*/
import java.util.ArrayList;
-import java.util.Collection;
import java.util.List;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.rbac.RBACManager;
-import org.codehaus.plexus.redback.rbac.RbacManagerException;
-import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
-import org.codehaus.plexus.redback.rbac.Role;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* DefaultUserRepositories
*/
private SecuritySystem securitySystem;
- /**
- * @plexus.requirement role-hint="cached"
- */
- private RBACManager rbacManager;
-
/**
* @plexus.requirement role-hint="default"
*/
* @plexus.requirement
*/
private ArchivaConfiguration archivaConfiguration;
+
+ private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
public List<String> getObservableRepositoryIds( String principal )
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
private List<String> getAccessibleRepositoryIds( String principal, String operation )
throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
{
- try
+ SecuritySession securitySession = createSession( principal );
+
+ List<String> repoIds = new ArrayList<String>();
+
+ List<ManagedRepositoryConfiguration> repos =
+ archivaConfiguration.getConfiguration().getManagedRepositories();
+
+ for ( ManagedRepositoryConfiguration repo : repos )
{
- User user = securitySystem.getUserManager().findUser( principal );
- if ( user == null )
+ try
{
- throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
+ String repoId = repo.getId();
+ if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
+ {
+ repoIds.add( repoId );
+ }
}
-
- if ( user.isLocked() )
+ catch ( AuthorizationException e )
{
- throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
+ // swallow.
+ log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': "
+ + e.getMessage() );
}
+ }
- AuthenticationResult authn = new AuthenticationResult( true, principal, null );
- SecuritySession securitySession = new DefaultSecuritySession( authn, user );
-
- List<String> repoIds = new ArrayList<String>();
-
- List<ManagedRepositoryConfiguration> repos =
- archivaConfiguration.getConfiguration().getManagedRepositories();
+ return repoIds;
+ }
- for ( ManagedRepositoryConfiguration repo : repos )
+ private SecuritySession createSession( String principal )
+ throws ArchivaSecurityException, AccessDeniedException
+ {
+ User user;
+ try
+ {
+ user = securitySystem.getUserManager().findUser( principal );
+ if ( user == null )
{
- try
- {
- String repoId = repo.getId();
- if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
- {
- repoIds.add( repoId );
- }
- }
- catch ( AuthorizationException e )
- {
- // swallow.
- }
+ throw new ArchivaSecurityException(
+ "The security system had an internal error - please check your system logs" );
}
-
- return repoIds;
}
catch ( UserNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
}
+
+ if ( user.isLocked() )
+ {
+ throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
+ }
+
+ AuthenticationResult authn = new AuthenticationResult( true, principal, null );
+ return new DefaultSecuritySession( authn, user );
}
public void createMissingRepositoryRoles( String repoId )
{
try
{
- User user = securitySystem.getUserManager().findUser( principal );
- if ( user == null )
- {
- throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
- }
-
- if ( user.isLocked() )
- {
- throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
- }
-
- AuthenticationResult authn = new AuthenticationResult( true, principal, null );
- SecuritySession securitySession = new DefaultSecuritySession( authn, user );
+ SecuritySession securitySession = createSession( principal );
return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
repoId );
}
- catch ( UserNotFoundException e )
- {
- throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
- }
catch ( AuthorizationException e )
{
throw new ArchivaSecurityException( e.getMessage() );
}
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- throws RbacManagerException, RbacObjectNotFoundException
+ throws AccessDeniedException, ArchivaSecurityException
{
- boolean isAuthorized = false;
- String delimiter = " - ";
-
try
{
- Collection<Role> roleList = rbacManager.getEffectivelyAssignedRoles( principal );
-
- for ( Role role : roleList )
- {
- String roleName = role.getName();
-
- if ( roleName.startsWith( ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX ) )
- {
- int delimiterIndex = roleName.indexOf( delimiter );
- String resourceName = roleName.substring( delimiterIndex + delimiter.length() );
-
- if ( resourceName.equals( repoId ) )
- {
- isAuthorized = true;
- break;
- }
- }
- }
- }
- catch ( RbacObjectNotFoundException e )
- {
- throw new RbacObjectNotFoundException( "Unable to find user " + principal + "" );
+ SecuritySession securitySession = createSession( principal );
+
+ return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
+ repoId );
+
}
- catch ( RbacManagerException e )
+ catch ( AuthorizationException e )
{
- throw new RbacManagerException( "Unable to get roles for user " + principal + "" );
+ throw new ArchivaSecurityException( e.getMessage() );
}
-
- return isAuthorized;
}
}
import org.apache.maven.archiva.common.utils.VersionUtil;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.apache.maven.archiva.database.updater.DatabaseConsumers;
import org.apache.maven.archiva.database.ArchivaDatabaseException;
import org.apache.maven.archiva.database.ArtifactDAO;
import org.apache.maven.archiva.database.constraints.ArtifactVersionsConstraint;
+import org.apache.maven.archiva.database.updater.DatabaseConsumers;
import org.apache.maven.archiva.model.ArchivaArtifact;
import org.apache.maven.archiva.model.ArchivaRepositoryMetadata;
import org.apache.maven.archiva.model.VersionedReference;
-import org.apache.maven.archiva.repository.audit.Auditable;
+import org.apache.maven.archiva.repository.ContentNotFoundException;
+import org.apache.maven.archiva.repository.ManagedRepositoryContent;
+import org.apache.maven.archiva.repository.RepositoryContentFactory;
+import org.apache.maven.archiva.repository.RepositoryException;
+import org.apache.maven.archiva.repository.RepositoryNotFoundException;
import org.apache.maven.archiva.repository.audit.AuditEvent;
import org.apache.maven.archiva.repository.audit.AuditListener;
+import org.apache.maven.archiva.repository.audit.Auditable;
import org.apache.maven.archiva.repository.metadata.MetadataTools;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataException;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
-import org.apache.maven.archiva.repository.ContentNotFoundException;
-import org.apache.maven.archiva.repository.RepositoryException;
-import org.apache.maven.archiva.repository.RepositoryNotFoundException;
-import org.apache.maven.archiva.repository.ManagedRepositoryContent;
-import org.apache.maven.archiva.repository.RepositoryContentFactory;
import org.apache.maven.archiva.security.AccessDeniedException;
import org.apache.maven.archiva.security.ArchivaSecurityException;
import org.apache.maven.archiva.security.ArchivaXworkUser;
import org.apache.maven.archiva.security.PrincipalNotFoundException;
import org.apache.maven.archiva.security.UserRepositories;
-import org.codehaus.plexus.redback.rbac.RbacManagerException;
-
import org.apache.struts2.ServletActionContext;
+
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.Preparable;
import com.opensymphony.xwork2.Validateable;
addActionError( "Invalid version." );
}
}
- catch ( RbacManagerException e )
+ catch ( AccessDeniedException e )
+ {
+ addActionError( e.getMessage() );
+ }
+ catch ( ArchivaSecurityException e )
{
addActionError( e.getMessage() );
}
projects / archiva.git / commitdiff