source.dussan.org Git - archiva.git/blob

   1 package org.apache.maven.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import java.util.ArrayList;
  23 import java.util.Collection;
  24 import java.util.Iterator;
  25 import java.util.List;
  26
  27 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  28 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
  29 import org.apache.maven.archiva.security.ArchivaRoleConstants;
  30 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  31 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  32 import org.codehaus.plexus.redback.rbac.RBACManager;
  33 import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
  34 import org.codehaus.plexus.redback.rbac.RbacManagerException;
  35 import org.codehaus.plexus.redback.rbac.Role;
  36 import org.codehaus.plexus.redback.role.RoleManager;
  37 import org.codehaus.plexus.redback.role.RoleManagerException;
  38 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
  39 import org.codehaus.plexus.redback.system.SecuritySession;
  40 import org.codehaus.plexus.redback.system.SecuritySystem;
  41 import org.codehaus.plexus.redback.users.User;
  42 import org.codehaus.plexus.redback.users.UserNotFoundException;
  43
  44 /**
  45  * DefaultUserRepositories
  46  *
  47  * @version $Id$
  48  * @plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
  49  */
  50 public class DefaultUserRepositories
  51     implements UserRepositories
  52 {
  53     /**
  54      * @plexus.requirement
  55      */
  56     private SecuritySystem securitySystem;
  57
  58     /**
  59      * @plexus.requirement role-hint="cached"
  60      */
  61     private RBACManager rbacManager;
  62
  63     /**
  64      * @plexus.requirement role-hint="default"
  65      */
  66     private RoleManager roleManager;
  67
  68     /**
  69      * @plexus.requirement
  70      */
  71     private ArchivaConfiguration archivaConfiguration;
  72
  73     public List<String> getObservableRepositoryIds( String principal )
  74         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
  75     {
  76
  77         try
  78         {
  79             User user = securitySystem.getUserManager().findUser( principal );
  80             if ( user == null )
  81             {
  82                 throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
  83             }
  84
  85             if ( user.isLocked() )
  86             {
  87                 throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
  88             }
  89
  90             AuthenticationResult authn = new AuthenticationResult( true, principal, null );
  91             SecuritySession securitySession = new DefaultSecuritySession( authn, user );
  92
  93             List<String> repoIds = new ArrayList<String>();
  94
  95             List<ManagedRepositoryConfiguration> repos =
  96                 archivaConfiguration.getConfiguration().getManagedRepositories();
  97
  98             for ( ManagedRepositoryConfiguration repo : repos )
  99             {
 100                 try
 101                 {
 102                     String repoId = repo.getId();
 103                     if ( securitySystem.isAuthorized( securitySession,
 104                                                       ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
 105                     {
 106                         repoIds.add( repoId );
 107                     }
 108                 }
 109                 catch ( AuthorizationException e )
 110                 {
 111                     // swallow.
 112                 }
 113             }
 114
 115             return repoIds;
 116         }
 117         catch ( UserNotFoundException e )
 118         {
 119             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
 120         }
 121     }
 122
 123     public void createMissingRepositoryRoles( String repoId )
 124         throws ArchivaSecurityException
 125     {
 126         try
 127         {
 128             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
 129             {
 130                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
 131             }
 132
 133             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
 134             {
 135                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
 136             }
 137         }
 138         catch ( RoleManagerException e )
 139         {
 140             throw new ArchivaSecurityException(
 141                                                 "Unable to create roles for configured repositories: " + e.getMessage(),
 142                                                 e );
 143         }
 144     }
 145
 146     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
 147         throws PrincipalNotFoundException, ArchivaSecurityException
 148     {
 149         try
 150         {
 151             User user = securitySystem.getUserManager().findUser( principal );
 152             if ( user == null )
 153             {
 154                 throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
 155             }
 156
 157             if ( user.isLocked() )
 158             {
 159                 throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
 160             }
 161
 162             AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 163             SecuritySession securitySession = new DefaultSecuritySession( authn, user );
 164
 165             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
 166                                                 repoId );
 167
 168         }
 169         catch ( UserNotFoundException e )
 170         {
 171             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
 172         }
 173         catch ( AuthorizationException e )
 174         {
 175             throw new ArchivaSecurityException( e.getMessage() );
 176         }
 177     }
 178
 179     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
 180         throws RbacManagerException, RbacObjectNotFoundException
 181     {
 182         boolean isAuthorized = false;
 183         String delimiter = " - ";
 184
 185         try
 186         {
 187             Collection roleList = rbacManager.getEffectivelyAssignedRoles( principal );
 188
 189             Iterator it = roleList.iterator();
 190
 191             while ( it.hasNext() )
 192             {
 193                 Role role = (Role) it.next();
 194
 195                 String roleName = role.getName();
 196
 197                 if ( roleName.startsWith( ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX ) )
 198                 {
 199                     int delimiterIndex = roleName.indexOf( delimiter );
 200                     String resourceName = roleName.substring( delimiterIndex + delimiter.length() );
 201
 202                     if ( resourceName.equals( repoId ) )
 203                     {
 204                         isAuthorized = true;
 205                         break;
 206                     }
 207                 }
 208             }
 209         }
 210         catch ( RbacObjectNotFoundException e )
 211         {
 212             throw new RbacObjectNotFoundException( "Unable to find user " + principal + "" );
 213         }
 214         catch ( RbacManagerException e )
 215         {
 216             throw new RbacManagerException( "Unable to get roles for user " + principal + "" );
 217         }
 218
 219         return isAuthorized;
 220     }
 221 }