package org.apache.maven.archiva.web.action.admin;
-
/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+* Copyright 2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
import com.opensymphony.xwork.Preparable;
import org.codehaus.plexus.security.rbac.RBACManager;
import org.codehaus.plexus.security.user.User;
import org.codehaus.plexus.security.user.UserManager;
import org.codehaus.plexus.security.user.UserNotFoundException;
+import org.codehaus.plexus.security.user.UserManagerException;
+import org.codehaus.plexus.security.authorization.rbac.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.authorization.rbac.web.interceptor.SecureActionException;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import java.util.ArrayList;
* role-hint="userManagement"
*/
public class UserManagementAction
- extends PlexusActionSupport implements Preparable
+ extends PlexusActionSupport
+ implements Preparable, SecureAction
{
/**
* @plexus.requirement
public void prepare()
throws Exception
{
- if ( username == null || "".equals( username ) )
- {
- user = userManager.findUser( (String) session.get( "MANAGED_USERNAME" ) );
- username = user.getUsername();
- }
- else
+ try
{
- user = userManager.findUser( username );
- }
+ if ( username == null || "".equals( username ) )
+ {
+ user = userManager.findUser( (String) session.get( "MANAGED_USERNAME" ) );
+ username = user.getUsername();
+ }
+ else
+ {
+ user = userManager.findUser( username );
+ }
- session.put( "MANAGED_USERNAME", username );
+ session.put( "MANAGED_USERNAME", username );
- principal = user.getPrincipal().toString();
- fullName = user.getFullName();
- email = user.getEmail();
+ principal = user.getPrincipal().toString();
+ fullName = user.getFullName();
+ email = user.getEmail();
- if ( principal != null && rbacManager.userAssignmentExists( principal ) )
+ if ( principal != null && rbacManager.userAssignmentExists( principal ) )
+ {
+ assignedRoles = new ArrayList( rbacManager.getAssignedRoles( principal ) );
+ availableRoles = new ArrayList( rbacManager.getUnassignedRoles( principal ) );
+ }
+ else
+ {
+ assignedRoles = new ArrayList();
+ availableRoles = rbacManager.getAllAssignableRoles();
+ }
+ }
+ catch ( UserNotFoundException ne )
{
- assignedRoles = new ArrayList( rbacManager.getAssignedRoles( principal ) );
- availableRoles = new ArrayList( rbacManager.getUnassignedRoles( principal ) );
+ addActionError( "user cound not found" );
+ assignedRoles = new ArrayList();
+ availableRoles = new ArrayList();
}
- else
+ catch ( UserManagerException ume )
{
assignedRoles = new ArrayList();
- availableRoles = rbacManager.getAllAssignableRoles();
+ availableRoles = new ArrayList();
}
-
}
/**
* for this method username should be populated
- *
+ *
* @return
*/
public String findUser()
}
catch ( UserNotFoundException ne )
{
- addActionError( "user could not be found " + username );
+ addActionError( "user could not be found " + username );
return ERROR;
}
}
return SUCCESS;
}
+
+ public List getRequiredOperations()
+ throws SecureActionException
+ {
+ List operations = new ArrayList();
+ operations.add( "edit-all-users" );
+ operations.add( "edit-user" );
+ return operations;
+ }
+
+ public String getRequiredResource()
+ throws SecureActionException
+ {
+ SecuritySession securitySession = (SecuritySession) session.get( SecuritySession.ROLE );
+
+ User user = securitySession.getUser();
+
+ if ( user != null )
+ {
+ return user.getPrincipal().toString();
+ }
+ else
+ {
+ throw new SecureActionException( "unable to obtain principal from users session" );
+ }
+ }
+
+ public boolean authenticationRequired()
+ throws SecureActionException
+ {
+ return true;
+ }
+
public String getUsername()
{
return username;
<package name="base" extends="webwork-default">
<interceptors>
<interceptor name="configuration" class="configurationInterceptor"/>
+ <interceptor name="pssSecureActions" class="pssSecureActionInterceptor"/>
<interceptor-stack name="configuredStack">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="configuration"/>
+ <interceptor-ref name="pssSecureActions"/>
</interceptor-stack>
<interceptor-stack name="configuredPrepareParamsStack">
<interceptor-ref name="paramsPrepareParamsStack"/>
<interceptor-ref name="configuration"/>
+ <interceptor-ref name="pssSecureActions"/>
</interceptor-stack>
</interceptors>
<param name="method">input</param>
</result>
<result name="error">/WEB-INF/jsp/generalError.jsp</result>
+ <result name="requires-authentication">/WEB-INF/jsp/alert.jsp</result>
+ <result name="requires-authorization">/WEB-INF/jsp/alert.jsp</result>
</global-results>
</package>
<interceptor-stack name="configuredStack">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="configuration"/>
+ <interceptor-ref name="pssSecureActions"/>
</interceptor-stack>
</interceptors>