summary = "Returns a single configuration property value.",
 151         security = {
 152             @SecurityRequirement(
 153                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 154             )
 155         },
 156         parameters = {
 157             @Parameter(in = ParameterIn.PATH, name="propertyName", description = "The name of the property to get the value for")
 158         },
 159         responses = {
 160             @ApiResponse( responseCode = "200",
 161                 description = "If the configuration could be retrieved",
 162                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = PropertyEntry.class))
 163             ),
 164             @ApiResponse( responseCode = "404", description = "The given property name does not exist",
 165                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) ),
 166             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
 167                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 168         }
 169     )
 170     PropertyEntry getConfigurationProperty( @PathParam ( "propertyName" )  String propertyName)
 171         throws ArchivaRestServiceException;
 172
 173
 174     @Path("config/properties/{propertyName}")
 175     @PUT
 176     @Consumes({ APPLICATION_JSON})
 177     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 178     @Operation( summary = "Updates a single property value of the security configuration.",
 179         security = {
 180             @SecurityRequirement(
 181                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 182             )
 183         },
 184         parameters = {
 185             @Parameter(in = ParameterIn.PATH, name="propertyName", description = "The name of the property to update")
 186         },
 187         responses = {
 188             @ApiResponse( responseCode = "200",
 189                 description = "If the property value was updated."
 190             ),
 191             @ApiResponse( responseCode = "400", description = "The body data is not valid",
 192                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) ),
 193             @ApiResponse( responseCode = "404", description = "The given property name does not exist",
 194                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) ),
 195             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
 196                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 197         }
 198     )
 199     Response updateConfigurationProperty( @PathParam ( "propertyName" )  String propertyName, PropertyEntry propertyValue)
 200         throws ArchivaRestServiceException;
 201
 202
 203     @Path("config/ldap")
 204     @GET
 205     @Produces({ APPLICATION_JSON })
 206     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 207     @Operation( summary = "Returns the LDAP configuration that is currently active.",
 208         security = {
 209             @SecurityRequirement(
 210                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 211             )
 212         },
 213         responses = {
 214             @ApiResponse( responseCode = "200",
 215                 description = "If the configuration could be retrieved",
 216                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = LdapConfiguration.class))
 217             ),
 218             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
 219                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 220         }
 221     )
 222     LdapConfiguration getLdapConfiguration( ) throws ArchivaRestServiceException;
 223
 224     @Path("config/ldap")
 225     @PUT
 226     @Consumes({ APPLICATION_JSON })
 227     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 228     @Operation( summary = "Updates the LDAP configuration that is currently active.",
 229         security = {
 230             @SecurityRequirement(
 231                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 232             )
 233         },
 234         responses = {
 235             @ApiResponse( responseCode = "200",
 236                 description = "If the configuration was updated"
 237             ),
 238             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to update the information",
 239                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 240         }
 241     )
 242     LdapConfiguration updateLdapConfiguration( LdapConfiguration configuration ) throws ArchivaRestServiceException;
 243
 244     @Path("config/ldap/verify")
 245     @POST
 246     @Consumes({ APPLICATION_JSON })
 247     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 248     @Operation( summary = "Checks the given LDAP configuration.",
 249         security = {
 250             @SecurityRequirement(
 251                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 252             )
 253         },
 254         responses = {
 255             @ApiResponse( responseCode = "200",
 256                 description = "If the check was successful"
 257             ),
 258             @ApiResponse( responseCode = "400",
 259                 description = "If the check was not successful",
 260                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class ))
 261             ),
 262             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to update the information",
 263                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 264         }
 265     )
 266     Response verifyLdapConfiguration( LdapConfiguration configuration ) throws ArchivaRestServiceException;
 267
 268     @Path("config/cache")
 269     @GET
 270     @Produces({ APPLICATION_JSON })
 271     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 272     @Operation( summary = "Returns the cache configuration that is currently active.",
 273         security = {
 274             @SecurityRequirement(
 275                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 276             )
 277         },
 278         responses = {
 279             @ApiResponse( responseCode = "200",
 280                 description = "If the configuration could be retrieved",
 281                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = CacheConfiguration.class))
 282             ),
 283             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
 284                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 285         }
 286     )
 287     CacheConfiguration getCacheConfiguration( ) throws ArchivaRestServiceException;
 288
 289     @Path("config/cache")
 290     @PUT
 291     @Consumes({ APPLICATION_JSON })
 292     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 293     @Operation( summary = "Updates the LDAP configuration that is currently active.",
 294         security = {
 295             @SecurityRequirement(
 296                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 297             )
 298         },
 299         responses = {
 300             @ApiResponse( responseCode = "200",
 301                 description = "If the configuration was updated"
 302             ),
 303             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to update the information",
 304                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 305         }
 306     )
 307     Response updateCacheConfiguration( CacheConfiguration cacheConfiguration ) throws ArchivaRestServiceException;
 308
 309
 310     @Path("user_managers")
 311     @GET
 312     @Produces({ APPLICATION_JSON })
 313     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 314     @Operation( summary = "Returns the available user manager implementations.",
 315         security = {
 316             @SecurityRequirement(
 317                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 318             )
 319         },
 320         responses = {
 321             @ApiResponse( responseCode = "200",
 322                 description = "If the list could be retrieved",
 323                 content = @Content(mediaType = APPLICATION_JSON, array = @ArraySchema(
 324                     schema = @Schema(implementation = BeanInformation.class)))
 325             ),
 326             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
 327                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 328         }
 329     )
 330     List<BeanInformation> getAvailableUserManagers()
 331         throws ArchivaRestServiceException;
 332
 333     @Path("rbac_managers")
 334     @GET
 335     @Produces({ APPLICATION_JSON })
 336     @RedbackAuthorization(permissions = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION)
 337     @Operation( summary = "Returns the available RBAC manager implementations.",
 338         security = {
 339             @SecurityRequirement(
 340                 name = ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
 341             )
 342         },
 343         responses = {
 344             @ApiResponse( responseCode = "200",
 345                 description = "If the list could be retrieved",
 346                 content = @Content(mediaType = APPLICATION_JSON, array = @ArraySchema(
 347                     schema = @Schema(implementation = BeanInformation.class)))
 348             ),
 349             @ApiResponse( responseCode = "403", description = "Authenticated user is not permitted to gather the information",
 350                 content = @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = ArchivaRestError.class )) )
 351         }
 352     )
 353     List<BeanInformation> getAvailableRbacManagers()
 354         throws ArchivaRestServiceException;
 355
 356 }