start to migrate Archiva to the new role creation technique

author Brett Porter <brett@apache.org>

Thu, 28 Sep 2006 08:55:32 +0000 (08:55 +0000)

committer Brett Porter <brett@apache.org>

Thu, 28 Sep 2006 08:55:32 +0000 (08:55 +0000)
author Brett Porter <brett@apache.org>
Thu, 28 Sep 2006 08:55:32 +0000 (08:55 +0000)
committer Brett Porter <brett@apache.org>
Thu, 28 Sep 2006 08:55:32 +0000 (08:55 +0000)
diff --git a/archiva-security/pom.xml b/archiva-security/pom.xml

new file mode 100644 (file)

index 0000000..0643432
--- /dev/null
+++ b/archiva-security/pom.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?><project>
+  <parent>
+    <artifactId>archiva</artifactId>
+    <groupId>org.apache.maven.archiva</groupId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>archiva-security</artifactId>
+  <name>Archiva Security Configuration</name>
+  <dependencies>
+    <dependency>
+      <groupId>org.codehaus.plexus.security</groupId>
+      <artifactId>plexus-security-rbac-profile</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus.security</groupId>
+      <artifactId>plexus-security-system</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaGuestRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaGuestRoleProfile.java

new file mode 100644 (file)

index 0000000..c8ba7d1
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaGuestRoleProfile.java
@@ -0,0 +1,48 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+ * @todo why does this need to be created in the client app?
+ * @todo composition instead of inheritence?
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" role-hint="archiva-guest"
+ */
+public class ArchivaGuestRoleProfile
+    extends AbstractRoleProfile
+{
+    public String getRoleName()
+    {
+        return ArchivaRoleConstants.GUEST_ROLE;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ArchivaRoleConstants.OPERATION_ACTIVE_GUEST );
+        return operations;
+    }
+
+    public boolean isAssignable()
+    {
+        return false;
+    }
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java

new file mode 100644 (file)

index 0000000..adef01f
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
@@ -0,0 +1,31 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+public class ArchivaRoleConstants
+{
+    // globalish roles
+    public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
+    public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
+    public static final String REGISTERED_USER_ROLE = "Registered User";
+    public static final String GUEST_ROLE = "Guest";
+
+    // operations
+    public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
+    public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
+    public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java

new file mode 100644 (file)

index 0000000..1eb72ff
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java
@@ -0,0 +1,40 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.DefaultRoleProfileManager;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+
+/**
+ * Role profile manager.
+ *
+ * @author Brett Porter
+ * @todo composition over inheritence?
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfileManager" role-hint="archiva"
+ */
+public class ArchivaRoleProfileManager
+    extends DefaultRoleProfileManager
+{
+    public void initialize()
+        throws RoleProfileException
+    {
+        mergeRoleProfiles( "system-administrator", "archiva-system-administrator" );
+        mergeRoleProfiles( "user-administrator", "archiva-user-administrator" );
+        mergeRoleProfiles( "guest", "archiva-guest" );
+        setInitialized( true ); //todo remove the initialization idea from profile managers
+    }
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java

new file mode 100644 (file)

index 0000000..81d3541
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
@@ -0,0 +1,49 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @todo why does this need to be created in the client app?
+ * @todo composition instead of inheritence?
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" role-hint="archiva-system-administrator"
+ */
+public class ArchivaSystemAdministratorRoleProfile
+    extends AbstractRoleProfile
+{
+    public String getRoleName()
+    {
+        return ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
+        operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
+        return operations;
+    }
+
+    public boolean isAssignable()
+    {
+        return false;
+    }
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUserAdministratorRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUserAdministratorRoleProfile.java

new file mode 100644 (file)

index 0000000..b7f2db6
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUserAdministratorRoleProfile.java
@@ -0,0 +1,48 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @todo why does this need to be created in the client app?
+ * @todo composition instead of inheritence?
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" role-hint="archiva-user-administrator"
+ */
+public class ArchivaUserAdministratorRoleProfile
+    extends AbstractRoleProfile
+{
+    public String getRoleName()
+    {
+        return ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
+        return operations;
+    }
+
+    public boolean isAssignable()
+    {
+        return false;
+    }
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RoleProfileEnvironmentCheck.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RoleProfileEnvironmentCheck.java

new file mode 100644 (file)

index 0000000..6e55ae6
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RoleProfileEnvironmentCheck.java
@@ -0,0 +1,54 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.logging.AbstractLogEnabled;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.rbac.profile.RoleProfileManager;
+import org.codehaus.plexus.security.system.check.EnvironmentCheck;
+
+import java.util.List;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.security.system.check.EnvironmentCheck"
+ * role-hint="archiva-role-profile-check"
+ * @todo isn't this standard? Shouldn't it be something initializable so it doesn't need to be checked all the time?
+ */
+public class RoleProfileEnvironmentCheck
+    extends AbstractLogEnabled
+    implements EnvironmentCheck
+{
+    /**
+     * @plexus.requirement role-hint="archiva"
+     */
+    private RoleProfileManager roleProfileManager;
+
+    public void validateEnvironment( List list )
+    {
+        try
+        {
+            if ( !roleProfileManager.isInitialized() )
+            {
+                roleProfileManager.initialize();
+            }
+        }
+        catch ( RoleProfileException rpe )
+        {
+            list.add( "error inititalizing the role manager: " + rpe.getMessage() );
+        }
+    }
+}
diff --git a/archiva-security/src/main/resources/META-INF/plexus/components.xml b/archiva-security/src/main/resources/META-INF/plexus/components.xml

new file mode 100644 (file)

index 0000000..9fc5dbf
--- /dev/null
+++ b/archiva-security/src/main/resources/META-INF/plexus/components.xml
@@ -0,0 +1,67 @@
+<component-set>
+  <components>
+    <!-- TODO: wouldn't need to redeclare if it was composition -->
+    <!-- TODO: why is the container a requirement? -->
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfileManager</role>
+      <role-hint>archiva</role-hint>
+      <implementation>org.apache.maven.archiva.security.ArchivaRoleProfileManager</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+          <field-name>knownRoleProfiles</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+          <field-name>knownDynamicRoleProfiles</field-name>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+      <role-hint>archiva-system-administrator</role-hint>
+      <implementation>org.apache.maven.archiva.security.ArchivaSystemAdministratorRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+      <role-hint>archiva-user-administrator</role-hint>
+      <implementation>org.apache.maven.archiva.security.ArchivaUserAdministratorRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+      <role-hint>archiva-guest</role-hint>
+      <implementation>org.apache.maven.archiva.security.ArchivaGuestRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+  </components>
+</component-set>
diff --git a/archiva-webapp/pom.xml b/archiva-webapp/pom.xml

index dcc723a5922c04a10232b6354c38cbd842ab7c9e..8018e19cebee8bab16a68f786524a0529c49c722 100644 (file)
--- a/archiva-webapp/pom.xml
+++ b/archiva-webapp/pom.xml
@@ -100,6 +100,10 @@
        <groupId>org.apache.maven.archiva</groupId>
        <artifactId>archiva-core</artifactId>
      </dependency>
+    <dependency>
+      <groupId>org.apache.maven.archiva</groupId>
+      <artifactId>archiva-security</artifactId>
+    </dependency>
      <dependency>
        <groupId>org.apache.maven.archiva</groupId>
        <artifactId>archiva-applet</artifactId>
@@ -193,6 +197,11 @@
          </exclusion>
        </exclusions>
      </dependency>
+    <dependency>
+        <groupId>org.codehaus.plexus.security</groupId>
+        <artifactId>plexus-security-keys-jdo</artifactId>
+        <version>1.0-SNAPSHOT</version>
+      </dependency>
      <dependency>
        <groupId>org.codehaus.plexus</groupId>
        <artifactId>plexus-utils</artifactId>
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java

index 6d3db85679954aadc417a329776a4f87aef2de20..b1154fb865991fcb5a846aee597f16b88d9bff14 100644 (file)
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java
@@ -17,6 +17,7 @@ package org.apache.maven.archiva.web;
   */
  
  import org.codehaus.plexus.security.user.User;
+import org.codehaus.plexus.security.rbac.RbacManagerException;
  
  /**
   * ArchivaSecurityDefaults
@@ -30,14 +31,8 @@ public interface ArchivaSecurityDefaults
  {
      public static final String ROLE = ArchivaSecurityDefaults.class.getName();
  
-    public static final String GUEST_ROLE = "Guest Role";
-    
      public static final String GUEST_USERNAME = "guest";
-    
-    public static final String CONFIGURATION_EDIT_OPERATION = "edit-configuration";
-    
-    public static final String CONFIGURATION_EDIT_PERMISSION = "Edit Configuration";
-    
+
      public static final String INDEX_REGENERATE_OPERATION = "regenerate-index";
  
      public static final String INDEX_REGENERATE_PERMISSION = "Regenerate Index";
@@ -96,6 +91,7 @@ public interface ArchivaSecurityDefaults
  
      public static final String USERS_EDIT_ALL_PERMISSION = "Edit All Users";
      
-    public void ensureDefaultsExist();
-    public User getGuestUser();
+    public void ensureDefaultsExist()
+        throws RbacManagerException;
+
  }
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java

index 6bf544acf07e7c481063e7ec5a2e31408823705b..23449f1ea6a64ae21d9dbddb1ba06cc78ba031fc 100644 (file)
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java
@@ -22,12 +22,7 @@ import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationExce
  import org.codehaus.plexus.security.rbac.Operation;
  import org.codehaus.plexus.security.rbac.Permission;
  import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException;
-import org.codehaus.plexus.security.rbac.Role;
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.user.UserManager;
-import org.codehaus.plexus.security.user.UserNotFoundException;
-import org.codehaus.plexus.security.policy.UserSecurityPolicy;
+import org.codehaus.plexus.security.rbac.RbacManagerException;
  
  /**
   * DefaultArchivaSecurityDefaults
@@ -45,21 +40,10 @@ public class DefaultArchivaSecurityDefaults
       */
      private RBACManager rbacManager;
  
-    /**
-     * @plexus.requirement
-     */
-    private UserManager userManager;
-
-    /**
-     * @plexus.requirement
-     */
-    private UserSecurityPolicy securityPolicy;
-
      private boolean initialized = false;
  
-    private User guestUser;
-
      public void ensureDefaultsExist()
+        throws RbacManagerException
      {
          if ( initialized )
          {
@@ -69,12 +53,12 @@ public class DefaultArchivaSecurityDefaults
          ensureOperationsExist();
          ensurePermissionsExist();
          ensureRolesExist();
-        ensureUsersExist();
  
          initialized = true;
      }
  
      private void ensureOperationExists( String operationName )
+        throws RbacManagerException
      {
          if ( !rbacManager.operationExists( operationName ) )
          {
@@ -84,11 +68,11 @@ public class DefaultArchivaSecurityDefaults
      }
  
      private void ensureOperationsExist()
+        throws RbacManagerException
      {
          ensureOperationExists( REPOSITORY_ADD_OPERATION );
          ensureOperationExists( REPOSITORY_EDIT_OPERATION );
          ensureOperationExists( REPOSITORY_DELETE_OPERATION );
-        ensureOperationExists( CONFIGURATION_EDIT_OPERATION );
          ensureOperationExists( INDEX_RUN_OPERATION );
          ensureOperationExists( INDEX_REGENERATE_OPERATION );
          ensureOperationExists( REPORTS_ACCESS_OPERATION );
@@ -102,26 +86,21 @@ public class DefaultArchivaSecurityDefaults
      }
  
      private void ensurePermissionExists( String permissionName, String operationName, String resourceIdentifier )
+        throws RbacManagerException
      {
          if ( !rbacManager.permissionExists( permissionName ) )
          {
-            Permission editConfiguration = rbacManager.createPermission( permissionName, operationName,
-                                                                         resourceIdentifier );
+            Permission editConfiguration =
+                rbacManager.createPermission( permissionName, operationName, resourceIdentifier );
              rbacManager.savePermission( editConfiguration );
          }
      }
  
      private void ensurePermissionsExist()
+        throws RbacManagerException
      {
          String globalResource = rbacManager.getGlobalResource().getIdentifier();
  
-        ensurePermissionExists( USERS_EDIT_ALL_PERMISSION, USERS_EDIT_ALL_OPERATION, globalResource );
-
-        ensurePermissionExists( CONFIGURATION_EDIT_PERMISSION, CONFIGURATION_EDIT_OPERATION, globalResource );
-
-        ensurePermissionExists( ROLES_GRANT_PERMISSION, ROLES_GRANT_OPERATION, globalResource );
-        ensurePermissionExists( ROLES_REMOVE_PERMISSION, ROLES_REMOVE_OPERATION, globalResource );
-
          ensurePermissionExists( REPORTS_ACCESS_PERMISSION, REPORTS_ACCESS_OPERATION, globalResource );
          ensurePermissionExists( REPORTS_GENERATE_PERMISSION, REPORTS_GENERATE_OPERATION, globalResource );
  
@@ -134,78 +113,35 @@ public class DefaultArchivaSecurityDefaults
      }
  
      private void ensureRolesExist()
+        throws RbacManagerException
      {
-        try
-        {
-            if ( !rbacManager.roleExists( USER_ADMINISTRATOR ) )
-            {
-                Role userAdmin = rbacManager.createRole( USER_ADMINISTRATOR );
-                userAdmin.addPermission( rbacManager.getPermission( USERS_EDIT_ALL_PERMISSION ) );
-                userAdmin.addPermission( rbacManager.getPermission( ROLES_REMOVE_PERMISSION ) );
-                userAdmin.addPermission( rbacManager.getPermission( ROLES_GRANT_PERMISSION ) );
-                userAdmin.setAssignable( true );
-                rbacManager.saveRole( userAdmin );
-            }
-
-            if ( !rbacManager.roleExists( SYSTEM_ADMINISTRATOR ) )
-            {
-                Role admin = rbacManager.createRole( SYSTEM_ADMINISTRATOR );
-                admin.addChildRoleName( rbacManager.getRole( USER_ADMINISTRATOR ).getName() );
-                admin.addPermission( rbacManager.getPermission( CONFIGURATION_EDIT_PERMISSION ) );
-                admin.addPermission( rbacManager.getPermission( INDEX_RUN_PERMISSION ) );
-                admin.addPermission( rbacManager.getPermission( REPOSITORY_ADD_PERMISSION ) );
-                admin.addPermission( rbacManager.getPermission( REPORTS_ACCESS_PERMISSION ) );
-                admin.addPermission( rbacManager.getPermission( REPORTS_GENERATE_PERMISSION ) );
-                admin.addPermission( rbacManager.getPermission( INDEX_REGENERATE_PERMISSION ) );
-                admin.setAssignable( true );
-                rbacManager.saveRole( admin );
-            }
-            
-            if ( !rbacManager.roleExists( GUEST_ROLE ) )
-            {
-                Role userAdmin = rbacManager.createRole( GUEST_ROLE );
-                // No permissions.
-                userAdmin.setAssignable( true );
-                rbacManager.saveRole( userAdmin );
-            }
-        }
-        catch ( RbacObjectNotFoundException ne )
-        {
-            getLogger().fatalError( "Unable to initialize Roles!", ne );
-            throw new RuntimeException( "All Mandatory Defaults do not Exist!" );
-        }
+        /* TODO!
+                    if ( !rbacManager.roleExists( SYSTEM_ADMINISTRATOR ) )
+                    {
+                        Role admin = rbacManager.createRole( SYSTEM_ADMINISTRATOR );
+                        admin.addChildRoleName( rbacManager.getRole( USER_ADMINISTRATOR ).getName() );
+                        admin.addPermission( rbacManager.getPermission( CONFIGURATION_EDIT_PERMISSION ) );
+                        admin.addPermission( rbacManager.getPermission( INDEX_RUN_PERMISSION ) );
+                        admin.addPermission( rbacManager.getPermission( REPOSITORY_ADD_PERMISSION ) );
+                        admin.addPermission( rbacManager.getPermission( REPORTS_ACCESS_PERMISSION ) );
+                        admin.addPermission( rbacManager.getPermission( REPORTS_GENERATE_PERMISSION ) );
+                        admin.addPermission( rbacManager.getPermission( INDEX_REGENERATE_PERMISSION ) );
+                        admin.setAssignable( true );
+                        rbacManager.saveRole( admin );
+                    }
+        */
      }
  
-    public void ensureUsersExist()
+    public void initialize()
+        throws InitializationException
      {
-        if( !userManager.userExists( GUEST_USERNAME ))
+        try
          {
-            securityPolicy.setEnabled( false );
-            this.guestUser = userManager.createUser( GUEST_USERNAME, "Guest User", "" );
-            this.guestUser = userManager.addUser( this.guestUser );
-            securityPolicy.setEnabled( true );
+            ensureDefaultsExist();
          }
-        else
+        catch ( RbacManagerException e )
          {
-            try
-            {
-                this.guestUser = userManager.findUser( GUEST_USERNAME );
-            }
-            catch ( UserNotFoundException e )
-            {
-                throw new RuntimeException( "Unable to find user '" + GUEST_USERNAME + "'", e );
-            }
+            throw new InitializationException( e.getMessage(), e );
          }
      }
-
-    public User getGuestUser()
-    {
-        return this.guestUser;
-    }
-
-    public void initialize()
-        throws InitializationException
-    {
-        ensureDefaultsExist();
-    }
  }
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java

index 33b82da30c31bbd5b2acf6bfacb5f69db8cc200d..1d92656c7cba332628274af0fe5370da38cba794 100644 (file)
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
@@ -26,6 +26,7 @@ import org.apache.maven.archiva.configuration.ConfigurationStoreException;
  import org.apache.maven.archiva.configuration.InvalidConfigurationException;
  import org.apache.maven.archiva.web.util.RoleManager;
  import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.codehaus.plexus.security.rbac.RbacManagerException;
  
  import java.io.IOException;
  
@@ -64,7 +65,8 @@ public abstract class AbstractConfigureRepositoryAction
      protected Configuration configuration;
  
      public String add()
-        throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException
+        throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
+        RbacManagerException
      {
          // TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
  
@@ -79,7 +81,8 @@ public abstract class AbstractConfigureRepositoryAction
      }
  
      public String edit()
-        throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException
+        throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
+        RbacManagerException
      {
          // TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
  
@@ -94,7 +97,8 @@ public abstract class AbstractConfigureRepositoryAction
      protected abstract AbstractRepositoryConfiguration getRepository( String id );
  
      private String saveConfiguration()
-        throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException
+        throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
+        RbacManagerException
      {
          addRepository();
  
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AddAdminUserAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AddAdminUserAction.java

deleted file mode 100644 (file)

index 80fd127..0000000
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AddAdminUserAction.java
+++ /dev/null
@@ -1,127 +0,0 @@
-package org.apache.maven.archiva.web.action.admin;
-
-/*
- * Copyright 2001-2006 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.apache.maven.archiva.web.util.RoleManager;
-import org.codehaus.plexus.security.policy.UserSecurityPolicy;
-import org.codehaus.plexus.security.ui.web.action.AbstractUserCredentialsAction;
-import org.codehaus.plexus.security.ui.web.model.EditUserCredentials;
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.user.UserManager;
-
-/**
- * AddAdminUserAction 
- *
- * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
- * @version $Id$
- * 
- * @plexus.component role="com.opensymphony.xwork.Action"
- *                   role-hint="addAdminAction"
- *                   instantiation-strategy="per-lookup"
- */
-public class AddAdminUserAction
-    extends AbstractUserCredentialsAction
-{
-    /**
-     * @plexus.requirement
-     */
-    private RoleManager roleManager;
-
-    /**
-     * @plexus.requirement
-     */
-    private UserManager userManager;
-    
-    /**
-     * @plexus.requirement
-     */
-    private UserSecurityPolicy userSecurityPolicy;
-    
-    private EditUserCredentials user;
-    
-    public String show()
-    {
-        if ( user == null )
-        {
-            user = new EditUserCredentials( RoleManager.ADMIN_USERNAME );
-        }
-        
-        return INPUT;
-    }
-
-    public String submit()
-    {
-        if ( user == null )
-        {
-            user = new EditUserCredentials( RoleManager.ADMIN_USERNAME );
-            addActionError( "Invalid admin credentials, try again." );
-            return ERROR;
-        }
-        
-        getLogger().info( "user = " + user );
-        
-        // ugly hack to get around lack of cross module plexus-cdc efforts.
-        super.manager = userManager;
-        super.securityPolicy = userSecurityPolicy;
-        // TODO: Fix plexus-cdc to operate properly for cross-module creation efforts.
-        
-        internalUser = user;
-        
-        validateCredentialsStrict();
-        
-        if ( userManager.userExists( RoleManager.ADMIN_USERNAME ) )
-        {
-            // Means that the role name exist already.
-            // We need to fail fast and return to the previous page.
-            addActionError( "Admin User exists in database (someone else probably created the user before you)." );
-            return ERROR;
-        }
-        
-        if ( hasActionErrors() || hasFieldErrors() )
-        {
-            return ERROR;
-        }
-
-        User u = userManager.createUser( RoleManager.ADMIN_USERNAME, user.getFullName(), user.getEmail() );
-        if ( u == null )
-        {
-            addActionError( "Unable to operate on null user." );
-            return ERROR;
-        }
-
-        u.setPassword( user.getPassword() );
-        u.setLocked( false );
-        u.setPasswordChangeRequired( false );
-
-        
-        userManager.addUser( u );
-
-        roleManager.addAdminUser( u.getPrincipal().toString() );
-
-        return SUCCESS;
-    }
-
-    public EditUserCredentials getUser()
-    {
-        return user;
-    }
-
-    public void setUser( EditUserCredentials user )
-    {
-        this.user = user;
-    }
-}
-\ No newline at end of file
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java

index 787606b76d4577911bfb349471799295483e2c8b..9f604b3ef1c7011d68a9c10086c847c4bbc7ff55 100644 (file)
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java
@@ -26,8 +26,13 @@ import org.apache.maven.archiva.configuration.ConfigurationStoreException;
  import org.apache.maven.archiva.configuration.InvalidConfigurationException;
  import org.apache.maven.archiva.indexer.RepositoryIndexException;
  import org.apache.maven.archiva.indexer.RepositoryIndexSearchException;
-import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
  import org.codehaus.plexus.scheduler.CronExpressionValidator;
+import org.codehaus.plexus.security.rbac.Resource;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
  
  import java.io.File;
  import java.io.IOException;
@@ -39,7 +44,7 @@ import java.io.IOException;
   */
  public class ConfigureAction
      extends PlexusActionSupport
-    implements ModelDriven, Preparable, Validateable
+    implements ModelDriven, Preparable, Validateable, SecureAction
  {
      /**
       * @plexus.requirement
@@ -72,10 +77,10 @@ public class ConfigureAction
          //validate cron expression
          cronValidator = new CronExpressionValidator();
  
-        if( !cronValidator.validate( getCronExpression() ) )
+        if ( !cronValidator.validate( getCronExpression() ) )
          {
              addActionError( "Invalid Cron Expression" );
-        }              
+        }
      }
  
      public String execute()
@@ -114,15 +119,29 @@ public class ConfigureAction
  
          while ( i < cronEx.length )
          {
-            switch( i )
+            switch ( i )
              {
-                case 0 : second = cronEx[i]; break;
-                case 1 : minute = cronEx[i]; break;
-                case 2 : hour = cronEx[i]; break;
-                case 3 : dayOfMonth = cronEx[i]; break;
-                case 4 : month = cronEx[i]; break;
-                case 5 : dayOfWeek = cronEx[i]; break;
-                case 6 : year = cronEx[i]; break;
+                case 0:
+                    second = cronEx[i];
+                    break;
+                case 1:
+                    minute = cronEx[i];
+                    break;
+                case 2:
+                    hour = cronEx[i];
+                    break;
+                case 3:
+                    dayOfMonth = cronEx[i];
+                    break;
+                case 4:
+                    month = cronEx[i];
+                    break;
+                case 5:
+                    dayOfWeek = cronEx[i];
+                    break;
+                case 6:
+                    year = cronEx[i];
+                    break;
              }
              i++;
          }
@@ -213,8 +232,18 @@ public class ConfigureAction
  
      private String getCronExpression()
      {
-        return ( second + " " + minute + " " + hour + " " + dayOfMonth + " " + month +
-                    " " + dayOfWeek + " " + year ).trim();
+        return ( second + " " + minute + " " + hour + " " + dayOfMonth + " " + month + " " + dayOfWeek + " " +
+            year ).trim();
      }
  
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+
+        bundle.setRequiresAuthentication( true );
+        bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL );
+
+        return bundle;
+    }
  }
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java

index 338dd45b6b8d5092f4457fc69980ccc3a2ebb637..114f4c847867b847fed107e883c726572f3e4338 100644 (file)
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java
@@ -26,6 +26,7 @@ import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
  import org.apache.maven.archiva.web.util.RoleManager;
  import org.codehaus.plexus.logging.AbstractLogEnabled;
  import org.codehaus.plexus.security.rbac.RBACManager;
+import org.codehaus.plexus.security.rbac.RbacManagerException;
  import org.codehaus.plexus.security.user.User;
  import org.codehaus.plexus.security.user.UserManager;
  import org.codehaus.plexus.security.user.UserNotFoundException;
@@ -126,6 +127,7 @@ public class ConfigurationInterceptor
      }
  
      public void ensureRepoRolesExist()
+        throws RbacManagerException
      {
          try
          {
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java

index d5d9ce091c992d82bad56e0fb82d3b62ddf3812c..a09cec4359ab3d48010982a040edc6f4eac93292 100644 (file)
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
@@ -143,8 +143,7 @@ public class RepositoryAccess
          AuthenticationResult result;
          try
          {
-            result = httpAuth.getAuthenticationResult( request, response, archivaSecurity.getGuestUser().getPrincipal()
-                .toString() );
+            result = httpAuth.getAuthenticationResult( request, response );
  
              if ( !result.isAuthenticated() )
              {
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java

index 9805a01f63867e95eea08081da6a388a67757e98..67eb96952a2af4ca15d38b7ad1c6b8d5adc0ff9a 100644 (file)
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
@@ -18,22 +18,17 @@ package org.apache.maven.archiva.web.util;
  
  import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
  import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
-import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
  import org.codehaus.plexus.security.rbac.Permission;
  import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException;
-import org.codehaus.plexus.security.rbac.RbacStoreException;
+import org.codehaus.plexus.security.rbac.RbacManagerException;
  import org.codehaus.plexus.security.rbac.Resource;
  import org.codehaus.plexus.security.rbac.Role;
-import org.codehaus.plexus.security.rbac.UserAssignment;
  import org.codehaus.plexus.security.user.User;
  import org.codehaus.plexus.security.user.UserManager;
-import org.codehaus.plexus.security.user.UserManagerListener;
-import org.codehaus.plexus.util.StringUtils;
  
  /**
   * DefaultRoleManager:
+ * @todo remove!
   *
   * @author Jesse McConnell <jmcconnell@apache.org>
   * @version $Id:$
@@ -42,174 +37,61 @@ import org.codehaus.plexus.util.StringUtils;
   */
  public class DefaultRoleManager
      extends AbstractLogEnabled
-    implements RoleManager, UserManagerListener, Initializable
+    implements RoleManager
  {
-    /**
-     * @plexus.requirement
-     */
-    private UserManager userManager;
  
      /**
       * @plexus.requirement
       */
      private RBACManager manager;
-    
-    /**
-     * @plexus.requirement
-     */
-    private ArchivaSecurityDefaults archivaSecurity;
-
-    private boolean initialized;
-                           
-    public void initialize()
-        throws InitializationException
-    {
-        archivaSecurity.ensureDefaultsExist();
-        userManager.addUserManagerListener( this );
-        initialized = true;
-    }
-
-    public void addUser( String principal )
-        throws RbacStoreException
-    {
-        // make the resource
-        Resource usernameResource = manager.createResource( principal );
-        manager.saveResource( usernameResource );
-
-        Permission editUser = manager.createPermission( "Edit Myself - " + principal, "edit-user", principal );
-        editUser = manager.savePermission( editUser );
-
-        // todo this one role a user will go away when we have expressions in the resources
-        String personalRoleName = "Personal Role - " + principal;
-        Role userRole = manager.createRole( personalRoleName );
-        userRole.addPermission( editUser );
-        userRole = manager.saveRole( userRole );
-
-        UserAssignment assignment = manager.createUserAssignment( principal );
-        assignment.addRoleName( personalRoleName );
-        manager.saveUserAssignment( assignment );
-    }
-
-    /**
-     * helper method for just creating an admin user assignment
-     *
-     * @param principal
-     * @throws RbacStoreException
-     * @throws RbacObjectNotFoundException
-     */
-    public void addAdminUser( String principal )
-        throws RbacStoreException
-    {
-        UserAssignment assignment = manager.createUserAssignment( principal );
-        assignment.addRoleName( ArchivaSecurityDefaults.SYSTEM_ADMINISTRATOR );
-        manager.saveUserAssignment( assignment );
-    }
  
      public void addRepository( String repositoryName )
-        throws RbacStoreException
-    {
-        try
-        {
-            // make the resource
-            Resource repoResource = manager.createResource( repositoryName );
-            repoResource = manager.saveResource( repoResource );
-
-            // make the permissions
-            Permission editRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName );
-            editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) );
-            editRepo.setResource( repoResource );
-            editRepo = manager.savePermission( editRepo );
-
-            Permission deleteRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName );
-            deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) );
-            deleteRepo.setResource( repoResource );
-            deleteRepo = manager.savePermission( deleteRepo );
-            
-            Permission accessRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName );
-            accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) );
-            accessRepo.setResource( repoResource );
-            accessRepo = manager.savePermission( accessRepo );
-            
-            Permission uploadRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName );
-            uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) );
-            uploadRepo.setResource( repoResource );
-            uploadRepo = manager.savePermission( uploadRepo );
-
-            // make the roles
-            Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
-            repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) );
-            repositoryObserver.setAssignable( true );
-            repositoryObserver = manager.saveRole( repositoryObserver );
-
-            Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName );
-            repositoryManager.addPermission( editRepo );
-            repositoryManager.addPermission( deleteRepo );
-            repositoryManager.addPermission( accessRepo );
-            repositoryManager.addPermission( uploadRepo );
-            repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) );
-            repositoryManager.addChildRoleName( repositoryObserver.getName() );
-            repositoryManager.setAssignable( true );
-            manager.saveRole( repositoryManager );
-        }
-        catch ( RbacObjectNotFoundException ne )
-        {
-            throw new RbacStoreException( "rbac object not found in repo role creation", ne );
-        }
-    }
-
-    public boolean isInitialized()
-    {
-        return initialized;
-    }
-
-    public void setInitialized( boolean initialized )
-    {
-        this.initialized = initialized;
-    }
-
-    public void userManagerInit( boolean freshDatabase )
-    {
-        // no-op
-    }
-
-    public void userManagerUserAdded( User user )
+        throws RbacManagerException
      {
-        if ( !StringUtils.equals( ADMIN_USERNAME, user.getUsername() ) )
-        {
-            // We have a non-admin user.
-            String principal = user.getPrincipal().toString();
-            
-            // Add the personal (dynamic) roles.
-            addUser( principal );
-            
-            // Add the guest (static) role.
-            try
-            {
-                Role guestRole = manager.getRole( ArchivaSecurityDefaults.GUEST_ROLE );
-                guestRole = manager.saveRole( guestRole );
-
-                UserAssignment assignment = manager.createUserAssignment( principal );
-                assignment.addRoleName( guestRole.getName() );
-                manager.saveUserAssignment( assignment );
-            }
-            catch ( RbacStoreException e )
-            {
-                getLogger().error( "Unable to add guest role to new user " + user.getUsername() + ".", e );
-            }
-            catch ( RbacObjectNotFoundException e )
-            {
-                getLogger().error( "Unable to add guest role to new user " + user.getUsername() + ".", e );
-            }
-        }
-    }
-
-    public void userManagerUserRemoved( User user )
-    {
-        // TODO: Should remove the personal (dynamic) roles for this user too.
+        // make the resource
+        Resource repoResource = manager.createResource( repositoryName );
+        repoResource = manager.saveResource( repoResource );
+
+        // make the permissions
+        Permission editRepo =
+            manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName );
+        editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) );
+        editRepo.setResource( repoResource );
+        editRepo = manager.savePermission( editRepo );
+
+        Permission deleteRepo =
+            manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName );
+        deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) );
+        deleteRepo.setResource( repoResource );
+        deleteRepo = manager.savePermission( deleteRepo );
+
+        Permission accessRepo =
+            manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName );
+        accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) );
+        accessRepo.setResource( repoResource );
+        accessRepo = manager.savePermission( accessRepo );
+
+        Permission uploadRepo =
+            manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName );
+        uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) );
+        uploadRepo.setResource( repoResource );
+        uploadRepo = manager.savePermission( uploadRepo );
+
+        // make the roles
+        Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
+        repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) );
+        repositoryObserver.setAssignable( true );
+        repositoryObserver = manager.saveRole( repositoryObserver );
+
+        Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName );
+        repositoryManager.addPermission( editRepo );
+        repositoryManager.addPermission( deleteRepo );
+        repositoryManager.addPermission( accessRepo );
+        repositoryManager.addPermission( uploadRepo );
+        repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) );
+        repositoryManager.addChildRoleName( repositoryObserver.getName() );
+        repositoryManager.setAssignable( true );
+        manager.saveRole( repositoryManager );
      }
  
-    public void userManagerUserUpdated( User user )
-    {
-        // no-op
-    }
  }
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java

index 9a58d6bdd30ee8e57c2c41e36e29299f9e756eae..3f614d8b7ba984efd3c5d385f0ad4dc0e1ff9171 100644 (file)
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java
@@ -16,7 +16,7 @@ package org.apache.maven.archiva.web.util;
   * limitations under the License.
   */
  
-import org.codehaus.plexus.security.rbac.RbacStoreException;
+import org.codehaus.plexus.security.rbac.RbacManagerException;
  
  /**
   * RoleManager:
@@ -27,17 +27,8 @@ import org.codehaus.plexus.security.rbac.RbacStoreException;
  public interface RoleManager
  {
      public static final String ROLE = RoleManager.class.getName();
-    
-    public static final String ADMIN_USERNAME = "admin";
  
      public void addRepository( String repositoryName )
-        throws RbacStoreException;
+        throws RbacManagerException;
  
-    public void addUser( String principal )
-        throws RbacStoreException;
-
-    public void addAdminUser( String principal )
-        throws RbacStoreException;
-
-    public boolean isInitialized();
  }
diff --git a/archiva-webapp/src/main/resources/META-INF/plexus/application.xml b/archiva-webapp/src/main/resources/META-INF/plexus/application.xml

index 124967ab5484230fc10b8115bc990ac5bcc171a6..e2e092cc4d7341ffbc0328f26452e682a8ed3929 100644 (file)
--- a/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
+++ b/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
@@ -27,7 +27,7 @@
        <configuration>
          <threshold>WARN</threshold>
          <default-appender>console,rolling</default-appender>
-        
+
          <appenders>
            <appender>
              <id>console</id>
@@ -35,7 +35,7 @@
              <type>org.apache.log4j.ConsoleAppender</type>
              <conversion-pattern>%d [%t] %-5p %-30c{1} - %m%n</conversion-pattern>
            </appender>
-        
+
            <appender>
              <id>rolling</id>
              <threshold>DEBUG</threshold>
@@ -57,7 +57,7 @@
                </property>
              </properties>
            </appender>
-          
+
            <appender>
              <id>audit</id>
              <threshold>DEBUG</threshold>
@@ -80,13 +80,13 @@
              </properties>
            </appender>
          </appenders>
-        
+
          <levels>
            <level>
              <hierarchy>org.apache.maven.archiva.web.servlet.repository.RepositoryMapping</hierarchy>
              <level>DEBUG, audit</level>
            </level>
-        
+
            <!-- Help identify bugs during testing -->
            <level>
              <hierarchy>org.apache.maven</hierarchy>
@@ -104,14 +104,14 @@
            <level>
              <hierarchy>org.quartz</hierarchy>
              <level>INFO</level>
-         </level>
+          </level>
            <level>
              <hierarchy>org.apache.jasper</hierarchy>
              <level>INFO</level>
            </level>
            <level>
-           <hierarchy>com.opensymphony.xwork</hierarchy>
-           <level>INFO</level>
+            <hierarchy>com.opensymphony.xwork</hierarchy>
+            <level>INFO</level>
            </level>
            <level>
              <hierarchy>com.opensymphony.webwork</hierarchy>
@@ -125,12 +125,12 @@
              <hierarchy>JPOX</hierarchy>
              <level>WARN</level>
            </level>
-<!--
-          <level>
-            <hierarchy>JPOX.RDBMS.SQL</hierarchy>
-            <level>DEBUG</level>
-          </level>
--->
+          <!--
+                    <level>
+                      <hierarchy>JPOX.RDBMS.SQL</hierarchy>
+                      <level>DEBUG</level>
+                    </level>
+          -->
            <level>
              <hierarchy>freemarker</hierarchy>
              <level>WARN</level>
@@ -139,28 +139,70 @@
        </configuration>
      </component>
  
-
      <!-- plexus security components -->
-     <component>
+    <component>
+      <role>org.codehaus.plexus.security.system.ApplicationDetails</role>
+      <implementation>org.codehaus.plexus.security.system.DefaultApplicationDetails</implementation>
+      <description>DefaultApplicationDetails</description>
+      <configuration>
+        <application-name>Unconfigured Application Name</application-name>
+        <!-- Do not include the trailing '/' on the url. -->
+        <application-url>http://localhost:9090</application-url>
+        <timestamp-format>EEE, d MMM yyyy HH:mm:ss Z</timestamp-format>
+      </configuration>
+    </component>
+
+    <component>
+      <role>org.codehaus.plexus.security.system.EmailSettings</role>
+      <implementation>org.codehaus.plexus.security.system.DefaultEmailSettings</implementation>
+      <description>DefaultEmailSettings</description>
+      <configuration>
+        <feedback>/feedback.action</feedback>
+        <from-address>security@unconfigured.com</from-address>
+        <from-username>Unconfigured Username</from-username>
+      </configuration>
+    </component>
+
+    <component>
        <role>org.codehaus.plexus.security.system.SecuritySystem</role>
        <implementation>org.codehaus.plexus.security.system.DefaultSecuritySystem</implementation>
        <role-hint>default</role-hint>
        <requirements>
          <requirement>
-          <role>org.codehaus.plexus.security.authentication.Authenticator</role>
-          <role-hint>user-manager</role-hint>
+          <role>org.codehaus.plexus.security.authentication.AuthenticationManager</role>
+          <role-hint>default</role-hint>
+          <field-name>authnManager</field-name>
          </requirement>
          <requirement>
            <role>org.codehaus.plexus.security.authorization.Authorizer</role>
            <role-hint>rbac</role-hint>
+          <field-name>authorizer</field-name>
          </requirement>
          <requirement>
            <role>org.codehaus.plexus.security.user.UserManager</role>
            <role-hint>jdo</role-hint>
+          <field-name>userManager</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.keys.KeyManager</role>
+          <role-hint>jdo</role-hint>
+          <field-name>keyManager</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.policy.UserSecurityPolicy</role>
+          <role-hint>default</role-hint>
+          <field-name>policy</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.system.ApplicationDetails</role>
+          <field-name>applicationDetails</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.system.EmailSettings</role>
+          <field-name>emailSettings</field-name>
          </requirement>
        </requirements>
      </component>
-
      <component>
        <role>org.codehaus.plexus.security.authorization.Authorizer</role>
        <role-hint>rbac</role-hint>
@@ -170,12 +212,153 @@
            <role>org.codehaus.plexus.security.rbac.RBACManager</role>
            <role-hint>jdo</role-hint>
          </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.user.UserManager</role>
+          <role-hint>jdo</role-hint>
+          <field-name>userManager</field-name>
+        </requirement>
          <requirement>
            <role>org.codehaus.plexus.security.authorization.rbac.evaluator.PermissionEvaluator</role>
            <role-hint>default</role-hint>
          </requirement>
        </requirements>
      </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.PasswordRule</role>
+      <role-hint>character-length</role-hint>
+      <implementation>org.codehaus.plexus.security.policy.rules.CharacterLengthPasswordRule</implementation>
+      <description>Basic Password Rule, Checks for non-empty passwords that have between {@link
+        #setMinimumCharacters(int)} and {@link #setMaximumCharacters(int)} characters in length.
+      </description>
+      <configuration>
+        <enabled>true</enabled>
+        <minimum-characters>1</minimum-characters>
+        <maximum-characters>8</maximum-characters>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.PasswordRule</role>
+      <role-hint>reuse</role-hint>
+      <implementation>org.codehaus.plexus.security.policy.rules.ReusePasswordRule</implementation>
+      <description>Password Rule, Checks supplied password found at {@link User#getPassword()} against the {@link
+        User#getPreviousEncodedPasswords()} to ensure that a password is not reused.
+      </description>
+      <configuration>
+        <enabled>true</enabled>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.PasswordRule</role>
+      <role-hint>numerical-count</role-hint>
+      <implementation>org.codehaus.plexus.security.policy.rules.NumericalPasswordRule</implementation>
+      <description>Basic Password Rule, Checks for non-empty passwords that have at least {@link #setMinimumCount(int)}
+        of numerical characters contained within.
+      </description>
+      <configuration>
+        <enabled>true</enabled>
+        <minimum-count>1</minimum-count>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.PasswordRule</role>
+      <role-hint>must-have</role-hint>
+      <implementation>org.codehaus.plexus.security.policy.rules.MustHavePasswordRule</implementation>
+      <description>Basic Password Rule, Checks for non-empty Passwords in non guest users.</description>
+      <configuration>
+        <enabled>true</enabled>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.PasswordRule</role>
+      <role-hint>alpha-count</role-hint>
+      <implementation>org.codehaus.plexus.security.policy.rules.AlphaPasswordRule</implementation>
+      <description>Basic Password Rule, Checks for non-empty passwords that have at least {@link #setMinimumCount(int)}
+        of alpha characters contained within.
+      </description>
+      <configuration>
+        <enabled>true</enabled>
+        <minimum-count>1</minimum-count>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.UserSecurityPolicy</role>
+      <role-hint>default</role-hint>
+      <implementation>org.codehaus.plexus.security.policy.DefaultUserSecurityPolicy</implementation>
+      <description>User Security Policy.</description>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.policy.PasswordEncoder</role>
+          <role-hint>sha256</role-hint>
+          <field-name>passwordEncoder</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.policy.UserValidationSettings</role>
+          <field-name>userValidationSettings</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.policy.PasswordRule</role>
+          <field-name>rules</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.policy.RememberMeSettings</role>
+          <field-name>rememberMeSettings</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.policy.SingleSignOnSettings</role>
+          <field-name>singleSignOnSettings</field-name>
+        </requirement>
+      </requirements>
+      <configuration>
+        <previous-passwords-count>6</previous-passwords-count>
+        <login-attempt-count>3</login-attempt-count>
+        <password-expiration-days>90</password-expiration-days>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.RememberMeSettings</role>
+      <implementation>org.codehaus.plexus.security.policy.DefaultRememberMeSettings</implementation>
+      <description>DefaultRememberMeSettings</description>
+      <configuration>
+        <enabled>true</enabled>
+        <cookie-timeout>525600</cookie-timeout>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.SingleSignOnSettings</role>
+      <implementation>org.codehaus.plexus.security.policy.DefaultSingleSignOnSettings</implementation>
+      <description>DefaultSingleSignOnSettings</description>
+      <configuration>
+        <enabled>true</enabled>
+        <cookie-timeout>30</cookie-timeout>
+        <cookie-domain>localhost</cookie-domain>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.security.policy.UserValidationSettings</role>
+      <implementation>org.codehaus.plexus.security.policy.DefaultUserValidationSettings</implementation>
+      <description>DefaultUserValidationSettings</description>
+      <configuration>
+        <email-validation-required>true</email-validation-required>
+        <!-- This is a timeout for the validation url (in minutes) - 2880 = 48 hours -->
+        <email-validation-timeout>2880</email-validation-timeout>
+        <email-login-path>/security/login!login.action</email-login-path>
+        <email-subject>Unconfigured Subject Line</email-subject>
+      </configuration>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.mailsender.MailSender</role>
+      <implementation>org.codehaus.plexus.mailsender.javamail.JavamailMailSender</implementation>
+      <configuration>
+        <smtp-host>localhost</smtp-host>
+        <smtp-port>25</smtp-port>
+        <sslProvider>com.sun.net.ssl.internal.ssl.Provider</sslProvider>
+        <!--
+        <username>mylogin</username>
+        <password>mypassword</password>
+        <sslMode>true</sslMode>
+        -->
+      </configuration>
+    </component>
  
  
      <component>
@@ -213,6 +396,10 @@
              <name>org.jpox.poid.transactionIsolation</name>
              <value>READ_UNCOMMITTED</value>
            </property>
+          <property>
+            <name>org.jpox.rdbms.dateTimezone</name>
+            <value>JDK_DEFAULT_TIMEZONE</value>
+          </property>
          </otherProperties>
        </configuration>
      </component>
diff --git a/archiva-webapp/src/main/resources/xwork.xml b/archiva-webapp/src/main/resources/xwork.xml

index 806e01095bef7704d571d6449da70562ce6ab2ee..b2ef0a535d19b31232df0f94c18f6013c603f593 100644 (file)
--- a/archiva-webapp/src/main/resources/xwork.xml
+++ b/archiva-webapp/src/main/resources/xwork.xml
@@ -20,25 +20,39 @@
  <xwork>
    <!-- TODO: better error handling for exceptions needed! -->
  
-  <!-- Include webwork defaults (from WebWork JAR). -->
-  <include file="webwork-default.xml"/>
+  <!-- Include plexus-security xwork configurations. -->
+  <include file="xwork-security.xml"/>
  
-  <!-- Include plexus-security xwork configurations. -->  
-  <include file="xwork-security.xml" />
-
-  <package name="base" extends="webwork-default">
+  <package name="base" extends="security">
      <interceptors>
        <interceptor name="configuration" class="configurationInterceptor"/>
        <interceptor name="pssSecureActions" class="pssSecureActionInterceptor"/>
+      <interceptor name="continuumConfigurationCheck" class="forceContinuumConfigurationInterceptor"/>
+      <interceptor name="pssForceAdminUser" class="pssForceAdminUserInterceptor"/>
+      <interceptor name="pssSecureActions" class="pssSecureActionInterceptor"/>
+      <interceptor name="pssAutoLogin" class="pssAutoLoginInterceptor"/>
+      <interceptor name="pssEnvironmentChecker" class="pssEnvironmentCheckInterceptor"/>
+
+      <interceptor-stack name="unconfiguredStack">
+        <interceptor-ref name="defaultStack"/>
+        <interceptor-ref name="pssEnvironmentChecker"/>
+        <interceptor-ref name="pssForceAdminUser"/>
+        <interceptor-ref name="pssAutoLogin"/>
+        <interceptor-ref name="pssSecureActions"/>
+      </interceptor-stack>
+
        <interceptor-stack name="configuredStack">
          <interceptor-ref name="defaultStack"/>
-        <interceptor-ref name="configuration"/>
+        <interceptor-ref name="pssEnvironmentChecker"/>
+        <interceptor-ref name="pssForceAdminUser"/>
+        <interceptor-ref name="pssAutoLogin"/>
          <interceptor-ref name="pssSecureActions"/>
+        <interceptor-ref name="configuration"/>
        </interceptor-stack>
+
        <interceptor-stack name="configuredPrepareParamsStack">
          <interceptor-ref name="paramsPrepareParamsStack"/>
-        <interceptor-ref name="configuration"/>
-        <interceptor-ref name="pssSecureActions"/>
+        <interceptor-ref name="configuredStack"/>
        </interceptor-stack>
      </interceptors>
  
@@ -48,28 +62,27 @@
      <global-results>
        <!-- TODO: want an extra message on the configure page when this first happens! -->
        <!-- TODO: can we send them back to the original location afterwards? -->
-      <result name="admin-user-needed" type="redirect-action">
-        <param name="namespace">/admin</param>
-        <param name="actionName">addadmin</param>
-      </result>
-      
        <result name="config-needed" type="redirect-action">
          <param name="namespace">/admin</param>
          <param name="actionName">configure</param>
        </result>
-      
+
        <!-- This redirect is triggered by the configuration interceptor -->
        <result name="config-repository-needed" type="redirect-action">
          <param name="namespace">/admin</param>
          <param name="actionName">addRepository</param>
          <param name="method">input</param>
        </result>
-      
+
        <!-- The following security-* result names arrive from the plexus-security package -->
-      <result name="security-login-success" type="redirect-action">browse</result>
-      <result name="security-login-cancel" type="redirect-action">browse</result>
-      <result name="security-login-locked" type="redirect-action">browse</result>
-      <result name="security-logout" type="redirect-action">browse</result>
+      <result name="security-login-success" type="redirect-action">index</result>
+      <result name="security-login-cancel" type="redirect-action">index</result>
+      <result name="security-login-locked" type="redirect-action">index</result>
+      <result name="security-logout" type="redirect-action">index</result>
+      <result name="requires-authentication" type="redirect-action">
+        <param name="actionName">login</param>
+        <param name="namespace">/security</param>
+      </result>
        <result name="security-register-success" type="redirect-action">
          <param name="actionName">login</param>
          <param name="namespace">/security</param>
@@ -78,14 +91,21 @@
          <param name="actionName">login</param>
          <param name="namespace">/security</param>
        </result>
-      <result name="security-account-success" type="redirect-action">browse</result>
-      <result name="security-account-cancel" type="redirect-action">browse</result>
-      
-      <!-- These results are names that the SecuredActionInterceptor utilizes -->
-      <result name="requires-authentication">/WEB-INF/jsp/alert.jsp</result>
-      <result name="requires-authorization">/WEB-INF/jsp/alert.jsp</result>
-      
-      <!-- Generic Catchall for those action configurations that forget to 
+      <result name="security-account-success" type="redirect-action">index</result>
+      <result name="security-account-cancel" type="redirect-action">
+        <param name="actionName">login</param>
+        <param name="namespace">/security</param>
+      </result>
+      <result name="security-admin-user-created" type="redirect-action">
+        <param name="actionName">login</param>
+        <param name="namespace">/security</param>
+      </result>
+      <result name="security-admin-user-needed" type="redirect-action">
+        <param name="actionName">addadmin</param>
+        <param name="namespace">/security</param>
+      </result>
+
+      <!-- Generic Catchall for those action configurations that forget to
             include a result for 'error' -->
        <result name="error">/WEB-INF/jsp/generalError.jsp</result>
      </global-results>
@@ -93,24 +113,13 @@
  
    <!-- Configuration for the default package. -->
    <package name="default" extends="base" namespace="/">
-    <interceptors>
-      <interceptor name="configuration" class="configurationInterceptor"/>
-      <interceptor-stack name="configuredStack">
-        <interceptor-ref name="defaultStack"/>
-        <interceptor-ref name="configuration"/>
-        <interceptor-ref name="pssSecureActions"/>
-      </interceptor-stack>
-    </interceptors>
  
-    <!-- Default interceptor stack. -->
-    <default-interceptor-ref name="configuredStack"/>
-    
-    <!-- This is the redirection facility for plexus-security, 
+    <!-- This is the redirection facility for plexus-security,
           allowing plexus-security to call out from its own set of actions
           into the application webapp, using global result names. -->
      <action name="pssRedirect" class="pss-redirect" method="redirect">
        <result type="redirect-action">browse</result>
-    </action>    
+    </action>
  
      <action name="index" class="searchAction" method="input">
        <result name="input">/WEB-INF/jsp/quickSearch.jsp</result>
@@ -158,7 +167,7 @@
      <action name="showArtifactDependees" class="showArtifactAction" method="dependees">
        <result>/WEB-INF/jsp/showArtifact.jsp</result>
      </action>
-    
+
      <action name="showArtifactDependencyTree" class="showArtifactAction" method="dependencyTree">
        <result>/WEB-INF/jsp/showArtifact.jsp</result>
      </action>
@@ -176,25 +185,15 @@
  
    <!-- Configuration for the admin package. -->
    <package name="admin" namespace="/admin" extends="base">
-  
+
      <action name="index" class="configureAction" method="input">
        <result name="input">/WEB-INF/jsp/admin/index.jsp</result>
      </action>
-  
-    <action name="addadmin" class="addAdminAction" method="show">
-      <interceptor-ref name="defaultStack"/>
-      <result name="input">/WEB-INF/jsp/admin/createAdmin.jsp</result>
-      <result name="error">/WEB-INF/jsp/admin/createAdmin.jsp</result>
-      <result name="success" type="redirect-action">
-        <param name="namespace">/</param>
-        <param name="actionName">browse</param>
-      </result>    
-    </action>
  
      <action name="addRepository" class="configureRepositoryAction" method="add">
        <result name="input">/WEB-INF/jsp/admin/addRepository.jsp</result>
        <result type="redirect-action">index</result>
-      <interceptor-ref name="defaultStack"/>
+      <interceptor-ref name="unconfiguredStack"/>
      </action>
  
      <action name="editRepository" class="configureRepositoryAction" method="edit">
@@ -258,13 +257,13 @@
  
      <action name="configure" class="configureAction" method="input">
        <result name="input">/WEB-INF/jsp/admin/configure.jsp</result>
-      <interceptor-ref name="defaultStack"/>
+      <interceptor-ref name="unconfiguredStack"/>
      </action>
  
      <action name="saveConfiguration" class="configureAction">
        <result name="input">/WEB-INF/jsp/admin/configure.jsp</result>
        <result>/WEB-INF/jsp/admin/index.jsp</result>
-      <interceptor-ref name="defaultStack"/>
+      <interceptor-ref name="unconfiguredStack"/>
      </action>
  
      <action name="runIndexer" class="runRepositoryTaskAction" method="runIndexer">
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/createAdmin.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/createAdmin.jsp

deleted file mode 100644 (file)

index 04e7b0e..0000000
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/createAdmin.jsp
+++ /dev/null
@@ -1,40 +0,0 @@
-<%--
-  ~ Copyright 2005-2006 The Apache Software Foundation.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  --%>
-
-<%@ taglib prefix="ww" uri="/webwork"%>
-<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-
-<html>
-<head>
-  <title>Create Admin User</title>
-  <ww:head/>
-</head>
-
-<body>
-
-<c:import url="/WEB-INF/jsp/pss/include/formValidationResults.jspf" />
-
-<h2>Create Admin User</h2>
-
-<ww:form action="addadmin!submit" namespace="/admin" theme="xhtml"
-         id="adminCreateForm" method="post" name="admincreate" cssClass="security adminCreate">
-  <c:import url="/WEB-INF/jsp/pss/include/userCredentials.jspf" />
-  <ww:submit value="Create Admin" />
-</ww:form>
-
-</body>
-
-</html>
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp

index 702651fb9520aa0c7995a4c8e3a7f040f4b82b7d..af2284e04ef2353c951cc826c411f7994a91c26a 100644 (file)
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
@@ -59,7 +59,7 @@
  
  <div id="breadcrumbs">
    <div class="xleft">
-    <c:import url="/WEB-INF/jsp/pss/include/securityLinks.jspf" />
+    <c:import url="/WEB-INF/jsp/pss/include/securityLinks.jsp"/>
    </div>
  
    <div class="xright">
@@ -92,7 +92,7 @@
          <my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl>
        </li>
      </ul>
-    <pss:ifAnyAuthorized permissions="edit-all-users,access-reports,edit-configuration">
+    <pss:ifAnyAuthorized permissions="archiva-manage-users,access-reports,archiva-manage-configuration">
        <h5>Manage</h5>
        <ul>
          <pss:ifAuthorized permission="access-reports">
@@ -105,15 +105,14 @@
                    <a href="#">Synchronisation</a>
                  </li>
            --%>
-        <pss:ifAnyAuthorized permissions="edit-configuration,edit-all-users">
-          <pss:ifAuthorized permission="edit-all-users">
-            <li class="none">
-              <my:currentWWUrl action="userlist" namespace="/security">User Management</my:currentWWUrl>
-            </li>
-          </pss:ifAuthorized>
-          <pss:ifAuthorized permission="edit-configuration">
+        <pss:ifAuthorized permission="archiva-manage-users">
            <li class="none">
-              <my:currentWWUrl action="index" namespace="/admin">Administration</my:currentWWUrl>
+            <my:currentWWUrl action="userlist" namespace="/security">User Management</my:currentWWUrl>
+          </li>
+        </pss:ifAuthorized>
+        <pss:ifAuthorized permission="archiva-manage-configuration">
+          <li class="none">
+            <my:currentWWUrl action="index" namespace="/admin">Administration</my:currentWWUrl>
  
  
              <ul>
@@ -128,8 +127,7 @@
                  --%>
              </ul>
            </li>
-          </pss:ifAuthorized>
-        </pss:ifAnyAuthorized>
+        </pss:ifAuthorized>
        </ul>
      </pss:ifAnyAuthorized>
      <br/>
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/logout.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/logout.jsp

deleted file mode 100644 (file)

index 59e0a8a..0000000
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/logout.jsp
+++ /dev/null
@@ -1,37 +0,0 @@
-<%--
-  ~ Copyright 2005-2006 The Apache Software Foundation.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  --%>
-
-<%@ taglib prefix="ww" uri="/webwork" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-<html>
-<head>
-  <title>Logout Page</title>
-  <ww:head/>
-</head>
-
-<body>
-
-<h1>Logout</h1>
-
-<div id="contentArea">
-  <div id="nameColumn">
-    You have been successfully logged out!
-  </div>
-</div>
-
-</body>
-</html>
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp

deleted file mode 100644 (file)

index af76750..0000000
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp
+++ /dev/null
@@ -1,63 +0,0 @@
-<%--
-  ~ Copyright 2005-2006 The Apache Software Foundation.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  --%>
-
-<%@ taglib prefix="ww" uri="/webwork" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-<html>
-<head>
-  <title>Registration Page</title>
-  <ww:head/>
-</head>
-
-<body>
-
-<div id="contentArea">
-  <div id="searchBox">
-  
-    <div id="results">
-      <%-- This is where the "Account Created Successfully" type message goes. --%>
-      <div class="success">
-           <ww:actionmessage />
-      </div>
-      <%-- This is where errors from the action and other non-form field specific errors appear. --%>
-      <div class="errors">
-       <ww:actionerror />
-      </div>
-    </div>
-
-    <h2>Register for an Account</h2>
-
-       <%-- You don't need a table to wrap form elements in,
-            the ww:form creates the table, labels, context sensitive actionerrors, requirements indicators, etc...
-              - Joakim --%>
-    
-    <ww:form action="register" method="post">          
-      <%@ include file="/WEB-INF/jsp/admin/include/registerUserForm.jspf" %>
-      <ww:submit    value="Register"/>
-    </ww:form>
-
-  </div>
-</div>
-
-
-<div class="clear">
-  <hr/>
-</div>
-
-</body>
-
-</html>
diff --git a/archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml b/archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml

index 7dba3665d6a1392abbd54f72e648ae9d3f6d62a1..92242e1f3395f90c64897f151ac88dff75d36504 100644 (file)
--- a/archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml
+++ b/archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml
@@ -166,179 +166,9 @@
              <name>org.jpox.poid.transactionIsolation</name>
              <value>READ_UNCOMMITTED</value>
            </property>
-        </otherProperties>
-      </configuration>
-    </component>
-
-  </components>
-</plexus>
-<!--
-  ~ Copyright 2005-2006 The Apache Software Foundation.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
-
-<plexus>
-  <components>
-    <!--
-     | Logger manager
-     -->
-    <component>
-      <role>org.codehaus.plexus.logging.LoggerManager</role>
-      <implementation>org.codehaus.plexus.logging.log4j.Log4JLoggerManager</implementation>
-      <lifecycle-handler>basic</lifecycle-handler>
-
-      <configuration>
-        <threshold>DEBUG</threshold>
-        <default-appender>console</default-appender>
-        <appenders>
-          <appender>
-            <id>console</id>
-            <threshold>DEBUG</threshold>
-            <type>org.apache.log4j.ConsoleAppender</type>
-            <!--  <conversion-pattern>%d [%t] %-5p %-30c{1} - %m%n</conversion-pattern> -->
-            <conversion-pattern>%r [%t] %-5p %c %x - %m%n</conversion-pattern>
-          </appender>
-        </appenders>
-        <levels>
-          <!-- Help identify bugs during testing -->
-          <level>
-            <hierarchy>org.apache.maven</hierarchy>
-            <level>DEBUG</level>
-          </level>
-          <level>
-            <hierarchy>org.codehaus.plexus.security</hierarchy>
-            <level>DEBUG</level>
-          </level>
-          <!-- squelch noisy objects (for now) -->
-          <level>
-            <hierarchy>org.codehaus.plexus.mailsender.MailSender</hierarchy>
-            <level>INFO</level>
-          </level>
-          <level>
-            <hierarchy>org.quartz</hierarchy>
-            <level>INFO</level>
-          </level>
-          <level>
-            <hierarchy>org.apache.jasper</hierarchy>
-            <level>INFO</level>
-          </level>
-          <level>
-            <hierarchy>com.opensymphony.xwork</hierarchy>
-            <level>DEBUG</level>
-          </level>
-          <level>
-            <hierarchy>com.opensymphony.webwork</hierarchy>
-            <level>DEBUG</level>
-          </level>
-          <level>
-            <hierarchy>org.codehaus.plexus.PlexusContainer</hierarchy>
-            <level>INFO</level>
-          </level>
-          <level>
-            <hierarchy>JPOX</hierarchy>
-            <level>WARN</level>
-          </level>
-          <level>
-            <hierarchy>freemarker</hierarchy>
-            <level>WARN</level>
-          </level>
-          <level>
-            <hierarchy>freemarker</hierarchy>
-            <level>WARN</level>
-          </level>
-        </levels>
-      </configuration>
-    </component>
-
-
-    <component>
-      <role>org.codehaus.plexus.jdo.JdoFactory</role>
-      <implementation>org.codehaus.plexus.jdo.DefaultConfigurableJdoFactory</implementation>
-      <configuration>
-
-        <!-- HSQLDB Configuration -->
-        <!--
-          NOTE: NO NOT USE THIS CONFIGURATION FOR A PRODUCTION SYSTEM.
-          HSQLDB keeps all data in memory at all times.
-
-          NOTE: JPOX 1.1.1 won't create the tables on start
-          http://www.jpox.org/servlet/jira/browse/CORE-2946
-            -->
-         
-        <!-- 
-        <driverName>org.hsqldb.jdbcDriver</driverName>
-        <url>jdbc:hsqldb:mem:test</url>
-        <userName>sa</userName>
-        <password></password>
-          --> 
-
-        <!-- Apache Derby Configuration -->
-        <driverName>org.apache.derby.jdbc.EmbeddedDriver</driverName>
-        <url>jdbc:derby:${basedir}/target/repoaccess/database;create=true</url>
-        <userName>sa</userName>
-        <password></password>
-        
-        <!-- MySql Configuration -->
-        <!-- 
-        <driverName>com.mysql.jdbc.Driver</driverName>
-        <url>jdbc:mysql://localhost/archiva</url>
-        <userName>archiva</userName>
-        <password>archiva</password>
-          -->
-
-        <!-- Postgresql Configuration -->
-        <!--
-        <driverName>org.postgresql.Driver</driverName>
-        <url>jdbc:postgresql://localhost/continuum</url>
-        <userName>username</userName>
-        <password></password>
-        -->
-
-        <!-- JPOX and JDO configuration -->
-        <persistenceManagerFactoryClass>org.jpox.PersistenceManagerFactoryImpl</persistenceManagerFactoryClass>
-        <otherProperties>
-          <property>
-            <name>javax.jdo.PersistenceManagerFactoryClass</name>
-            <value>org.jpox.PersistenceManagerFactoryImpl</value>
-          </property>
            <property>
-            <name>org.jpox.autoCreateSchema</name>
-            <value>true</value>
-          </property>
-          <property>
-            <name>org.jpox.autoStartMechanism</name>
-            <value>SchemaTable</value>
-          </property>
-          <property>
-            <name>org.jpox.autoStartMechanismMode</name>
-            <value>Ignored</value>
-          </property>
-          <property>
-            <name>org.jpox.validateTables</name>
-            <value>false</value>
-          </property>
-          <property>
-            <name>org.jpox.validateConstraints</name>
-            <value>false</value>
-          </property>
-          <property>
-            <name>org.jpox.transactionIsolation</name>
-            <value>READ_UNCOMMITTED</value>
-          </property>
-          <property>
-            <name>org.jpox.poid.transactionIsolation</name>
-            <value>READ_UNCOMMITTED</value>
+            <name>org.jpox.rdbms.dateTimezone</name>
+            <value>JDK_DEFAULT_TIMEZONE</value>
            </property>
          </otherProperties>
        </configuration>
diff --git a/pom.xml b/pom.xml

index 1474c307317e4f8e64bf8fe818ae226c8fc5315b..5819bc618b2bfd4c480bd010bc4df10695557166 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -82,6 +82,7 @@
            <execution>
              <goals>
                <goal>descriptor</goal>
+              <goal>merge-descriptors</goal>
              </goals>
            </execution>
          </executions>
@@ -130,6 +131,7 @@
      <module>archiva-repository-layer</module>
      <module>archiva-plexus-application</module>
      <module>archiva-plexus-runtime</module>
+    <module>archiva-security</module>
    </modules>
    <dependencies>
      <dependency>
@@ -241,6 +243,11 @@
          <artifactId>archiva-applet</artifactId>
          <version>${pom.version}</version>
        </dependency>
+      <dependency>
+        <groupId>org.apache.maven.archiva</groupId>
+        <artifactId>archiva-security</artifactId>
+        <version>${pom.version}</version>
+      </dependency>
        <dependency>
          <groupId>org.apache.maven.archiva</groupId>
          <artifactId>archiva-configuration</artifactId>
author	Brett Porter <brett@apache.org>
	Thu, 28 Sep 2006 08:55:32 +0000 (08:55 +0000)
committer	Brett Porter <brett@apache.org>
	Thu, 28 Sep 2006 08:55:32 +0000 (08:55 +0000)
archiva-security/pom.xml	[new file with mode: 0644]	patch \| blob
archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaGuestRoleProfile.java	[new file with mode: 0644]	patch \| blob
archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java	[new file with mode: 0644]	patch \| blob
archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java	[new file with mode: 0644]	patch \| blob
archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java	[new file with mode: 0644]	patch \| blob
archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUserAdministratorRoleProfile.java	[new file with mode: 0644]	patch \| blob
archiva-security/src/main/java/org/apache/maven/archiva/security/RoleProfileEnvironmentCheck.java	[new file with mode: 0644]	patch \| blob
archiva-security/src/main/resources/META-INF/plexus/components.xml	[new file with mode: 0644]	patch \| blob
archiva-webapp/pom.xml		patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java		patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java		patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java		patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AddAdminUserAction.java	[deleted file]	patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java		patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java		patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java		patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java		patch \| blob \| history
archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java		patch \| blob \| history
archiva-webapp/src/main/resources/META-INF/plexus/application.xml		patch \| blob \| history
archiva-webapp/src/main/resources/xwork.xml		patch \| blob \| history
archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/createAdmin.jsp	[deleted file]	patch \| blob \| history
archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp		patch \| blob \| history
archiva-webapp/src/main/webapp/WEB-INF/jsp/logout.jsp	[deleted file]	patch \| blob \| history
archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp	[deleted file]	patch \| blob \| history
archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml		patch \| blob \| history
pom.xml		patch \| blob \| history