public class ArchivaRoleConstants
{
+ public static final String DELIMITER = " - ";
+
// globalish roles
public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
+
public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
+
public static final String REGISTERED_USER_ROLE = "Registered User";
+
public static final String GUEST_ROLE = "Guest";
+ // dynamic role prefixes
+ public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
+
+ public static final String REPOSITORY_OBSERVER_ROLE_PREFIX = "Repository Observer";
+
// operations
public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
+
public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
+
public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
+
+ public static final String OPERATION_RUN_INDEXER = "archiva-run-indexer";
+
+ public static final String OPERATION_REGENERATE_INDEX = "archiva-regenerate-index";
+
+ public static final String OPERATION_ACCESS_REPORT = "archiva-access-reports";
+
+ public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
+
+ public static final String OPERATION_REPOSITORY_ACCESS = "archiva-read-repository";
+
+ public static final String OPERATION_DELETE_REPOSITORY = "archiva-delete-repository";
+
+ public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
+
+ public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
}
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
+ operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
+ operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );
+ operations.add( ArchivaRoleConstants.OPERATION_ACCESS_REPORT ); // TODO: does this need to be templated?
+ operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
+ operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+ operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
return operations;
}
--- /dev/null
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
+ * role-hint="archiva-repository-manager"
+ */
+public class RepsitoryManagerDynamicRoleProfile
+ extends AbstractDynamicRoleProfile
+{
+ public String getRoleName( String string )
+ {
+ return ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
+ }
+
+ public List getOperations()
+ {
+ List operations = new ArrayList();
+
+ // I'm not sure these are appropriate roles.
+ operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+ operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
+
+ operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+ operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
+ return operations;
+ }
+
+ public List getDynamicChildRoles( String string )
+ {
+ return Collections.singletonList(
+ ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string );
+ }
+
+ public boolean isAssignable()
+ {
+ return true;
+ }
+}
+
--- /dev/null
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
+ * role-hint="archiva-repository-observer"
+ */
+public class RepsitoryObserverDynamicRoleProfile
+ extends AbstractDynamicRoleProfile
+{
+ public String getRoleName( String string )
+ {
+ return ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
+ }
+
+ public List getOperations()
+ {
+ List operations = new ArrayList();
+ operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+ return operations;
+ }
+
+ public boolean isAssignable()
+ {
+ return true;
+ }
+}
</requirement>
</requirements>
</component>
+ <component>
+ <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+ <role-hint>archiva-repository-manager</role-hint>
+ <implementation>org.apache.maven.archiva.security.RepositoryManagerDynamicRoleProfile</implementation>
+ <requirements>
+ <requirement>
+ <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+ </requirement>
+ </requirements>
+ </component>
+ <component>
+ <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+ <role-hint>archiva-repository-observer</role-hint>
+ <implementation>org.apache.maven.archiva.security.RepositoryObserverDynamicRoleProfile</implementation>
+ <requirements>
+ <requirement>
+ <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+ </requirement>
+ </requirements>
+ </component>
</components>
</component-set>
</exclusions>
</dependency>
<dependency>
- <groupId>org.codehaus.plexus.security</groupId>
-
<artifactId>plexus-security-keys-jdo</artifactId>
- <version>1.0-SNAPSHOT</version>
- </dependency>
+ <groupId>org.codehaus.plexus.security</groupId>
+ <artifactId>plexus-security-keys-jdo</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>1.2</version>
</dependency>
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-mail-sender-javamail</artifactId>
+ <version>1.0-alpha-3</version>
+ </dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>
+++ /dev/null
-package org.apache.maven.archiva.web;
-
-/*
- * Copyright 2001-2006 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-
-/**
- * ArchivaSecurityDefaults
- *
- * NOTE: this is targeted for removal with the forth coming rbac role templating
- *
- * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
- * @version $Id$
- */
-public interface ArchivaSecurityDefaults
-{
- public static final String ROLE = ArchivaSecurityDefaults.class.getName();
-
- public static final String GUEST_USERNAME = "guest";
-
- public static final String INDEX_REGENERATE_OPERATION = "regenerate-index";
-
- public static final String INDEX_REGENERATE_PERMISSION = "Regenerate Index";
-
- public static final String INDEX_RUN_OPERATION = "run-indexer";
-
- public static final String INDEX_RUN_PERMISSION = "Run Indexer";
-
- public static final String REPORTS_ACCESS_OPERATION = "access-reports";
-
- public static final String REPORTS_ACCESS_PERMISSION = "Access Reports";
-
- public static final String REPORTS_GENERATE_OPERATION = "generate-reports";
-
- public static final String REPORTS_GENERATE_PERMISSION = "Generate Reports";
-
- public static final String REPOSITORY_ACCESS = "Access Repository";
-
- public static final String REPOSITORY_ACCESS_OPERATION = "read-repository";
-
- public static final String REPOSITORY_ADD_OPERATION = "add-repository";
-
- public static final String REPOSITORY_ADD_PERMISSION = "Add Repository";
-
- public static final String REPOSITORY_DELETE = "Delete Repository";
-
- public static final String REPOSITORY_DELETE_OPERATION = "delete-repository";
-
- public static final String REPOSITORY_EDIT = "Edit Repository";
-
- public static final String REPOSITORY_EDIT_OPERATION = "edit-repository";
-
- public static final String REPOSITORY_MANAGER = "Repository Manager";
-
- public static final String REPOSITORY_OBSERVER = "Repository Observer";
-
- public static final String REPOSITORY_UPLOAD = "Repository Upload";
-
- public static final String REPOSITORY_UPLOAD_OPERATION = "upload-repository";
-
- public static final String ROLES_GRANT_OPERATION = "grant-roles";
-
- public static final String ROLES_GRANT_PERMISSION = "Grant Roles";
-
- public static final String ROLES_REMOVE_OPERATION = "remove-roles";
-
- public static final String ROLES_REMOVE_PERMISSION = "Remove Roles";
-
- public static final String SYSTEM_ADMINISTRATOR = "System Administrator";
-
- public static final String USER_ADMINISTRATOR = "User Administrator";
-
- public static final String USER_EDIT_OPERATION = "edit-user";
-
- public static final String USERS_EDIT_ALL_OPERATION = "edit-all-users";
-
- public static final String USERS_EDIT_ALL_PERMISSION = "Edit All Users";
-
- public void ensureDefaultsExist()
- throws RbacManagerException;
-
-}
+++ /dev/null
-package org.apache.maven.archiva.web;
-
-/*
- * Copyright 2001-2006 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
-import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
-import org.codehaus.plexus.security.rbac.Operation;
-import org.codehaus.plexus.security.rbac.Permission;
-import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-
-/**
- * DefaultArchivaSecurityDefaults
- *
- * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
- * @version $Id$
- * @plexus.component role="org.apache.maven.archiva.web.ArchivaSecurityDefaults"
- */
-public class DefaultArchivaSecurityDefaults
- extends AbstractLogEnabled
- implements ArchivaSecurityDefaults, Initializable
-{
- /**
- * @plexus.requirement
- */
- private RBACManager rbacManager;
-
- private boolean initialized = false;
-
- public void ensureDefaultsExist()
- throws RbacManagerException
- {
- if ( initialized )
- {
- return;
- }
-
- ensureOperationsExist();
- ensurePermissionsExist();
- ensureRolesExist();
-
- initialized = true;
- }
-
- private void ensureOperationExists( String operationName )
- throws RbacManagerException
- {
- if ( !rbacManager.operationExists( operationName ) )
- {
- Operation operation = rbacManager.createOperation( operationName );
- rbacManager.saveOperation( operation );
- }
- }
-
- private void ensureOperationsExist()
- throws RbacManagerException
- {
- ensureOperationExists( REPOSITORY_ADD_OPERATION );
- ensureOperationExists( REPOSITORY_EDIT_OPERATION );
- ensureOperationExists( REPOSITORY_DELETE_OPERATION );
- ensureOperationExists( INDEX_RUN_OPERATION );
- ensureOperationExists( INDEX_REGENERATE_OPERATION );
- ensureOperationExists( REPORTS_ACCESS_OPERATION );
- ensureOperationExists( REPORTS_GENERATE_OPERATION );
- ensureOperationExists( USER_EDIT_OPERATION );
- ensureOperationExists( USERS_EDIT_ALL_OPERATION );
- ensureOperationExists( ROLES_GRANT_OPERATION );
- ensureOperationExists( ROLES_REMOVE_OPERATION );
- ensureOperationExists( REPOSITORY_ACCESS_OPERATION );
- ensureOperationExists( REPOSITORY_UPLOAD_OPERATION );
- }
-
- private void ensurePermissionExists( String permissionName, String operationName, String resourceIdentifier )
- throws RbacManagerException
- {
- if ( !rbacManager.permissionExists( permissionName ) )
- {
- Permission editConfiguration =
- rbacManager.createPermission( permissionName, operationName, resourceIdentifier );
- rbacManager.savePermission( editConfiguration );
- }
- }
-
- private void ensurePermissionsExist()
- throws RbacManagerException
- {
- String globalResource = rbacManager.getGlobalResource().getIdentifier();
-
- ensurePermissionExists( REPORTS_ACCESS_PERMISSION, REPORTS_ACCESS_OPERATION, globalResource );
- ensurePermissionExists( REPORTS_GENERATE_PERMISSION, REPORTS_GENERATE_OPERATION, globalResource );
-
- ensurePermissionExists( INDEX_RUN_PERMISSION, INDEX_RUN_OPERATION, globalResource );
- ensurePermissionExists( INDEX_REGENERATE_PERMISSION, INDEX_REGENERATE_OPERATION, globalResource );
-
- ensurePermissionExists( REPOSITORY_ADD_PERMISSION, REPOSITORY_ADD_OPERATION, globalResource );
- ensurePermissionExists( REPOSITORY_ACCESS, "access-repository", globalResource );
- ensurePermissionExists( REPOSITORY_UPLOAD, REPOSITORY_UPLOAD_OPERATION, globalResource );
- }
-
- private void ensureRolesExist()
- throws RbacManagerException
- {
- /* TODO!
- if ( !rbacManager.roleExists( SYSTEM_ADMINISTRATOR ) )
- {
- Role admin = rbacManager.createRole( SYSTEM_ADMINISTRATOR );
- admin.addChildRoleName( rbacManager.getRole( USER_ADMINISTRATOR ).getName() );
- admin.addPermission( rbacManager.getPermission( CONFIGURATION_EDIT_PERMISSION ) );
- admin.addPermission( rbacManager.getPermission( INDEX_RUN_PERMISSION ) );
- admin.addPermission( rbacManager.getPermission( REPOSITORY_ADD_PERMISSION ) );
- admin.addPermission( rbacManager.getPermission( REPORTS_ACCESS_PERMISSION ) );
- admin.addPermission( rbacManager.getPermission( REPORTS_GENERATE_PERMISSION ) );
- admin.addPermission( rbacManager.getPermission( INDEX_REGENERATE_PERMISSION ) );
- admin.setAssignable( true );
- rbacManager.saveRole( admin );
- }
- */
- }
-
- public void initialize()
- throws InitializationException
- {
- try
- {
- ensureDefaultsExist();
- }
- catch ( RbacManagerException e )
- {
- throw new InitializationException( e.getMessage(), e );
- }
- }
-}
* limitations under the License.
*/
-import com.opensymphony.xwork.ActionSupport;
import com.opensymphony.xwork.Preparable;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.reporting.ReportGroup;
import org.apache.maven.archiva.reporting.ReportingDatabase;
import org.apache.maven.archiva.reporting.ReportingStoreException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.maven.artifact.repository.ArtifactRepository;
import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
+import org.codehaus.plexus.security.rbac.Resource;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import java.util.ArrayList;
* Repository reporting.
*
* @plexus.component role="com.opensymphony.xwork.Action" role-hint="reportsAction"
+ * @todo split report access and report generation
*/
public class ReportsAction
extends PlexusActionSupport
- implements Preparable
+ implements Preparable, SecureAction
{
/**
* @plexus.requirement
{
this.filter = filter;
}
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+
+ bundle.setRequiresAuthentication( true );
+ bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_ACCESS_REPORT, Resource.GLOBAL );
+
+ return bundle;
+ }
}
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
import org.apache.maven.archiva.configuration.InvalidConfigurationException;
-import org.apache.maven.archiva.web.util.RoleManager;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import org.codehaus.plexus.security.rbac.RbacManagerException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.rbac.profile.RoleProfileManager;
import java.io.IOException;
*/
public abstract class AbstractConfigureRepositoryAction
extends PlexusActionSupport
- implements ModelDriven, Preparable
+ implements ModelDriven, Preparable, SecureAction
{
/**
* @plexus.requirement
private ConfigurationStore configurationStore;
/**
- * @plexus.requirement
+ * @plexus.requirement role-hint="archiva"
*/
- protected RoleManager roleManager;
+ protected RoleProfileManager roleProfileManager;
/**
* The repository.
public String add()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
- RbacManagerException
+ RbacManagerException, RoleProfileException
{
// TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
public String edit()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
- RbacManagerException
+ RbacManagerException, RoleProfileException
{
// TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
private String saveConfiguration()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
- RbacManagerException
+ RbacManagerException, RoleProfileException
{
addRepository();
- roleManager.addRepository( repository.getId() );
-
configurationStore.storeConfiguration( configuration );
// TODO: do we need to check if indexing is needed?
}
protected abstract void addRepository()
- throws IOException;
+ throws IOException, RoleProfileException;
public String input()
{
{
return configuration;
}
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+
+ if ( getRepoId() != null )
+ {
+ bundle.setRequiresAuthentication( true );
+ // TODO: this is not right. It needs to change based on method
+ bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
+ }
+
+ return bundle;
+ }
}
import org.apache.maven.archiva.configuration.AbstractRepositoryConfiguration;
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.rbac.Resource;
import java.io.File;
import java.io.IOException;
}
protected void addRepository()
- throws IOException
+ throws IOException, RoleProfileException
{
RepositoryConfiguration repository = (RepositoryConfiguration) getRepository();
}
configuration.addRepository( repository );
+
+ // TODO: double check these are configured on start up
+ roleProfileManager.getDynamicRole( "archiva-repository-manager", repository.getId() );
+
+ roleProfileManager.getDynamicRole( "archiva-repository-observer", repository.getId() );
}
protected AbstractRepositoryConfiguration createRepository()
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
-
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ConfigurationStore;
-import org.apache.maven.archiva.configuration.ConfigurationStoreException;
-import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
-import org.apache.maven.archiva.web.util.RoleManager;
import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.user.UserManager;
-import org.codehaus.plexus.security.user.UserNotFoundException;
-
-import java.util.Iterator;
-import java.util.Map;
/**
* An interceptor that makes the application configuration available
*/
private ConfigurationStore configurationStore;
- /**
- * @plexus.requirement
- */
- private RoleManager roleManager;
-
- /**
- * @plexus.requirement
- */
- private RBACManager rbacManager;
-
- /**
- * @plexus.requirement
- */
- private UserManager userManager;
-
- /**
- * @plexus.requirement
- */
- private ArchivaSecurityDefaults archivaDefaults;
-
- private boolean adminInitialized = false;
-
/**
*
* @param actionInvocation
public String intercept( ActionInvocation actionInvocation )
throws Exception
{
- archivaDefaults.ensureDefaultsExist();
- ensureRepoRolesExist();
-
- if ( !adminInitialized )
- {
- adminInitialized = true;
-
- try
- {
- User user = userManager.findUser( "admin" );
- if ( user == null )
- {
- getLogger().info( "No admin user configured - forwarding to admin user creation page." );
- return "admin-user-needed";
- }
- getLogger().info( "Admin user found. No need to configure admin user." );
- }
- catch ( UserNotFoundException e )
- {
- getLogger().info( "No admin user found - forwarding to admin user creation page." );
- return "admin-user-needed";
- }
- }
-
Configuration configuration = configurationStore.getConfigurationFromStore();
if ( !configuration.isValid() )
}
}
- public void ensureRepoRolesExist()
- throws RbacManagerException
- {
- try
- {
- if ( configurationStore.getConfigurationFromStore().isValid() )
- {
- Map repositories = configurationStore.getConfigurationFromStore().getRepositoriesMap();
-
- for ( Iterator i = repositories.keySet().iterator(); i.hasNext(); )
- {
- String id = (String) i.next();
-
- if ( !rbacManager.roleExists( "Repository Observer - " + id ) )
- {
- getLogger().info( "recovering Repository Observer - " + id );
- roleManager.addRepository( id );
- }
-
- if ( !rbacManager.roleExists( "Repository Manager - " + id ) )
- {
- getLogger().info( "recovering Repository Manager - " + id );
- roleManager.addRepository( id );
- }
- }
- }
- }
- catch ( ConfigurationStoreException e )
- {
- throw new RuntimeException( "error with configurationStore()" );
- }
- }
-
public void destroy()
{
// This space left intentionally blank
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
-import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.servlet.AbstractPlexusServlet;
import org.codehaus.plexus.security.authentication.AuthenticationException;
import org.codehaus.plexus.security.authentication.AuthenticationResult;
import org.codehaus.plexus.security.authorization.AuthorizationException;
+import org.codehaus.plexus.security.policy.AccountLockedException;
+import org.codehaus.plexus.security.policy.MustChangePasswordException;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.ui.web.filter.authentication.HttpAuthenticator;
-import org.codehaus.plexus.security.policy.AccountLockedException;
-import org.codehaus.plexus.security.policy.MustChangePasswordException;
import org.codehaus.plexus.util.FileUtils;
import org.codehaus.plexus.util.StringUtils;
/**
* RepositoryAccess - access read/write to the repository.
*
- * @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
- * role-hint="repositoryAccess"
- *
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @version $Id$
+ * @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
+ * role-hint="repositoryAccess"
* @todo CACHE REPOSITORY LIST
*/
public class RepositoryAccess
*/
private HttpAuthenticator httpAuth;
- /**
- * @plexus.requirement
- */
- private ArchivaSecurityDefaults archivaSecurity;
-
/**
* List of request methods that fall into the category of 'access' or 'read' of a repository.
* All other method requests are to be considered 'write' or 'upload' requests.
routeToErrorPage( response, "Invalid Repository ID." );
return;
}
-
+
// Authentication Tests.
AuthenticationResult result;
if ( !result.isAuthenticated() )
{
// Must Authenticate.
- httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
- new AuthenticationException("User Credentials Invalid") );
+ httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
+ new AuthenticationException( "User Credentials Invalid" ) );
return;
}
}
catch ( AccountLockedException e )
{
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
- new AuthenticationException("User account is locked") );
+ new AuthenticationException( "User account is locked" ) );
}
catch ( MustChangePasswordException e )
{
- httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
- new AuthenticationException("You must change your password before you can attempt this again.") );
+ httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), new AuthenticationException(
+ "You must change your password before you can attempt this again." ) );
}
// Authorization Tests.
SecuritySession securitySession = httpAuth.getSecuritySession();
try
{
- String permission = ArchivaSecurityDefaults.REPOSITORY_ACCESS;
+ String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
if ( isWriteRequest )
{
- permission = ArchivaSecurityDefaults.REPOSITORY_UPLOAD;
+ permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
}
permission += " - " + repoconfig.getId();
if ( !isAuthorized )
{
// Issue HTTP Challenge.
- httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
- new AuthenticationException("Authorization Denied.") );
+ httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
+ new AuthenticationException( "Authorization Denied." ) );
return;
}
}
RepositoryMapping repo = getRepositoryMapping( repoconfig );
- response.setHeader( "Server", getServletContext().getServerInfo() + " Archiva : "
- + DAVUtilities.SERVLET_SIGNATURE );
+ response.setHeader( "Server",
+ getServletContext().getServerInfo() + " Archiva : " + DAVUtilities.SERVLET_SIGNATURE );
DAVTransaction transaction = new DAVTransaction( request, response );
try
+++ /dev/null
-package org.apache.maven.archiva.web.util;
-
-/*
- * Copyright 2001-2006 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
-import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.security.rbac.Permission;
-import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-import org.codehaus.plexus.security.rbac.Resource;
-import org.codehaus.plexus.security.rbac.Role;
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.user.UserManager;
-
-/**
- * DefaultRoleManager:
- * @todo remove!
- *
- * @author Jesse McConnell <jmcconnell@apache.org>
- * @version $Id:$
- * @plexus.component role="org.apache.maven.archiva.web.util.RoleManager"
- * role-hint="default"
- */
-public class DefaultRoleManager
- extends AbstractLogEnabled
- implements RoleManager
-{
-
- /**
- * @plexus.requirement
- */
- private RBACManager manager;
-
- public void addRepository( String repositoryName )
- throws RbacManagerException
- {
- // make the resource
- Resource repoResource = manager.createResource( repositoryName );
- repoResource = manager.saveResource( repoResource );
-
- // make the permissions
- Permission editRepo =
- manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName );
- editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) );
- editRepo.setResource( repoResource );
- editRepo = manager.savePermission( editRepo );
-
- Permission deleteRepo =
- manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName );
- deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) );
- deleteRepo.setResource( repoResource );
- deleteRepo = manager.savePermission( deleteRepo );
-
- Permission accessRepo =
- manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName );
- accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) );
- accessRepo.setResource( repoResource );
- accessRepo = manager.savePermission( accessRepo );
-
- Permission uploadRepo =
- manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName );
- uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) );
- uploadRepo.setResource( repoResource );
- uploadRepo = manager.savePermission( uploadRepo );
-
- // make the roles
- Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
- repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) );
- repositoryObserver.setAssignable( true );
- repositoryObserver = manager.saveRole( repositoryObserver );
-
- Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName );
- repositoryManager.addPermission( editRepo );
- repositoryManager.addPermission( deleteRepo );
- repositoryManager.addPermission( accessRepo );
- repositoryManager.addPermission( uploadRepo );
- repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) );
- repositoryManager.addChildRoleName( repositoryObserver.getName() );
- repositoryManager.setAssignable( true );
- manager.saveRole( repositoryManager );
- }
-
-}
+++ /dev/null
-package org.apache.maven.archiva.web.util;
-
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-
-/**
- * RoleManager:
- *
- * @author Jesse McConnell <jmcconnell@apache.org>
- * @version $Id:$
- */
-public interface RoleManager
-{
- public static final String ROLE = RoleManager.class.getName();
-
- public void addRepository( String repositoryName )
- throws RbacManagerException;
-
-}
<component>
<role>org.apache.maven.archiva.scheduler.RepositoryTaskScheduler</role>
</component>
- <component>
- <role>org.apache.maven.archiva.web.ArchivaSecurityDefaults</role>
- </component>
</load-on-start>
</plexus>
+++ /dev/null
-#
-# properties that might be used in plexus-security initialization
-#
-
-#
-# operations
-#
-addRepositoryOperation=add-repository
-editRepositoryOperation=edit-repository
-deleteRepositoryOperation=delete-repository
-
-editConfiguration=edit-configuration
-
-runIndexer=run-indexer
-regenerateIndex=regenerate-index
-
-accessReports=access-reports
-generateReports=generate-reports
-
-editAllUsers=edit-all-users
-editUser=edit-user
-
-grantRoles=grant-roles
-removeRoles=remove-roles
\ No newline at end of file
</td>
<%-- TODO: a "delete index and run now" operation should be here too (really clean, remove deletions that didn't get picked up) --%>
<td>
- <pss:ifAuthorized permission="run-indexer">
+ <pss:ifAuthorized permission="archiva-run-indexer">
<a href="<ww:url action="runIndexer" />">Run Now</a>
</pss:ifAuthorized>
</td>
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
- <pss:ifAuthorized permission="add-repository">
+ <pss:ifAuthorized permission="archiva-add-repository">
<ww:url id="addRepositoryUrl" action="addRepository" method="input"/>
<ww:a href="%{addRepositoryUrl}">Add Repository</ww:a>
</pss:ifAuthorized>
<ww:param name="repoId" value="%{'${repository.id}'}" />
</ww:url>
<%-- TODO replace with icons --%>
- <pss:ifAuthorized permission="edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized><pss:ifAuthorized permission="delete-repository" resource="${repository.id}"> <ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
+ <pss:ifAuthorized permission="archiva-edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized>
+ <pss:ifAuthorized permission="archiva-delete-repository" resource="${repository.id}"><ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
</div>
<h3>${repository.name}</h3>
<table class="infoTable">
<my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl>
</li>
</ul>
- <pss:ifAnyAuthorized permissions="archiva-manage-users,access-reports,archiva-manage-configuration">
+ <pss:ifAnyAuthorized permissions="archiva-manage-users,archiva-access-reports,archiva-manage-configuration">
<h5>Manage</h5>
<ul>
- <pss:ifAuthorized permission="access-reports">
+ <pss:ifAuthorized permission="archiva-access-reports">
<li class="none">
<my:currentWWUrl action="reports" namespace="/admin">Reports</my:currentWWUrl>
</li>
<div id="contentArea">
-<pss:ifAnyAuthorized permissions="generate-reports">
+<pss:ifAnyAuthorized permissions="archiva-generate-reports">
<ww:form action="reports" namespace="/admin">
<ww:select list="reports" label="Report" name="reportGroup" onchange="document.reports.submit();"/>
<ww:select list="configuration.repositories" listKey="id" listValue="name" label="Repository" headerKey="-"
--%>
<c:choose>
<c:when test="${!database.inProgress}">
- <pss:ifAuthorized permission="generate-reports">
+ <pss:ifAuthorized permission="archiva-generate-reports">
<ww:url id="regenerateReportUrl" action="runReport" namespace="/admin">
<ww:param name="repositoryId">${database.repository.id}</ww:param>
<ww:param name="reportGroup" value="reportGroup"/>
projects / archiva.git / commitdiff