1 package org.apache.archiva.redback.authorization.rbac.evaluator;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import org.apache.archiva.redback.rbac.Resource;
23 import org.apache.archiva.redback.users.UserManager;
24 import org.apache.archiva.redback.users.UserManagerException;
25 import org.apache.archiva.redback.users.UserNotFoundException;
26 import org.apache.archiva.redback.rbac.Permission;
27 import org.springframework.stereotype.Service;
29 import javax.inject.Inject;
30 import javax.inject.Named;
33 * DefaultPermissionEvaluator:
35 * Currently only one expression is available for evaluation, ${username} will be replaced with the username
36 * of the person making the authorization check
38 * @author Jesse McConnell <jesse@codehaus.org>
40 @Service("permissionEvaluator")
41 public class DefaultPermissionEvaluator
42 implements PermissionEvaluator
45 @Named(value = "userManager#configurable")
46 private UserManager userManager;
48 public boolean evaluate( Permission permission, String operation, String resource, String principal )
49 throws PermissionEvaluationException
51 String permissionResource = permission.getResource().getIdentifier();
53 // expression evaluation checking
54 if ( permissionResource.startsWith( "${" ) )
56 String tempStr = permissionResource.substring( 2, permissionResource.indexOf( '}' ) );
58 if ( "username".equals( tempStr ) )
62 permissionResource = userManager.findUser( principal ).getUsername();
64 catch ( UserNotFoundException e )
66 throw new PermissionEvaluationException( "unable to locate user to retrieve username", e );
68 catch ( UserManagerException e )
70 throw new PermissionEvaluationException( "trouble finding user: " + e.getMessage(), e );
75 // check if this permission applies to the operation at all
76 if ( permission.getOperation().getName().equals( operation ) )
78 // check if it is a global resource, if it is then since the operations match we return true
79 if ( Resource.GLOBAL.equals( permission.getResource().getIdentifier() ) )
84 // if we are not checking a specific resource, the operation is enough
85 if ( resource == null )
90 // check if the resource identifier of the permission matches the resource we are checking against
91 // if it does then return true
92 if ( permissionResource.equals( resource ) )
101 public UserManager getUserManager()
106 public void setUserManager( UserManager userManager )
108 this.userManager = userManager;