]> source.dussan.org Git - archiva.git/blob
b3ad1e539ba2ba07eb6387c32ca57d016163efad
[archiva.git] /
1 package org.apache.archiva.redback.integration.checks.security;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import org.apache.archiva.redback.rbac.RBACManager;
23 import org.apache.archiva.redback.role.RoleManagerException;
24 import org.apache.archiva.redback.users.UserNotFoundException;
25 import org.apache.commons.lang.StringUtils;
26 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
27 import org.apache.archiva.redback.configuration.UserConfiguration;
28 import org.apache.archiva.redback.rbac.RbacManagerException;
29 import org.apache.archiva.redback.rbac.Role;
30 import org.apache.archiva.redback.role.RoleManager;
31 import org.apache.archiva.redback.system.SecuritySession;
32 import org.apache.archiva.redback.system.SecuritySystem;
33 import org.apache.archiva.redback.system.check.EnvironmentCheck;
34 import org.apache.archiva.redback.users.User;
35 import org.apache.archiva.redback.users.UserManager;
36 import org.codehaus.plexus.util.IOUtil;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39 import org.springframework.stereotype.Service;
40
41 import javax.inject.Inject;
42 import javax.inject.Named;
43 import java.io.File;
44 import java.io.FileInputStream;
45 import java.util.Collection;
46 import java.util.Date;
47 import java.util.List;
48 import java.util.Properties;
49
50 /**
51  * @author Olivier Lamy
52  * @since 2.0
53  */
54 @Service( "environmentCheck#adminAutoCreateCheck" )
55 public class AdminAutoCreateCheck
56     implements EnvironmentCheck
57 {
58
59     private Logger log = LoggerFactory.getLogger( getClass() );
60
61     public static final String FORCE_ADMIN_FILE_PATH = "redback.admin.creation.file";
62
63     public static final String ADMIN_FULL_NAME_KEY = "redback.admin.fullname";
64
65     public static final String ADMIN_EMAIL_KEY = "redback.admin.email";
66
67     public static final String ADMIN_PASSWORD_KEY = "redback.admin.password";
68
69     @Inject
70     @Named( value = "userManager#configurable" )
71     private UserManager userManager;
72
73     @Inject
74     private UserConfiguration config;
75
76     @Inject
77     protected SecuritySystem securitySystem;
78
79     @Inject
80     private RoleManager roleManager;
81
82     @Inject
83     @Named( value = "rBACManager#cached" )
84     private RBACManager rbacManager;
85
86     public void validateEnvironment( List<String> violations )
87     {
88         try
89         {
90             User user = userManager.findUser( getAdminUid() );
91             if ( user == null )
92             {
93                 useForceAdminCreationFile();
94             }
95
96
97         }
98         catch ( UserNotFoundException e )
99         {
100             useForceAdminCreationFile();
101         }
102     }
103
104     private void checkAdminKarma( User u )
105     {
106         try
107         {
108             Collection<Role> roles = rbacManager.getEffectivelyAssignedRoles( getAdminUid() );
109             boolean adminRole = false;
110             for ( Role role : roles )
111             {
112                 if ( StringUtils.equals( "system-administrator", role.getName() ) )
113                 {
114                     adminRole = true;
115                 }
116             }
117             if ( !adminRole )
118             {
119                 assignAdminRole( u );
120             }
121         }
122         catch ( RbacManagerException e )
123         {
124             log.warn( "fail to checkAdminKarma {}", e, e.getMessage() );
125         }
126         catch ( RoleManagerException e )
127         {
128             log.warn( "fail to assignAdmin role {}", e, e.getMessage() );
129         }
130     }
131
132     private void useForceAdminCreationFile()
133     {
134         try
135         {
136             String forceAdminFilePath = System.getProperty( FORCE_ADMIN_FILE_PATH );
137             if ( StringUtils.isBlank( forceAdminFilePath ) )
138             {
139                 log.info( FORCE_ADMIN_FILE_PATH + " system props is empty don't use an auto creation admin " );
140                 return;
141             }
142             File file = new File( forceAdminFilePath );
143             if ( !file.exists() )
144             {
145                 log.warn( "file set in sysprops " + FORCE_ADMIN_FILE_PATH + " not exists skip admin auto creation" );
146                 return;
147             }
148             log.debug( "user {} not found try auto creation" );
149             Properties properties = new Properties();
150             FileInputStream fis = new FileInputStream( file );
151             try
152             {
153                 properties.load( fis );
154             }
155             catch ( Exception e )
156             {
157                 log.warn( "error loading properties from file " + forceAdminFilePath + " skip admin auto creation" );
158                 return;
159             }
160             finally
161             {
162                 IOUtil.close( fis );
163             }
164
165             // ensure we have all properties
166             String password = properties.getProperty( ADMIN_PASSWORD_KEY );
167             String email = properties.getProperty( ADMIN_EMAIL_KEY );
168             String fullName = properties.getProperty( ADMIN_FULL_NAME_KEY );
169
170             if ( StringUtils.isBlank( password ) )
171             {
172                 log.warn( "property " + ADMIN_PASSWORD_KEY + " not set skip auto admin creation" );
173                 return;
174             }
175
176             if ( StringUtils.isBlank( email ) )
177             {
178                 log.warn( "property " + ADMIN_EMAIL_KEY + " not set skip auto admin creation" );
179                 return;
180             }
181
182             if ( StringUtils.isBlank( fullName ) )
183             {
184                 log.warn( "property " + ADMIN_FULL_NAME_KEY + " not set skip auto admin creation" );
185                 return;
186             }
187
188             User u = userManager.createUser( getAdminUid(), fullName, email );
189
190             u.setPassword( password );
191             u.setLocked( false );
192             u.setPasswordChangeRequired( false );
193             u.setPermanent( true );
194             u.setValidated( true );
195
196             u = userManager.addUser( u );
197             u.setPassword( password );
198
199             PasswordBasedAuthenticationDataSource authdatasource = new PasswordBasedAuthenticationDataSource();
200             authdatasource.setPrincipal( u.getUsername() );
201             authdatasource.setPassword( u.getPassword() );
202             SecuritySession securitySession = securitySystem.authenticate( authdatasource );
203             if ( securitySession.getAuthenticationResult().isAuthenticated() )
204             {
205                 // good add various tokens.
206                 u = securitySession.getUser();
207                 u.setLastLoginDate( new Date() );
208                 securitySystem.getUserManager().updateUser( u );
209             }
210             assignAdminRole( u );
211
212         }
213         catch ( Exception e )
214         {
215             log.warn( "failed to automatically create an admin account " + e.getMessage(), e );
216         }
217     }
218
219     private void assignAdminRole( User user )
220         throws RoleManagerException
221     {
222         roleManager.assignRole( "system-administrator", user.getPrincipal().toString() );
223     }
224
225     private String getAdminUid()
226     {
227         return config.getString( "redback.default.admin" );
228     }
229 }