source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import com.google.common.collect.Lists;
  23 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  24 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
  25 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  26 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  27 import org.codehaus.plexus.redback.role.RoleManager;
  28 import org.codehaus.plexus.redback.role.RoleManagerException;
  29 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
  30 import org.codehaus.plexus.redback.system.SecuritySession;
  31 import org.codehaus.plexus.redback.system.SecuritySystem;
  32 import org.codehaus.plexus.redback.users.User;
  33 import org.codehaus.plexus.redback.users.UserNotFoundException;
  34 import org.slf4j.Logger;
  35 import org.slf4j.LoggerFactory;
  36 import org.springframework.stereotype.Service;
  37
  38 import javax.inject.Inject;
  39 import java.util.ArrayList;
  40 import java.util.List;
  41
  42 /**
  43  * DefaultUserRepositories
  44  *
  45  * @version $Id$
  46  *          plexus.component role="org.apache.archiva.security.UserRepositories" role-hint="default"
  47  */
  48 @Service( "userRepositories" )
  49 public class DefaultUserRepositories
  50     implements UserRepositories
  51 {
  52     /**
  53      * plexus.requirement
  54      */
  55     @Inject
  56     private SecuritySystem securitySystem;
  57
  58     /**
  59      * plexus.requirement role-hint="default"
  60      */
  61     @Inject
  62     private RoleManager roleManager;
  63
  64     /**
  65      * plexus.requirement
  66      */
  67     @Inject
  68     private ArchivaConfiguration archivaConfiguration;
  69
  70     private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
  71
  72     public List<String> getObservableRepositoryIds( String principal )
  73         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  74     {
  75         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  76
  77         return getAccessibleRepositoryIds( principal, operation );
  78     }
  79
  80     public List<String> getManagableRepositoryIds( String principal )
  81         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  82     {
  83         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  84
  85         return getAccessibleRepositoryIds( principal, operation );
  86     }
  87
  88     private List<String> getAccessibleRepositoryIds( String principal, String operation )
  89         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
  90     {
  91         SecuritySession securitySession = createSession( principal );
  92
  93         List<String> repoIds = new ArrayList<String>();
  94
  95         List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories();
  96
  97         for ( ManagedRepositoryConfiguration repo : repos )
  98         {
  99             try
 100             {
 101                 String repoId = repo.getId();
 102                 if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
 103                 {
 104                     repoIds.add( repoId );
 105                 }
 106             }
 107             catch ( AuthorizationException e )
 108             {
 109                 // swallow.
 110                 if ( log.isDebugEnabled() )
 111                 {
 112                     log.debug( "Not authorizing '{}' for repository '{}': {}",
 113                                Lists.<Object>newArrayList( principal, repo.getId(), e.getMessage() ) );
 114                 }
 115             }
 116         }
 117
 118         return repoIds;
 119     }
 120
 121     private SecuritySession createSession( String principal )
 122         throws ArchivaSecurityException, AccessDeniedException
 123     {
 124         User user;
 125         try
 126         {
 127             user = securitySystem.getUserManager().findUser( principal );
 128             if ( user == null )
 129             {
 130                 throw new ArchivaSecurityException(
 131                     "The security system had an internal error - please check your system logs" );
 132             }
 133         }
 134         catch ( UserNotFoundException e )
 135         {
 136             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
 137         }
 138
 139         if ( user.isLocked() )
 140         {
 141             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 142         }
 143
 144         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 145         return new DefaultSecuritySession( authn, user );
 146     }
 147
 148     public void createMissingRepositoryRoles( String repoId )
 149         throws ArchivaSecurityException
 150     {
 151         try
 152         {
 153             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 154             {
 155                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 156             }
 157
 158             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 159             {
 160                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 161             }
 162         }
 163         catch ( RoleManagerException e )
 164         {
 165             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
 166                                                 e );
 167         }
 168     }
 169
 170     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 171         throws PrincipalNotFoundException, ArchivaSecurityException
 172     {
 173         try
 174         {
 175             SecuritySession securitySession = createSession( principal );
 176
 177             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 178                                                 repoId );
 179
 180         }
 181         catch ( AuthorizationException e )
 182         {
 183             throw new ArchivaSecurityException( e.getMessage() );
 184         }
 185     }
 186
 187     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 188         throws AccessDeniedException, ArchivaSecurityException
 189     {
 190         try
 191         {
 192             SecuritySession securitySession = createSession( principal );
 193
 194             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
 195                                                 repoId );
 196
 197         }
 198         catch ( AuthorizationException e )
 199         {
 200             throw new ArchivaSecurityException( e.getMessage() );
 201         }
 202     }
 203
 204     public SecuritySystem getSecuritySystem()
 205     {
 206         return securitySystem;
 207     }
 208
 209     public void setSecuritySystem( SecuritySystem securitySystem )
 210     {
 211         this.securitySystem = securitySystem;
 212     }
 213
 214     public RoleManager getRoleManager()
 215     {
 216         return roleManager;
 217     }
 218
 219     public void setRoleManager( RoleManager roleManager )
 220     {
 221         this.roleManager = roleManager;
 222     }
 223
 224     public ArchivaConfiguration getArchivaConfiguration()
 225     {
 226         return archivaConfiguration;
 227     }
 228
 229     public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration )
 230     {
 231         this.archivaConfiguration = archivaConfiguration;
 232     }
 233 }