1 package org.codehaus.plexus.redback.authorization.rbac;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import org.apache.archiva.redback.rbac.Permission;
23 import org.apache.archiva.redback.rbac.RBACManager;
24 import org.apache.archiva.redback.rbac.RbacManagerException;
25 import org.apache.archiva.redback.users.UserNotFoundException;
26 import org.apache.archiva.redback.authorization.AuthorizationDataSource;
27 import org.apache.archiva.redback.authorization.AuthorizationException;
28 import org.apache.archiva.redback.authorization.AuthorizationResult;
29 import org.apache.archiva.redback.authorization.Authorizer;
30 import org.apache.archiva.redback.authorization.NotAuthorizedException;
31 import org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluationException;
32 import org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator;
33 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
34 import org.apache.archiva.redback.users.User;
35 import org.apache.archiva.redback.users.UserManager;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38 import org.springframework.stereotype.Service;
40 import javax.inject.Inject;
41 import javax.inject.Named;
42 import java.util.Arrays;
43 import java.util.List;
49 * @author Jesse McConnell <jmcconnell@apache.org>
52 @Service( "authorizer#rbac" )
53 public class RbacAuthorizer
56 private Logger log = LoggerFactory.getLogger( getClass() );
59 @Named( value = "rBACManager#cached" )
60 private RBACManager manager;
63 @Named( value = "userManager#configurable" )
64 private UserManager userManager;
67 private PermissionEvaluator evaluator;
71 return "RBAC Authorizer - " + this.getClass().getName();
77 * @throws AuthorizationException
79 public AuthorizationResult isAuthorized( AuthorizationDataSource source )
80 throws AuthorizationException
82 Object principal = source.getPrincipal();
83 Object operation = source.getPermission();
84 Object resource = source.getResource();
88 if ( principal != null )
90 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
91 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( principal.toString() );
93 if ( permissionMap.keySet().contains( operation.toString() ) )
95 for ( Permission permission : permissionMap.get( operation.toString() ) )
97 if ( log.isDebugEnabled() )
99 log.debug( "checking permission {} for operation {} resource {}",
100 Arrays.asList( permission != null ? permission.getName() : "null", operation,
101 resource ).toArray() );
103 if ( evaluator.evaluate( permission, operation, resource, principal ) )
105 return new AuthorizationResult( true, permission, null );
109 log.debug( "no permission found for operation {} resource {}", operation.toString(), resource );
113 log.debug( "permission map does not contain operation: {}", operation.toString() );
116 // check if guest user is enabled, if so check the global permissions
117 User guest = userManager.getGuestUser();
119 if ( !guest.isLocked() )
121 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
122 Map<String, List<Permission>> permissionMap =
123 manager.getAssignedPermissionMap( guest.getPrincipal().toString() );
125 if ( permissionMap.keySet().contains( operation.toString() ) )
127 for ( Permission permission : permissionMap.get( operation.toString() ) )
129 log.debug( "checking permission {}", permission.getName() );
131 if ( evaluator.evaluate( permission, operation, resource, guest.getPrincipal() ) )
133 return new AuthorizationResult( true, permission, null );
139 return new AuthorizationResult( false, null, new NotAuthorizedException( "no matching permissions" ) );
141 catch ( PermissionEvaluationException pe )
143 return new AuthorizationResult( false, null, pe );
145 catch ( RbacObjectNotFoundException nfe )
147 return new AuthorizationResult( false, null, nfe );
149 catch ( UserNotFoundException ne )
151 return new AuthorizationResult( false, null,
152 new NotAuthorizedException( "no matching permissions, guest not found" ) );
154 catch ( RbacManagerException rme )
156 return new AuthorizationResult( false, null, rme );
160 public RBACManager getManager()
165 public void setManager( RBACManager manager )
167 this.manager = manager;
170 public UserManager getUserManager()
175 public void setUserManager( UserManager userManager )
177 this.userManager = userManager;
180 public PermissionEvaluator getEvaluator()
185 public void setEvaluator( PermissionEvaluator evaluator )
187 this.evaluator = evaluator;