source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.redback.authorization.rbac;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.redback.authorization.AuthorizationDataSource;
  23 import org.apache.archiva.redback.authorization.AuthorizationException;
  24 import org.apache.archiva.redback.authorization.AuthorizationResult;
  25 import org.apache.archiva.redback.authorization.Authorizer;
  26 import org.apache.archiva.redback.authorization.NotAuthorizedException;
  27 import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluationException;
  28 import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluator;
  29 import org.apache.archiva.redback.rbac.Permission;
  30 import org.apache.archiva.redback.rbac.RBACManager;
  31 import org.apache.archiva.redback.rbac.RbacManagerException;
  32 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
  33 import org.apache.archiva.redback.users.User;
  34 import org.apache.archiva.redback.users.UserManager;
  35 import org.apache.archiva.redback.users.UserManagerException;
  36 import org.apache.archiva.redback.users.UserNotFoundException;
  37 import org.slf4j.Logger;
  38 import org.slf4j.LoggerFactory;
  39 import org.springframework.stereotype.Service;
  40
  41 import javax.inject.Inject;
  42 import javax.inject.Named;
  43 import java.util.List;
  44 import java.util.Map;
  45
  46 /**
  47  * RbacAuthorizer:
  48  *
  49  * @author Jesse McConnell <jmcconnell@apache.org>
  50  */
  51 @Service("authorizer#rbac")
  52 public class RbacAuthorizer
  53     implements Authorizer
  54 {
  55     private Logger log = LoggerFactory.getLogger( getClass() );
  56
  57     @Inject
  58     @Named(value = "rBACManager#cached")
  59     private RBACManager manager;
  60
  61     @Inject
  62     @Named(value = "userManager#configurable")
  63     private UserManager userManager;
  64
  65     @Inject
  66     private PermissionEvaluator evaluator;
  67
  68     public String getId()
  69     {
  70         return "RBAC Authorizer - " + this.getClass().getName();
  71     }
  72
  73     /**
  74      * @param source
  75      * @return
  76      * @throws AuthorizationException
  77      */
  78     public AuthorizationResult isAuthorized( AuthorizationDataSource source )
  79         throws AuthorizationException
  80     {
  81         Object principal = source.getPrincipal();
  82         Object operation = source.getPermission();
  83         Object resource = source.getResource();
  84
  85         try
  86         {
  87             if ( principal != null )
  88             {
  89                 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
  90                 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( principal.toString() );
  91
  92                 if ( permissionMap.keySet().contains( operation.toString() ) )
  93                 {
  94                     for ( Permission permission : permissionMap.get( operation.toString() ) )
  95                     {
  96
  97                         log.debug( "checking permission {} for operation {} resource {}",
  98                                    ( permission != null ? permission.getName() : "null" ), operation, resource );
  99
 100                         if ( evaluator.evaluate( permission, operation, resource, principal ) )
 101                         {
 102                             return new AuthorizationResult( true, permission, null );
 103                         }
 104                     }
 105
 106                     log.debug( "no permission found for operation {} resource {}", operation.toString(), resource );
 107                 }
 108                 else
 109                 {
 110                     log.debug( "permission map does not contain operation: {}", operation.toString() );
 111                 }
 112             }
 113             // check if guest user is enabled, if so check the global permissions
 114             User guest = userManager.getGuestUser();
 115
 116             if ( !guest.isLocked() )
 117             {
 118                 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
 119                 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( guest.getUsername() );
 120
 121                 if ( permissionMap.keySet().contains( operation.toString() ) )
 122                 {
 123                     for ( Permission permission : permissionMap.get( operation.toString() ) )
 124                     {
 125                         log.debug( "checking permission {}", permission.getName() );
 126
 127                         if ( evaluator.evaluate( permission, operation, resource, guest.getUsername() ) )
 128                         {
 129                             return new AuthorizationResult( true, permission, null );
 130                         }
 131                     }
 132                 }
 133             }
 134
 135             return new AuthorizationResult( false, null, new NotAuthorizedException( "no matching permissions" ) );
 136         }
 137         catch ( PermissionEvaluationException pe )
 138         {
 139             return new AuthorizationResult( false, null, pe );
 140         }
 141         catch ( RbacObjectNotFoundException nfe )
 142         {
 143             return new AuthorizationResult( false, null, nfe );
 144         }
 145         catch ( UserNotFoundException ne )
 146         {
 147             return new AuthorizationResult( false, null,
 148                                             new NotAuthorizedException( "no matching permissions, guest not found" ) );
 149         }
 150         catch ( RbacManagerException rme )
 151         {
 152             return new AuthorizationResult( false, null, rme );
 153         }
 154         catch ( UserManagerException e )
 155         {
 156             return new AuthorizationResult( false, null, e );
 157         }
 158     }
 159
 160     public RBACManager getManager()
 161     {
 162         return manager;
 163     }
 164
 165     public void setManager( RBACManager manager )
 166     {
 167         this.manager = manager;
 168     }
 169
 170     public UserManager getUserManager()
 171     {
 172         return userManager;
 173     }
 174
 175     public void setUserManager( UserManager userManager )
 176     {
 177         this.userManager = userManager;
 178     }
 179
 180     public PermissionEvaluator getEvaluator()
 181     {
 182         return evaluator;
 183     }
 184
 185     public void setEvaluator( PermissionEvaluator evaluator )
 186     {
 187         this.evaluator = evaluator;
 188     }
 189 }