*/
import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.apache.archiva.redback.configuration.UserConfiguration;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.Role;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.apache.archiva.redback.role.RoleManager;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
*/
import org.apache.archiva.redback.policy.UserSecurityPolicy;
+import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserNotFoundException;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.apache.archiva.redback.role.RoleManager;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
import org.apache.archiva.redback.users.UserManager;
import java.util.List;
-import javax.annotation.Resource;
import javax.inject.Inject;
-import javax.inject.Named;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.apache.archiva.redback.role.RoleManager;
+import org.apache.archiva.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.Resource;
import org.apache.archiva.redback.rbac.UserAssignment;
+import org.apache.archiva.redback.role.RoleManager;
+import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.commons.lang.StringUtils;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.role.model.ModelApplication;
import org.codehaus.plexus.redback.role.model.ModelRole;
import org.codehaus.plexus.redback.role.model.ModelTemplate;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.UserAssignment;
+import org.apache.archiva.redback.role.RoleManager;
+import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.rbac.RBACManager;
import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
import org.codehaus.redback.integration.mail.Mailer;
import org.apache.archiva.redback.rbac.RBACManager;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.configuration.UserConfiguration;
-import org.codehaus.plexus.redback.role.RoleManager;
+import org.apache.archiva.redback.role.RoleManager;
import org.codehaus.redback.rest.api.services.UserService;
import javax.inject.Inject;
import org.apache.archiva.redback.keys.AuthenticationKey;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
+import org.apache.archiva.redback.role.RoleManager;
+import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.keys.KeyManagerException;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.configuration.UserConfiguration;
import org.apache.archiva.redback.policy.MustChangePasswordException;
+import org.apache.archiva.redback.role.RoleManager;
+import org.apache.archiva.redback.role.RoleManagerException;
import org.apache.archiva.redback.users.UserManager;
import org.apache.struts2.ServletActionContext;
import org.apache.archiva.redback.authentication.AuthenticationConstants;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.apache.archiva.redback.policy.AccountLockedException;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.struts2.action.AuditEvent;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.rbac.Resource;
import org.apache.archiva.redback.rbac.Role;
import org.apache.archiva.redback.rbac.UserAssignment;
+import org.apache.archiva.redback.role.RoleManager;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.redback.rbac.RbacManagerException;
-import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.model.ModelApplication;
import org.codehaus.plexus.redback.struts2.action.AbstractUserCredentialsAction;
import org.codehaus.plexus.redback.struts2.action.AuditEvent;
*/
import org.apache.archiva.redback.rbac.Resource;
-import org.codehaus.plexus.redback.role.RoleManager;
+import org.apache.archiva.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
import org.codehaus.plexus.redback.struts2.action.AbstractSecurityAction;
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
import org.apache.struts2.ServletActionContext;
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.apache.archiva.redback.configuration.UserConfiguration;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.apache.archiva.redback.role.RoleManager;
+import org.apache.archiva.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.system.SecuritySystemConstants;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.rbac.RBACManager;
import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
+import org.apache.archiva.redback.role.RoleManager;
import org.apache.archiva.redback.users.UserManager;
import org.apache.struts2.StrutsSpringTestCase;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.UserAssignment;
-import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.struts2.action.AbstractUserCredentialsAction;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
--- /dev/null
+package org.apache.archiva.redback.role;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.RbacManagerException;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.rbac.UserAssignment;
+import org.apache.archiva.redback.role.processor.RoleModelProcessor;
+import org.apache.commons.lang.SystemUtils;
+import org.apache.archiva.redback.rbac.Resource;
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.redback.role.model.io.stax.RedbackRoleModelStaxReader;
+import org.apache.archiva.redback.role.template.RoleTemplateProcessor;
+import org.apache.archiva.redback.role.util.RoleModelUtils;
+import org.apache.archiva.redback.role.validator.RoleModelValidator;
+import org.codehaus.plexus.util.IOUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.PostConstruct;
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.xml.stream.XMLStreamException;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * RoleProfileManager:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+@Service( "roleManager" )
+public class DefaultRoleManager
+ implements RoleManager
+{
+ private Logger log = LoggerFactory.getLogger( DefaultRoleManager.class );
+
+ /**
+ * the blessed model that has been validated as complete
+ */
+ private RedbackRoleModel blessedModel;
+
+ /**
+ * the merged model that can be validated as complete
+ */
+ private RedbackRoleModel unblessedModel;
+
+ /**
+ * a map of the resources, and the model that they loaded
+ */
+ private Map<String, ModelApplication> knownResources = new HashMap<String, ModelApplication>();
+
+ @Inject
+ @Named( value = "roleModelValidator" )
+ private RoleModelValidator modelValidator;
+
+ @Inject
+ @Named( value = "roleModelProcessor" )
+ private RoleModelProcessor modelProcessor;
+
+ @Inject
+ @Named( value = "roleTemplateProcessor" )
+ private RoleTemplateProcessor templateProcessor;
+
+ @Inject
+ @Named( value = "rBACManager#cached" )
+ private RBACManager rbacManager;
+
+
+ @SuppressWarnings( "unchecked" )
+ public void loadRoleModel( URL resource )
+ throws RoleManagerException
+ {
+ RedbackRoleModelStaxReader reader = new RedbackRoleModelStaxReader();
+
+ InputStreamReader inputStreamReader = null;
+
+ try
+ {
+
+ inputStreamReader = new InputStreamReader( resource.openStream() );
+
+ RedbackRoleModel roleModel = reader.read( inputStreamReader );
+
+ for ( ModelApplication app : (List<ModelApplication>) roleModel.getApplications() )
+ {
+ if ( !knownResources.containsKey( app.getId() ) )
+ {
+ log.info( "loading " + app.getId() );
+ loadApplication( app );
+ }
+ }
+ }
+ catch ( MalformedURLException e )
+ {
+ throw new RoleManagerException( "error locating redback profile", e );
+ }
+ catch ( IOException e )
+ {
+ throw new RoleManagerException( "error reading redback profile", e );
+ }
+ catch ( XMLStreamException e )
+ {
+ throw new RoleManagerException( "error parsing redback profile", e );
+ }
+ finally
+ {
+ IOUtil.close( inputStreamReader );
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public void loadRoleModel( RedbackRoleModel roleModel )
+ throws RoleManagerException
+ {
+ for ( ModelApplication app : (List<ModelApplication>) roleModel.getApplications() )
+ {
+ if ( !knownResources.containsKey( app.getId() ) )
+ {
+ loadApplication( app );
+ }
+ }
+
+ }
+
+ public void loadApplication( ModelApplication app )
+ throws RoleManagerException
+ {
+ if ( unblessedModel == null )
+ {
+ unblessedModel = new RedbackRoleModel();
+ }
+
+ unblessedModel.addApplication( app );
+
+ if ( modelValidator.validate( unblessedModel ) )
+ {
+ blessedModel = unblessedModel;
+ }
+ else
+ {
+ StringBuilder stringBuilder = new StringBuilder( "Role Model Validation Errors:" );
+
+ for ( String error : modelValidator.getValidationErrors() )
+ {
+ stringBuilder.append( error ).append( SystemUtils.LINE_SEPARATOR );
+ }
+
+ log.error( stringBuilder.toString() );
+
+ throw new RoleManagerException(
+ "Role Model Validation Error " + SystemUtils.LINE_SEPARATOR + stringBuilder.toString() );
+ }
+
+ modelProcessor.process( blessedModel );
+
+ knownResources.put( app.getId(), app );
+ }
+
+ /**
+ * create a role for the given roleName using the resource passed in for
+ * resolving the ${resource} expression
+ */
+ public void createTemplatedRole( String templateId, String resource )
+ throws RoleManagerException
+ {
+ templateProcessor.create( blessedModel, templateId, resource );
+ }
+
+ /**
+ * remove the role corresponding to the role using the resource passed in for resolving the
+ * ${resource} expression
+ */
+ public void removeTemplatedRole( String templateId, String resource )
+ throws RoleManagerException
+ {
+ ModelTemplate template = RoleModelUtils.getModelTemplate( blessedModel, templateId );
+
+ String roleName = template.getNamePrefix() + template.getDelimiter() + resource;
+
+ try
+ {
+ Role role = rbacManager.getRole( roleName );
+
+ for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles(
+ Arrays.asList( role.getName() ) ) )
+ {
+ assignment.removeRoleName( role );
+ rbacManager.saveUserAssignment( assignment );
+ }
+
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "unable to remove role", e );
+ }
+
+ templateProcessor.remove( blessedModel, templateId, resource );
+ }
+
+ /**
+ * update the role from templateId from oldResource to newResource
+ * <p/>
+ * NOTE: this requires removal and creation of the role since the jdo store does not tolerate renaming
+ * because of the use of the name as an identifier
+ */
+ public void updateRole( String templateId, String oldResource, String newResource )
+ throws RoleManagerException
+ {
+ // make the new role
+ templateProcessor.create( blessedModel, templateId, newResource );
+
+ ModelTemplate template = RoleModelUtils.getModelTemplate( blessedModel, templateId );
+
+ String oldRoleName = template.getNamePrefix() + template.getDelimiter() + oldResource;
+ String newRoleName = template.getNamePrefix() + template.getDelimiter() + newResource;
+
+ try
+ {
+ Role role = rbacManager.getRole( oldRoleName );
+
+ // remove the user assignments
+ for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles(
+ Arrays.asList( role.getName() ) ) )
+ {
+ assignment.removeRoleName( oldRoleName );
+ assignment.addRoleName( newRoleName );
+ rbacManager.saveUserAssignment( assignment );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "unable to update role", e );
+ }
+
+ templateProcessor.remove( blessedModel, templateId, oldResource );
+ }
+
+ public void assignRole( String roleId, String principal )
+ throws RoleManagerException
+ {
+ ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId );
+
+ if ( modelRole == null )
+ {
+ throw new RoleManagerException( "Unable to assign role: " + roleId + " does not exist." );
+ }
+
+ try
+ {
+ UserAssignment userAssignment;
+
+ if ( rbacManager.userAssignmentExists( principal ) )
+ {
+ userAssignment = rbacManager.getUserAssignment( principal );
+ }
+ else
+ {
+ userAssignment = rbacManager.createUserAssignment( principal );
+ }
+
+ userAssignment.addRoleName( modelRole.getName() );
+ rbacManager.saveUserAssignment( userAssignment );
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "Unable to assign role: unable to manage user assignment", e );
+ }
+ }
+
+ public void assignRoleByName( String roleName, String principal )
+ throws RoleManagerException
+ {
+ try
+ {
+ UserAssignment userAssignment;
+
+ if ( rbacManager.userAssignmentExists( principal ) )
+ {
+ userAssignment = rbacManager.getUserAssignment( principal );
+ }
+ else
+ {
+ userAssignment = rbacManager.createUserAssignment( principal );
+ }
+
+ if ( !rbacManager.roleExists( roleName ) )
+ {
+ throw new RoleManagerException( "Unable to assign role: " + roleName + " does not exist." );
+ }
+
+ userAssignment.addRoleName( roleName );
+ rbacManager.saveUserAssignment( userAssignment );
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "Unable to assign role: unable to manage user assignment", e );
+ }
+ }
+
+ public void assignTemplatedRole( String templateId, String resource, String principal )
+ throws RoleManagerException
+ {
+ ModelTemplate modelTemplate = RoleModelUtils.getModelTemplate( blessedModel, templateId );
+
+ if ( modelTemplate == null )
+ {
+ throw new RoleManagerException( "Unable to assign role: " + templateId + " does not exist." );
+ }
+ try
+ {
+ if ( !rbacManager.resourceExists( resource ) )
+ {
+ Resource newResource = rbacManager.createResource( resource );
+ rbacManager.saveResource( newResource );
+ }
+
+ UserAssignment userAssignment;
+
+ if ( rbacManager.userAssignmentExists( principal ) )
+ {
+ userAssignment = rbacManager.getUserAssignment( principal );
+ }
+ else
+ {
+ userAssignment = rbacManager.createUserAssignment( principal );
+ }
+
+ userAssignment.addRoleName( modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + resource );
+ rbacManager.saveUserAssignment( userAssignment );
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "Unable to assign role: unable to manage user assignment", e );
+ }
+ }
+
+ public void unassignRole( String roleId, String principal )
+ throws RoleManagerException
+ {
+ ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId );
+
+ if ( modelRole == null )
+ {
+ throw new RoleManagerException( "Unable to assign role: " + roleId + " does not exist." );
+ }
+
+ try
+ {
+ UserAssignment userAssignment;
+
+ if ( rbacManager.userAssignmentExists( principal ) )
+ {
+ userAssignment = rbacManager.getUserAssignment( principal );
+ }
+ else
+ {
+ throw new RoleManagerException(
+ "UserAssignment for principal " + principal + "does not exist, can't unassign role." );
+ }
+
+ userAssignment.removeRoleName( modelRole.getName() );
+ rbacManager.saveUserAssignment( userAssignment );
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "Unable to unassign role: unable to manage user assignment", e );
+ }
+ }
+
+ public void unassignRoleByName( String roleName, String principal )
+ throws RoleManagerException
+ {
+ try
+ {
+ UserAssignment userAssignment;
+
+ if ( rbacManager.userAssignmentExists( principal ) )
+ {
+ userAssignment = rbacManager.getUserAssignment( principal );
+ }
+ else
+ {
+ throw new RoleManagerException(
+ "UserAssignment for principal " + principal + "does not exist, can't unassign role." );
+ }
+
+ if ( !rbacManager.roleExists( roleName ) )
+ {
+ throw new RoleManagerException( "Unable to unassign role: " + roleName + " does not exist." );
+ }
+
+ userAssignment.removeRoleName( roleName );
+ rbacManager.saveUserAssignment( userAssignment );
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "Unable to unassign role: unable to manage user assignment", e );
+ }
+ }
+
+ public boolean roleExists( String roleId )
+ throws RoleManagerException
+ {
+ ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId );
+
+ if ( modelRole == null )
+ {
+ return false;
+ }
+ else
+ {
+ if ( rbacManager.roleExists( modelRole.getName() ) )
+ {
+ return true;
+ }
+ else
+ {
+ // perhaps try and reload the model here?
+ throw new RoleManagerException(
+ "breakdown in role management, role exists in configuration but was not created in underlying store" );
+ }
+ }
+ }
+
+ public boolean templatedRoleExists( String templateId, String resource )
+ throws RoleManagerException
+ {
+ ModelTemplate modelTemplate = RoleModelUtils.getModelTemplate( blessedModel, templateId );
+
+ // template not existing is valid to check, it will throw exception on trying to create
+ if ( modelTemplate == null )
+ {
+ return false;
+ }
+ else
+ {
+ if ( rbacManager.roleExists( modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + resource ) )
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ }
+
+ @PostConstruct
+ public void initialize()
+ {
+ try
+ {
+ URL baseResource = RoleManager.class.getResource( "/META-INF/redback/redback-core.xml" );
+
+ if ( baseResource == null )
+ {
+ throw new RuntimeException( "unable to initialize role manager, missing redback-core.xml" );
+ }
+
+ loadRoleModel( baseResource );
+
+ Enumeration<URL> enumerator =
+ RoleManager.class.getClassLoader().getResources( "META-INF/redback/redback.xml" );
+
+ while ( enumerator.hasMoreElements() )
+ {
+ URL redbackResource = enumerator.nextElement();
+
+ loadRoleModel( redbackResource );
+ }
+ }
+ catch ( RoleManagerException e )
+ {
+ throw new RuntimeException( "unable to initialize RoleManager", e );
+ }
+ catch ( IOException e )
+ {
+ throw new RuntimeException( "unable to initialize RoleManager, problem with redback.xml loading", e );
+ }
+ }
+
+ public RedbackRoleModel getModel()
+ {
+ return blessedModel;
+ }
+
+ public void verifyTemplatedRole( String templateId, String resource )
+ throws RoleManagerException
+ {
+ // create also serves as update
+ templateProcessor.create( blessedModel, templateId, resource );
+ }
+
+ public RedbackRoleModel getBlessedModel()
+ {
+ return blessedModel;
+ }
+
+ public void setBlessedModel( RedbackRoleModel blessedModel )
+ {
+ this.blessedModel = blessedModel;
+ }
+
+ public RedbackRoleModel getUnblessedModel()
+ {
+ return unblessedModel;
+ }
+
+ public void setUnblessedModel( RedbackRoleModel unblessedModel )
+ {
+ this.unblessedModel = unblessedModel;
+ }
+
+ public Map<String, ModelApplication> getKnownResources()
+ {
+ return knownResources;
+ }
+
+ public void setKnownResources( Map<String, ModelApplication> knownResources )
+ {
+ this.knownResources = knownResources;
+ }
+
+ public RoleModelValidator getModelValidator()
+ {
+ return modelValidator;
+ }
+
+ public void setModelValidator( RoleModelValidator modelValidator )
+ {
+ this.modelValidator = modelValidator;
+ }
+
+ public RoleModelProcessor getModelProcessor()
+ {
+ return modelProcessor;
+ }
+
+ public void setModelProcessor( RoleModelProcessor modelProcessor )
+ {
+ this.modelProcessor = modelProcessor;
+ }
+
+ public RoleTemplateProcessor getTemplateProcessor()
+ {
+ return templateProcessor;
+ }
+
+ public void setTemplateProcessor( RoleTemplateProcessor templateProcessor )
+ {
+ this.templateProcessor = templateProcessor;
+ }
+
+ public RBACManager getRbacManager()
+ {
+ return rbacManager;
+ }
+
+ public void setRbacManager( RBACManager rbacManager )
+ {
+ this.rbacManager = rbacManager;
+ }
+}
--- /dev/null
+package org.apache.archiva.redback.role;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+
+import java.net.URL;
+
+/**
+ * RoleProfileManager:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+public interface RoleManager
+{
+
+ /**
+ * load the model and create/verify operations, resources, etc exist and make static roles
+ *
+ * @param resourceLocation
+ * @throws RoleManagerException
+ */
+ void loadRoleModel( URL resourceLocation )
+ throws RoleManagerException;
+
+ void loadRoleModel( RedbackRoleModel model )
+ throws RoleManagerException;
+
+ /**
+ * locate a role with the corresponding name and generate it with the given resource, ${resource}
+ * in the model will be replaced with this resource string, if this resource does not exist, it
+ * will be created.
+ *
+ * @param templateId
+ * @param resource
+ * @throws RoleManagerException
+ */
+ void createTemplatedRole( String templateId, String resource )
+ throws RoleManagerException;
+
+ /**
+ * removes a role corresponding to the role Id that was manufactured with the given resource
+ * <p/>
+ * it also removes any user assignments for that role
+ *
+ * @param templateId
+ * @param resource
+ * @throws RoleManagerException
+ */
+ void removeTemplatedRole( String templateId, String resource )
+ throws RoleManagerException;
+
+
+ /**
+ * allows for a role coming from a template to be renamed effectively swapping out the bits of it that
+ * were labeled with the oldResource with the newResource
+ * <p/>
+ * it also manages any user assignments for that role
+ *
+ * @param templateId
+ * @param oldResource
+ * @param newResource
+ * @throws RoleManagerException
+ */
+ void updateRole( String templateId, String oldResource, String newResource )
+ throws RoleManagerException;
+
+
+ /**
+ * Assigns the role indicated by the roleId to the given principal
+ *
+ * @param roleId
+ * @param principal
+ * @throws RoleManagerException
+ */
+ void assignRole( String roleId, String principal )
+ throws RoleManagerException;
+
+ /**
+ * Assigns the role indicated by the roleName to the given principal
+ *
+ * @param roleName
+ * @param principal
+ * @throws RoleManagerException
+ */
+ void assignRoleByName( String roleName, String principal )
+ throws RoleManagerException;
+
+ /**
+ * Assigns the templated role indicated by the templateId
+ * <p/>
+ * fails if the templated role has not been created
+ *
+ * @param templateId
+ * @param resource
+ * @param principal
+ */
+ void assignTemplatedRole( String templateId, String resource, String principal )
+ throws RoleManagerException;
+
+ /**
+ * Unassigns the role indicated by the role id from the given principal
+ *
+ * @param roleId
+ * @param principal
+ * @throws RoleManagerException
+ */
+ void unassignRole( String roleId, String principal )
+ throws RoleManagerException;
+
+ /**
+ * Unassigns the role indicated by the role name from the given principal
+ *
+ * @param roleName
+ * @param principal
+ * @throws RoleManagerException
+ */
+ void unassignRoleByName( String roleName, String principal )
+ throws RoleManagerException;
+
+ /**
+ * true of a role exists with the given roleId
+ *
+ * @param roleId
+ * @return
+ * @throws RoleManagerException
+ */
+ boolean roleExists( String roleId )
+ throws RoleManagerException;
+
+ /**
+ * true of a role exists with the given roleId
+ *
+ * @param templateId
+ * @param resource
+ * @return
+ * @throws RoleManagerException
+ */
+ boolean templatedRoleExists( String templateId, String resource )
+ throws RoleManagerException;
+
+ /**
+ * get the blessed model, the current operating instructions for all things role management
+ */
+ RedbackRoleModel getModel();
+
+ /**
+ * Check a role template is complete in the RBAC store.
+ *
+ * @param templateID the templated role
+ * @param resource the resource to verify
+ * @throws RoleManagerException
+ */
+ void verifyTemplatedRole( String templateID, String resource )
+ throws RoleManagerException;
+}
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.role;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * RoleProfileException:
+ *
+ * @author Jesse McConnell <jmcconnell@apache.org>
+ * @version $Id$
+ */
+public class RoleManagerException
+ extends Exception
+{
+ public RoleManagerException( String string )
+ {
+ super( string );
+ }
+
+ public RoleManagerException( String string, Throwable throwable )
+ {
+ super( string, throwable );
+ }
+}
--- /dev/null
+package org.apache.archiva.redback.role.processor;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.rbac.Operation;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.RbacManagerException;
+import org.apache.archiva.redback.rbac.Resource;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelOperation;
+import org.codehaus.plexus.redback.role.model.ModelPermission;
+import org.codehaus.plexus.redback.role.model.ModelResource;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.apache.archiva.redback.role.util.RoleModelUtils;
+import org.codehaus.plexus.util.dag.CycleDetectedException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+@Service( "roleModelProcessor" )
+public class DefaultRoleModelProcessor
+ implements RoleModelProcessor
+{
+ private Logger log = LoggerFactory.getLogger( DefaultRoleModelProcessor.class );
+
+ @Inject
+ @Named( value = "rBACManager#cached" )
+ private RBACManager rbacManager;
+
+ private Map<String, Resource> resourceMap = new HashMap<String, Resource>();
+
+ private Map<String, Operation> operationMap = new HashMap<String, Operation>();
+
+ public void process( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ // must process resources and operations first, they are required for the
+ // permissions in the roles to add in correctly
+ processResources( model );
+ processOperations( model );
+
+ processRoles( model );
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private void processResources( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelResource profileResource : (List<ModelResource>) application.getResources() )
+ {
+ try
+ {
+ if ( !rbacManager.resourceExists( profileResource.getName() ) )
+ {
+
+ Resource resource = rbacManager.createResource( profileResource.getName() );
+ resource.setPermanent( profileResource.isPermanent() );
+ resource = rbacManager.saveResource( resource );
+
+ // store for use in permission creation
+ resourceMap.put( profileResource.getId(), resource );
+
+ }
+ else
+ {
+ resourceMap.put( profileResource.getId(),
+ rbacManager.getResource( profileResource.getName() ) );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating resource '" + profileResource.getName() + "'", e );
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private void processOperations( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelOperation profileOperation : (List<ModelOperation>) application.getOperations() )
+ {
+ try
+ {
+ if ( !rbacManager.operationExists( profileOperation.getName() ) )
+ {
+
+ Operation operation = rbacManager.createOperation( profileOperation.getName() );
+ operation.setPermanent( profileOperation.isPermanent() );
+ operation.setDescription( profileOperation.getDescription() );
+ operation = rbacManager.saveOperation( operation );
+
+ // store for use in permission creation
+ operationMap.put( profileOperation.getId(), operation );
+
+ }
+ else
+ {
+ operationMap.put( profileOperation.getId(),
+ rbacManager.getOperation( profileOperation.getName() ) );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating operation '" + profileOperation.getName() + "'",
+ e );
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private void processRoles( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ List<String> sortedGraph;
+ try
+ {
+ sortedGraph = RoleModelUtils.reverseTopologicalSortedRoleList( model );
+ }
+ catch ( CycleDetectedException e )
+ {
+ throw new RoleManagerException( "cycle detected: this should have been caught in validation", e );
+ }
+
+ for ( String roleId : sortedGraph )
+ {
+ ModelRole roleProfile = RoleModelUtils.getModelRole( model, roleId );
+
+ List<Permission> permissions = processPermissions( roleProfile.getPermissions() );
+
+ if ( !rbacManager.roleExists( roleProfile.getName() ) )
+ {
+ try
+ {
+ Role role = rbacManager.createRole( roleProfile.getName() );
+ role.setDescription( roleProfile.getDescription() );
+ role.setPermanent( roleProfile.isPermanent() );
+ role.setAssignable( roleProfile.isAssignable() );
+
+ // add any permissions associated with this role
+ for ( Permission permission : permissions )
+ {
+ role.addPermission( permission );
+ }
+
+ // add child roles to this role
+ if ( roleProfile.getChildRoles() != null )
+ {
+ for ( String childRoleId : (List<String>) roleProfile.getChildRoles() )
+ {
+ ModelRole childRoleProfile = RoleModelUtils.getModelRole( model, childRoleId );
+ role.addChildRoleName( childRoleProfile.getName() );
+ }
+ }
+
+ rbacManager.saveRole( role );
+
+ // add link from parent roles to this new role
+ if ( roleProfile.getParentRoles() != null )
+ {
+ for ( String parentRoleId : (List<String>) roleProfile.getParentRoles() )
+ {
+ ModelRole parentModelRole = RoleModelUtils.getModelRole( model, parentRoleId );
+ Role parentRole = rbacManager.getRole( parentModelRole.getName() );
+ parentRole.addChildRoleName( role.getName() );
+ rbacManager.saveRole( parentRole );
+ }
+ }
+
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating role '" + roleProfile.getName() + "'", e );
+ }
+ }
+ else
+ {
+ try
+ {
+ Role role = rbacManager.getRole( roleProfile.getName() );
+
+ boolean changed = false;
+ for ( Permission permission : permissions )
+ {
+ if ( !role.getPermissions().contains( permission ) )
+ {
+ log.info( "Adding new permission '" + permission.getName() + "' to role '" + role.getName()
+ + "'" );
+ role.addPermission( permission );
+ changed = true;
+ }
+ }
+
+ // Copy list to avoid concurrent modification [REDBACK-220]
+ List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() );
+ for ( Permission permission : oldPermissions )
+ {
+ if ( !permissions.contains( permission ) )
+ {
+ log.info(
+ "Removing old permission '" + permission.getName() + "' from role '" + role.getName()
+ + "'" );
+ role.removePermission( permission );
+ changed = true;
+ }
+ }
+ if ( changed )
+ {
+ rbacManager.saveRole( role );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error updating role '" + roleProfile.getName() + "'", e );
+ }
+ }
+ }
+ }
+
+ private List<Permission> processPermissions( List<ModelPermission> permissions )
+ throws RoleManagerException
+ {
+ List<Permission> rbacPermissions = new ArrayList<Permission>( permissions.size() );
+
+ for ( ModelPermission profilePermission : permissions )
+ {
+ try
+ {
+ if ( !rbacManager.permissionExists( profilePermission.getName() ) )
+ {
+
+ Permission permission = rbacManager.createPermission( profilePermission.getName() );
+
+ // get the operation out of the map we stored it in when we created it _by_ the id in the model
+ Operation operation = (Operation) operationMap.get( profilePermission.getOperation() );
+ // same with resource
+ Resource resource = (Resource) resourceMap.get( profilePermission.getResource() );
+
+ permission.setOperation( operation );
+ permission.setResource( resource );
+ permission.setPermanent( profilePermission.isPermanent() );
+ permission.setDescription( profilePermission.getDescription() );
+
+ permission = rbacManager.savePermission( permission );
+
+ rbacPermissions.add( permission );
+
+ }
+ else
+ {
+ rbacPermissions.add( rbacManager.getPermission( profilePermission.getName() ) );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating permission '" + profilePermission.getName() + "'", e );
+ }
+ }
+ return rbacPermissions;
+ }
+
+ public RBACManager getRbacManager()
+ {
+ return rbacManager;
+ }
+
+ public void setRbacManager( RBACManager rbacManager )
+ {
+ this.rbacManager = rbacManager;
+ }
+}
+
+
--- /dev/null
+package org.apache.archiva.redback.role.processor;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+
+/**
+ * RoleModelValidator:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+public interface RoleModelProcessor
+{
+
+ void process( RedbackRoleModel model ) throws RoleManagerException;
+
+}
--- /dev/null
+package org.apache.archiva.redback.role.template;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.rbac.Operation;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.RbacManagerException;
+import org.apache.archiva.redback.rbac.Resource;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelOperation;
+import org.codehaus.plexus.redback.role.model.ModelPermission;
+import org.codehaus.plexus.redback.role.model.ModelResource;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.apache.archiva.redback.role.util.RoleModelUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+@Service( "roleTemplateProcessor" )
+public class DefaultRoleTemplateProcessor
+ implements RoleTemplateProcessor
+{
+ private Logger log = LoggerFactory.getLogger( DefaultRoleTemplateProcessor.class );
+
+ @Inject
+ @Named( value = "rBACManager#cached" )
+ private RBACManager rbacManager;
+
+ @SuppressWarnings( "unchecked" )
+ public void create( RedbackRoleModel model, String templateId, String resource )
+ throws RoleManagerException
+ {
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( templateId.equals( template.getId() ) )
+ {
+ // resource can be special
+ processResource( template, resource );
+
+ // templates are roles that have yet to be paired with a resource for creation
+ processTemplate( model, template, resource );
+
+ return;
+ }
+ }
+ }
+
+ throw new RoleManagerException( "unknown template '" + templateId + "'" );
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public void remove( RedbackRoleModel model, String templateId, String resource )
+ throws RoleManagerException
+ {
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( templateId.equals( template.getId() ) )
+ {
+ removeTemplatedRole( model, template, resource );
+ return;
+ }
+ }
+ }
+
+ throw new RoleManagerException( "unknown template '" + templateId + "'" );
+ }
+
+ private void removeTemplatedRole( RedbackRoleModel model, ModelTemplate template, String resource )
+ throws RoleManagerException
+ {
+ String roleName = template.getNamePrefix() + template.getDelimiter() + resource;
+
+ try
+ {
+ Role role = rbacManager.getRole( roleName );
+
+ if ( !role.isPermanent() )
+ {
+ // remove the role
+ rbacManager.removeRole( role );
+
+ // remove the permissions
+ // todo, do this in a better way too, permissions can be shared across multiple roles and that could blow chunks here.
+ //for ( Iterator i = template.getPermissions().iterator(); i.hasNext(); )
+ //{
+ // ModelPermission permission = (ModelPermission) i.next();
+ // if ( !permission.isPermanent() )
+ // {
+ // rbacManager.removePermission( permission.getName() + template.getDelimiter()
+ // + resolvePermissionResource( model, permission, resolvePermissionResource( model, permission, resource ) ) );
+ // }
+ //}
+
+ // check if we want to remove the resources
+ Resource rbacResource = rbacManager.getResource( resource );
+
+ if ( !rbacResource.isPermanent() )
+ {
+ //todo we need a better way of finding if a resource is unused anymore...probably a cleaning process in the db or something
+ //rbacManager.removeResource( rbacResource );
+ }
+
+ // todo find dangling child role references and smoke
+ }
+ else
+ {
+ throw new RoleManagerException( "unable to remove role, it is flagged permanent" );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "unable to remove templated role: " + roleName, e );
+ }
+ //catch ( RoleTemplateProcessorException e )
+ //{
+ // throw new RoleManagerException( "unable to remove templated role, error resolving resource: Role:" + roleName + " Resource: " + resource, e );
+ //}
+ }
+
+ private void processResource( ModelTemplate template, String resource )
+ throws RoleManagerException
+ {
+ if ( !rbacManager.resourceExists( resource ) )
+ {
+ try
+ {
+ Resource res = rbacManager.createResource( resource );
+ res.setPermanent( template.isPermanentResource() );
+ rbacManager.saveResource( res );
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating resource '" + resource + "'", e );
+ }
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private void processTemplate( RedbackRoleModel model, ModelTemplate template, String resource )
+ throws RoleManagerException
+ {
+ String templateName = template.getNamePrefix() + template.getDelimiter() + resource;
+
+ List<Permission> permissions = processPermissions( model, template, resource );
+
+ if ( !rbacManager.roleExists( templateName ) )
+ {
+ try
+ {
+ Role role = rbacManager.createRole( templateName );
+ role.setDescription( template.getDescription() );
+ role.setPermanent( template.isPermanent() );
+ role.setAssignable( template.isAssignable() );
+
+ // add any permissions associated with this role
+ for ( Iterator j = permissions.iterator(); j.hasNext(); )
+ {
+ Permission permission = (Permission) j.next();
+
+ role.addPermission( permission );
+ }
+
+ // add child roles to this role
+ if ( template.getChildRoles() != null )
+ {
+ for ( String childRoleId : (List<String>) template.getChildRoles() )
+ {
+ ModelRole childRoleProfile = RoleModelUtils.getModelRole( model, childRoleId );
+ role.addChildRoleName( childRoleProfile.getName() );
+ }
+ }
+
+ // add child templates to this role, be nice and make them if they don't exist
+ if ( template.getChildTemplates() != null )
+ {
+ for ( String childTemplateId : (List<String>) template.getChildTemplates() )
+ {
+ ModelTemplate childModelTemplate = RoleModelUtils.getModelTemplate( model, childTemplateId );
+
+ if ( childModelTemplate == null )
+ {
+ throw new RoleManagerException(
+ "error obtaining child template from model: template " + templateName
+ + " # child template: " + childTemplateId );
+ }
+
+ String childRoleName =
+ childModelTemplate.getNamePrefix() + childModelTemplate.getDelimiter() + resource;
+
+ // check if the role exists, if it does then add it as a child, otherwise make it and add it
+ // this should be safe since validation should protect us from template cycles
+ if ( rbacManager.roleExists( childRoleName ) )
+ {
+ role.addChildRoleName( childRoleName );
+ }
+ else
+ {
+ processTemplate( model, childModelTemplate, resource );
+
+ role.addChildRoleName( childRoleName );
+ }
+ }
+ }
+
+ // this role needs to be saved since it now needs to be added as a child role by
+ // another role
+ if ( !rbacManager.roleExists( role.getName() ) )
+ {
+ role = rbacManager.saveRole( role );
+ }
+
+ // add link from parent roles to this new role
+ if ( template.getParentRoles() != null )
+ {
+ for ( String parentRoleId : (List<String>) template.getParentRoles() )
+ {
+ ModelRole parentModelRole = RoleModelUtils.getModelRole( model, parentRoleId );
+ Role parentRole = rbacManager.getRole( parentModelRole.getName() );
+ parentRole.addChildRoleName( role.getName() );
+ rbacManager.saveRole( parentRole );
+ }
+ }
+
+ // add child templates to this role, be nice and make them if they don't exist
+ if ( template.getParentTemplates() != null )
+ {
+ for ( String parentTemplateId : (List<String>) template.getParentTemplates() )
+ {
+ ModelTemplate parentModelTemplate = RoleModelUtils.getModelTemplate( model, parentTemplateId );
+
+ if ( parentModelTemplate == null )
+ {
+ throw new RoleManagerException(
+ "error obtaining parent template from model: template " + templateName
+ + " # child template: " + parentTemplateId );
+ }
+
+ String parentRoleName =
+ parentModelTemplate.getNamePrefix() + parentModelTemplate.getDelimiter() + resource;
+
+ // check if the role exists, if it does then add it as a child, otherwise make it and add it
+ // this should be safe since validation should protect us from template cycles
+ if ( rbacManager.roleExists( parentRoleName ) )
+ {
+ Role parentRole = rbacManager.getRole( parentRoleName );
+
+ parentRole.addChildRoleName( role.getName() );
+ rbacManager.saveRole( parentRole );
+ }
+ else
+ {
+ processTemplate( model, parentModelTemplate, resource );
+
+ Role parentRole = rbacManager.getRole( parentRoleName );
+
+ parentRole.addChildRoleName( role.getName() );
+ rbacManager.saveRole( parentRole );
+ }
+ }
+ }
+
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error creating role '" + templateName + "'", e );
+ }
+ }
+ else
+ {
+ try
+ {
+ Role role = rbacManager.getRole( templateName );
+
+ boolean changed = false;
+ for ( Permission permission : permissions )
+ {
+ if ( !role.getPermissions().contains( permission ) )
+ {
+ log.info(
+ "Adding new permission '" + permission.getName() + "' to role '" + role.getName() + "'" );
+ role.addPermission( permission );
+ changed = true;
+ }
+ }
+
+ // Copy list to avoid concurrent modifications
+ List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() );
+ for ( Permission permission : oldPermissions )
+ {
+ if ( !permissions.contains( permission ) )
+ {
+ log.info( "Removing old permission '" + permission.getName() + "' from role '" + role.getName()
+ + "'" );
+ role.removePermission( permission );
+ changed = true;
+ }
+ }
+ if ( changed )
+ {
+ rbacManager.saveRole( role );
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ throw new RoleManagerException( "error updating role '" + templateName + "'", e );
+ }
+ }
+ }
+
+ @SuppressWarnings( "unchecked" )
+ private List<Permission> processPermissions( RedbackRoleModel model, ModelTemplate template, String resource )
+ throws RoleManagerException
+ {
+
+ if ( template.getPermissions() != null )
+ {
+ // copy list to avoid concurrent modifications
+ List<ModelPermission> templatePermissions = new ArrayList<ModelPermission>( template.getPermissions() );
+ List<Permission> rbacPermissions = new ArrayList<Permission>( templatePermissions.size() );
+ for ( ModelPermission profilePermission : templatePermissions )
+ {
+ try
+ {
+ String permissionName =
+ profilePermission.getName() + template.getDelimiter() + resolvePermissionResource( model,
+ profilePermission,
+ resource );
+
+ if ( !rbacManager.permissionExists( permissionName ) )
+ {
+
+ Permission permission = rbacManager.createPermission( permissionName );
+
+ ModelOperation modelOperation =
+ RoleModelUtils.getModelOperation( model, profilePermission.getOperation() );
+ Operation rbacOperation = rbacManager.getOperation( modelOperation.getName() );
+
+ String permissionResource = resolvePermissionResource( model, profilePermission, resource );
+
+ Resource rbacResource = rbacManager.getResource( permissionResource );
+
+ permission.setOperation( rbacOperation );
+ permission.setResource( rbacResource );
+ permission.setPermanent( profilePermission.isPermanent() );
+ permission.setDescription( profilePermission.getDescription() );
+
+ permission = rbacManager.savePermission( permission );
+
+ rbacPermissions.add( permission );
+
+ }
+ else
+ {
+
+ rbacPermissions.add( rbacManager.getPermission( permissionName ) );
+
+ }
+ }
+ catch ( RbacManagerException e )
+ {
+ e.printStackTrace();
+ throw new RoleManagerException( "unable to generate templated role: " + e.getMessage(), e );
+ }
+ catch ( RoleTemplateProcessorException e )
+ {
+ e.printStackTrace();
+ throw new RoleManagerException( "unable to resolve resource: " + resource, e );
+ }
+ }
+ return rbacPermissions;
+ }
+
+ return Collections.emptyList();
+ }
+
+ private String resolvePermissionResource( RedbackRoleModel model, ModelPermission permission, String resource )
+ throws RoleTemplateProcessorException
+ {
+ String permissionResource = permission.getResource();
+
+ // if permission's resource is ${resource}, return the resource passed in
+ if ( permissionResource.startsWith( "${" ) )
+ {
+ String tempStr = permissionResource.substring( 2, permissionResource.indexOf( '}' ) );
+
+ if ( "resource".equals( tempStr ) )
+ {
+ return resource;
+ }
+ }
+
+ // check if the resource resolves to declared operation
+ String declaredResource = resolveResource( model, permission.getResource() );
+ if ( declaredResource != null )
+ {
+ return declaredResource;
+ }
+ else
+ {
+ // either niether of the above apply, then its the resource.
+ return resource;
+ }
+ }
+
+ private String resolveResource( RedbackRoleModel model, String resource )
+ throws RoleTemplateProcessorException
+ {
+ ModelResource resolvedResource = RoleModelUtils.getModelResource( model, resource );
+
+ if ( resolvedResource != null )
+ {
+ return resolvedResource.getName();
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ public RBACManager getRbacManager()
+ {
+ return rbacManager;
+ }
+
+ public void setRbacManager( RBACManager rbacManager )
+ {
+ this.rbacManager = rbacManager;
+ }
+}
--- /dev/null
+package org.apache.archiva.redback.role.template;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+
+/**
+ * RoleModelValidator:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ */
+public interface RoleTemplateProcessor
+{
+
+ void create( RedbackRoleModel model, String templateId, String resource )
+ throws RoleManagerException;
+
+ void remove( RedbackRoleModel model, String templateId, String resource )
+ throws RoleManagerException;
+}
--- /dev/null
+package org.apache.archiva.redback.role.template;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * RoleProfileException:
+ *
+ * @author Jesse McConnell <jmcconnell@apache.org>
+ * @version $Id$
+ */
+public class RoleTemplateProcessorException
+ extends Exception
+{
+ public RoleTemplateProcessorException( String string )
+ {
+ super( string );
+ }
+
+ public RoleTemplateProcessorException( String string, Throwable throwable )
+ {
+ super( string, throwable );
+ }
+}
--- /dev/null
+package org.apache.archiva.redback.role.util;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelOperation;
+import org.codehaus.plexus.redback.role.model.ModelResource;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.util.dag.CycleDetectedException;
+import org.codehaus.plexus.util.dag.DAG;
+import org.codehaus.plexus.util.dag.TopologicalSorter;
+
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * RoleModelUtils:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+public class RoleModelUtils
+{
+
+ @SuppressWarnings( "unchecked" )
+ public static List<ModelRole> getRoles( RedbackRoleModel model )
+ {
+ List<ModelRole> roleList = new ArrayList<ModelRole>( );
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ roleList.addAll( application.getRoles() );
+ }
+
+ return roleList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<ModelTemplate> getTemplates( RedbackRoleModel model )
+ {
+ List<ModelTemplate> templateList = new ArrayList<ModelTemplate>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ templateList.addAll( application.getTemplates() );
+ }
+
+ return templateList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> getOperationIdList( RedbackRoleModel model )
+ {
+ List<String> operationsIdList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
+ {
+ operationsIdList.add( operation.getId() );
+ }
+ }
+
+ return operationsIdList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> getResourceIdList( RedbackRoleModel model )
+ {
+ List<String> resourceIdList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelResource resource : (List<ModelResource>) application.getResources() )
+ {
+ resourceIdList.add( resource.getId() );
+ }
+ }
+
+ return resourceIdList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> getRoleIdList( RedbackRoleModel model )
+ {
+ List<String> roleIdList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ roleIdList.add( role.getId() );
+ }
+ }
+
+ return roleIdList;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> getTemplateIdList( RedbackRoleModel model )
+ {
+ List<String> templateIdList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ templateIdList.add( template.getId() );
+ }
+ }
+
+ return templateIdList;
+
+ }
+
+ /**
+ * WARNING: can return null
+ *
+ * @param model
+ * @param roleId
+ * @return
+ */
+ @SuppressWarnings( "unchecked" )
+ public static ModelRole getModelRole( RedbackRoleModel model, String roleId )
+ {
+ ModelRole mrole = null;
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( roleId.equals( role.getId() ) )
+ {
+ mrole = role;
+ }
+ }
+ }
+
+ return mrole;
+ }
+
+ /**
+ * WARNING: can return null
+ *
+ * @param model
+ * @param templateId
+ * @return
+ */
+ @SuppressWarnings( "unchecked" )
+ public static ModelTemplate getModelTemplate( RedbackRoleModel model, String templateId )
+ {
+ ModelTemplate mtemplate = null;
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( templateId.equals( template.getId() ) )
+ {
+ mtemplate = template;
+ }
+ }
+ }
+
+ return mtemplate;
+ }
+
+ /**
+ * WARNING: can return null
+ *
+ * @param model
+ * @param operationId
+ * @return
+ */
+ @SuppressWarnings( "unchecked" )
+ public static ModelOperation getModelOperation( RedbackRoleModel model, String operationId )
+ {
+ ModelOperation moperation = null;
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
+ {
+ if ( operationId.equals( operation.getId() ) )
+ {
+ moperation = operation;
+ }
+ }
+ }
+
+ return moperation;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static ModelResource getModelResource( RedbackRoleModel model, String resourceId )
+ {
+ ModelResource mresource = null;
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelResource resource : (List<ModelResource>) application.getResources() )
+ {
+ if ( resourceId.equals( resource.getId() ) )
+ {
+ mresource = resource;
+ }
+ }
+ }
+
+ return mresource;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static DAG generateRoleGraph( RedbackRoleModel model )
+ throws CycleDetectedException
+ {
+ DAG roleGraph = new DAG();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ roleGraph.addVertex( role.getId() );
+
+ if ( role.getChildRoles() != null )
+ {
+ for ( String childRole : (List<String>) role.getChildRoles() )
+ {
+ roleGraph.addVertex( childRole );
+
+ roleGraph.addEdge( role.getId(), childRole );
+ }
+ }
+
+ if ( role.getParentRoles() != null )
+ {
+ for ( String parentRole : (List<String>) role.getParentRoles() )
+ {
+ roleGraph.addVertex( parentRole );
+
+ roleGraph.addEdge( parentRole, role.getId() );
+ }
+ }
+ }
+ }
+
+ return roleGraph;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static DAG generateTemplateGraph( RedbackRoleModel model )
+ throws CycleDetectedException
+ {
+ DAG templateGraph = generateRoleGraph( model );
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ templateGraph.addVertex( template.getId() );
+
+ if ( template.getChildRoles() != null )
+ {
+ for ( String childRole : (List<String>) template.getChildRoles() )
+ {
+ templateGraph.addVertex( childRole );
+
+ templateGraph.addEdge( template.getId(), childRole );
+ }
+ }
+
+ if ( template.getParentRoles() != null )
+ {
+ for ( String parentRole : (List<String>) template.getParentRoles() )
+ {
+ templateGraph.addVertex( parentRole );
+
+ templateGraph.addEdge( parentRole, template.getId() );
+ }
+ }
+
+ if ( template.getChildTemplates() != null )
+ {
+ for ( String childTemplate : (List<String>) template.getChildTemplates() )
+ {
+ templateGraph.addVertex( childTemplate );
+
+ templateGraph.addEdge( template.getId(), childTemplate );
+ }
+ }
+
+ if ( template.getParentTemplates() != null )
+ {
+ for ( String parentTemplate : (List<String>) template.getParentTemplates() )
+ {
+ templateGraph.addVertex( parentTemplate );
+
+ templateGraph.addEdge( parentTemplate, template.getId() );
+ }
+ }
+ }
+ }
+
+ return templateGraph;
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public static List<String> reverseTopologicalSortedRoleList( RedbackRoleModel model )
+ throws CycleDetectedException
+ {
+ LinkedList<String> sortedGraph =
+ (LinkedList<String>) TopologicalSorter.sort( RoleModelUtils.generateRoleGraph( model ) );
+ List<String> resortedGraph = new LinkedList<String>();
+
+ while ( !sortedGraph.isEmpty() )
+ {
+ resortedGraph.add( sortedGraph.removeLast() );
+ }
+
+ return resortedGraph;
+ }
+
+}
--- /dev/null
+package org.apache.archiva.redback.role.validator;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.archiva.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.ModelApplication;
+import org.codehaus.plexus.redback.role.model.ModelOperation;
+import org.codehaus.plexus.redback.role.model.ModelPermission;
+import org.codehaus.plexus.redback.role.model.ModelResource;
+import org.codehaus.plexus.redback.role.model.ModelRole;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.apache.archiva.redback.role.util.RoleModelUtils;
+import org.codehaus.plexus.util.dag.CycleDetectedException;
+import org.springframework.stereotype.Service;
+
+/**
+ * DefaultRoleModelValidator: validates completeness of the model
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ *
+ */
+@Service("roleModelValidator")
+public class DefaultRoleModelValidator
+ implements RoleModelValidator
+{
+ private List<String> validationErrors;
+
+ public boolean validate( RedbackRoleModel model )
+ throws RoleManagerException
+ {
+ validationErrors = null;
+
+ validateRequiredStructure( model );
+ validateResourceClosure( model );
+ validateOperationClosure( model );
+ validateChildRoleClosure( model );
+ validateParentRoleClosure( model );
+ validateTemplateClosure( model );
+ validateNoRoleCycles( model );
+ validateNoTemplateCycles( model );
+
+ if ( validationErrors == null )
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+ public List<String> getValidationErrors()
+ {
+ return validationErrors;
+ }
+
+ private void addValidationError( String error )
+ {
+ if ( validationErrors == null )
+ {
+ validationErrors = new ArrayList<String>(0);
+ }
+
+ validationErrors.add( error );
+ }
+
+ /**
+ * FIXME this should be taken care of by <required/> in modello, figure out why its not
+ * in the meantime, implement the basics
+ *
+ * @param model
+ */
+ @SuppressWarnings("unchecked")
+ private void validateRequiredStructure( RedbackRoleModel model )
+ {
+ // validate model has name
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ if ( application.getId() == null )
+ {
+ addValidationError( "model is missing application name" );
+ }
+
+ // validate model has version
+ if ( application.getVersion() == null )
+ {
+ addValidationError( application.getId() + " is missing version" );
+ }
+
+ // validate resource bits
+ for ( ModelResource resource : (List<ModelResource>) application.getResources() )
+ {
+ if ( resource.getName() == null )
+ {
+ addValidationError( resource.toString() + " missing name" );
+ }
+
+ if ( resource.getId() == null )
+ {
+ addValidationError( resource.toString() + " missing id" );
+ }
+ }
+
+ // validate the operations
+ for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
+ {
+ if ( operation.getName() == null )
+ {
+ addValidationError( operation.toString() + " missing name" );
+ }
+
+ if ( operation.getId() == null )
+ {
+ addValidationError( operation.toString() + " missing id" );
+ }
+ }
+
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getId() == null )
+ {
+ addValidationError( role.toString() + " missing id" );
+ }
+
+ if ( role.getName() == null )
+ {
+ addValidationError( role.toString() + " missing name" );
+ }
+
+ if ( role.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
+ {
+ if ( permission.getName() == null )
+ {
+ addValidationError( permission.toString() + " missing name" );
+ }
+
+ if ( permission.getId() == null )
+ {
+ addValidationError( permission.toString() + " missing id" );
+ }
+
+ if ( permission.getOperation() == null )
+ {
+ addValidationError( permission.toString() + " missing operations" );
+ }
+
+ if ( permission.getResource() == null )
+ {
+ addValidationError( permission.toString() + " missing resource" );
+ }
+ }
+ }
+ }
+
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getId() == null )
+ {
+ addValidationError( template.toString() + " missing id" );
+ }
+
+ if ( template.getNamePrefix() == null )
+ {
+ addValidationError( template.toString() + " missing name prefix" );
+ }
+
+ if ( template.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) template.getPermissions() )
+ {
+ if ( permission.getName() == null )
+ {
+ addValidationError( permission.toString() + " missing name" );
+ }
+
+ if ( permission.getId() == null )
+ {
+ addValidationError( permission.toString() + " missing id" );
+ }
+
+ if ( permission.getOperation() == null )
+ {
+ addValidationError( permission.toString() + " missing operations" );
+ }
+
+ if ( permission.getResource() == null )
+ {
+ addValidationError( permission.toString() + " missing resource" );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * validate all operations in all declared permissions exist as declared in the operations section
+ *
+ * @param model
+ */
+ @SuppressWarnings("unchecked")
+ private void validateOperationClosure( RedbackRoleModel model )
+ {
+ List<String> operationIdList = RoleModelUtils.getOperationIdList( model );
+
+ // check the operations in role permissions
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
+ {
+ if ( !operationIdList.contains( permission.getOperation() ) )
+ {
+ addValidationError( "missing operation: " + permission.getOperation() + " in permission "
+ + permission.getId() );
+ }
+ }
+ }
+ }
+
+ // check the operations in template permissions
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) template.getPermissions() )
+ {
+ if ( !operationIdList.contains( permission.getOperation() ) )
+ {
+ addValidationError( "missing operation: " + permission.getOperation() + " in permission "
+ + permission.getId() );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validateResourceClosure( RedbackRoleModel model )
+ {
+ List<String> resourceIdList = RoleModelUtils.getResourceIdList( model );
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getPermissions() != null )
+ {
+ for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
+ {
+ if ( !resourceIdList.contains( permission.getResource() ) )
+ {
+ addValidationError( "missing operation: " + permission.getResource() + " in permission "
+ + permission.getId() );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validateChildRoleClosure( RedbackRoleModel model )
+ {
+ List<String> roleIdList = RoleModelUtils.getRoleIdList( model );
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getChildRoles() != null )
+ {
+ for ( String childRoleId : (List<String>) role.getChildRoles() )
+ {
+ if ( !roleIdList.contains( childRoleId ) )
+ {
+ addValidationError( "missing role id: " + childRoleId + " in child roles of role "
+ + role.getId() );
+ }
+ }
+ }
+ }
+
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getChildRoles() != null )
+ {
+ for ( String childRoleId : (List<String>) template.getChildRoles() )
+ {
+ if ( !roleIdList.contains( childRoleId ) )
+ {
+ addValidationError( "missing role id: " + childRoleId + " in child roles of template "
+ + template.getId() );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validateParentRoleClosure( RedbackRoleModel model )
+ {
+ List roleIdList = RoleModelUtils.getRoleIdList( model );
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelRole role : (List<ModelRole>) application.getRoles() )
+ {
+ if ( role.getParentRoles() != null )
+ {
+ for ( String parentRoleId : (List<String>) role.getParentRoles() )
+ {
+ if ( !roleIdList.contains( parentRoleId ) )
+ {
+ addValidationError( "missing role id: " + parentRoleId + " in parent roles of role "
+ + role.getId() );
+ }
+ }
+ }
+ }
+
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getParentRoles() != null )
+ {
+ for ( String parentRoleId : (List<String>) template.getParentRoles() )
+ {
+ if ( !roleIdList.contains( parentRoleId ) )
+ {
+ addValidationError( "missing role id: " + parentRoleId + " in parent roles of template "
+ + template.getId() );
+ }
+ }
+ }
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private void validateTemplateClosure( RedbackRoleModel model )
+ {
+ List templateIdList = RoleModelUtils.getTemplateIdList( model );
+
+ // template name prefix must be unique
+ List<String> templateNamePrefixList = new ArrayList<String>();
+
+ for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
+ {
+ for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
+ {
+ if ( template.getParentTemplates() != null )
+ {
+ for ( String parentTemplateId : (List<String>) template.getParentTemplates() )
+ {
+ if ( !templateIdList.contains( parentTemplateId ) )
+ {
+ addValidationError( "missing template id: " + parentTemplateId
+ + " in parent templates of template " + template.getId() );
+ }
+ }
+ }
+
+ if ( template.getChildTemplates() != null )
+ {
+ for ( String childTemplateId : (List<String>) template.getChildTemplates() )
+ {
+ if ( !templateIdList.contains( childTemplateId ) )
+ {
+ addValidationError( "missing template id: " + childTemplateId
+ + " in child templates of template " + template.getId() );
+ }
+ }
+ }
+
+ if ( !templateNamePrefixList.contains( template.getNamePrefix() ) )
+ {
+ templateNamePrefixList.add( template.getNamePrefix() );
+ }
+ else
+ {
+ addValidationError( "duplicate name prefix detected: " + template.getNamePrefix() );
+ }
+ }
+ }
+ }
+
+ /**
+ * We are not allowed to have cycles between roles, this method is to detect and raise a red flag when that happens.
+ *
+ * @param model
+ */
+ private void validateNoRoleCycles( RedbackRoleModel model )
+ {
+ try
+ {
+ RoleModelUtils.generateRoleGraph( model );
+ }
+ catch ( CycleDetectedException e )
+ {
+ addValidationError( "cycle detected: " + e.getMessage() );
+ }
+ }
+
+ /**
+ * We are not allowed to have cycles between template either, this method is to detect and
+ * raise a red flag when that happens. Templates are a bit more complex since they have both
+ * child and parent roles, as well as runtime parent and child templates
+ *
+ * the id should be sufficient to test cycles here even though in runtime the id's do not need to be
+ * unique since it is the binding of a namePrefix and a resource that makes them unique
+ *
+ * @param model
+ */
+ private void validateNoTemplateCycles( RedbackRoleModel model )
+ {
+ try
+ {
+ RoleModelUtils.generateTemplateGraph( model );
+ }
+ catch ( CycleDetectedException e )
+ {
+ addValidationError( "template cycle detected: " + e.getMessage() );
+ }
+ }
+}
--- /dev/null
+package org.apache.archiva.redback.role.validator;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+
+import java.util.List;
+
+/**
+ * RoleModelValidator:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+public interface RoleModelValidator
+{
+ List<String> getValidationErrors();
+
+ boolean validate( RedbackRoleModel model )
+ throws RoleManagerException;
+
+}
+++ /dev/null
-package org.codehaus.plexus.redback.role;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.RbacManagerException;
-import org.apache.archiva.redback.rbac.Role;
-import org.apache.archiva.redback.rbac.UserAssignment;
-import org.apache.commons.lang.SystemUtils;
-import org.apache.archiva.redback.rbac.Resource;
-import org.codehaus.plexus.redback.role.model.ModelApplication;
-import org.codehaus.plexus.redback.role.model.ModelRole;
-import org.codehaus.plexus.redback.role.model.ModelTemplate;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-import org.codehaus.plexus.redback.role.model.io.stax.RedbackRoleModelStaxReader;
-import org.codehaus.plexus.redback.role.processor.RoleModelProcessor;
-import org.codehaus.plexus.redback.role.template.RoleTemplateProcessor;
-import org.codehaus.plexus.redback.role.util.RoleModelUtils;
-import org.codehaus.plexus.redback.role.validator.RoleModelValidator;
-import org.codehaus.plexus.util.IOUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import javax.annotation.PostConstruct;
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.xml.stream.XMLStreamException;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Arrays;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * RoleProfileManager:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-@Service( "roleManager" )
-public class DefaultRoleManager
- implements RoleManager
-{
- private Logger log = LoggerFactory.getLogger( DefaultRoleManager.class );
-
- /**
- * the blessed model that has been validated as complete
- */
- private RedbackRoleModel blessedModel;
-
- /**
- * the merged model that can be validated as complete
- */
- private RedbackRoleModel unblessedModel;
-
- /**
- * a map of the resources, and the model that they loaded
- */
- private Map<String, ModelApplication> knownResources = new HashMap<String, ModelApplication>();
-
- @Inject
- @Named( value = "roleModelValidator" )
- private RoleModelValidator modelValidator;
-
- @Inject
- @Named( value = "roleModelProcessor" )
- private RoleModelProcessor modelProcessor;
-
- @Inject
- @Named( value = "roleTemplateProcessor" )
- private RoleTemplateProcessor templateProcessor;
-
- @Inject
- @Named( value = "rBACManager#cached" )
- private RBACManager rbacManager;
-
-
- @SuppressWarnings( "unchecked" )
- public void loadRoleModel( URL resource )
- throws RoleManagerException
- {
- RedbackRoleModelStaxReader reader = new RedbackRoleModelStaxReader();
-
- InputStreamReader inputStreamReader = null;
-
- try
- {
-
- inputStreamReader = new InputStreamReader( resource.openStream() );
-
- RedbackRoleModel roleModel = reader.read( inputStreamReader );
-
- for ( ModelApplication app : (List<ModelApplication>) roleModel.getApplications() )
- {
- if ( !knownResources.containsKey( app.getId() ) )
- {
- log.info( "loading " + app.getId() );
- loadApplication( app );
- }
- }
- }
- catch ( MalformedURLException e )
- {
- throw new RoleManagerException( "error locating redback profile", e );
- }
- catch ( IOException e )
- {
- throw new RoleManagerException( "error reading redback profile", e );
- }
- catch ( XMLStreamException e )
- {
- throw new RoleManagerException( "error parsing redback profile", e );
- }
- finally
- {
- IOUtil.close( inputStreamReader );
- }
- }
-
- @SuppressWarnings( "unchecked" )
- public void loadRoleModel( RedbackRoleModel roleModel )
- throws RoleManagerException
- {
- for ( ModelApplication app : (List<ModelApplication>) roleModel.getApplications() )
- {
- if ( !knownResources.containsKey( app.getId() ) )
- {
- loadApplication( app );
- }
- }
-
- }
-
- public void loadApplication( ModelApplication app )
- throws RoleManagerException
- {
- if ( unblessedModel == null )
- {
- unblessedModel = new RedbackRoleModel();
- }
-
- unblessedModel.addApplication( app );
-
- if ( modelValidator.validate( unblessedModel ) )
- {
- blessedModel = unblessedModel;
- }
- else
- {
- StringBuilder stringBuilder = new StringBuilder( "Role Model Validation Errors:" );
-
- for ( String error : modelValidator.getValidationErrors() )
- {
- stringBuilder.append( error ).append( SystemUtils.LINE_SEPARATOR );
- }
-
- log.error( stringBuilder.toString() );
-
- throw new RoleManagerException(
- "Role Model Validation Error " + SystemUtils.LINE_SEPARATOR + stringBuilder.toString() );
- }
-
- modelProcessor.process( blessedModel );
-
- knownResources.put( app.getId(), app );
- }
-
- /**
- * create a role for the given roleName using the resource passed in for
- * resolving the ${resource} expression
- */
- public void createTemplatedRole( String templateId, String resource )
- throws RoleManagerException
- {
- templateProcessor.create( blessedModel, templateId, resource );
- }
-
- /**
- * remove the role corresponding to the role using the resource passed in for resolving the
- * ${resource} expression
- */
- public void removeTemplatedRole( String templateId, String resource )
- throws RoleManagerException
- {
- ModelTemplate template = RoleModelUtils.getModelTemplate( blessedModel, templateId );
-
- String roleName = template.getNamePrefix() + template.getDelimiter() + resource;
-
- try
- {
- Role role = rbacManager.getRole( roleName );
-
- for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles(
- Arrays.asList( role.getName() ) ) )
- {
- assignment.removeRoleName( role );
- rbacManager.saveUserAssignment( assignment );
- }
-
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "unable to remove role", e );
- }
-
- templateProcessor.remove( blessedModel, templateId, resource );
- }
-
- /**
- * update the role from templateId from oldResource to newResource
- * <p/>
- * NOTE: this requires removal and creation of the role since the jdo store does not tolerate renaming
- * because of the use of the name as an identifier
- */
- public void updateRole( String templateId, String oldResource, String newResource )
- throws RoleManagerException
- {
- // make the new role
- templateProcessor.create( blessedModel, templateId, newResource );
-
- ModelTemplate template = RoleModelUtils.getModelTemplate( blessedModel, templateId );
-
- String oldRoleName = template.getNamePrefix() + template.getDelimiter() + oldResource;
- String newRoleName = template.getNamePrefix() + template.getDelimiter() + newResource;
-
- try
- {
- Role role = rbacManager.getRole( oldRoleName );
-
- // remove the user assignments
- for ( UserAssignment assignment : rbacManager.getUserAssignmentsForRoles(
- Arrays.asList( role.getName() ) ) )
- {
- assignment.removeRoleName( oldRoleName );
- assignment.addRoleName( newRoleName );
- rbacManager.saveUserAssignment( assignment );
- }
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "unable to update role", e );
- }
-
- templateProcessor.remove( blessedModel, templateId, oldResource );
- }
-
- public void assignRole( String roleId, String principal )
- throws RoleManagerException
- {
- ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId );
-
- if ( modelRole == null )
- {
- throw new RoleManagerException( "Unable to assign role: " + roleId + " does not exist." );
- }
-
- try
- {
- UserAssignment userAssignment;
-
- if ( rbacManager.userAssignmentExists( principal ) )
- {
- userAssignment = rbacManager.getUserAssignment( principal );
- }
- else
- {
- userAssignment = rbacManager.createUserAssignment( principal );
- }
-
- userAssignment.addRoleName( modelRole.getName() );
- rbacManager.saveUserAssignment( userAssignment );
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "Unable to assign role: unable to manage user assignment", e );
- }
- }
-
- public void assignRoleByName( String roleName, String principal )
- throws RoleManagerException
- {
- try
- {
- UserAssignment userAssignment;
-
- if ( rbacManager.userAssignmentExists( principal ) )
- {
- userAssignment = rbacManager.getUserAssignment( principal );
- }
- else
- {
- userAssignment = rbacManager.createUserAssignment( principal );
- }
-
- if ( !rbacManager.roleExists( roleName ) )
- {
- throw new RoleManagerException( "Unable to assign role: " + roleName + " does not exist." );
- }
-
- userAssignment.addRoleName( roleName );
- rbacManager.saveUserAssignment( userAssignment );
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "Unable to assign role: unable to manage user assignment", e );
- }
- }
-
- public void assignTemplatedRole( String templateId, String resource, String principal )
- throws RoleManagerException
- {
- ModelTemplate modelTemplate = RoleModelUtils.getModelTemplate( blessedModel, templateId );
-
- if ( modelTemplate == null )
- {
- throw new RoleManagerException( "Unable to assign role: " + templateId + " does not exist." );
- }
- try
- {
- if ( !rbacManager.resourceExists( resource ) )
- {
- Resource newResource = rbacManager.createResource( resource );
- rbacManager.saveResource( newResource );
- }
-
- UserAssignment userAssignment;
-
- if ( rbacManager.userAssignmentExists( principal ) )
- {
- userAssignment = rbacManager.getUserAssignment( principal );
- }
- else
- {
- userAssignment = rbacManager.createUserAssignment( principal );
- }
-
- userAssignment.addRoleName( modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + resource );
- rbacManager.saveUserAssignment( userAssignment );
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "Unable to assign role: unable to manage user assignment", e );
- }
- }
-
- public void unassignRole( String roleId, String principal )
- throws RoleManagerException
- {
- ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId );
-
- if ( modelRole == null )
- {
- throw new RoleManagerException( "Unable to assign role: " + roleId + " does not exist." );
- }
-
- try
- {
- UserAssignment userAssignment;
-
- if ( rbacManager.userAssignmentExists( principal ) )
- {
- userAssignment = rbacManager.getUserAssignment( principal );
- }
- else
- {
- throw new RoleManagerException(
- "UserAssignment for principal " + principal + "does not exist, can't unassign role." );
- }
-
- userAssignment.removeRoleName( modelRole.getName() );
- rbacManager.saveUserAssignment( userAssignment );
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "Unable to unassign role: unable to manage user assignment", e );
- }
- }
-
- public void unassignRoleByName( String roleName, String principal )
- throws RoleManagerException
- {
- try
- {
- UserAssignment userAssignment;
-
- if ( rbacManager.userAssignmentExists( principal ) )
- {
- userAssignment = rbacManager.getUserAssignment( principal );
- }
- else
- {
- throw new RoleManagerException(
- "UserAssignment for principal " + principal + "does not exist, can't unassign role." );
- }
-
- if ( !rbacManager.roleExists( roleName ) )
- {
- throw new RoleManagerException( "Unable to unassign role: " + roleName + " does not exist." );
- }
-
- userAssignment.removeRoleName( roleName );
- rbacManager.saveUserAssignment( userAssignment );
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "Unable to unassign role: unable to manage user assignment", e );
- }
- }
-
- public boolean roleExists( String roleId )
- throws RoleManagerException
- {
- ModelRole modelRole = RoleModelUtils.getModelRole( blessedModel, roleId );
-
- if ( modelRole == null )
- {
- return false;
- }
- else
- {
- if ( rbacManager.roleExists( modelRole.getName() ) )
- {
- return true;
- }
- else
- {
- // perhaps try and reload the model here?
- throw new RoleManagerException(
- "breakdown in role management, role exists in configuration but was not created in underlying store" );
- }
- }
- }
-
- public boolean templatedRoleExists( String templateId, String resource )
- throws RoleManagerException
- {
- ModelTemplate modelTemplate = RoleModelUtils.getModelTemplate( blessedModel, templateId );
-
- // template not existing is valid to check, it will throw exception on trying to create
- if ( modelTemplate == null )
- {
- return false;
- }
- else
- {
- if ( rbacManager.roleExists( modelTemplate.getNamePrefix() + modelTemplate.getDelimiter() + resource ) )
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- }
-
- @PostConstruct
- public void initialize()
- {
- try
- {
- URL baseResource = RoleManager.class.getResource( "/META-INF/redback/redback-core.xml" );
-
- if ( baseResource == null )
- {
- throw new RuntimeException( "unable to initialize role manager, missing redback-core.xml" );
- }
-
- loadRoleModel( baseResource );
-
- Enumeration<URL> enumerator =
- RoleManager.class.getClassLoader().getResources( "META-INF/redback/redback.xml" );
-
- while ( enumerator.hasMoreElements() )
- {
- URL redbackResource = enumerator.nextElement();
-
- loadRoleModel( redbackResource );
- }
- }
- catch ( RoleManagerException e )
- {
- throw new RuntimeException( "unable to initialize RoleManager", e );
- }
- catch ( IOException e )
- {
- throw new RuntimeException( "unable to initialize RoleManager, problem with redback.xml loading", e );
- }
- }
-
- public RedbackRoleModel getModel()
- {
- return blessedModel;
- }
-
- public void verifyTemplatedRole( String templateId, String resource )
- throws RoleManagerException
- {
- // create also serves as update
- templateProcessor.create( blessedModel, templateId, resource );
- }
-
- public RedbackRoleModel getBlessedModel()
- {
- return blessedModel;
- }
-
- public void setBlessedModel( RedbackRoleModel blessedModel )
- {
- this.blessedModel = blessedModel;
- }
-
- public RedbackRoleModel getUnblessedModel()
- {
- return unblessedModel;
- }
-
- public void setUnblessedModel( RedbackRoleModel unblessedModel )
- {
- this.unblessedModel = unblessedModel;
- }
-
- public Map<String, ModelApplication> getKnownResources()
- {
- return knownResources;
- }
-
- public void setKnownResources( Map<String, ModelApplication> knownResources )
- {
- this.knownResources = knownResources;
- }
-
- public RoleModelValidator getModelValidator()
- {
- return modelValidator;
- }
-
- public void setModelValidator( RoleModelValidator modelValidator )
- {
- this.modelValidator = modelValidator;
- }
-
- public RoleModelProcessor getModelProcessor()
- {
- return modelProcessor;
- }
-
- public void setModelProcessor( RoleModelProcessor modelProcessor )
- {
- this.modelProcessor = modelProcessor;
- }
-
- public RoleTemplateProcessor getTemplateProcessor()
- {
- return templateProcessor;
- }
-
- public void setTemplateProcessor( RoleTemplateProcessor templateProcessor )
- {
- this.templateProcessor = templateProcessor;
- }
-
- public RBACManager getRbacManager()
- {
- return rbacManager;
- }
-
- public void setRbacManager( RBACManager rbacManager )
- {
- this.rbacManager = rbacManager;
- }
-}
+++ /dev/null
-package org.codehaus.plexus.redback.role;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-
-import java.net.URL;
-
-/**
- * RoleProfileManager:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-public interface RoleManager
-{
-
- /**
- * load the model and create/verify operations, resources, etc exist and make static roles
- *
- * @param resourceLocation
- * @throws RoleManagerException
- */
- void loadRoleModel( URL resourceLocation )
- throws RoleManagerException;
-
- void loadRoleModel( RedbackRoleModel model )
- throws RoleManagerException;
-
- /**
- * locate a role with the corresponding name and generate it with the given resource, ${resource}
- * in the model will be replaced with this resource string, if this resource does not exist, it
- * will be created.
- *
- * @param templateId
- * @param resource
- * @throws RoleManagerException
- */
- void createTemplatedRole( String templateId, String resource )
- throws RoleManagerException;
-
- /**
- * removes a role corresponding to the role Id that was manufactured with the given resource
- * <p/>
- * it also removes any user assignments for that role
- *
- * @param templateId
- * @param resource
- * @throws RoleManagerException
- */
- void removeTemplatedRole( String templateId, String resource )
- throws RoleManagerException;
-
-
- /**
- * allows for a role coming from a template to be renamed effectively swapping out the bits of it that
- * were labeled with the oldResource with the newResource
- * <p/>
- * it also manages any user assignments for that role
- *
- * @param templateId
- * @param oldResource
- * @param newResource
- * @throws RoleManagerException
- */
- void updateRole( String templateId, String oldResource, String newResource )
- throws RoleManagerException;
-
-
- /**
- * Assigns the role indicated by the roleId to the given principal
- *
- * @param roleId
- * @param principal
- * @throws RoleManagerException
- */
- void assignRole( String roleId, String principal )
- throws RoleManagerException;
-
- /**
- * Assigns the role indicated by the roleName to the given principal
- *
- * @param roleName
- * @param principal
- * @throws RoleManagerException
- */
- void assignRoleByName( String roleName, String principal )
- throws RoleManagerException;
-
- /**
- * Assigns the templated role indicated by the templateId
- * <p/>
- * fails if the templated role has not been created
- *
- * @param templateId
- * @param resource
- * @param principal
- */
- void assignTemplatedRole( String templateId, String resource, String principal )
- throws RoleManagerException;
-
- /**
- * Unassigns the role indicated by the role id from the given principal
- *
- * @param roleId
- * @param principal
- * @throws RoleManagerException
- */
- void unassignRole( String roleId, String principal )
- throws RoleManagerException;
-
- /**
- * Unassigns the role indicated by the role name from the given principal
- *
- * @param roleName
- * @param principal
- * @throws RoleManagerException
- */
- void unassignRoleByName( String roleName, String principal )
- throws RoleManagerException;
-
- /**
- * true of a role exists with the given roleId
- *
- * @param roleId
- * @return
- * @throws RoleManagerException
- */
- boolean roleExists( String roleId )
- throws RoleManagerException;
-
- /**
- * true of a role exists with the given roleId
- *
- * @param templateId
- * @param resource
- * @return
- * @throws RoleManagerException
- */
- boolean templatedRoleExists( String templateId, String resource )
- throws RoleManagerException;
-
- /**
- * get the blessed model, the current operating instructions for all things role management
- */
- RedbackRoleModel getModel();
-
- /**
- * Check a role template is complete in the RBAC store.
- *
- * @param templateID the templated role
- * @param resource the resource to verify
- * @throws RoleManagerException
- */
- void verifyTemplatedRole( String templateID, String resource )
- throws RoleManagerException;
-}
\ No newline at end of file
+++ /dev/null
-package org.codehaus.plexus.redback.role;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/**
- * RoleProfileException:
- *
- * @author Jesse McConnell <jmcconnell@apache.org>
- * @version $Id$
- */
-public class RoleManagerException
- extends Exception
-{
- public RoleManagerException( String string )
- {
- super( string );
- }
-
- public RoleManagerException( String string, Throwable throwable )
- {
- super( string, throwable );
- }
-}
+++ /dev/null
-package org.codehaus.plexus.redback.role.processor;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.redback.rbac.Operation;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.RbacManagerException;
-import org.apache.archiva.redback.rbac.Resource;
-import org.apache.archiva.redback.rbac.Role;
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.role.model.ModelApplication;
-import org.codehaus.plexus.redback.role.model.ModelOperation;
-import org.codehaus.plexus.redback.role.model.ModelPermission;
-import org.codehaus.plexus.redback.role.model.ModelResource;
-import org.codehaus.plexus.redback.role.model.ModelRole;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-import org.codehaus.plexus.redback.role.util.RoleModelUtils;
-import org.codehaus.plexus.util.dag.CycleDetectedException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-@Service( "roleModelProcessor" )
-public class DefaultRoleModelProcessor
- implements RoleModelProcessor
-{
- private Logger log = LoggerFactory.getLogger( DefaultRoleModelProcessor.class );
-
- @Inject
- @Named( value = "rBACManager#cached" )
- private RBACManager rbacManager;
-
- private Map<String, Resource> resourceMap = new HashMap<String, Resource>();
-
- private Map<String, Operation> operationMap = new HashMap<String, Operation>();
-
- public void process( RedbackRoleModel model )
- throws RoleManagerException
- {
- // must process resources and operations first, they are required for the
- // permissions in the roles to add in correctly
- processResources( model );
- processOperations( model );
-
- processRoles( model );
- }
-
- @SuppressWarnings( "unchecked" )
- private void processResources( RedbackRoleModel model )
- throws RoleManagerException
- {
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelResource profileResource : (List<ModelResource>) application.getResources() )
- {
- try
- {
- if ( !rbacManager.resourceExists( profileResource.getName() ) )
- {
-
- Resource resource = rbacManager.createResource( profileResource.getName() );
- resource.setPermanent( profileResource.isPermanent() );
- resource = rbacManager.saveResource( resource );
-
- // store for use in permission creation
- resourceMap.put( profileResource.getId(), resource );
-
- }
- else
- {
- resourceMap.put( profileResource.getId(),
- rbacManager.getResource( profileResource.getName() ) );
- }
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "error creating resource '" + profileResource.getName() + "'", e );
- }
- }
- }
- }
-
- @SuppressWarnings( "unchecked" )
- private void processOperations( RedbackRoleModel model )
- throws RoleManagerException
- {
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelOperation profileOperation : (List<ModelOperation>) application.getOperations() )
- {
- try
- {
- if ( !rbacManager.operationExists( profileOperation.getName() ) )
- {
-
- Operation operation = rbacManager.createOperation( profileOperation.getName() );
- operation.setPermanent( profileOperation.isPermanent() );
- operation.setDescription( profileOperation.getDescription() );
- operation = rbacManager.saveOperation( operation );
-
- // store for use in permission creation
- operationMap.put( profileOperation.getId(), operation );
-
- }
- else
- {
- operationMap.put( profileOperation.getId(),
- rbacManager.getOperation( profileOperation.getName() ) );
- }
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "error creating operation '" + profileOperation.getName() + "'",
- e );
- }
- }
- }
- }
-
- @SuppressWarnings( "unchecked" )
- private void processRoles( RedbackRoleModel model )
- throws RoleManagerException
- {
- List<String> sortedGraph;
- try
- {
- sortedGraph = RoleModelUtils.reverseTopologicalSortedRoleList( model );
- }
- catch ( CycleDetectedException e )
- {
- throw new RoleManagerException( "cycle detected: this should have been caught in validation", e );
- }
-
- for ( String roleId : sortedGraph )
- {
- ModelRole roleProfile = RoleModelUtils.getModelRole( model, roleId );
-
- List<Permission> permissions = processPermissions( roleProfile.getPermissions() );
-
- if ( !rbacManager.roleExists( roleProfile.getName() ) )
- {
- try
- {
- Role role = rbacManager.createRole( roleProfile.getName() );
- role.setDescription( roleProfile.getDescription() );
- role.setPermanent( roleProfile.isPermanent() );
- role.setAssignable( roleProfile.isAssignable() );
-
- // add any permissions associated with this role
- for ( Permission permission : permissions )
- {
- role.addPermission( permission );
- }
-
- // add child roles to this role
- if ( roleProfile.getChildRoles() != null )
- {
- for ( String childRoleId : (List<String>) roleProfile.getChildRoles() )
- {
- ModelRole childRoleProfile = RoleModelUtils.getModelRole( model, childRoleId );
- role.addChildRoleName( childRoleProfile.getName() );
- }
- }
-
- rbacManager.saveRole( role );
-
- // add link from parent roles to this new role
- if ( roleProfile.getParentRoles() != null )
- {
- for ( String parentRoleId : (List<String>) roleProfile.getParentRoles() )
- {
- ModelRole parentModelRole = RoleModelUtils.getModelRole( model, parentRoleId );
- Role parentRole = rbacManager.getRole( parentModelRole.getName() );
- parentRole.addChildRoleName( role.getName() );
- rbacManager.saveRole( parentRole );
- }
- }
-
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "error creating role '" + roleProfile.getName() + "'", e );
- }
- }
- else
- {
- try
- {
- Role role = rbacManager.getRole( roleProfile.getName() );
-
- boolean changed = false;
- for ( Permission permission : permissions )
- {
- if ( !role.getPermissions().contains( permission ) )
- {
- log.info( "Adding new permission '" + permission.getName() + "' to role '" + role.getName()
- + "'" );
- role.addPermission( permission );
- changed = true;
- }
- }
-
- // Copy list to avoid concurrent modification [REDBACK-220]
- List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() );
- for ( Permission permission : oldPermissions )
- {
- if ( !permissions.contains( permission ) )
- {
- log.info(
- "Removing old permission '" + permission.getName() + "' from role '" + role.getName()
- + "'" );
- role.removePermission( permission );
- changed = true;
- }
- }
- if ( changed )
- {
- rbacManager.saveRole( role );
- }
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "error updating role '" + roleProfile.getName() + "'", e );
- }
- }
- }
- }
-
- private List<Permission> processPermissions( List<ModelPermission> permissions )
- throws RoleManagerException
- {
- List<Permission> rbacPermissions = new ArrayList<Permission>( permissions.size() );
-
- for ( ModelPermission profilePermission : permissions )
- {
- try
- {
- if ( !rbacManager.permissionExists( profilePermission.getName() ) )
- {
-
- Permission permission = rbacManager.createPermission( profilePermission.getName() );
-
- // get the operation out of the map we stored it in when we created it _by_ the id in the model
- Operation operation = (Operation) operationMap.get( profilePermission.getOperation() );
- // same with resource
- Resource resource = (Resource) resourceMap.get( profilePermission.getResource() );
-
- permission.setOperation( operation );
- permission.setResource( resource );
- permission.setPermanent( profilePermission.isPermanent() );
- permission.setDescription( profilePermission.getDescription() );
-
- permission = rbacManager.savePermission( permission );
-
- rbacPermissions.add( permission );
-
- }
- else
- {
- rbacPermissions.add( rbacManager.getPermission( profilePermission.getName() ) );
- }
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "error creating permission '" + profilePermission.getName() + "'", e );
- }
- }
- return rbacPermissions;
- }
-
- public RBACManager getRbacManager()
- {
- return rbacManager;
- }
-
- public void setRbacManager( RBACManager rbacManager )
- {
- this.rbacManager = rbacManager;
- }
-}
-
-
+++ /dev/null
-package org.codehaus.plexus.redback.role.processor;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-
-/**
- * RoleModelValidator:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-public interface RoleModelProcessor
-{
-
- void process( RedbackRoleModel model ) throws RoleManagerException;
-
-}
+++ /dev/null
-package org.codehaus.plexus.redback.role.template;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.redback.rbac.Operation;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.RbacManagerException;
-import org.apache.archiva.redback.rbac.Resource;
-import org.apache.archiva.redback.rbac.Role;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.role.model.ModelApplication;
-import org.codehaus.plexus.redback.role.model.ModelOperation;
-import org.codehaus.plexus.redback.role.model.ModelPermission;
-import org.codehaus.plexus.redback.role.model.ModelResource;
-import org.codehaus.plexus.redback.role.model.ModelRole;
-import org.codehaus.plexus.redback.role.model.ModelTemplate;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-import org.codehaus.plexus.redback.role.util.RoleModelUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-@Service( "roleTemplateProcessor" )
-public class DefaultRoleTemplateProcessor
- implements RoleTemplateProcessor
-{
- private Logger log = LoggerFactory.getLogger( DefaultRoleTemplateProcessor.class );
-
- @Inject
- @Named( value = "rBACManager#cached" )
- private RBACManager rbacManager;
-
- @SuppressWarnings( "unchecked" )
- public void create( RedbackRoleModel model, String templateId, String resource )
- throws RoleManagerException
- {
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- if ( templateId.equals( template.getId() ) )
- {
- // resource can be special
- processResource( template, resource );
-
- // templates are roles that have yet to be paired with a resource for creation
- processTemplate( model, template, resource );
-
- return;
- }
- }
- }
-
- throw new RoleManagerException( "unknown template '" + templateId + "'" );
- }
-
- @SuppressWarnings( "unchecked" )
- public void remove( RedbackRoleModel model, String templateId, String resource )
- throws RoleManagerException
- {
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- if ( templateId.equals( template.getId() ) )
- {
- removeTemplatedRole( model, template, resource );
- return;
- }
- }
- }
-
- throw new RoleManagerException( "unknown template '" + templateId + "'" );
- }
-
- private void removeTemplatedRole( RedbackRoleModel model, ModelTemplate template, String resource )
- throws RoleManagerException
- {
- String roleName = template.getNamePrefix() + template.getDelimiter() + resource;
-
- try
- {
- Role role = rbacManager.getRole( roleName );
-
- if ( !role.isPermanent() )
- {
- // remove the role
- rbacManager.removeRole( role );
-
- // remove the permissions
- // todo, do this in a better way too, permissions can be shared across multiple roles and that could blow chunks here.
- //for ( Iterator i = template.getPermissions().iterator(); i.hasNext(); )
- //{
- // ModelPermission permission = (ModelPermission) i.next();
- // if ( !permission.isPermanent() )
- // {
- // rbacManager.removePermission( permission.getName() + template.getDelimiter()
- // + resolvePermissionResource( model, permission, resolvePermissionResource( model, permission, resource ) ) );
- // }
- //}
-
- // check if we want to remove the resources
- Resource rbacResource = rbacManager.getResource( resource );
-
- if ( !rbacResource.isPermanent() )
- {
- //todo we need a better way of finding if a resource is unused anymore...probably a cleaning process in the db or something
- //rbacManager.removeResource( rbacResource );
- }
-
- // todo find dangling child role references and smoke
- }
- else
- {
- throw new RoleManagerException( "unable to remove role, it is flagged permanent" );
- }
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "unable to remove templated role: " + roleName, e );
- }
- //catch ( RoleTemplateProcessorException e )
- //{
- // throw new RoleManagerException( "unable to remove templated role, error resolving resource: Role:" + roleName + " Resource: " + resource, e );
- //}
- }
-
- private void processResource( ModelTemplate template, String resource )
- throws RoleManagerException
- {
- if ( !rbacManager.resourceExists( resource ) )
- {
- try
- {
- Resource res = rbacManager.createResource( resource );
- res.setPermanent( template.isPermanentResource() );
- rbacManager.saveResource( res );
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "error creating resource '" + resource + "'", e );
- }
- }
- }
-
- @SuppressWarnings( "unchecked" )
- private void processTemplate( RedbackRoleModel model, ModelTemplate template, String resource )
- throws RoleManagerException
- {
- String templateName = template.getNamePrefix() + template.getDelimiter() + resource;
-
- List<Permission> permissions = processPermissions( model, template, resource );
-
- if ( !rbacManager.roleExists( templateName ) )
- {
- try
- {
- Role role = rbacManager.createRole( templateName );
- role.setDescription( template.getDescription() );
- role.setPermanent( template.isPermanent() );
- role.setAssignable( template.isAssignable() );
-
- // add any permissions associated with this role
- for ( Iterator j = permissions.iterator(); j.hasNext(); )
- {
- Permission permission = (Permission) j.next();
-
- role.addPermission( permission );
- }
-
- // add child roles to this role
- if ( template.getChildRoles() != null )
- {
- for ( String childRoleId : (List<String>) template.getChildRoles() )
- {
- ModelRole childRoleProfile = RoleModelUtils.getModelRole( model, childRoleId );
- role.addChildRoleName( childRoleProfile.getName() );
- }
- }
-
- // add child templates to this role, be nice and make them if they don't exist
- if ( template.getChildTemplates() != null )
- {
- for ( String childTemplateId : (List<String>) template.getChildTemplates() )
- {
- ModelTemplate childModelTemplate = RoleModelUtils.getModelTemplate( model, childTemplateId );
-
- if ( childModelTemplate == null )
- {
- throw new RoleManagerException(
- "error obtaining child template from model: template " + templateName
- + " # child template: " + childTemplateId );
- }
-
- String childRoleName =
- childModelTemplate.getNamePrefix() + childModelTemplate.getDelimiter() + resource;
-
- // check if the role exists, if it does then add it as a child, otherwise make it and add it
- // this should be safe since validation should protect us from template cycles
- if ( rbacManager.roleExists( childRoleName ) )
- {
- role.addChildRoleName( childRoleName );
- }
- else
- {
- processTemplate( model, childModelTemplate, resource );
-
- role.addChildRoleName( childRoleName );
- }
- }
- }
-
- // this role needs to be saved since it now needs to be added as a child role by
- // another role
- if ( !rbacManager.roleExists( role.getName() ) )
- {
- role = rbacManager.saveRole( role );
- }
-
- // add link from parent roles to this new role
- if ( template.getParentRoles() != null )
- {
- for ( String parentRoleId : (List<String>) template.getParentRoles() )
- {
- ModelRole parentModelRole = RoleModelUtils.getModelRole( model, parentRoleId );
- Role parentRole = rbacManager.getRole( parentModelRole.getName() );
- parentRole.addChildRoleName( role.getName() );
- rbacManager.saveRole( parentRole );
- }
- }
-
- // add child templates to this role, be nice and make them if they don't exist
- if ( template.getParentTemplates() != null )
- {
- for ( String parentTemplateId : (List<String>) template.getParentTemplates() )
- {
- ModelTemplate parentModelTemplate = RoleModelUtils.getModelTemplate( model, parentTemplateId );
-
- if ( parentModelTemplate == null )
- {
- throw new RoleManagerException(
- "error obtaining parent template from model: template " + templateName
- + " # child template: " + parentTemplateId );
- }
-
- String parentRoleName =
- parentModelTemplate.getNamePrefix() + parentModelTemplate.getDelimiter() + resource;
-
- // check if the role exists, if it does then add it as a child, otherwise make it and add it
- // this should be safe since validation should protect us from template cycles
- if ( rbacManager.roleExists( parentRoleName ) )
- {
- Role parentRole = rbacManager.getRole( parentRoleName );
-
- parentRole.addChildRoleName( role.getName() );
- rbacManager.saveRole( parentRole );
- }
- else
- {
- processTemplate( model, parentModelTemplate, resource );
-
- Role parentRole = rbacManager.getRole( parentRoleName );
-
- parentRole.addChildRoleName( role.getName() );
- rbacManager.saveRole( parentRole );
- }
- }
- }
-
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "error creating role '" + templateName + "'", e );
- }
- }
- else
- {
- try
- {
- Role role = rbacManager.getRole( templateName );
-
- boolean changed = false;
- for ( Permission permission : permissions )
- {
- if ( !role.getPermissions().contains( permission ) )
- {
- log.info(
- "Adding new permission '" + permission.getName() + "' to role '" + role.getName() + "'" );
- role.addPermission( permission );
- changed = true;
- }
- }
-
- // Copy list to avoid concurrent modifications
- List<Permission> oldPermissions = new ArrayList<Permission>( role.getPermissions() );
- for ( Permission permission : oldPermissions )
- {
- if ( !permissions.contains( permission ) )
- {
- log.info( "Removing old permission '" + permission.getName() + "' from role '" + role.getName()
- + "'" );
- role.removePermission( permission );
- changed = true;
- }
- }
- if ( changed )
- {
- rbacManager.saveRole( role );
- }
- }
- catch ( RbacManagerException e )
- {
- throw new RoleManagerException( "error updating role '" + templateName + "'", e );
- }
- }
- }
-
- @SuppressWarnings( "unchecked" )
- private List<Permission> processPermissions( RedbackRoleModel model, ModelTemplate template, String resource )
- throws RoleManagerException
- {
-
- if ( template.getPermissions() != null )
- {
- // copy list to avoid concurrent modifications
- List<ModelPermission> templatePermissions = new ArrayList<ModelPermission>( template.getPermissions() );
- List<Permission> rbacPermissions = new ArrayList<Permission>( templatePermissions.size() );
- for ( ModelPermission profilePermission : templatePermissions )
- {
- try
- {
- String permissionName =
- profilePermission.getName() + template.getDelimiter() + resolvePermissionResource( model,
- profilePermission,
- resource );
-
- if ( !rbacManager.permissionExists( permissionName ) )
- {
-
- Permission permission = rbacManager.createPermission( permissionName );
-
- ModelOperation modelOperation =
- RoleModelUtils.getModelOperation( model, profilePermission.getOperation() );
- Operation rbacOperation = rbacManager.getOperation( modelOperation.getName() );
-
- String permissionResource = resolvePermissionResource( model, profilePermission, resource );
-
- Resource rbacResource = rbacManager.getResource( permissionResource );
-
- permission.setOperation( rbacOperation );
- permission.setResource( rbacResource );
- permission.setPermanent( profilePermission.isPermanent() );
- permission.setDescription( profilePermission.getDescription() );
-
- permission = rbacManager.savePermission( permission );
-
- rbacPermissions.add( permission );
-
- }
- else
- {
-
- rbacPermissions.add( rbacManager.getPermission( permissionName ) );
-
- }
- }
- catch ( RbacManagerException e )
- {
- e.printStackTrace();
- throw new RoleManagerException( "unable to generate templated role: " + e.getMessage(), e );
- }
- catch ( RoleTemplateProcessorException e )
- {
- e.printStackTrace();
- throw new RoleManagerException( "unable to resolve resource: " + resource, e );
- }
- }
- return rbacPermissions;
- }
-
- return Collections.emptyList();
- }
-
- private String resolvePermissionResource( RedbackRoleModel model, ModelPermission permission, String resource )
- throws RoleTemplateProcessorException
- {
- String permissionResource = permission.getResource();
-
- // if permission's resource is ${resource}, return the resource passed in
- if ( permissionResource.startsWith( "${" ) )
- {
- String tempStr = permissionResource.substring( 2, permissionResource.indexOf( '}' ) );
-
- if ( "resource".equals( tempStr ) )
- {
- return resource;
- }
- }
-
- // check if the resource resolves to declared operation
- String declaredResource = resolveResource( model, permission.getResource() );
- if ( declaredResource != null )
- {
- return declaredResource;
- }
- else
- {
- // either niether of the above apply, then its the resource.
- return resource;
- }
- }
-
- private String resolveResource( RedbackRoleModel model, String resource )
- throws RoleTemplateProcessorException
- {
- ModelResource resolvedResource = RoleModelUtils.getModelResource( model, resource );
-
- if ( resolvedResource != null )
- {
- return resolvedResource.getName();
- }
- else
- {
- return null;
- }
- }
-
- public RBACManager getRbacManager()
- {
- return rbacManager;
- }
-
- public void setRbacManager( RBACManager rbacManager )
- {
- this.rbacManager = rbacManager;
- }
-}
+++ /dev/null
-package org.codehaus.plexus.redback.role.template;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-
-/**
- * RoleModelValidator:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- */
-public interface RoleTemplateProcessor
-{
-
- void create( RedbackRoleModel model, String templateId, String resource )
- throws RoleManagerException;
-
- void remove( RedbackRoleModel model, String templateId, String resource )
- throws RoleManagerException;
-}
+++ /dev/null
-package org.codehaus.plexus.redback.role.template;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/**
- * RoleProfileException:
- *
- * @author Jesse McConnell <jmcconnell@apache.org>
- * @version $Id$
- */
-public class RoleTemplateProcessorException
- extends Exception
-{
- public RoleTemplateProcessorException( String string )
- {
- super( string );
- }
-
- public RoleTemplateProcessorException( String string, Throwable throwable )
- {
- super( string, throwable );
- }
-}
+++ /dev/null
-package org.codehaus.plexus.redback.role.util;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.codehaus.plexus.redback.role.model.ModelApplication;
-import org.codehaus.plexus.redback.role.model.ModelOperation;
-import org.codehaus.plexus.redback.role.model.ModelResource;
-import org.codehaus.plexus.redback.role.model.ModelRole;
-import org.codehaus.plexus.redback.role.model.ModelTemplate;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-import org.codehaus.plexus.util.dag.CycleDetectedException;
-import org.codehaus.plexus.util.dag.DAG;
-import org.codehaus.plexus.util.dag.TopologicalSorter;
-
-import java.util.ArrayList;
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * RoleModelUtils:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-public class RoleModelUtils
-{
-
- @SuppressWarnings( "unchecked" )
- public static List<ModelRole> getRoles( RedbackRoleModel model )
- {
- List<ModelRole> roleList = new ArrayList<ModelRole>( );
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- roleList.addAll( application.getRoles() );
- }
-
- return roleList;
- }
-
- @SuppressWarnings( "unchecked" )
- public static List<ModelTemplate> getTemplates( RedbackRoleModel model )
- {
- List<ModelTemplate> templateList = new ArrayList<ModelTemplate>();
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- templateList.addAll( application.getTemplates() );
- }
-
- return templateList;
- }
-
- @SuppressWarnings( "unchecked" )
- public static List<String> getOperationIdList( RedbackRoleModel model )
- {
- List<String> operationsIdList = new ArrayList<String>();
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
- {
- operationsIdList.add( operation.getId() );
- }
- }
-
- return operationsIdList;
- }
-
- @SuppressWarnings( "unchecked" )
- public static List<String> getResourceIdList( RedbackRoleModel model )
- {
- List<String> resourceIdList = new ArrayList<String>();
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelResource resource : (List<ModelResource>) application.getResources() )
- {
- resourceIdList.add( resource.getId() );
- }
- }
-
- return resourceIdList;
- }
-
- @SuppressWarnings( "unchecked" )
- public static List<String> getRoleIdList( RedbackRoleModel model )
- {
- List<String> roleIdList = new ArrayList<String>();
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelRole role : (List<ModelRole>) application.getRoles() )
- {
- roleIdList.add( role.getId() );
- }
- }
-
- return roleIdList;
- }
-
- @SuppressWarnings( "unchecked" )
- public static List<String> getTemplateIdList( RedbackRoleModel model )
- {
- List<String> templateIdList = new ArrayList<String>();
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- templateIdList.add( template.getId() );
- }
- }
-
- return templateIdList;
-
- }
-
- /**
- * WARNING: can return null
- *
- * @param model
- * @param roleId
- * @return
- */
- @SuppressWarnings( "unchecked" )
- public static ModelRole getModelRole( RedbackRoleModel model, String roleId )
- {
- ModelRole mrole = null;
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelRole role : (List<ModelRole>) application.getRoles() )
- {
- if ( roleId.equals( role.getId() ) )
- {
- mrole = role;
- }
- }
- }
-
- return mrole;
- }
-
- /**
- * WARNING: can return null
- *
- * @param model
- * @param templateId
- * @return
- */
- @SuppressWarnings( "unchecked" )
- public static ModelTemplate getModelTemplate( RedbackRoleModel model, String templateId )
- {
- ModelTemplate mtemplate = null;
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- if ( templateId.equals( template.getId() ) )
- {
- mtemplate = template;
- }
- }
- }
-
- return mtemplate;
- }
-
- /**
- * WARNING: can return null
- *
- * @param model
- * @param operationId
- * @return
- */
- @SuppressWarnings( "unchecked" )
- public static ModelOperation getModelOperation( RedbackRoleModel model, String operationId )
- {
- ModelOperation moperation = null;
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
- {
- if ( operationId.equals( operation.getId() ) )
- {
- moperation = operation;
- }
- }
- }
-
- return moperation;
- }
-
- @SuppressWarnings( "unchecked" )
- public static ModelResource getModelResource( RedbackRoleModel model, String resourceId )
- {
- ModelResource mresource = null;
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelResource resource : (List<ModelResource>) application.getResources() )
- {
- if ( resourceId.equals( resource.getId() ) )
- {
- mresource = resource;
- }
- }
- }
-
- return mresource;
- }
-
- @SuppressWarnings( "unchecked" )
- public static DAG generateRoleGraph( RedbackRoleModel model )
- throws CycleDetectedException
- {
- DAG roleGraph = new DAG();
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelRole role : (List<ModelRole>) application.getRoles() )
- {
- roleGraph.addVertex( role.getId() );
-
- if ( role.getChildRoles() != null )
- {
- for ( String childRole : (List<String>) role.getChildRoles() )
- {
- roleGraph.addVertex( childRole );
-
- roleGraph.addEdge( role.getId(), childRole );
- }
- }
-
- if ( role.getParentRoles() != null )
- {
- for ( String parentRole : (List<String>) role.getParentRoles() )
- {
- roleGraph.addVertex( parentRole );
-
- roleGraph.addEdge( parentRole, role.getId() );
- }
- }
- }
- }
-
- return roleGraph;
- }
-
- @SuppressWarnings( "unchecked" )
- public static DAG generateTemplateGraph( RedbackRoleModel model )
- throws CycleDetectedException
- {
- DAG templateGraph = generateRoleGraph( model );
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- templateGraph.addVertex( template.getId() );
-
- if ( template.getChildRoles() != null )
- {
- for ( String childRole : (List<String>) template.getChildRoles() )
- {
- templateGraph.addVertex( childRole );
-
- templateGraph.addEdge( template.getId(), childRole );
- }
- }
-
- if ( template.getParentRoles() != null )
- {
- for ( String parentRole : (List<String>) template.getParentRoles() )
- {
- templateGraph.addVertex( parentRole );
-
- templateGraph.addEdge( parentRole, template.getId() );
- }
- }
-
- if ( template.getChildTemplates() != null )
- {
- for ( String childTemplate : (List<String>) template.getChildTemplates() )
- {
- templateGraph.addVertex( childTemplate );
-
- templateGraph.addEdge( template.getId(), childTemplate );
- }
- }
-
- if ( template.getParentTemplates() != null )
- {
- for ( String parentTemplate : (List<String>) template.getParentTemplates() )
- {
- templateGraph.addVertex( parentTemplate );
-
- templateGraph.addEdge( parentTemplate, template.getId() );
- }
- }
- }
- }
-
- return templateGraph;
- }
-
- @SuppressWarnings( "unchecked" )
- public static List<String> reverseTopologicalSortedRoleList( RedbackRoleModel model )
- throws CycleDetectedException
- {
- LinkedList<String> sortedGraph =
- (LinkedList<String>) TopologicalSorter.sort( RoleModelUtils.generateRoleGraph( model ) );
- List<String> resortedGraph = new LinkedList<String>();
-
- while ( !sortedGraph.isEmpty() )
- {
- resortedGraph.add( sortedGraph.removeLast() );
- }
-
- return resortedGraph;
- }
-
-}
+++ /dev/null
-package org.codehaus.plexus.redback.role.validator;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-import java.util.ArrayList;
-import java.util.List;
-
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.role.model.ModelApplication;
-import org.codehaus.plexus.redback.role.model.ModelOperation;
-import org.codehaus.plexus.redback.role.model.ModelPermission;
-import org.codehaus.plexus.redback.role.model.ModelResource;
-import org.codehaus.plexus.redback.role.model.ModelRole;
-import org.codehaus.plexus.redback.role.model.ModelTemplate;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-import org.codehaus.plexus.redback.role.util.RoleModelUtils;
-import org.codehaus.plexus.util.dag.CycleDetectedException;
-import org.springframework.stereotype.Service;
-
-/**
- * DefaultRoleModelValidator: validates completeness of the model
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- *
- */
-@Service("roleModelValidator")
-public class DefaultRoleModelValidator
- implements RoleModelValidator
-{
- private List<String> validationErrors;
-
- public boolean validate( RedbackRoleModel model )
- throws RoleManagerException
- {
- validationErrors = null;
-
- validateRequiredStructure( model );
- validateResourceClosure( model );
- validateOperationClosure( model );
- validateChildRoleClosure( model );
- validateParentRoleClosure( model );
- validateTemplateClosure( model );
- validateNoRoleCycles( model );
- validateNoTemplateCycles( model );
-
- if ( validationErrors == null )
- {
- return true;
- }
- else
- {
- return false;
- }
- }
-
- public List<String> getValidationErrors()
- {
- return validationErrors;
- }
-
- private void addValidationError( String error )
- {
- if ( validationErrors == null )
- {
- validationErrors = new ArrayList<String>(0);
- }
-
- validationErrors.add( error );
- }
-
- /**
- * FIXME this should be taken care of by <required/> in modello, figure out why its not
- * in the meantime, implement the basics
- *
- * @param model
- */
- @SuppressWarnings("unchecked")
- private void validateRequiredStructure( RedbackRoleModel model )
- {
- // validate model has name
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- if ( application.getId() == null )
- {
- addValidationError( "model is missing application name" );
- }
-
- // validate model has version
- if ( application.getVersion() == null )
- {
- addValidationError( application.getId() + " is missing version" );
- }
-
- // validate resource bits
- for ( ModelResource resource : (List<ModelResource>) application.getResources() )
- {
- if ( resource.getName() == null )
- {
- addValidationError( resource.toString() + " missing name" );
- }
-
- if ( resource.getId() == null )
- {
- addValidationError( resource.toString() + " missing id" );
- }
- }
-
- // validate the operations
- for ( ModelOperation operation : (List<ModelOperation>) application.getOperations() )
- {
- if ( operation.getName() == null )
- {
- addValidationError( operation.toString() + " missing name" );
- }
-
- if ( operation.getId() == null )
- {
- addValidationError( operation.toString() + " missing id" );
- }
- }
-
- for ( ModelRole role : (List<ModelRole>) application.getRoles() )
- {
- if ( role.getId() == null )
- {
- addValidationError( role.toString() + " missing id" );
- }
-
- if ( role.getName() == null )
- {
- addValidationError( role.toString() + " missing name" );
- }
-
- if ( role.getPermissions() != null )
- {
- for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
- {
- if ( permission.getName() == null )
- {
- addValidationError( permission.toString() + " missing name" );
- }
-
- if ( permission.getId() == null )
- {
- addValidationError( permission.toString() + " missing id" );
- }
-
- if ( permission.getOperation() == null )
- {
- addValidationError( permission.toString() + " missing operations" );
- }
-
- if ( permission.getResource() == null )
- {
- addValidationError( permission.toString() + " missing resource" );
- }
- }
- }
- }
-
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- if ( template.getId() == null )
- {
- addValidationError( template.toString() + " missing id" );
- }
-
- if ( template.getNamePrefix() == null )
- {
- addValidationError( template.toString() + " missing name prefix" );
- }
-
- if ( template.getPermissions() != null )
- {
- for ( ModelPermission permission : (List<ModelPermission>) template.getPermissions() )
- {
- if ( permission.getName() == null )
- {
- addValidationError( permission.toString() + " missing name" );
- }
-
- if ( permission.getId() == null )
- {
- addValidationError( permission.toString() + " missing id" );
- }
-
- if ( permission.getOperation() == null )
- {
- addValidationError( permission.toString() + " missing operations" );
- }
-
- if ( permission.getResource() == null )
- {
- addValidationError( permission.toString() + " missing resource" );
- }
- }
- }
- }
- }
- }
-
- /**
- * validate all operations in all declared permissions exist as declared in the operations section
- *
- * @param model
- */
- @SuppressWarnings("unchecked")
- private void validateOperationClosure( RedbackRoleModel model )
- {
- List<String> operationIdList = RoleModelUtils.getOperationIdList( model );
-
- // check the operations in role permissions
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelRole role : (List<ModelRole>) application.getRoles() )
- {
- if ( role.getPermissions() != null )
- {
- for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
- {
- if ( !operationIdList.contains( permission.getOperation() ) )
- {
- addValidationError( "missing operation: " + permission.getOperation() + " in permission "
- + permission.getId() );
- }
- }
- }
- }
-
- // check the operations in template permissions
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- if ( template.getPermissions() != null )
- {
- for ( ModelPermission permission : (List<ModelPermission>) template.getPermissions() )
- {
- if ( !operationIdList.contains( permission.getOperation() ) )
- {
- addValidationError( "missing operation: " + permission.getOperation() + " in permission "
- + permission.getId() );
- }
- }
- }
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private void validateResourceClosure( RedbackRoleModel model )
- {
- List<String> resourceIdList = RoleModelUtils.getResourceIdList( model );
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelRole role : (List<ModelRole>) application.getRoles() )
- {
- if ( role.getPermissions() != null )
- {
- for ( ModelPermission permission : (List<ModelPermission>) role.getPermissions() )
- {
- if ( !resourceIdList.contains( permission.getResource() ) )
- {
- addValidationError( "missing operation: " + permission.getResource() + " in permission "
- + permission.getId() );
- }
- }
- }
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private void validateChildRoleClosure( RedbackRoleModel model )
- {
- List<String> roleIdList = RoleModelUtils.getRoleIdList( model );
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelRole role : (List<ModelRole>) application.getRoles() )
- {
- if ( role.getChildRoles() != null )
- {
- for ( String childRoleId : (List<String>) role.getChildRoles() )
- {
- if ( !roleIdList.contains( childRoleId ) )
- {
- addValidationError( "missing role id: " + childRoleId + " in child roles of role "
- + role.getId() );
- }
- }
- }
- }
-
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- if ( template.getChildRoles() != null )
- {
- for ( String childRoleId : (List<String>) template.getChildRoles() )
- {
- if ( !roleIdList.contains( childRoleId ) )
- {
- addValidationError( "missing role id: " + childRoleId + " in child roles of template "
- + template.getId() );
- }
- }
- }
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private void validateParentRoleClosure( RedbackRoleModel model )
- {
- List roleIdList = RoleModelUtils.getRoleIdList( model );
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelRole role : (List<ModelRole>) application.getRoles() )
- {
- if ( role.getParentRoles() != null )
- {
- for ( String parentRoleId : (List<String>) role.getParentRoles() )
- {
- if ( !roleIdList.contains( parentRoleId ) )
- {
- addValidationError( "missing role id: " + parentRoleId + " in parent roles of role "
- + role.getId() );
- }
- }
- }
- }
-
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- if ( template.getParentRoles() != null )
- {
- for ( String parentRoleId : (List<String>) template.getParentRoles() )
- {
- if ( !roleIdList.contains( parentRoleId ) )
- {
- addValidationError( "missing role id: " + parentRoleId + " in parent roles of template "
- + template.getId() );
- }
- }
- }
- }
- }
- }
-
- @SuppressWarnings("unchecked")
- private void validateTemplateClosure( RedbackRoleModel model )
- {
- List templateIdList = RoleModelUtils.getTemplateIdList( model );
-
- // template name prefix must be unique
- List<String> templateNamePrefixList = new ArrayList<String>();
-
- for ( ModelApplication application : (List<ModelApplication>) model.getApplications() )
- {
- for ( ModelTemplate template : (List<ModelTemplate>) application.getTemplates() )
- {
- if ( template.getParentTemplates() != null )
- {
- for ( String parentTemplateId : (List<String>) template.getParentTemplates() )
- {
- if ( !templateIdList.contains( parentTemplateId ) )
- {
- addValidationError( "missing template id: " + parentTemplateId
- + " in parent templates of template " + template.getId() );
- }
- }
- }
-
- if ( template.getChildTemplates() != null )
- {
- for ( String childTemplateId : (List<String>) template.getChildTemplates() )
- {
- if ( !templateIdList.contains( childTemplateId ) )
- {
- addValidationError( "missing template id: " + childTemplateId
- + " in child templates of template " + template.getId() );
- }
- }
- }
-
- if ( !templateNamePrefixList.contains( template.getNamePrefix() ) )
- {
- templateNamePrefixList.add( template.getNamePrefix() );
- }
- else
- {
- addValidationError( "duplicate name prefix detected: " + template.getNamePrefix() );
- }
- }
- }
- }
-
- /**
- * We are not allowed to have cycles between roles, this method is to detect and raise a red flag when that happens.
- *
- * @param model
- */
- private void validateNoRoleCycles( RedbackRoleModel model )
- {
- try
- {
- RoleModelUtils.generateRoleGraph( model );
- }
- catch ( CycleDetectedException e )
- {
- addValidationError( "cycle detected: " + e.getMessage() );
- }
- }
-
- /**
- * We are not allowed to have cycles between template either, this method is to detect and
- * raise a red flag when that happens. Templates are a bit more complex since they have both
- * child and parent roles, as well as runtime parent and child templates
- *
- * the id should be sufficient to test cycles here even though in runtime the id's do not need to be
- * unique since it is the binding of a namePrefix and a resource that makes them unique
- *
- * @param model
- */
- private void validateNoTemplateCycles( RedbackRoleModel model )
- {
- try
- {
- RoleModelUtils.generateTemplateGraph( model );
- }
- catch ( CycleDetectedException e )
- {
- addValidationError( "template cycle detected: " + e.getMessage() );
- }
- }
-}
+++ /dev/null
-package org.codehaus.plexus.redback.role.validator;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-
-import java.util.List;
-
-/**
- * RoleModelValidator:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-public interface RoleModelValidator
-{
- List<String> getValidationErrors();
-
- boolean validate( RedbackRoleModel model )
- throws RoleManagerException;
-
-}
<context:annotation-config />
<context:component-scan
- base-package="org.codehaus.plexus.redback.role"/>
+ base-package="org.apache.archiva.redback.role"/>
</beans>
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.role;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.Resource;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.rbac.UserAssignment;
+import org.apache.archiva.redback.role.RoleManager;
+import org.codehaus.plexus.redback.role.model.ModelPermission;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.apache.archiva.redback.role.util.RoleModelUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import java.util.List;
+
+/**
+ * AbstractRoleManagerTest:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public abstract class AbstractRoleManagerTest
+ extends TestCase
+{
+
+ protected RBACManager rbacManager;
+
+ protected RoleManager roleManager;
+
+ public AbstractRoleManagerTest()
+ {
+ super();
+ }
+
+ @Test
+ public void testLoading()
+ throws Exception
+ {
+
+ List<Resource> all = rbacManager.getAllResources();
+
+
+ assertTrue( rbacManager.resourceExists( "*" ) );
+ assertTrue( rbacManager.operationExists( "Test Operation" ) );
+ assertTrue( rbacManager.roleExists( "Test Role" ) );
+ assertTrue( rbacManager.roleExists( "Test Role 1" ) );
+ assertTrue( rbacManager.roleExists( "Test Role 2" ) );
+
+ assertTrue( rbacManager.roleExists( "Role for cornflake eaters drinking milk in the bowl" ) );
+
+ roleManager.createTemplatedRole( "test-template-2", "foo" );
+
+ assertTrue( roleManager.templatedRoleExists( "test-template-2", "foo" ) );
+ assertTrue( roleManager.templatedRoleExists( "test-template", "foo" ) );
+
+ roleManager.updateRole( "test-template-2", "foo", "bar" );
+
+ assertFalse( roleManager.templatedRoleExists( "test-template-2", "foo" ) );
+ // TODO: bug - assertFalse( roleManager.templatedRoleExists( "test-template", "foo" ) );
+ assertTrue( roleManager.templatedRoleExists( "test-template-2", "bar" ) );
+ assertTrue( roleManager.templatedRoleExists( "test-template", "bar" ) );
+
+ roleManager.createTemplatedRole( "test-template-2", "hot" );
+
+ assertTrue( roleManager.templatedRoleExists( "test-template-2", "hot" ) );
+ }
+
+ @Test
+ public void testUserAssignmentUpdate()
+ throws Exception
+ {
+ String principal = "joe";
+
+ roleManager.assignRole( "test-role", principal );
+ roleManager.assignRoleByName( "Test Role 1", principal );
+ roleManager.createTemplatedRole( "test-template-2", "cold" );
+ roleManager.assignTemplatedRole( "test-template-2", "cold", principal );
+
+ roleManager.updateRole( "test-template-2", "cold", "frigid" );
+
+ assertTrue( roleManager.templatedRoleExists( "test-template-2", "frigid" ) );
+
+ UserAssignment assignment = rbacManager.getUserAssignment( principal );
+
+ List<String> assignments = assignment.getRoleNames();
+
+ assertEquals( 3, assignments.size() );
+
+ for ( String roleName : assignments )
+ {
+ System.out.println( roleName );
+ assertTrue( "Test Role".equals( roleName ) || "Foo 2 - frigid".equals( roleName ) || "Test Role 1".equals( roleName ) );
+ }
+ }
+
+ @Test
+ public void testVerifyTemplatedRole()
+ throws Exception
+ {
+ roleManager.createTemplatedRole( "test-template-2", "first" );
+
+ assertTrue( roleManager.templatedRoleExists( "test-template-2", "first" ) );
+ Role role = rbacManager.getRole( "Foo 2 - first" );
+ assertNotNull( role );
+ assertTrue( hasPermissionOnOperation( role, "Eat Cornflakes", "first" ) );
+ assertFalse( hasPermissionOnOperation( role, "Drink Milk" ) );
+
+ ModelTemplate template = RoleModelUtils.getModelTemplate( roleManager.getModel(), "test-template-2" );
+ ModelPermission p = new ModelPermission();
+ p.setId( "new-permission" );
+ p.setName( "New Permission" );
+ p.setOperation( "drink-milk" );
+ p.setResource( "${resource}" );
+ template.addPermission( p );
+ p = new ModelPermission();
+ p.setId( "eat-cornflakes-permission-3" );
+ p.setName( "Eat 3 Cornflakes" );
+ p.setOperation( "eat-cornflakes" );
+ p.setResource( "${resource}" );
+ template.removePermission( p );
+
+ roleManager.verifyTemplatedRole( "test-template-2", "first" );
+
+ assertTrue( roleManager.templatedRoleExists( "test-template-2", "first" ) );
+ role = rbacManager.getRole( "Foo 2 - first" );
+ assertNotNull( role );
+ assertFalse( hasPermissionOnOperation( role, "Eat Cornflakes", "first" ) );
+ assertTrue( hasPermissionOnOperation( role, "Drink Milk", "first" ) );
+ }
+
+ private boolean hasPermissionOnOperation( Role role, String operation )
+ {
+ for ( Permission p : role.getPermissions() )
+ {
+ if ( p.getOperation().getName().equals( operation ) )
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private boolean hasPermissionOnOperation( Role role, String operation, String resource )
+ {
+ for ( Permission p : role.getPermissions() )
+ {
+ if ( p.getOperation().getName().equals( operation ) && p.getResource().getIdentifier().equals( resource ) )
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public void setRbacManager( RBACManager rbacManager )
+ {
+ this.rbacManager = rbacManager;
+ }
+
+ public void setRoleManager( RoleManager roleManager )
+ {
+ this.roleManager = roleManager;
+ }
+}
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.role;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.rbac.jdo.JdoRbacManager;
+import org.codehaus.plexus.jdo.DefaultConfigurableJdoFactory;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.jdo.PersistenceManager;
+import javax.jdo.PersistenceManagerFactory;
+
+/**
+ * RoleManagerTest:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath:/jpox-spring-context.xml" } )
+public class JpoxRoleManagerTest
+ extends AbstractRoleManagerTest
+{
+ @Inject
+ @Named( value = "jdoFactory#users" )
+ DefaultConfigurableJdoFactory jdoFactory;
+
+ @Inject
+ @Named( value = "rBACManager#jdo" )
+ JdoRbacManager rbacManagerJdo;
+
+ @Inject @Named(value = "roleManager#jpox")
+ DefaultRoleManager roleManagerInjected;
+
+ /**
+ * Creates a new RbacStore which contains no data.
+ */
+ @Before
+ public void setUp()
+ throws Exception
+ {
+
+ super.setUp();
+
+ PersistenceManagerFactory pmf = jdoFactory.getPersistenceManagerFactory();
+
+ assertNotNull( pmf );
+
+ PersistenceManager pm = pmf.getPersistenceManager();
+
+ pm.close();
+
+ setRbacManager( rbacManagerJdo );
+
+ setRoleManager( roleManagerInjected );
+ }
+
+}
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.role;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import net.sf.ehcache.CacheManager;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.junit.Before;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+
+/**
+ * RoleManagerTest:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ */
+public class RoleManagerTest
+ extends AbstractRoleManagerTest
+{
+
+ @Inject @Named(value = "rBACManager#memory")
+ RBACManager rbacManagerMemory;
+
+ @Inject
+ RoleManager roleManagerInjected;
+ /**
+ * Creates a new RbacStore which contains no data.
+ */
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ CacheManager.getInstance().clearAll();
+ super.setUp();
+
+ rbacManager = rbacManagerMemory;
+
+ roleManager = roleManagerInjected;
+ }
+
+
+}
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.role.processor;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.role.RoleManagerException;
+import org.apache.archiva.redback.role.processor.RoleModelProcessor;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.redback.role.model.io.stax.RedbackRoleModelStaxReader;
+import org.apache.archiva.redback.role.validator.RoleModelValidator;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.xml.stream.XMLStreamException;
+import java.io.File;
+import java.io.IOException;
+
+/**
+ * RoleProfileTest:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public class RoleModelProcessorTest
+ extends TestCase
+{
+ @Inject
+ @Named( value = "rBACManager#memory" )
+ private RBACManager rbacManager;
+
+ @Inject
+ private RoleModelValidator modelValidator;
+
+ @Inject @Named(value = "modelProcessor#memory")
+ private RoleModelProcessor roleProcessor;
+
+ /**
+ * Creates a new RbacStore which contains no data.
+ */
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+ }
+
+ String getBasedir()
+ {
+ return System.getProperty( "basedir" );
+ }
+
+ @Test
+ public void testProcessing()
+ throws Exception
+ {
+ RedbackRoleModel redback = getModelFromFile( "/src/test/processor-tests/redback-1.xml" );
+
+ processModel( redback );
+
+ assertTrue( rbacManager.resourceExists( "cornflakes" ) );
+ }
+
+ private RedbackRoleModel getModelFromFile( String file )
+ throws IOException, XMLStreamException
+ {
+ File resource = new File( getBasedir() + file );
+
+ assertNotNull( resource );
+
+ RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
+
+ RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
+
+ assertNotNull( redback );
+ return redback;
+ }
+
+ private void processModel( RedbackRoleModel redback )
+ throws RoleManagerException
+ {
+ assertTrue( modelValidator.validate( redback ) );
+
+ roleProcessor.process( redback );
+ }
+
+ @Test
+ public void testMultipleProcessing()
+ throws Exception
+ {
+ rbacManager.eraseDatabase();
+
+ RedbackRoleModel redback = getModelFromFile( "/src/test/processor-tests/redback-2.xml" );
+
+ processModel( redback );
+ roleProcessor.process( redback );
+
+ Role systemAdmin = rbacManager.getRole( "System Administrator" );
+
+ assertTrue( systemAdmin.hasChildRoles() );
+ }
+
+ /**
+ * @todo there are other things that are not synced - role descriptions, removal of operations, etc.
+ */
+ @Test
+ public void testSyncPermissionsOnUpgrade()
+ throws Exception
+ {
+ rbacManager.eraseDatabase();
+
+ processModel( getModelFromFile( "/src/test/processor-tests/redback-1.xml" ) );
+
+ Role role = rbacManager.getRole( "Baby" );
+ assertFalse( hasPermissionOnOperation( role, "Eat Cornflakes" ) );
+ assertTrue( hasPermissionOnOperation( role, "Drink Milk" ) );
+
+ processModel( getModelFromFile( "/src/test/processor-tests/redback-1-updated.xml" ) );
+
+ role = rbacManager.getRole( "Baby" );
+ assertTrue( hasPermissionOnOperation( role, "Eat Cornflakes" ) );
+ assertFalse( hasPermissionOnOperation( role, "Drink Milk" ) );
+ }
+
+ private boolean hasPermissionOnOperation( Role role, String operation )
+ {
+ for ( Permission p : role.getPermissions() )
+ {
+ if ( p.getOperation().getName().equals( operation ) )
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+}
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.role.template;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.role.template.RoleTemplateProcessor;
+import org.codehaus.plexus.redback.role.model.ModelTemplate;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.redback.role.model.io.stax.RedbackRoleModelStaxReader;
+import org.apache.archiva.redback.role.processor.RoleModelProcessor;
+import org.apache.archiva.redback.role.util.RoleModelUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.io.File;
+
+/**
+ * RoleProfileTest:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public class RoleTemplateProcessorTest
+ extends TestCase
+{
+
+ @Inject
+ @Named( value = "rBACManager#memory" )
+ private RBACManager rbacManager;
+
+ @Inject @Named(value = "modelProcessor#memory")
+ private RoleModelProcessor roleProcessor;
+
+ @Inject @Named(value = "templateProcessor#memory")
+ private RoleTemplateProcessor templateProcessor;
+
+ /**
+ * Creates a new RbacStore which contains no data.
+ */
+ protected void setUp()
+ throws Exception
+ {
+ super.setUp();
+ }
+
+ String getBasedir()
+ {
+ return System.getProperty( "basedir" );
+ }
+
+ @Test
+ public void testLoading()
+ throws Exception
+ {
+ File resource = new File( getBasedir() + "/src/test/template-tests/redback-1.xml" );
+
+ assertNotNull( resource );
+
+ RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
+
+ RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
+
+ assertNotNull( redback );
+
+ roleProcessor.process( redback );
+
+ templateProcessor.create( redback, "test-template", "foo" );
+
+ ModelTemplate template = RoleModelUtils.getModelTemplate( redback, "test-template" );
+
+ String templateName = template.getNamePrefix() + template.getDelimiter() + "foo";
+
+ assertTrue( rbacManager.resourceExists( "cornflakes name" ) );
+
+ assertTrue( rbacManager.roleExists( templateName ) );
+
+ Role testRole = rbacManager.getRole( templateName );
+
+ assertNotNull( testRole );
+
+ Permission testPermission = (Permission) testRole.getPermissions().get( 0 );
+
+ assertNotNull( testPermission );
+
+ assertEquals( "Eat Cornflakes - cornflakes name", testPermission.getName() );
+
+ templateProcessor.remove( redback, "test-template", "foo" );
+
+ assertFalse( rbacManager.roleExists( templateName ) );
+
+ templateProcessor.create( redback, "test-template-2", "foo" );
+
+ ModelTemplate template2 = RoleModelUtils.getModelTemplate( redback, "test-template-2" );
+
+ String templateName2 = template2.getNamePrefix() + template2.getDelimiter() + "foo";
+
+ assertTrue( rbacManager.roleExists( templateName2 ) );
+
+ Role role = rbacManager.getRole( templateName2 );
+
+ assertNotNull( role );
+
+ assertEquals( 3, template2.getPermissions().size() );
+ assertEquals( 3, role.getPermissions().size() );
+
+ assertEquals( 1, role.getChildRoleNames().size() );
+
+ }
+
+}
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.redback.role.validator;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.redback.role.validator.RoleModelValidator;
+import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
+import org.codehaus.plexus.redback.role.model.io.stax.RedbackRoleModelStaxReader;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import java.io.File;
+import java.util.List;
+
+/**
+ * RoleModelMergerTest:
+ *
+ * @author: Jesse McConnell <jesse@codehaus.org>
+ * @version: $Id$
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public class RoleModelValidatorTest
+ extends TestCase
+{
+
+ @Inject
+ RoleModelValidator modelValidator;
+
+
+ /**
+ * Creates a new RbacStore which contains no data.
+ */
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+ }
+
+ protected String getPlexusConfigLocation()
+ {
+ return "plexus.xml";
+ }
+
+ String getBasedir()
+ {
+ return System.getProperty( "basedir" );
+ }
+
+ @Test
+ public void testGood() throws Exception
+ {
+ File resource = new File( getBasedir() + "/src/test/validation-tests/redback-good.xml");
+
+ assertNotNull( resource );
+
+ RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
+
+ RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
+
+ assertNotNull( redback );
+
+ assertTrue( modelValidator.validate( redback ) );
+
+ assertNull( modelValidator.getValidationErrors() );
+ }
+
+ @Test
+ public void testBad() throws Exception
+ {
+ File resource = new File( getBasedir() + "/src/test/validation-tests/redback-bad.xml");
+
+ assertNotNull( resource );
+
+ RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
+
+ RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
+
+ assertNotNull( redback );
+
+ assertFalse( modelValidator.validate( redback ) );
+
+ assertNotNull( modelValidator.getValidationErrors() );
+
+ assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "missing application name" ) );
+
+ assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "eat-cornflakes-missing-operation-in-template" ) );
+
+ assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "can-drink-the-milk-missing-child-role" ) );
+
+ assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "test-template-missing-child-template" ) );
+
+ assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "cycle detected" ) );
+
+ assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "template cycle detected" ) );
+
+ }
+
+ @Test
+ public void testCore() throws Exception
+ {
+ File resource = new File( getBasedir() + "/src/test/validation-tests/redback-core.xml");
+
+ assertNotNull( resource );
+
+ RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
+
+ RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
+
+ assertNotNull( redback );
+
+ assertTrue( modelValidator.validate( redback ) );
+
+ assertNull( modelValidator.getValidationErrors() );
+ }
+
+ private boolean checkForValidationError( List<String> validationErrors, String errorText )
+ {
+ for ( String error : validationErrors )
+ {
+ if ( error.indexOf( errorText ) != -1 )
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+}
\ No newline at end of file
+++ /dev/null
-package org.codehaus.plexus.redback.role;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.Resource;
-import org.apache.archiva.redback.rbac.Role;
-import org.apache.archiva.redback.rbac.UserAssignment;
-import org.codehaus.plexus.redback.role.model.ModelPermission;
-import org.codehaus.plexus.redback.role.model.ModelTemplate;
-import org.codehaus.plexus.redback.role.util.RoleModelUtils;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import java.util.List;
-
-/**
- * AbstractRoleManagerTest:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public abstract class AbstractRoleManagerTest
- extends TestCase
-{
-
- protected RBACManager rbacManager;
-
- protected RoleManager roleManager;
-
- public AbstractRoleManagerTest()
- {
- super();
- }
-
- @Test
- public void testLoading()
- throws Exception
- {
-
- List<Resource> all = rbacManager.getAllResources();
-
-
- assertTrue( rbacManager.resourceExists( "*" ) );
- assertTrue( rbacManager.operationExists( "Test Operation" ) );
- assertTrue( rbacManager.roleExists( "Test Role" ) );
- assertTrue( rbacManager.roleExists( "Test Role 1" ) );
- assertTrue( rbacManager.roleExists( "Test Role 2" ) );
-
- assertTrue( rbacManager.roleExists( "Role for cornflake eaters drinking milk in the bowl" ) );
-
- roleManager.createTemplatedRole( "test-template-2", "foo" );
-
- assertTrue( roleManager.templatedRoleExists( "test-template-2", "foo" ) );
- assertTrue( roleManager.templatedRoleExists( "test-template", "foo" ) );
-
- roleManager.updateRole( "test-template-2", "foo", "bar" );
-
- assertFalse( roleManager.templatedRoleExists( "test-template-2", "foo" ) );
- // TODO: bug - assertFalse( roleManager.templatedRoleExists( "test-template", "foo" ) );
- assertTrue( roleManager.templatedRoleExists( "test-template-2", "bar" ) );
- assertTrue( roleManager.templatedRoleExists( "test-template", "bar" ) );
-
- roleManager.createTemplatedRole( "test-template-2", "hot" );
-
- assertTrue( roleManager.templatedRoleExists( "test-template-2", "hot" ) );
- }
-
- @Test
- public void testUserAssignmentUpdate()
- throws Exception
- {
- String principal = "joe";
-
- roleManager.assignRole( "test-role", principal );
- roleManager.assignRoleByName( "Test Role 1", principal );
- roleManager.createTemplatedRole( "test-template-2", "cold" );
- roleManager.assignTemplatedRole( "test-template-2", "cold", principal );
-
- roleManager.updateRole( "test-template-2", "cold", "frigid" );
-
- assertTrue( roleManager.templatedRoleExists( "test-template-2", "frigid" ) );
-
- UserAssignment assignment = rbacManager.getUserAssignment( principal );
-
- List<String> assignments = assignment.getRoleNames();
-
- assertEquals( 3, assignments.size() );
-
- for ( String roleName : assignments )
- {
- System.out.println( roleName );
- assertTrue( "Test Role".equals( roleName ) || "Foo 2 - frigid".equals( roleName ) || "Test Role 1".equals( roleName ) );
- }
- }
-
- @Test
- public void testVerifyTemplatedRole()
- throws Exception
- {
- roleManager.createTemplatedRole( "test-template-2", "first" );
-
- assertTrue( roleManager.templatedRoleExists( "test-template-2", "first" ) );
- Role role = rbacManager.getRole( "Foo 2 - first" );
- assertNotNull( role );
- assertTrue( hasPermissionOnOperation( role, "Eat Cornflakes", "first" ) );
- assertFalse( hasPermissionOnOperation( role, "Drink Milk" ) );
-
- ModelTemplate template = RoleModelUtils.getModelTemplate( roleManager.getModel(), "test-template-2" );
- ModelPermission p = new ModelPermission();
- p.setId( "new-permission" );
- p.setName( "New Permission" );
- p.setOperation( "drink-milk" );
- p.setResource( "${resource}" );
- template.addPermission( p );
- p = new ModelPermission();
- p.setId( "eat-cornflakes-permission-3" );
- p.setName( "Eat 3 Cornflakes" );
- p.setOperation( "eat-cornflakes" );
- p.setResource( "${resource}" );
- template.removePermission( p );
-
- roleManager.verifyTemplatedRole( "test-template-2", "first" );
-
- assertTrue( roleManager.templatedRoleExists( "test-template-2", "first" ) );
- role = rbacManager.getRole( "Foo 2 - first" );
- assertNotNull( role );
- assertFalse( hasPermissionOnOperation( role, "Eat Cornflakes", "first" ) );
- assertTrue( hasPermissionOnOperation( role, "Drink Milk", "first" ) );
- }
-
- private boolean hasPermissionOnOperation( Role role, String operation )
- {
- for ( Permission p : role.getPermissions() )
- {
- if ( p.getOperation().getName().equals( operation ) )
- {
- return true;
- }
- }
- return false;
- }
-
- private boolean hasPermissionOnOperation( Role role, String operation, String resource )
- {
- for ( Permission p : role.getPermissions() )
- {
- if ( p.getOperation().getName().equals( operation ) && p.getResource().getIdentifier().equals( resource ) )
- {
- return true;
- }
- }
- return false;
- }
-
- public void setRbacManager( RBACManager rbacManager )
- {
- this.rbacManager = rbacManager;
- }
-
- public void setRoleManager( RoleManager roleManager )
- {
- this.roleManager = roleManager;
- }
-}
\ No newline at end of file
+++ /dev/null
-package org.codehaus.plexus.redback.role;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.redback.rbac.jdo.JdoRbacManager;
-import org.codehaus.plexus.jdo.DefaultConfigurableJdoFactory;
-import org.junit.Before;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.jdo.PersistenceManager;
-import javax.jdo.PersistenceManagerFactory;
-
-/**
- * RoleManagerTest:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath:/jpox-spring-context.xml" } )
-public class JpoxRoleManagerTest
- extends AbstractRoleManagerTest
-{
- @Inject
- @Named( value = "jdoFactory#users" )
- DefaultConfigurableJdoFactory jdoFactory;
-
- @Inject
- @Named( value = "rBACManager#jdo" )
- JdoRbacManager rbacManagerJdo;
-
- @Inject @Named(value = "roleManager#jpox")
- DefaultRoleManager roleManagerInjected;
-
- /**
- * Creates a new RbacStore which contains no data.
- */
- @Before
- public void setUp()
- throws Exception
- {
-
- super.setUp();
-
- PersistenceManagerFactory pmf = jdoFactory.getPersistenceManagerFactory();
-
- assertNotNull( pmf );
-
- PersistenceManager pm = pmf.getPersistenceManager();
-
- pm.close();
-
- setRbacManager( rbacManagerJdo );
-
- setRoleManager( roleManagerInjected );
- }
-
-}
\ No newline at end of file
+++ /dev/null
-package org.codehaus.plexus.redback.role;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import net.sf.ehcache.CacheManager;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.junit.Before;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-
-/**
- * RoleManagerTest:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- */
-public class RoleManagerTest
- extends AbstractRoleManagerTest
-{
-
- @Inject @Named(value = "rBACManager#memory")
- RBACManager rbacManagerMemory;
-
- @Inject
- RoleManager roleManagerInjected;
- /**
- * Creates a new RbacStore which contains no data.
- */
- @Before
- public void setUp()
- throws Exception
- {
- CacheManager.getInstance().clearAll();
- super.setUp();
-
- rbacManager = rbacManagerMemory;
-
- roleManager = roleManagerInjected;
- }
-
-
-}
\ No newline at end of file
+++ /dev/null
-package org.codehaus.plexus.redback.role.processor;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.Role;
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-import org.codehaus.plexus.redback.role.model.io.stax.RedbackRoleModelStaxReader;
-import org.codehaus.plexus.redback.role.validator.RoleModelValidator;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.xml.stream.XMLStreamException;
-import java.io.File;
-import java.io.IOException;
-
-/**
- * RoleProfileTest:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class RoleModelProcessorTest
- extends TestCase
-{
- @Inject
- @Named( value = "rBACManager#memory" )
- private RBACManager rbacManager;
-
- @Inject
- private RoleModelValidator modelValidator;
-
- @Inject @Named(value = "modelProcessor#memory")
- private RoleModelProcessor roleProcessor;
-
- /**
- * Creates a new RbacStore which contains no data.
- */
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
- }
-
- String getBasedir()
- {
- return System.getProperty( "basedir" );
- }
-
- @Test
- public void testProcessing()
- throws Exception
- {
- RedbackRoleModel redback = getModelFromFile( "/src/test/processor-tests/redback-1.xml" );
-
- processModel( redback );
-
- assertTrue( rbacManager.resourceExists( "cornflakes" ) );
- }
-
- private RedbackRoleModel getModelFromFile( String file )
- throws IOException, XMLStreamException
- {
- File resource = new File( getBasedir() + file );
-
- assertNotNull( resource );
-
- RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
-
- RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
-
- assertNotNull( redback );
- return redback;
- }
-
- private void processModel( RedbackRoleModel redback )
- throws RoleManagerException
- {
- assertTrue( modelValidator.validate( redback ) );
-
- roleProcessor.process( redback );
- }
-
- @Test
- public void testMultipleProcessing()
- throws Exception
- {
- rbacManager.eraseDatabase();
-
- RedbackRoleModel redback = getModelFromFile( "/src/test/processor-tests/redback-2.xml" );
-
- processModel( redback );
- roleProcessor.process( redback );
-
- Role systemAdmin = rbacManager.getRole( "System Administrator" );
-
- assertTrue( systemAdmin.hasChildRoles() );
- }
-
- /**
- * @todo there are other things that are not synced - role descriptions, removal of operations, etc.
- */
- @Test
- public void testSyncPermissionsOnUpgrade()
- throws Exception
- {
- rbacManager.eraseDatabase();
-
- processModel( getModelFromFile( "/src/test/processor-tests/redback-1.xml" ) );
-
- Role role = rbacManager.getRole( "Baby" );
- assertFalse( hasPermissionOnOperation( role, "Eat Cornflakes" ) );
- assertTrue( hasPermissionOnOperation( role, "Drink Milk" ) );
-
- processModel( getModelFromFile( "/src/test/processor-tests/redback-1-updated.xml" ) );
-
- role = rbacManager.getRole( "Baby" );
- assertTrue( hasPermissionOnOperation( role, "Eat Cornflakes" ) );
- assertFalse( hasPermissionOnOperation( role, "Drink Milk" ) );
- }
-
- private boolean hasPermissionOnOperation( Role role, String operation )
- {
- for ( Permission p : role.getPermissions() )
- {
- if ( p.getOperation().getName().equals( operation ) )
- {
- return true;
- }
- }
- return false;
- }
-}
\ No newline at end of file
+++ /dev/null
-package org.codehaus.plexus.redback.role.template;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.redback.rbac.Permission;
-import org.apache.archiva.redback.rbac.RBACManager;
-import org.apache.archiva.redback.rbac.Role;
-import org.codehaus.plexus.redback.role.model.ModelTemplate;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-import org.codehaus.plexus.redback.role.model.io.stax.RedbackRoleModelStaxReader;
-import org.codehaus.plexus.redback.role.processor.RoleModelProcessor;
-import org.codehaus.plexus.redback.role.util.RoleModelUtils;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.io.File;
-
-/**
- * RoleProfileTest:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class RoleTemplateProcessorTest
- extends TestCase
-{
-
- @Inject
- @Named( value = "rBACManager#memory" )
- private RBACManager rbacManager;
-
- @Inject @Named(value = "modelProcessor#memory")
- private RoleModelProcessor roleProcessor;
-
- @Inject @Named(value = "templateProcessor#memory")
- private RoleTemplateProcessor templateProcessor;
-
- /**
- * Creates a new RbacStore which contains no data.
- */
- protected void setUp()
- throws Exception
- {
- super.setUp();
- }
-
- String getBasedir()
- {
- return System.getProperty( "basedir" );
- }
-
- @Test
- public void testLoading()
- throws Exception
- {
- File resource = new File( getBasedir() + "/src/test/template-tests/redback-1.xml" );
-
- assertNotNull( resource );
-
- RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
-
- RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
-
- assertNotNull( redback );
-
- roleProcessor.process( redback );
-
- templateProcessor.create( redback, "test-template", "foo" );
-
- ModelTemplate template = RoleModelUtils.getModelTemplate( redback, "test-template" );
-
- String templateName = template.getNamePrefix() + template.getDelimiter() + "foo";
-
- assertTrue( rbacManager.resourceExists( "cornflakes name" ) );
-
- assertTrue( rbacManager.roleExists( templateName ) );
-
- Role testRole = rbacManager.getRole( templateName );
-
- assertNotNull( testRole );
-
- Permission testPermission = (Permission) testRole.getPermissions().get( 0 );
-
- assertNotNull( testPermission );
-
- assertEquals( "Eat Cornflakes - cornflakes name", testPermission.getName() );
-
- templateProcessor.remove( redback, "test-template", "foo" );
-
- assertFalse( rbacManager.roleExists( templateName ) );
-
- templateProcessor.create( redback, "test-template-2", "foo" );
-
- ModelTemplate template2 = RoleModelUtils.getModelTemplate( redback, "test-template-2" );
-
- String templateName2 = template2.getNamePrefix() + template2.getDelimiter() + "foo";
-
- assertTrue( rbacManager.roleExists( templateName2 ) );
-
- Role role = rbacManager.getRole( templateName2 );
-
- assertNotNull( role );
-
- assertEquals( 3, template2.getPermissions().size() );
- assertEquals( 3, role.getPermissions().size() );
-
- assertEquals( 1, role.getChildRoleNames().size() );
-
- }
-
-}
\ No newline at end of file
+++ /dev/null
-package org.codehaus.plexus.redback.role.validator;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.codehaus.plexus.redback.role.model.RedbackRoleModel;
-import org.codehaus.plexus.redback.role.model.io.stax.RedbackRoleModelStaxReader;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.io.File;
-import java.util.List;
-
-/**
- * RoleModelMergerTest:
- *
- * @author: Jesse McConnell <jesse@codehaus.org>
- * @version: $Id$
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class RoleModelValidatorTest
- extends TestCase
-{
-
- @Inject
- RoleModelValidator modelValidator;
-
-
- /**
- * Creates a new RbacStore which contains no data.
- */
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
- }
-
- protected String getPlexusConfigLocation()
- {
- return "plexus.xml";
- }
-
- String getBasedir()
- {
- return System.getProperty( "basedir" );
- }
-
- @Test
- public void testGood() throws Exception
- {
- File resource = new File( getBasedir() + "/src/test/validation-tests/redback-good.xml");
-
- assertNotNull( resource );
-
- RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
-
- RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
-
- assertNotNull( redback );
-
- assertTrue( modelValidator.validate( redback ) );
-
- assertNull( modelValidator.getValidationErrors() );
- }
-
- @Test
- public void testBad() throws Exception
- {
- File resource = new File( getBasedir() + "/src/test/validation-tests/redback-bad.xml");
-
- assertNotNull( resource );
-
- RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
-
- RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
-
- assertNotNull( redback );
-
- assertFalse( modelValidator.validate( redback ) );
-
- assertNotNull( modelValidator.getValidationErrors() );
-
- assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "missing application name" ) );
-
- assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "eat-cornflakes-missing-operation-in-template" ) );
-
- assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "can-drink-the-milk-missing-child-role" ) );
-
- assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "test-template-missing-child-template" ) );
-
- assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "cycle detected" ) );
-
- assertTrue( checkForValidationError( modelValidator.getValidationErrors(), "template cycle detected" ) );
-
- }
-
- @Test
- public void testCore() throws Exception
- {
- File resource = new File( getBasedir() + "/src/test/validation-tests/redback-core.xml");
-
- assertNotNull( resource );
-
- RedbackRoleModelStaxReader modelReader = new RedbackRoleModelStaxReader();
-
- RedbackRoleModel redback = modelReader.read( resource.getAbsolutePath() );
-
- assertNotNull( redback );
-
- assertTrue( modelValidator.validate( redback ) );
-
- assertNull( modelValidator.getValidationErrors() );
- }
-
- private boolean checkForValidationError( List<String> validationErrors, String errorText )
- {
- for ( String error : validationErrors )
- {
- if ( error.indexOf( errorText ) != -1 )
- {
- return true;
- }
- }
- return false;
- }
-
-}
\ No newline at end of file
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"
default-lazy-init="true">
- <bean name="roleModelProcessor" class="org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor">
+ <bean name="roleModelProcessor" class="org.apache.archiva.redback.role.processor.DefaultRoleModelProcessor">
<property name="rbacManager" ref="rBACManager#jdo"/>
</bean>
<alias name="roleModelProcessor" alias="roleModelProcessor#jpox"/>
- <bean name="roleTemplateProcessor" class="org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor">
+ <bean name="roleTemplateProcessor" class="org.apache.archiva.redback.role.template.DefaultRoleTemplateProcessor">
<property name="rbacManager" ref="rBACManager#jdo"/>
</bean>
<alias name="roleTemplateProcessor" alias="roleTemplateProcessor#jpox"/>
- <bean name="roleManager" class="org.codehaus.plexus.redback.role.DefaultRoleManager">
+ <bean name="roleManager" class="org.apache.archiva.redback.role.DefaultRoleManager">
<property name="modelValidator" ref="roleModelValidator"/>
<property name="modelProcessor" ref="roleModelProcessor#jpox"/>
<property name="templateProcessor" ref="roleTemplateProcessor#jpox"/>
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"
default-lazy-init="false">
<alias name="commons-configuration" alias="test-conf"/>
- <bean name="roleManager" class="org.codehaus.plexus.redback.role.DefaultRoleManager">
+ <bean name="roleManager" class="org.apache.archiva.redback.role.DefaultRoleManager">
<property name="modelValidator" ref="roleModelValidator"/>
<property name="modelProcessor" ref="modelProcessor#memory"/>
<property name="templateProcessor" ref="templateProcessor#memory"/>
- <bean name="modelProcessor#memory" class="org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor">
+ <bean name="modelProcessor#memory" class="org.apache.archiva.redback.role.processor.DefaultRoleModelProcessor">
<property name="rbacManager" ref="rBACManager#memory"/>
</bean>
- <bean name="templateProcessor#memory" class="org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor">
+ <bean name="templateProcessor#memory" class="org.apache.archiva.redback.role.template.DefaultRoleTemplateProcessor">
<property name="rbacManager" ref="rBACManager#memory"/>
</bean>
projects / archiva.git / commitdiff