[MRM-398] configure guest access by default for pre-configured repositories

author Joakim Erdfelt <joakime@apache.org>

Fri, 12 Oct 2007 21:35:41 +0000 (21:35 +0000)

committer Joakim Erdfelt <joakime@apache.org>

Fri, 12 Oct 2007 21:35:41 +0000 (21:35 +0000)
author Joakim Erdfelt <joakime@apache.org>
Fri, 12 Oct 2007 21:35:41 +0000 (21:35 +0000)
committer Joakim Erdfelt <joakime@apache.org>
Fri, 12 Oct 2007 21:35:41 +0000 (21:35 +0000)
diff --git a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java

index 45d19de283cf852ddd2f3fb8e1cea3eb0831c90a..0be90a7b00036e59ce7345e260926ee768fd9563 100644 (file)
--- a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
+++ b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
@@ -63,5 +63,9 @@ public class ArchivaRoleConstants
      public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
  
      public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
+
+    // Role templates
+    public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager";
      
+    public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer";
  }
diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java

index 7f846dc70088d4cf07c2fc7e882417c3a9b952f4..9a52f7aa6626ef96f1a9afb6b3ca93dba271f5af 100644 (file)
--- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java
+++ b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java
@@ -22,6 +22,10 @@ package org.apache.maven.archiva.web.action.admin.repositories;
  import org.apache.commons.io.FileUtils;
  import org.apache.maven.archiva.configuration.Configuration;
  import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.codehaus.plexus.redback.rbac.RBACManager;
+import org.codehaus.plexus.redback.rbac.RbacManagerException;
+import org.codehaus.plexus.redback.rbac.UserAssignment;
  import org.codehaus.plexus.redback.role.RoleManager;
  import org.codehaus.plexus.redback.role.RoleManagerException;
  
@@ -43,6 +47,11 @@ public abstract class AbstractManagedRepositoriesAction
       * @plexus.requirement role-hint="default"
       */
      protected RoleManager roleManager;
+    
+    /**
+     * @plexus.requirement role-hint="cached"
+     */
+    protected RBACManager rbacManager;
  
      public RoleManager getRoleManager()
      {
@@ -75,10 +84,32 @@ public abstract class AbstractManagedRepositoriesAction
  
      protected void addRepositoryRoles( ManagedRepositoryConfiguration newRepository ) throws RoleManagerException
      {
+        String repoId = newRepository.getId();
+        
          // TODO: double check these are configured on start up
          // TODO: belongs in the business logic
-        roleManager.createTemplatedRole( "archiva-repository-manager", newRepository.getId() );
-        roleManager.createTemplatedRole( "archiva-repository-observer", newRepository.getId() );
+        
+        if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
+        {
+            roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
+        }
+
+        if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
+        {
+            roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
+        }
+
+        try
+        {
+            UserAssignment ua = rbacManager.getUserAssignment( ArchivaRoleConstants.GUEST_ROLE );
+            ua.addRoleName( ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId );
+            rbacManager.saveUserAssignment( ua );
+        }
+        catch ( RbacManagerException e )
+        {
+            getLogger().warn( "Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - "
+                              + repoId + "] to Guest user.", e );
+        }
      }
  
      protected void removeContents( ManagedRepositoryConfiguration existingRepository )
@@ -99,9 +130,18 @@ public abstract class AbstractManagedRepositoriesAction
      protected void removeRepositoryRoles( ManagedRepositoryConfiguration existingRepository )
          throws RoleManagerException
      {
-        roleManager.removeTemplatedRole( "archiva-repository-manager", existingRepository.getId() );
-        roleManager.removeTemplatedRole( "archiva-repository-observer", existingRepository.getId() );
+        String repoId = existingRepository.getId();
+        
+        if ( roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
+        {
+            roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
+        }
+        
+        if ( roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
+        {
+            roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
+        }
  
-        getLogger().debug( "removed user roles associated with repository " + existingRepository.getId() );
+        getLogger().debug( "removed user roles associated with repository " + repoId );
      }
  }
diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/check/RoleExistanceEnvironmentCheck.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/check/RoleExistanceEnvironmentCheck.java

deleted file mode 100644 (file)

index 7106faa..0000000
--- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/check/RoleExistanceEnvironmentCheck.java
+++ /dev/null
@@ -1,96 +0,0 @@
-package org.apache.maven.archiva.web.check;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.maven.archiva.configuration.ArchivaConfiguration;
-import org.apache.maven.archiva.configuration.Configuration;
-import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.apache.maven.archiva.database.ArchivaDAO;
-import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
-
-import java.util.List;
-
-/**
- * RoleExistanceEnvironmentCheck:
- * <p/>
- * Under certain circumstances it is possible that the user store and/or role store
- * have been wiped or reset and its important to see if there are repositories already
- * configured in archiva that need to reinitialized in terms of having their roles created.
- *
- * @author: Jesse McConnell <jmcconnell@apache.org>
- * @version: $ID:
- * @plexus.component role="org.codehaus.plexus.security.system.check.EnvironmentCheck"
- * role-hint="repository-role-check"
- */
-public class RoleExistanceEnvironmentCheck
-    extends AbstractLogEnabled
-    implements EnvironmentCheck
-{
-    /**
-     * @plexus.requirement role-hint="jdo"
-     */
-    private ArchivaDAO dao;
-
-    /**
-     * @plexus.requirement role-hint="default"
-     */
-    private RoleManager roleManager;
-
-    /**
-     * @plexus.requirement
-     */
-    private ArchivaConfiguration configuration;
-
-    private boolean checked;
-
-    public void validateEnvironment( List list )
-    {
-        if ( !checked )
-        {
-            try
-            {
-                Configuration config = configuration.getConfiguration();
-                for ( ManagedRepositoryConfiguration repository : config.getManagedRepositoriesAsMap().values() )
-                {
-                    if ( !roleManager.templatedRoleExists( "archiva-repository-manager", repository.getId() ) )
-                    {
-                        roleManager.createTemplatedRole( "archiva-repository-manager", repository.getId() );
-                    }
-
-                    if ( !roleManager.templatedRoleExists( "archiva-repository-observer", repository.getId() ) )
-                    {
-                        roleManager.createTemplatedRole( "archiva-repository-observer", repository.getId() );
-                    }
-                }
-            }
-            catch ( RoleManagerException rpe )
-            {
-                list.add( this.getClass().getName() + "error initializing roles: " + rpe.getMessage() );
-                getLogger().info( "error initializing roles", rpe );
-            }
-
-            checked = true;
-        }
-    }
-
-}
diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java

index 234e5f0e2722ab137ae8860139644bb03c513459..b2e37ec0df72a28f70991966b1bcd8d0fdbae565 100644 (file)
--- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
+++ b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
@@ -23,6 +23,7 @@ import org.apache.maven.archiva.common.ArchivaException;
  import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  import org.apache.maven.archiva.configuration.ConfigurationNames;
  import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
  import org.codehaus.plexus.logging.AbstractLogEnabled;
  import org.codehaus.plexus.redback.role.RoleManager;
  import org.codehaus.plexus.redback.role.RoleManagerException;
@@ -69,19 +70,25 @@ public class SecuritySynchronization
  
      private void synchConfiguration( List<ManagedRepositoryConfiguration> repos )
      {
+        // NOTE: Remote Repositories do not have roles or security placed around them.
+        
          for ( ManagedRepositoryConfiguration repoConfig : repos )
          {
              // manage roles for repositories
              try
              {
-                if ( !roleManager.templatedRoleExists( "archiva-repository-observer", repoConfig.getId() ) )
+                if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, 
+                                                       repoConfig.getId() ) )
                  {
-                    roleManager.createTemplatedRole( "archiva-repository-observer", repoConfig.getId() );
+                    roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, 
+                                                     repoConfig.getId() );
                  }
  
-                if ( !roleManager.templatedRoleExists( "archiva-repository-manager", repoConfig.getId() ) )
+                if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, 
+                                                       repoConfig.getId() ) )
                  {
-                    roleManager.createTemplatedRole( "archiva-repository-manager", repoConfig.getId() );
+                    roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, 
+                                                     repoConfig.getId() );
                  }
              }
              catch ( RoleManagerException e )
@@ -89,7 +96,6 @@ public class SecuritySynchronization
                  // Log error.
                  getLogger().error( "Unable to create roles for configured repositories: " + e.getMessage(), e );
              }
-
          }
      }
  
diff --git a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java

index 7448fa0d58138f3b08c4e5f21e227230d68b44a1..779ad630e793a29b9c3890d895304739cf487866 100644 (file)
--- a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java
+++ b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java
@@ -25,6 +25,7 @@ import org.apache.commons.io.FileUtils;
  import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  import org.apache.maven.archiva.configuration.Configuration;
  import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
  import org.codehaus.plexus.PlexusTestCase;
  import org.codehaus.plexus.redback.role.RoleManager;
  import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle;
@@ -119,9 +120,14 @@ public class AddManagedRepositoryActionTest
      {
          FileUtils.deleteDirectory( location );
  
-        // TODO: should be in the business model
-        roleManager.createTemplatedRole( "archiva-repository-manager", REPO_ID );
-        roleManager.createTemplatedRole( "archiva-repository-observer", REPO_ID );
+        roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+        roleManagerControl.setReturnValue( false );
+        roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+        roleManagerControl.setVoidCallable();
+        roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+        roleManagerControl.setReturnValue( false );
+        roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+        roleManagerControl.setVoidCallable();
  
          roleManagerControl.replay();
  
diff --git a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java

index 84c6fbb704747344fd1de92039302492d8ea91dc..6f26257bed269a14f4627ff322e22326eef66a03 100644 (file)
--- a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java
+++ b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java
@@ -25,8 +25,10 @@ import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  import org.apache.maven.archiva.configuration.Configuration;
  import org.apache.maven.archiva.configuration.IndeterminateConfigurationException;
  import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
  import org.codehaus.plexus.PlexusTestCase;
  import org.codehaus.plexus.redback.role.RoleManager;
+import org.codehaus.plexus.redback.role.RoleManagerException;
  import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle;
  import org.codehaus.plexus.redback.xwork.interceptor.SecureActionException;
  import org.codehaus.plexus.registry.RegistryException;
@@ -114,8 +116,10 @@ public class DeleteManagedRepositoryActionTest
      }
  
      public void testDeleteRepositoryKeepContent()
-        throws RegistryException, IndeterminateConfigurationException
+        throws Exception
      {
+        prepareRoleManagerMock();
+        
          Configuration configuration = prepDeletionTest( createRepository(), "delete-entry" );
          String status = action.deleteEntry();
          assertEquals( Action.SUCCESS, status );
@@ -126,8 +130,10 @@ public class DeleteManagedRepositoryActionTest
      }
  
      public void testDeleteRepositoryDeleteContent()
-        throws RegistryException, IndeterminateConfigurationException
+        throws Exception
      {
+        prepareRoleManagerMock();
+        
          Configuration configuration = prepDeletionTest( createRepository(), "delete-contents" );
          String status = action.deleteContents();
          assertEquals( Action.SUCCESS, status );
@@ -226,4 +232,15 @@ public class DeleteManagedRepositoryActionTest
          repository.setDeleteReleasedSnapshots( true );
      }
  
+    private void prepareRoleManagerMock()
+        throws RoleManagerException
+    {
+        roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+        roleManagerControl.setReturnValue( true );
+        roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+        roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+        roleManagerControl.setReturnValue( true );
+        roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+        roleManagerControl.replay();
+    }
  }
diff --git a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java

index a3124f5e53fec24351089522eb92c7efce770bdf..f596f42b72b74eb9b4f9f3ea6f278f7018226ef1 100644 (file)
--- a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java
+++ b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java
@@ -24,6 +24,7 @@ import com.opensymphony.xwork.Action;
  import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  import org.apache.maven.archiva.configuration.Configuration;
  import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
  import org.codehaus.plexus.PlexusTestCase;
  import org.codehaus.plexus.redback.role.RoleManager;
  import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle;
@@ -112,9 +113,14 @@ public class EditManagedRepositoryActionTest
      public void testEditRepository()
          throws Exception
      {
-        // TODO: should be in the business model
-        roleManager.createTemplatedRole( "archiva-repository-manager", REPO_ID );
-        roleManager.createTemplatedRole( "archiva-repository-observer", REPO_ID );
+        roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+        roleManagerControl.setReturnValue( false );
+        roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+        roleManagerControl.setVoidCallable();
+        roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+        roleManagerControl.setReturnValue( false );
+        roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+        roleManagerControl.setVoidCallable();
  
          roleManagerControl.replay();
author	Joakim Erdfelt <joakime@apache.org>
	Fri, 12 Oct 2007 21:35:41 +0000 (21:35 +0000)
committer	Joakim Erdfelt <joakime@apache.org>
	Fri, 12 Oct 2007 21:35:41 +0000 (21:35 +0000)
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java		patch \| blob \| history
archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java		patch \| blob \| history
archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/check/RoleExistanceEnvironmentCheck.java	[deleted file]	patch \| blob \| history
archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java		patch \| blob \| history
archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java		patch \| blob \| history
archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java		patch \| blob \| history
archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java		patch \| blob \| history