1 package org.codehaus.plexus.redback.struts2.interceptor;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import com.opensymphony.xwork2.ActionInvocation;
23 import com.opensymphony.xwork2.interceptor.Interceptor;
24 import org.apache.archiva.redback.integration.checks.security.AdminAutoCreateCheck;
25 import org.apache.archiva.redback.users.User;
26 import org.apache.archiva.redback.users.UserNotFoundException;
27 import org.apache.commons.lang.StringUtils;
28 import org.apache.struts2.ServletActionContext;
29 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
30 import org.apache.archiva.redback.configuration.UserConfiguration;
31 import org.apache.archiva.redback.role.RoleManager;
32 import org.apache.archiva.redback.role.RoleManagerException;
33 import org.apache.archiva.redback.system.SecuritySession;
34 import org.apache.archiva.redback.system.SecuritySystem;
35 import org.apache.archiva.redback.system.SecuritySystemConstants;
36 import org.apache.archiva.redback.users.UserManager;
37 import org.apache.archiva.redback.integration.util.AutoLoginCookies;
38 import org.slf4j.Logger;
39 import org.slf4j.LoggerFactory;
40 import org.springframework.context.annotation.Scope;
41 import org.springframework.stereotype.Controller;
43 import javax.inject.Inject;
44 import javax.inject.Named;
46 import java.io.FileInputStream;
47 import java.util.Date;
49 import java.util.Properties;
52 * EnvironmentCheckInterceptor
54 * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
57 @Controller( "redbackForceAdminUserInterceptor" )
59 public class ForceAdminUserInterceptor
60 implements Interceptor
62 private Logger log = LoggerFactory.getLogger( getClass() );
64 private static final String SECURITY_ADMIN_USER_NEEDED = "security-admin-user-needed";
66 private static boolean checked = false;
69 * role-hint="configurable"
72 @Named( value = "userManager#configurable" )
73 private UserManager userManager;
79 private RoleManager roleManager;
85 private UserConfiguration config;
88 protected SecuritySystem securitySystem;
91 private AutoLoginCookies autologinCookies;
93 protected Map<String, Object> session;
105 public String intercept( ActionInvocation invocation )
110 return invocation.invoke();
115 User user = userManager.findUser( getAdminUid() );
118 user = useForceAdminFile();
121 log.info( "No admin user configured - forwarding to admin user creation page." );
122 return SECURITY_ADMIN_USER_NEEDED;
126 assignAdminRole( user );
129 log.info( "Admin user found. No need to configure admin user." );
132 catch ( UserNotFoundException e )
134 User user = useForceAdminFile();
137 assignAdminRole( user );
143 log.info( "No admin user found - forwarding to admin user creation page." );
144 return SECURITY_ADMIN_USER_NEEDED;
148 return invocation.invoke();
151 private User useForceAdminFile()
155 String forceAdminFilePath = System.getProperty( AdminAutoCreateCheck.FORCE_ADMIN_FILE_PATH );
156 if ( StringUtils.isBlank( forceAdminFilePath ) )
158 log.info( AdminAutoCreateCheck.FORCE_ADMIN_FILE_PATH + " system props is empty don't use an auto creation admin " );
161 File file = new File( forceAdminFilePath );
162 if ( !file.exists() )
164 log.warn( "file set in sysprops " + AdminAutoCreateCheck.FORCE_ADMIN_FILE_PATH + " not exists skip admin auto creation" );
167 Properties properties = new Properties();
168 FileInputStream fis = null;
171 properties.load( new FileInputStream( file ) );
173 catch ( Exception e )
175 log.warn( "error loading properties from file " + forceAdminFilePath + " skip admin auto creation" );
179 // ensure we have all properties
180 String password = properties.getProperty( AdminAutoCreateCheck.ADMIN_PASSWORD_KEY );
181 String email = properties.getProperty( AdminAutoCreateCheck.ADMIN_EMAIL_KEY );
182 String fullName = properties.getProperty( AdminAutoCreateCheck.ADMIN_FULL_NAME_KEY );
184 if ( StringUtils.isBlank( password ) )
186 log.warn( "property " + AdminAutoCreateCheck.ADMIN_PASSWORD_KEY + " not set skip auto admin creation" );
190 if ( StringUtils.isBlank( email ) )
192 log.warn( "property " + AdminAutoCreateCheck.ADMIN_EMAIL_KEY + " not set skip auto admin creation" );
196 if ( StringUtils.isBlank( fullName ) )
198 log.warn( "property " + AdminAutoCreateCheck.ADMIN_FULL_NAME_KEY + " not set skip auto admin creation" );
202 User u = userManager.createUser( getAdminUid(), fullName, email );
204 u.setPassword( password );
205 u.setLocked( false );
206 u.setPasswordChangeRequired( false );
207 u.setPermanent( true );
209 u = userManager.addUser( u );
210 u.setPassword( password );
212 PasswordBasedAuthenticationDataSource authdatasource = new PasswordBasedAuthenticationDataSource();
213 authdatasource.setPrincipal( u.getUsername() );
214 authdatasource.setPassword( u.getPassword() );
215 SecuritySession securitySession = securitySystem.authenticate( authdatasource );
216 if ( securitySession.getAuthenticationResult().isAuthenticated() )
218 // good add various tokens.
219 ServletActionContext.getRequest().getSession( true ).setAttribute(
220 SecuritySystemConstants.SECURITY_SESSION_KEY, securitySession );
221 autologinCookies.setSignonCookie( authdatasource.getPrincipal(), ServletActionContext.getResponse(),
222 ServletActionContext.getRequest() );
223 u = securitySession.getUser();
224 u.setLastLoginDate( new Date() );
225 securitySystem.getUserManager().updateUser( u );
230 catch ( Exception e )
232 log.warn( "failed to automatically create an admin account " + e.getMessage(), e );
237 private String getAdminUid()
239 return config.getString( "redback.default.admin" );
242 private void assignAdminRole( User user )
243 throws RoleManagerException
245 roleManager.assignRole( "system-administrator", user.getPrincipal().toString() );