<includes>
<!-- TODO: META-INF shouldn't be required, seems to be an issue with the current war plugin -->
<include>META-INF</include>
- <include>WEB-INF/classes</include>
- <include>WEB-INF/lib</include>
- <include>WEB-INF/database</include>
- <include>WEB-INF/logs</include>
- <include>WEB-INF/temp</include>
- <include>WEB-INF/jsp/pss</include>
+ <include>WEB-INF/classes</include> <!-- Classes and Resources from other wars -->
+ <include>WEB-INF/lib</include> <!-- Dependencies from other wars -->
+ <include>WEB-INF/database</include> <!-- Database location configured in application.xml -->
+ <include>WEB-INF/logs</include> <!-- Log file location specified in application.xml -->
+ <include>pss</include> <!-- plexus-security css and javascript -->
+ <include>WEB-INF/jsp/pss</include> <!-- plexus-security jsps -->
+ <include>WEB-INF/template/pss</include> <!-- plexus-security xwork templates -->
</includes>
</fileset>
</filesets>
<artifactId>maven-war-plugin</artifactId>
<version>2.0.1</version>
<configuration>
+ <!-- Some versions of maven-war-plugin (snapshots) have this incorrectly defaulted to true.
+ Specifically setting this to false to avoid accidental jar file creation. -->
+ <archiveClasses>false</archiveClasses>
<dependentWarExcludes>META-INF/**,WEB-INF/web.xml,WEB-INF/classes/xwork.xml</dependentWarExcludes>
</configuration>
<!-- TODO: would be good to make the jetty plugin aware of these and remove the below -->
{
public static final String ROLE = ArchivaSecurityDefaults.class.getName();
+ public static final String GUEST_ROLE = "Guest Role";
+
public static final String GUEST_USERNAME = "guest";
public static final String CONFIGURATION_EDIT_OPERATION = "edit-configuration";
admin.setAssignable( true );
rbacManager.saveRole( admin );
}
+
+ if ( !rbacManager.roleExists( GUEST_ROLE ) )
+ {
+ Role userAdmin = rbacManager.createRole( GUEST_ROLE );
+ // No permissions.
+ userAdmin.setAssignable( true );
+ rbacManager.saveRole( userAdmin );
+ }
}
catch ( RbacObjectNotFoundException ne )
{
--- /dev/null
+package org.apache.maven.archiva.web.action.admin;
+
+/*
+ * Copyright 2001-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.apache.maven.archiva.web.util.RoleManager;
+import org.codehaus.plexus.security.policy.UserSecurityPolicy;
+import org.codehaus.plexus.security.ui.web.action.AbstractUserCredentialsAction;
+import org.codehaus.plexus.security.ui.web.model.EditUserCredentials;
+import org.codehaus.plexus.security.user.User;
+import org.codehaus.plexus.security.user.UserManager;
+
+/**
+ * AddAdminUserAction
+ *
+ * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
+ * @version $Id$
+ *
+ * @plexus.component role="com.opensymphony.xwork.Action"
+ * role-hint="addAdminAction"
+ * instantiation-strategy="per-lookup"
+ */
+public class AddAdminUserAction
+ extends AbstractUserCredentialsAction
+{
+ /**
+ * @plexus.requirement
+ */
+ private RoleManager roleManager;
+
+ /**
+ * @plexus.requirement
+ */
+ private UserManager userManager;
+
+ /**
+ * @plexus.requirement
+ */
+ private UserSecurityPolicy userSecurityPolicy;
+
+ private EditUserCredentials user;
+
+ public String show()
+ {
+ if ( user == null )
+ {
+ user = new EditUserCredentials( RoleManager.ADMIN_USERNAME );
+ }
+
+ return INPUT;
+ }
+
+ public String submit()
+ {
+ if ( user == null )
+ {
+ user = new EditUserCredentials( RoleManager.ADMIN_USERNAME );
+ addActionError( "Invalid admin credentials, try again." );
+ return ERROR;
+ }
+
+ getLogger().info( "user = " + user );
+
+ // ugly hack to get around lack of cross module plexus-cdc efforts.
+ super.manager = userManager;
+ super.securityPolicy = userSecurityPolicy;
+ // TODO: Fix plexus-cdc to operate properly for cross-module creation efforts.
+
+ internalUser = user;
+
+ validateCredentialsStrict();
+
+ if ( userManager.userExists( RoleManager.ADMIN_USERNAME ) )
+ {
+ // Means that the role name exist already.
+ // We need to fail fast and return to the previous page.
+ addActionError( "Admin User exists in database (someone else probably created the user before you)." );
+ return ERROR;
+ }
+
+ if ( hasActionErrors() || hasFieldErrors() )
+ {
+ return ERROR;
+ }
+
+ User u = userManager.createUser( RoleManager.ADMIN_USERNAME, user.getFullName(), user.getEmail() );
+ if ( u == null )
+ {
+ addActionError( "Unable to operate on null user." );
+ return ERROR;
+ }
+
+ u.setPassword( user.getPassword() );
+ u.setLocked( false );
+ u.setPasswordChangeRequired( false );
+
+
+ userManager.addUser( u );
+
+ roleManager.addAdminUser( u.getPrincipal().toString() );
+
+ return SUCCESS;
+ }
+
+ public EditUserCredentials getUser()
+ {
+ return user;
+ }
+
+ public void setUser( EditUserCredentials user )
+ {
+ this.user = user;
+ }
+}
\ No newline at end of file
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
+
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
+import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
import org.apache.maven.archiva.web.util.RoleManager;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.security.rbac.RBACManager;
+import org.codehaus.plexus.security.user.User;
+import org.codehaus.plexus.security.user.UserManager;
+import org.codehaus.plexus.security.user.UserNotFoundException;
-import java.util.Map;
import java.util.Iterator;
+import java.util.Map;
/**
* An interceptor that makes the application configuration available
*
* @author <a href="mailto:brett@apache.org">Brett Porter</a>
- * @plexus.component role="com.opensymphony.xwork.interceptor.Interceptor" role-hint="configurationInterceptor"
+ * @plexus.component role="com.opensymphony.xwork.interceptor.Interceptor"
+ * role-hint="configurationInterceptor"
*/
public class ConfigurationInterceptor
extends AbstractLogEnabled
* @plexus.requirement
*/
private RBACManager rbacManager;
+
+ /**
+ * @plexus.requirement
+ */
+ private UserManager userManager;
+
+ /**
+ * @plexus.requirement
+ */
+ private ArchivaSecurityDefaults archivaDefaults;
+
+ private boolean adminInitialized = false;
/**
*
public String intercept( ActionInvocation actionInvocation )
throws Exception
{
+ archivaDefaults.ensureDefaultsExist();
ensureRepoRolesExist();
+
+ if ( !adminInitialized )
+ {
+ adminInitialized = true;
- // determine if we need an admin account made
+ try
+ {
+ User user = userManager.findUser( "admin" );
+ if ( user == null )
+ {
+ getLogger().info( "No admin user configured - forwarding to admin user creation page." );
+ return "admin-user-needed";
+ }
+ getLogger().info( "Admin user found. No need to configure admin user." );
+ }
+ catch ( UserNotFoundException e )
+ {
+ getLogger().info( "No admin user found - forwarding to admin user creation page." );
+ return "admin-user-needed";
+ }
+ }
Configuration configuration = configurationStore.getConfigurationFromStore();
*/
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
+import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
import org.codehaus.plexus.security.rbac.Permission;
import org.codehaus.plexus.security.rbac.Resource;
import org.codehaus.plexus.security.rbac.Role;
import org.codehaus.plexus.security.rbac.UserAssignment;
+import org.codehaus.plexus.security.user.User;
+import org.codehaus.plexus.security.user.UserManager;
+import org.codehaus.plexus.security.user.UserManagerListener;
+import org.codehaus.plexus.util.StringUtils;
/**
* DefaultRoleManager:
* role-hint="default"
*/
public class DefaultRoleManager
- implements RoleManager, Initializable
+ extends AbstractLogEnabled
+ implements RoleManager, UserManagerListener, Initializable
{
+ /**
+ * @plexus.requirement
+ */
+ private UserManager userManager;
/**
* @plexus.requirement
throws InitializationException
{
archivaSecurity.ensureDefaultsExist();
+ userManager.addUserManagerListener( this );
initialized = true;
}
public void addUser( String principal )
throws RbacStoreException
{
-
// make the resource
Resource usernameResource = manager.createResource( principal );
manager.saveResource( usernameResource );
{
this.initialized = initialized;
}
+
+ public void userManagerInit( boolean freshDatabase )
+ {
+ // no-op
+ }
+
+ public void userManagerUserAdded( User user )
+ {
+ if ( !StringUtils.equals( ADMIN_USERNAME, user.getUsername() ) )
+ {
+ // We have a non-admin user.
+ String principal = user.getPrincipal().toString();
+
+ // Add the personal (dynamic) roles.
+ addUser( principal );
+
+ // Add the guest (static) role.
+ try
+ {
+ Role guestRole = manager.getRole( ArchivaSecurityDefaults.GUEST_ROLE );
+ guestRole = manager.saveRole( guestRole );
+
+ UserAssignment assignment = manager.createUserAssignment( principal );
+ assignment.addRoleName( guestRole.getName() );
+ manager.saveUserAssignment( assignment );
+ }
+ catch ( RbacStoreException e )
+ {
+ getLogger().error( "Unable to add guest role to new user " + user.getUsername() + ".", e );
+ }
+ catch ( RbacObjectNotFoundException e )
+ {
+ getLogger().error( "Unable to add guest role to new user " + user.getUsername() + ".", e );
+ }
+ }
+ }
+
+ public void userManagerUserRemoved( User user )
+ {
+ // TODO: Should remove the personal (dynamic) roles for this user too.
+ }
+
+ public void userManagerUserUpdated( User user )
+ {
+ // no-op
+ }
}
package org.apache.maven.archiva.web.util;
-import org.codehaus.plexus.security.rbac.RbacStoreException;
-
/*
* Copyright 2005 The Apache Software Foundation.
*
* limitations under the License.
*/
+import org.codehaus.plexus.security.rbac.RbacStoreException;
+
/**
* RoleManager:
*
* @author Jesse McConnell <jmcconnell@apache.org>
* @version $Id:$
- *
*/
public interface RoleManager
{
public static final String ROLE = RoleManager.class.getName();
+
+ public static final String ADMIN_USERNAME = "admin";
public void addRepository( String repositoryName )
throws RbacStoreException;
<global-results>
<!-- TODO: want an extra message on the configure page when this first happens! -->
<!-- TODO: can we send them back to the original location afterwards? -->
+ <result name="admin-user-needed" type="redirect-action">
+ <param name="namespace">/admin</param>
+ <param name="actionName">addadmin</param>
+ </result>
+
<result name="config-needed" type="redirect-action">
<param name="namespace">/admin</param>
<param name="actionName">configure</param>
<!-- The following security-* result names arrive from the plexus-security package -->
<result name="security-login-success" type="redirect-action">browse</result>
<result name="security-login-cancel" type="redirect-action">browse</result>
+ <result name="security-login-locked" type="redirect-action">browse</result>
<result name="security-logout" type="redirect-action">browse</result>
<result name="security-register-success" type="redirect-action">
<param name="actionName">login</param>
<action name="index" class="configureAction" method="input">
<result name="input">/WEB-INF/jsp/admin/index.jsp</result>
</action>
+
+ <action name="addadmin" class="addAdminAction" method="show">
+ <interceptor-ref name="defaultStack"/>
+ <result name="input">/WEB-INF/jsp/admin/createAdmin.jsp</result>
+ <result name="error">/WEB-INF/jsp/admin/createAdmin.jsp</result>
+ <result name="success" type="redirect-action">
+ <param name="namespace">/</param>
+ <param name="actionName">browse</param>
+ </result>
+ </action>
<action name="addRepository" class="configureRepositoryAction" method="add">
<result name="input">/WEB-INF/jsp/admin/addRepository.jsp</result>
--- /dev/null
+<%--
+ ~ Copyright 2005-2006 The Apache Software Foundation.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ --%>
+
+<%@ taglib prefix="ww" uri="/webwork"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+
+<html>
+<head>
+ <title>Create Admin User</title>
+ <ww:head/>
+</head>
+
+<body>
+
+<c:import url="/WEB-INF/jsp/pss/include/formValidationResults.jspf" />
+
+<h2>Create Admin User</h2>
+
+<ww:form action="addadmin!submit" namespace="/admin" theme="xhtml"
+ id="adminCreateForm" method="post" name="admincreate" cssClass="security adminCreate">
+ <c:import url="/WEB-INF/jsp/pss/include/userCredentials.jspf" />
+ <ww:submit value="Create Admin" />
+</ww:form>
+
+</body>
+
+</html>
projects / archiva.git / commitdiff