import org.apache.maven.archiva.configuration.IndeterminateConfigurationException;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.apache.maven.archiva.configuration.ProxyConnectorConfiguration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.users.User;
import org.apache.archiva.audit.AuditEvent;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.memory.SimpleUser;
import org.apache.archiva.admin.repository.RepositoryAdminException;
import org.apache.archiva.rest.api.model.ManagedRepository;
-import org.apache.archiva.rest.api.model.RemoteRepository;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.redback.authorization.RedbackAuthorization;
import javax.ws.rs.Consumes;
* under the License.
*/
-import org.apache.archiva.admin.repository.RepositoryAdminException;
-import org.apache.archiva.rest.api.model.ManagedRepository;
import org.apache.archiva.rest.api.model.RemoteRepository;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.redback.authorization.RedbackAuthorization;
-import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
-import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * AccessDeniedException
+ *
+ * @version $Id$
+ */
+public class AccessDeniedException
+ extends ArchivaSecurityException
+{
+ public AccessDeniedException( String message, Throwable cause )
+ {
+ super( message, cause );
+ }
+
+ public AccessDeniedException( String message )
+ {
+ super( message );
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+public class ArchivaRoleConstants
+{
+ public static final String DELIMITER = " - ";
+
+ // globalish roles
+ public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
+
+ public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
+
+ public static final String GLOBAL_REPOSITORY_MANAGER_ROLE = "Global Repository Manager";
+
+ public static final String GLOBAL_REPOSITORY_OBSERVER_ROLE = "Global Repository Observer";
+
+ public static final String REGISTERED_USER_ROLE = "Registered User";
+
+ public static final String GUEST_ROLE = "Guest";
+
+ // dynamic role prefixes
+ public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
+
+ public static final String REPOSITORY_OBSERVER_ROLE_PREFIX = "Repository Observer";
+
+ // operations
+ public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
+
+ public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
+
+ public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
+
+ public static final String OPERATION_RUN_INDEXER = "archiva-run-indexer";
+
+ public static final String OPERATION_REGENERATE_INDEX = "archiva-regenerate-index";
+
+ public static final String OPERATION_ACCESS_REPORT = "archiva-access-reports";
+
+ public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
+
+ public static final String OPERATION_REPOSITORY_ACCESS = "archiva-read-repository";
+
+ public static final String OPERATION_DELETE_REPOSITORY = "archiva-delete-repository";
+
+ public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
+
+ public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
+
+ public static final String OPERATION_REPOSITORY_DELETE = "archiva-delete-artifact";
+
+ public static final String OPERATION_VIEW_AUDIT_LOG = "archiva-view-audit-logs";
+
+ // Role templates
+ public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager";
+
+ public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer";
+
+ public static final String TEMPLATE_GLOBAL_REPOSITORY_OBSERVER = "archiva-global-repository-observer";
+
+ public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator";
+
+ public static final String TEMPLATE_GUEST = "archiva-guest";
+
+ public static String toRepositoryObserverRoleName( String repoId )
+ {
+ return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId;
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.maven.archiva.common.ArchivaException;
+
+/**
+ * ArchivaSecurityException
+ *
+ * @version $Id$
+ */
+public class ArchivaSecurityException
+ extends ArchivaException
+{
+ public ArchivaSecurityException( String message, Throwable cause )
+ {
+ super( message, cause );
+ }
+
+ public ArchivaSecurityException( String message )
+ {
+ super( message );
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.AuthorizationResult;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+import org.codehaus.plexus.redback.system.DefaultSecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+/**
+ * @version
+ * plexus.component role="org.apache.archiva.security.ServletAuthenticator" role-hint="default"
+ */
+@Service("servletAuthenticator")
+public class ArchivaServletAuthenticator
+ implements ServletAuthenticator
+{
+ private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
+
+ /**
+ * plexus.requirement
+ */
+ @Inject
+ private SecuritySystem securitySystem;
+
+ public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
+ throws AuthenticationException, AccountLockedException, MustChangePasswordException
+ {
+ if ( result != null && !result.isAuthenticated() )
+ {
+ throw new AuthenticationException( "User Credentials Invalid" );
+ }
+
+ return true;
+ }
+
+ public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
+ String permission )
+ throws AuthorizationException, UnauthorizedException
+ {
+ // TODO: also check for permission to proxy the resource when MRM-579 is implemented
+
+ AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
+
+ if ( !authzResult.isAuthorized() )
+ {
+ if ( authzResult.getException() != null )
+ {
+ log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission
+ + ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() );
+
+ throw new UnauthorizedException( "Access denied for repository " + repositoryId );
+ }
+ throw new UnauthorizedException( "User account is locked" );
+ }
+
+ return true;
+ }
+
+ public boolean isAuthorized( String principal, String repoId, String permission )
+ throws UnauthorizedException
+ {
+ try
+ {
+ User user = securitySystem.getUserManager().findUser( principal );
+ if ( user == null )
+ {
+ throw new UnauthorizedException( "The security system had an internal error - please check your system logs" );
+ }
+ if ( user.isLocked() )
+ {
+ throw new UnauthorizedException( "User account is locked." );
+ }
+
+ AuthenticationResult authn = new AuthenticationResult( true, principal, null );
+ SecuritySession securitySession = new DefaultSecuritySession( authn, user );
+
+ return securitySystem.isAuthorized( securitySession, permission, repoId );
+ }
+ catch ( UserNotFoundException e )
+ {
+ throw new UnauthorizedException( e.getMessage() );
+ }
+ catch ( AuthorizationException e )
+ {
+ throw new UnauthorizedException( e.getMessage() );
+ }
+ }
+
+
+ public SecuritySystem getSecuritySystem()
+ {
+ return securitySystem;
+ }
+
+ public void setSecuritySystem( SecuritySystem securitySystem )
+ {
+ this.securitySystem = securitySystem;
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.List;
+
+import org.codehaus.plexus.redback.rbac.RBACManager;
+import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+
+/**
+ * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.
+ *
+ * @version $Id$
+ *
+ * plexus.component role="org.codehaus.plexus.redback.system.check.EnvironmentCheck"
+ * role-hint="required-roles"
+ */
+@Service("environmentCheck#archiva-required-roles")
+public class ArchivaStandardRolesCheck
+ implements EnvironmentCheck
+{
+ private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class );
+
+ /**
+ * plexus.requirement role-hint="cached"
+ */
+ @Inject @Named(value = "rBACManager#cached")
+ private RBACManager rbacManager;
+
+ /**
+ * boolean detailing if this environment check has been executed
+ */
+ private boolean checked = false;
+
+ public void validateEnvironment( List<String> violations )
+ {
+ if ( !checked )
+ {
+ String expectedRoles[] = new String[] {
+ ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
+ ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
+ ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE,
+ ArchivaRoleConstants.GUEST_ROLE,
+ ArchivaRoleConstants.REGISTERED_USER_ROLE,
+ ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
+
+ log.info( "Checking the existance of required roles." );
+
+ for ( String roleName : expectedRoles )
+ {
+ if ( !rbacManager.roleExists( roleName ) )
+ {
+ violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
+ }
+ }
+
+ String expectedOperations[] = new String[] {
+ ArchivaRoleConstants.OPERATION_MANAGE_USERS,
+ ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION,
+ ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
+ ArchivaRoleConstants.OPERATION_RUN_INDEXER,
+ ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
+ ArchivaRoleConstants.OPERATION_ADD_REPOSITORY,
+ ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
+ ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
+ ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
+ ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
+ ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
+ "archiva-guest" };
+
+ log.info( "Checking the existance of required operations." );
+
+ for ( String operation : expectedOperations )
+ {
+ if ( !rbacManager.operationExists( operation ) )
+ {
+ violations.add( "Unable to validate the existances of the '" + operation + "' operation." );
+ }
+ }
+
+ checked = true;
+ }
+
+ }
+
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Map;
+
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySystemConstants;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserManager;
+
+/**
+ * ArchivaXworkUser
+ *
+ * @version $Id$
+ */
+public final class ArchivaXworkUser
+{
+ private ArchivaXworkUser()
+ {
+ // no touchy
+ }
+
+ public static String getActivePrincipal( Map<String, ?> sessionMap )
+ {
+ if ( sessionMap == null )
+ {
+ return UserManager.GUEST_USERNAME;
+ }
+
+ SecuritySession securitySession =
+ (SecuritySession) sessionMap.get( SecuritySystemConstants.SECURITY_SESSION_KEY );
+
+ if ( securitySession == null )
+ {
+ return UserManager.GUEST_USERNAME;
+ }
+
+ User user = securitySession.getUser();
+ if ( user == null )
+ {
+ return UserManager.GUEST_USERNAME;
+ }
+
+ return (String) user.getPrincipal();
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import com.google.common.collect.Lists;
+import org.apache.maven.archiva.configuration.ArchivaConfiguration;
+import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.role.RoleManager;
+import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.system.DefaultSecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * DefaultUserRepositories
+ *
+ * @version $Id$
+ * plexus.component role="org.apache.archiva.security.UserRepositories" role-hint="default"
+ */
+@Service( "userRepositories" )
+public class DefaultUserRepositories
+ implements UserRepositories
+{
+ /**
+ * plexus.requirement
+ */
+ @Inject
+ private SecuritySystem securitySystem;
+
+ /**
+ * plexus.requirement role-hint="default"
+ */
+ @Inject
+ private RoleManager roleManager;
+
+ /**
+ * plexus.requirement
+ */
+ @Inject
+ private ArchivaConfiguration archivaConfiguration;
+
+ private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
+
+ public List<String> getObservableRepositoryIds( String principal )
+ throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
+ {
+ String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
+
+ return getAccessibleRepositoryIds( principal, operation );
+ }
+
+ public List<String> getManagableRepositoryIds( String principal )
+ throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
+ {
+ String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
+
+ return getAccessibleRepositoryIds( principal, operation );
+ }
+
+ private List<String> getAccessibleRepositoryIds( String principal, String operation )
+ throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
+ {
+ SecuritySession securitySession = createSession( principal );
+
+ List<String> repoIds = new ArrayList<String>();
+
+ List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories();
+
+ for ( ManagedRepositoryConfiguration repo : repos )
+ {
+ try
+ {
+ String repoId = repo.getId();
+ if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
+ {
+ repoIds.add( repoId );
+ }
+ }
+ catch ( AuthorizationException e )
+ {
+ // swallow.
+ if ( log.isDebugEnabled() )
+ {
+ log.debug( "Not authorizing '{}' for repository '{}': {}",
+ Lists.<Object>newArrayList( principal, repo.getId(), e.getMessage() ) );
+ }
+ }
+ }
+
+ return repoIds;
+ }
+
+ private SecuritySession createSession( String principal )
+ throws ArchivaSecurityException, AccessDeniedException
+ {
+ User user;
+ try
+ {
+ user = securitySystem.getUserManager().findUser( principal );
+ if ( user == null )
+ {
+ throw new ArchivaSecurityException(
+ "The security system had an internal error - please check your system logs" );
+ }
+ }
+ catch ( UserNotFoundException e )
+ {
+ throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
+ }
+
+ if ( user.isLocked() )
+ {
+ throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
+ }
+
+ AuthenticationResult authn = new AuthenticationResult( true, principal, null );
+ return new DefaultSecuritySession( authn, user );
+ }
+
+ public void createMissingRepositoryRoles( String repoId )
+ throws ArchivaSecurityException
+ {
+ try
+ {
+ if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
+ {
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
+ }
+
+ if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
+ {
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
+ }
+ }
+ catch ( RoleManagerException e )
+ {
+ throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
+ e );
+ }
+ }
+
+ public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
+ throws PrincipalNotFoundException, ArchivaSecurityException
+ {
+ try
+ {
+ SecuritySession securitySession = createSession( principal );
+
+ return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
+ repoId );
+
+ }
+ catch ( AuthorizationException e )
+ {
+ throw new ArchivaSecurityException( e.getMessage() );
+ }
+ }
+
+ public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
+ throws AccessDeniedException, ArchivaSecurityException
+ {
+ try
+ {
+ SecuritySession securitySession = createSession( principal );
+
+ return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
+ repoId );
+
+ }
+ catch ( AuthorizationException e )
+ {
+ throw new ArchivaSecurityException( e.getMessage() );
+ }
+ }
+
+ public SecuritySystem getSecuritySystem()
+ {
+ return securitySystem;
+ }
+
+ public void setSecuritySystem( SecuritySystem securitySystem )
+ {
+ this.securitySystem = securitySystem;
+ }
+
+ public RoleManager getRoleManager()
+ {
+ return roleManager;
+ }
+
+ public void setRoleManager( RoleManager roleManager )
+ {
+ this.roleManager = roleManager;
+ }
+
+ public ArchivaConfiguration getArchivaConfiguration()
+ {
+ return archivaConfiguration;
+ }
+
+ public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration )
+ {
+ this.archivaConfiguration = archivaConfiguration;
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * PrincipalNotFoundException
+ *
+ * @version $Id$
+ */
+public class PrincipalNotFoundException
+ extends ArchivaSecurityException
+{
+ public PrincipalNotFoundException( String message, Throwable cause )
+ {
+ super( message, cause );
+ }
+
+ public PrincipalNotFoundException( String message )
+ {
+ super( message );
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+import org.codehaus.plexus.redback.system.SecuritySession;
+
+/**
+ * @version
+ */
+public interface ServletAuthenticator
+{
+ /**
+ * Authentication check for users.
+ *
+ * @param request
+ * @param result
+ * @return
+ * @throws AuthenticationException
+ * @throws AccountLockedException
+ * @throws MustChangePasswordException
+ */
+ boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
+ throws AuthenticationException, AccountLockedException, MustChangePasswordException;
+
+ /**
+ * Authorization check for valid users.
+ *
+ * @param request
+ * @param securitySession
+ * @param repositoryId
+ * @param isWriteRequest
+ * @return
+ * @throws AuthorizationException
+ * @throws UnauthorizedException
+ */
+ boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
+ String permission ) throws AuthorizationException, UnauthorizedException;
+
+ /**
+ * Authorization check specific for user guest, which doesn't go through
+ * HttpBasicAuthentication#getAuthenticationResult( HttpServletRequest request, HttpServletResponse response )
+ * since no credentials are attached to the request.
+ *
+ * See also MRM-911
+ *
+ * @param principal
+ * @param repoId
+ * @param isWriteRequest
+ * @return
+ * @throws UnauthorizedException
+ */
+ boolean isAuthorized( String principal, String repoId, String permission )
+ throws UnauthorizedException;
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.List;
+
+/**
+ * UserRepositories
+ *
+ * @version $Id$
+ */
+public interface UserRepositories
+{
+ /**
+ * Get the list of observable repository ids for the user specified.
+ *
+ * @param principal the principle to obtain the observable repository ids from.
+ * @return the list of observable repository ids.
+ * @throws PrincipalNotFoundException
+ * @throws AccessDeniedException
+ * @throws ArchivaSecurityException
+ */
+ List<String> getObservableRepositoryIds( String principal )
+ throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException;
+
+ /**
+ * Get the list of writable repository ids for the user specified.
+ *
+ * @param principal the principle to obtain the observable repository ids from.
+ * @return the list of observable repository ids.
+ * @throws PrincipalNotFoundException
+ * @throws AccessDeniedException
+ * @throws ArchivaSecurityException
+ */
+ List<String> getManagableRepositoryIds( String principal )
+ throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException;
+
+ /**
+ * Create any missing repository roles for the provided repository id.
+ *
+ * @param repoId the repository id to work off of.
+ * @throws ArchivaSecurityException if there was a problem creating the repository roles.
+ */
+ void createMissingRepositoryRoles( String repoId )
+ throws ArchivaSecurityException;
+
+ /**
+ * Check if user is authorized to upload artifacts in the repository.
+ *
+ * @param principal
+ * @param repoId
+ * @return
+ * @throws PrincipalNotFoundException
+ * @throws ArchivaSecurityException
+ */
+ boolean isAuthorizedToUploadArtifacts( String principal, String repoId)
+ throws PrincipalNotFoundException, ArchivaSecurityException;
+
+ /**
+ * Check if user is authorized to delete artifacts in the repository.
+ *
+ * @param principal
+ * @param repoId
+ * @return
+ * @throws ArchivaSecurityException
+ * @throws AccessDeniedException
+ */
+ boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
+ throws AccessDeniedException, ArchivaSecurityException;
+
+}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/**
- * AccessDeniedException
- *
- * @version $Id$
- */
-public class AccessDeniedException
- extends ArchivaSecurityException
-{
- public AccessDeniedException( String message, Throwable cause )
- {
- super( message, cause );
- }
-
- public AccessDeniedException( String message )
- {
- super( message );
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-public class ArchivaRoleConstants
-{
- public static final String DELIMITER = " - ";
-
- // globalish roles
- public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
-
- public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
-
- public static final String GLOBAL_REPOSITORY_MANAGER_ROLE = "Global Repository Manager";
-
- public static final String GLOBAL_REPOSITORY_OBSERVER_ROLE = "Global Repository Observer";
-
- public static final String REGISTERED_USER_ROLE = "Registered User";
-
- public static final String GUEST_ROLE = "Guest";
-
- // dynamic role prefixes
- public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
-
- public static final String REPOSITORY_OBSERVER_ROLE_PREFIX = "Repository Observer";
-
- // operations
- public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
-
- public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
-
- public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
-
- public static final String OPERATION_RUN_INDEXER = "archiva-run-indexer";
-
- public static final String OPERATION_REGENERATE_INDEX = "archiva-regenerate-index";
-
- public static final String OPERATION_ACCESS_REPORT = "archiva-access-reports";
-
- public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
-
- public static final String OPERATION_REPOSITORY_ACCESS = "archiva-read-repository";
-
- public static final String OPERATION_DELETE_REPOSITORY = "archiva-delete-repository";
-
- public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
-
- public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
-
- public static final String OPERATION_REPOSITORY_DELETE = "archiva-delete-artifact";
-
- public static final String OPERATION_VIEW_AUDIT_LOG = "archiva-view-audit-logs";
-
- // Role templates
- public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager";
-
- public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer";
-
- public static final String TEMPLATE_GLOBAL_REPOSITORY_OBSERVER = "archiva-global-repository-observer";
-
- public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator";
-
- public static final String TEMPLATE_GUEST = "archiva-guest";
-
- public static String toRepositoryObserverRoleName( String repoId )
- {
- return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId;
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.maven.archiva.common.ArchivaException;
-
-/**
- * ArchivaSecurityException
- *
- * @version $Id$
- */
-public class ArchivaSecurityException
- extends ArchivaException
-{
- public ArchivaSecurityException( String message, Throwable cause )
- {
- super( message, cause );
- }
-
- public ArchivaSecurityException( String message )
- {
- super( message );
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-
-import org.codehaus.plexus.redback.authentication.AuthenticationException;
-import org.codehaus.plexus.redback.authentication.AuthenticationResult;
-import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.authorization.AuthorizationResult;
-import org.codehaus.plexus.redback.authorization.UnauthorizedException;
-import org.codehaus.plexus.redback.policy.AccountLockedException;
-import org.codehaus.plexus.redback.policy.MustChangePasswordException;
-import org.codehaus.plexus.redback.system.DefaultSecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySystem;
-import org.codehaus.plexus.redback.users.User;
-import org.codehaus.plexus.redback.users.UserNotFoundException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-/**
- * @version
- * plexus.component role="org.apache.maven.archiva.security.ServletAuthenticator" role-hint="default"
- */
-@Service("servletAuthenticator")
-public class ArchivaServletAuthenticator
- implements ServletAuthenticator
-{
- private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
-
- /**
- * plexus.requirement
- */
- @Inject
- private SecuritySystem securitySystem;
-
- public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
- throws AuthenticationException, AccountLockedException, MustChangePasswordException
- {
- if ( result != null && !result.isAuthenticated() )
- {
- throw new AuthenticationException( "User Credentials Invalid" );
- }
-
- return true;
- }
-
- public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
- String permission )
- throws AuthorizationException, UnauthorizedException
- {
- // TODO: also check for permission to proxy the resource when MRM-579 is implemented
-
- AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
-
- if ( !authzResult.isAuthorized() )
- {
- if ( authzResult.getException() != null )
- {
- log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission
- + ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() );
-
- throw new UnauthorizedException( "Access denied for repository " + repositoryId );
- }
- throw new UnauthorizedException( "User account is locked" );
- }
-
- return true;
- }
-
- public boolean isAuthorized( String principal, String repoId, String permission )
- throws UnauthorizedException
- {
- try
- {
- User user = securitySystem.getUserManager().findUser( principal );
- if ( user == null )
- {
- throw new UnauthorizedException( "The security system had an internal error - please check your system logs" );
- }
- if ( user.isLocked() )
- {
- throw new UnauthorizedException( "User account is locked." );
- }
-
- AuthenticationResult authn = new AuthenticationResult( true, principal, null );
- SecuritySession securitySession = new DefaultSecuritySession( authn, user );
-
- return securitySystem.isAuthorized( securitySession, permission, repoId );
- }
- catch ( UserNotFoundException e )
- {
- throw new UnauthorizedException( e.getMessage() );
- }
- catch ( AuthorizationException e )
- {
- throw new UnauthorizedException( e.getMessage() );
- }
- }
-
-
- public SecuritySystem getSecuritySystem()
- {
- return securitySystem;
- }
-
- public void setSecuritySystem( SecuritySystem securitySystem )
- {
- this.securitySystem = securitySystem;
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import java.util.List;
-
-import org.codehaus.plexus.redback.rbac.RBACManager;
-import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-
-/**
- * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.
- *
- * @version $Id$
- *
- * plexus.component role="org.codehaus.plexus.redback.system.check.EnvironmentCheck"
- * role-hint="required-roles"
- */
-@Service("environmentCheck#archiva-required-roles")
-public class ArchivaStandardRolesCheck
- implements EnvironmentCheck
-{
- private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class );
-
- /**
- * plexus.requirement role-hint="cached"
- */
- @Inject @Named(value = "rBACManager#cached")
- private RBACManager rbacManager;
-
- /**
- * boolean detailing if this environment check has been executed
- */
- private boolean checked = false;
-
- public void validateEnvironment( List<String> violations )
- {
- if ( !checked )
- {
- String expectedRoles[] = new String[] {
- ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
- ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
- ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE,
- ArchivaRoleConstants.GUEST_ROLE,
- ArchivaRoleConstants.REGISTERED_USER_ROLE,
- ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
-
- log.info( "Checking the existance of required roles." );
-
- for ( String roleName : expectedRoles )
- {
- if ( !rbacManager.roleExists( roleName ) )
- {
- violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
- }
- }
-
- String expectedOperations[] = new String[] {
- ArchivaRoleConstants.OPERATION_MANAGE_USERS,
- ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION,
- ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
- ArchivaRoleConstants.OPERATION_RUN_INDEXER,
- ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
- ArchivaRoleConstants.OPERATION_ADD_REPOSITORY,
- ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
- ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
- ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
- ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
- ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
- "archiva-guest" };
-
- log.info( "Checking the existance of required operations." );
-
- for ( String operation : expectedOperations )
- {
- if ( !rbacManager.operationExists( operation ) )
- {
- violations.add( "Unable to validate the existances of the '" + operation + "' operation." );
- }
- }
-
- checked = true;
- }
-
- }
-
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import java.util.Map;
-
-import org.codehaus.plexus.redback.system.SecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySystemConstants;
-import org.codehaus.plexus.redback.users.User;
-import org.codehaus.plexus.redback.users.UserManager;
-
-/**
- * ArchivaXworkUser
- *
- * @version $Id$
- */
-public final class ArchivaXworkUser
-{
- private ArchivaXworkUser()
- {
- // no touchy
- }
-
- public static String getActivePrincipal( Map<String, ?> sessionMap )
- {
- if ( sessionMap == null )
- {
- return UserManager.GUEST_USERNAME;
- }
-
- SecuritySession securitySession =
- (SecuritySession) sessionMap.get( SecuritySystemConstants.SECURITY_SESSION_KEY );
-
- if ( securitySession == null )
- {
- return UserManager.GUEST_USERNAME;
- }
-
- User user = securitySession.getUser();
- if ( user == null )
- {
- return UserManager.GUEST_USERNAME;
- }
-
- return (String) user.getPrincipal();
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import com.google.common.collect.Lists;
-import org.apache.maven.archiva.configuration.ArchivaConfiguration;
-import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.codehaus.plexus.redback.authentication.AuthenticationResult;
-import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.system.DefaultSecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySystem;
-import org.codehaus.plexus.redback.users.User;
-import org.codehaus.plexus.redback.users.UserNotFoundException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import javax.inject.Inject;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * DefaultUserRepositories
- *
- * @version $Id$
- * plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
- */
-@Service( "userRepositories" )
-public class DefaultUserRepositories
- implements UserRepositories
-{
- /**
- * plexus.requirement
- */
- @Inject
- private SecuritySystem securitySystem;
-
- /**
- * plexus.requirement role-hint="default"
- */
- @Inject
- private RoleManager roleManager;
-
- /**
- * plexus.requirement
- */
- @Inject
- private ArchivaConfiguration archivaConfiguration;
-
- private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
-
- public List<String> getObservableRepositoryIds( String principal )
- throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
- {
- String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
-
- return getAccessibleRepositoryIds( principal, operation );
- }
-
- public List<String> getManagableRepositoryIds( String principal )
- throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
- {
- String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
-
- return getAccessibleRepositoryIds( principal, operation );
- }
-
- private List<String> getAccessibleRepositoryIds( String principal, String operation )
- throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
- {
- SecuritySession securitySession = createSession( principal );
-
- List<String> repoIds = new ArrayList<String>();
-
- List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories();
-
- for ( ManagedRepositoryConfiguration repo : repos )
- {
- try
- {
- String repoId = repo.getId();
- if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
- {
- repoIds.add( repoId );
- }
- }
- catch ( AuthorizationException e )
- {
- // swallow.
- if ( log.isDebugEnabled() )
- {
- log.debug( "Not authorizing '{}' for repository '{}': {}",
- Lists.<Object>newArrayList( principal, repo.getId(), e.getMessage() ) );
- }
- }
- }
-
- return repoIds;
- }
-
- private SecuritySession createSession( String principal )
- throws ArchivaSecurityException, AccessDeniedException
- {
- User user;
- try
- {
- user = securitySystem.getUserManager().findUser( principal );
- if ( user == null )
- {
- throw new ArchivaSecurityException(
- "The security system had an internal error - please check your system logs" );
- }
- }
- catch ( UserNotFoundException e )
- {
- throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
- }
-
- if ( user.isLocked() )
- {
- throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
- }
-
- AuthenticationResult authn = new AuthenticationResult( true, principal, null );
- return new DefaultSecuritySession( authn, user );
- }
-
- public void createMissingRepositoryRoles( String repoId )
- throws ArchivaSecurityException
- {
- try
- {
- if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
- {
- roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
- }
-
- if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
- {
- roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
- }
- }
- catch ( RoleManagerException e )
- {
- throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
- e );
- }
- }
-
- public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
- throws PrincipalNotFoundException, ArchivaSecurityException
- {
- try
- {
- SecuritySession securitySession = createSession( principal );
-
- return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
- repoId );
-
- }
- catch ( AuthorizationException e )
- {
- throw new ArchivaSecurityException( e.getMessage() );
- }
- }
-
- public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- throws AccessDeniedException, ArchivaSecurityException
- {
- try
- {
- SecuritySession securitySession = createSession( principal );
-
- return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
- repoId );
-
- }
- catch ( AuthorizationException e )
- {
- throw new ArchivaSecurityException( e.getMessage() );
- }
- }
-
- public SecuritySystem getSecuritySystem()
- {
- return securitySystem;
- }
-
- public void setSecuritySystem( SecuritySystem securitySystem )
- {
- this.securitySystem = securitySystem;
- }
-
- public RoleManager getRoleManager()
- {
- return roleManager;
- }
-
- public void setRoleManager( RoleManager roleManager )
- {
- this.roleManager = roleManager;
- }
-
- public ArchivaConfiguration getArchivaConfiguration()
- {
- return archivaConfiguration;
- }
-
- public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration )
- {
- this.archivaConfiguration = archivaConfiguration;
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-/**
- * PrincipalNotFoundException
- *
- * @version $Id$
- */
-public class PrincipalNotFoundException
- extends ArchivaSecurityException
-{
- public PrincipalNotFoundException( String message, Throwable cause )
- {
- super( message, cause );
- }
-
- public PrincipalNotFoundException( String message )
- {
- super( message );
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.codehaus.plexus.redback.authentication.AuthenticationException;
-import org.codehaus.plexus.redback.authentication.AuthenticationResult;
-import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.authorization.UnauthorizedException;
-import org.codehaus.plexus.redback.policy.AccountLockedException;
-import org.codehaus.plexus.redback.policy.MustChangePasswordException;
-import org.codehaus.plexus.redback.system.SecuritySession;
-
-/**
- * @version
- */
-public interface ServletAuthenticator
-{
- /**
- * Authentication check for users.
- *
- * @param request
- * @param result
- * @return
- * @throws AuthenticationException
- * @throws AccountLockedException
- * @throws MustChangePasswordException
- */
- boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
- throws AuthenticationException, AccountLockedException, MustChangePasswordException;
-
- /**
- * Authorization check for valid users.
- *
- * @param request
- * @param securitySession
- * @param repositoryId
- * @param isWriteRequest
- * @return
- * @throws AuthorizationException
- * @throws UnauthorizedException
- */
- boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
- String permission ) throws AuthorizationException, UnauthorizedException;
-
- /**
- * Authorization check specific for user guest, which doesn't go through
- * HttpBasicAuthentication#getAuthenticationResult( HttpServletRequest request, HttpServletResponse response )
- * since no credentials are attached to the request.
- *
- * See also MRM-911
- *
- * @param principal
- * @param repoId
- * @param isWriteRequest
- * @return
- * @throws UnauthorizedException
- */
- boolean isAuthorized( String principal, String repoId, String permission )
- throws UnauthorizedException;
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import java.util.List;
-
-/**
- * UserRepositories
- *
- * @version $Id$
- */
-public interface UserRepositories
-{
- /**
- * Get the list of observable repository ids for the user specified.
- *
- * @param principal the principle to obtain the observable repository ids from.
- * @return the list of observable repository ids.
- * @throws PrincipalNotFoundException
- * @throws AccessDeniedException
- * @throws ArchivaSecurityException
- */
- List<String> getObservableRepositoryIds( String principal )
- throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException;
-
- /**
- * Get the list of writable repository ids for the user specified.
- *
- * @param principal the principle to obtain the observable repository ids from.
- * @return the list of observable repository ids.
- * @throws PrincipalNotFoundException
- * @throws AccessDeniedException
- * @throws ArchivaSecurityException
- */
- List<String> getManagableRepositoryIds( String principal )
- throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException;
-
- /**
- * Create any missing repository roles for the provided repository id.
- *
- * @param repoId the repository id to work off of.
- * @throws ArchivaSecurityException if there was a problem creating the repository roles.
- */
- void createMissingRepositoryRoles( String repoId )
- throws ArchivaSecurityException;
-
- /**
- * Check if user is authorized to upload artifacts in the repository.
- *
- * @param principal
- * @param repoId
- * @return
- * @throws PrincipalNotFoundException
- * @throws ArchivaSecurityException
- */
- boolean isAuthorizedToUploadArtifacts( String principal, String repoId)
- throws PrincipalNotFoundException, ArchivaSecurityException;
-
- /**
- * Check if user is authorized to delete artifacts in the repository.
- *
- * @param principal
- * @param repoId
- * @return
- * @throws ArchivaSecurityException
- * @throws AccessDeniedException
- */
- boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- throws AccessDeniedException, ArchivaSecurityException;
-
-}
default-lazy-init="true">
<context:annotation-config />
- <context:component-scan base-package="org.apache.maven.archiva.security"/>
+ <context:component-scan base-package="org.apache.archiva.security"/>
</beans>
\ No newline at end of file
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import com.google.common.collect.Lists;
+import junit.framework.TestCase;
+import net.sf.ehcache.CacheManager;
+import org.apache.commons.io.FileUtils;
+import org.apache.maven.archiva.configuration.ArchivaConfiguration;
+import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.codehaus.plexus.redback.rbac.RBACManager;
+import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
+import org.codehaus.plexus.redback.rbac.UserAssignment;
+import org.codehaus.plexus.redback.role.RoleManager;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserManager;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.io.File;
+
+/**
+ * AbstractSecurityTest
+ *
+ * @version $Id: AbstractSecurityTest
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public abstract class AbstractSecurityTest
+ extends TestCase
+{
+
+ protected Logger log = LoggerFactory.getLogger( getClass() );
+
+ protected static final String USER_GUEST = "guest";
+
+ protected static final String USER_ADMIN = "admin";
+
+ protected static final String USER_ALPACA = "alpaca";
+
+ @Inject
+ @Named( value = "securitySystem#testable" )
+ protected SecuritySystem securitySystem;
+
+ @Inject
+ @Named( value = "rBACManager#memory" )
+ protected RBACManager rbacManager;
+
+ @Inject
+ protected RoleManager roleManager;
+
+ @Inject
+ @Named( value = "archivaConfiguration#default" )
+ private ArchivaConfiguration archivaConfiguration;
+
+ @Inject
+ protected UserRepositories userRepos;
+
+ protected void setupRepository( String repoId )
+ throws Exception
+ {
+ // Add repo to configuration.
+ ManagedRepositoryConfiguration repoConfig = new ManagedRepositoryConfiguration();
+ repoConfig.setId( repoId );
+ repoConfig.setName( "Testable repo <" + repoId + ">" );
+ repoConfig.setLocation( new File( "./target/test-repo/" + repoId ).getPath() );
+ if ( !archivaConfiguration.getConfiguration().getManagedRepositoriesAsMap().containsKey( repoId ) )
+ {
+ archivaConfiguration.getConfiguration().addManagedRepository( repoConfig );
+ }
+
+ // Add repo roles to security.
+ userRepos.createMissingRepositoryRoles( repoId );
+ }
+
+ protected void assignRepositoryObserverRole( String principal, String repoId )
+ throws Exception
+ {
+ roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId, principal );
+ }
+
+ protected User createUser( String principal, String fullname )
+ {
+ UserManager userManager = securitySystem.getUserManager();
+
+ User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );
+ securitySystem.getPolicy().setEnabled( false );
+ userManager.addUser( user );
+ securitySystem.getPolicy().setEnabled( true );
+
+ return user;
+ }
+
+ @Override
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+
+ File srcConfig = new File( "./src/test/resources/repository-archiva.xml" );
+ File destConfig = new File( "./target/test-conf/archiva.xml" );
+
+ destConfig.getParentFile().mkdirs();
+ destConfig.delete();
+
+ FileUtils.copyFile( srcConfig, destConfig );
+
+ // Some basic asserts.
+ assertNotNull( securitySystem );
+ assertNotNull( rbacManager );
+ assertNotNull( roleManager );
+ assertNotNull( userRepos );
+ assertNotNull( archivaConfiguration );
+
+ // Setup Admin User.
+ User adminUser = createUser( USER_ADMIN, "Admin User" );
+ roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
+
+ // Setup Guest User.
+ User guestUser = createUser( USER_GUEST, "Guest User" );
+ roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );
+ }
+
+ protected void restoreGuestInitialValues( String userId )
+ throws Exception
+ {
+ UserAssignment userAssignment = null;
+ try
+ {
+ userAssignment = rbacManager.getUserAssignment( userId );
+ }
+ catch ( RbacObjectNotFoundException e )
+ {
+ log.info( "ignore RbacObjectNotFoundException for id {} during restoreGuestInitialValues", userId );
+ return;
+ }
+ userAssignment.setRoleNames( Lists.newArrayList( "Guest" ) );
+ rbacManager.saveUserAssignment( userAssignment );
+ CacheManager.getInstance().clearAll();
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
+import org.codehaus.plexus.redback.system.DefaultSecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserManager;
+import org.easymock.MockControl;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * ArchivaServletAuthenticatorTest
+ */
+public class ArchivaServletAuthenticatorTest
+ extends AbstractSecurityTest
+{
+ @Inject
+ @Named( value = "servletAuthenticator#test" )
+ private ServletAuthenticator servletAuth;
+
+ private MockControl httpServletRequestControl;
+
+ private HttpServletRequest request;
+
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+
+ httpServletRequestControl = MockControl.createControl( HttpServletRequest.class );
+ request = (HttpServletRequest) httpServletRequestControl.getMock();
+
+ setupRepository( "corporate" );
+ }
+
+ protected String getPlexusConfigLocation()
+ {
+ return "org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.xml";
+ }
+
+ protected void assignRepositoryManagerRole( String principal, String repoId )
+ throws Exception
+ {
+ roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId, principal );
+ }
+
+ @Test
+ public void testIsAuthenticatedUserExists()
+ throws Exception
+ {
+ AuthenticationResult result = new AuthenticationResult( true, "user", null );
+ boolean isAuthenticated = servletAuth.isAuthenticated( request, result );
+
+ assertTrue( isAuthenticated );
+ }
+
+ @Test
+ public void testIsAuthenticatedUserDoesNotExist()
+ throws Exception
+ {
+ AuthenticationResult result = new AuthenticationResult( false, "non-existing-user", null );
+ try
+ {
+ servletAuth.isAuthenticated( request, result );
+ fail( "Authentication exception should have been thrown." );
+ }
+ catch ( AuthenticationException e )
+ {
+ assertEquals( "User Credentials Invalid", e.getMessage() );
+ }
+ }
+
+ @Test
+ public void testIsAuthorizedUserHasWriteAccess()
+ throws Exception
+ {
+ createUser( USER_ALPACA, "Al 'Archiva' Paca" );
+
+ assignRepositoryManagerRole( USER_ALPACA, "corporate" );
+
+ UserManager userManager = securitySystem.getUserManager();
+ User user = userManager.findUser( USER_ALPACA );
+
+ AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
+
+ SecuritySession session = new DefaultSecuritySession( result, user );
+ boolean isAuthorized =
+ servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
+
+ assertTrue( isAuthorized );
+
+ restoreGuestInitialValues( USER_ALPACA );
+ }
+
+ @Test
+ public void testIsAuthorizedUserHasNoWriteAccess()
+ throws Exception
+ {
+ createUser( USER_ALPACA, "Al 'Archiva' Paca" );
+
+ assignRepositoryObserverRole( USER_ALPACA, "corporate" );
+
+ httpServletRequestControl.expectAndReturn( request.getRemoteAddr(), "192.168.111.111" );
+
+ UserManager userManager = securitySystem.getUserManager();
+ User user = userManager.findUser( USER_ALPACA );
+
+ AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
+
+ SecuritySession session = new DefaultSecuritySession( result, user );
+
+ httpServletRequestControl.replay();
+
+ try
+ {
+ servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
+ fail( "UnauthorizedException should have been thrown." );
+ }
+ catch ( UnauthorizedException e )
+ {
+ assertEquals( "Access denied for repository corporate", e.getMessage() );
+ }
+
+ httpServletRequestControl.verify();
+
+ restoreGuestInitialValues( USER_ALPACA );
+ }
+
+ @Test
+ public void testIsAuthorizedUserHasReadAccess()
+ throws Exception
+ {
+ createUser( USER_ALPACA, "Al 'Archiva' Paca" );
+
+ assignRepositoryObserverRole( USER_ALPACA, "corporate" );
+
+ UserManager userManager = securitySystem.getUserManager();
+ User user = userManager.findUser( USER_ALPACA );
+
+ AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
+
+ SecuritySession session = new DefaultSecuritySession( result, user );
+ boolean isAuthorized =
+ servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+
+ assertTrue( isAuthorized );
+
+ restoreGuestInitialValues( USER_ALPACA );
+ }
+
+ @Test
+ public void testIsAuthorizedUserHasNoReadAccess()
+ throws Exception
+ {
+ createUser( USER_ALPACA, "Al 'Archiva' Paca" );
+
+ UserManager userManager = securitySystem.getUserManager();
+ User user = userManager.findUser( USER_ALPACA );
+
+ AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
+
+ SecuritySession session = new DefaultSecuritySession( result, user );
+ try
+ {
+ servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+ fail( "UnauthorizedException should have been thrown." );
+ }
+ catch ( UnauthorizedException e )
+ {
+ assertEquals( "Access denied for repository corporate", e.getMessage() );
+ }
+
+ restoreGuestInitialValues( USER_ALPACA );
+ }
+
+ @Test
+ public void testIsAuthorizedGuestUserHasWriteAccess()
+ throws Exception
+ {
+ assignRepositoryManagerRole( USER_GUEST, "corporate" );
+ boolean isAuthorized =
+ servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
+
+ assertTrue( isAuthorized );
+
+ // cleanup previously add karma
+ restoreGuestInitialValues(USER_GUEST);
+
+ }
+
+ @Test
+ public void testIsAuthorizedGuestUserHasNoWriteAccess()
+ throws Exception
+ {
+ assignRepositoryObserverRole( USER_GUEST, "corporate" );
+
+ boolean isAuthorized =
+ servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
+ assertFalse( isAuthorized );
+
+ // cleanup previously add karma
+ restoreGuestInitialValues(USER_GUEST);
+
+ }
+
+ @Test
+ public void testIsAuthorizedGuestUserHasReadAccess()
+ throws Exception
+ {
+ assignRepositoryObserverRole( USER_GUEST, "corporate" );
+
+ boolean isAuthorized =
+ servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+
+ assertTrue( isAuthorized );
+
+ // cleanup previously add karma
+ restoreGuestInitialValues(USER_GUEST);
+ }
+
+ @Test
+ public void testIsAuthorizedGuestUserHasNoReadAccess()
+ throws Exception
+ {
+ boolean isAuthorized =
+ servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+
+ assertFalse( isAuthorized );
+ }
+
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.commons.lang.StringUtils;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.List;
+
+/**
+ * DefaultUserRepositoriesTest
+ *
+ * @version $Id$
+ */
+public class DefaultUserRepositoriesTest
+ extends AbstractSecurityTest
+{
+
+
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+ restoreGuestInitialValues( USER_ALPACA );
+ restoreGuestInitialValues( USER_GUEST );
+ restoreGuestInitialValues( USER_ADMIN );
+ }
+
+ @Test
+ public void testGetObservableRepositoryIds()
+ throws Exception
+ {
+ // create some users.
+ createUser( USER_ALPACA, "Al 'Archiva' Paca" );
+
+ assertEquals( "Expected users", 3, securitySystem.getUserManager().getUsers().size() );
+
+ // some unassigned repo observer roles.
+ setupRepository( "central" );
+ setupRepository( "corporate" );
+ setupRepository( "internal" );
+ setupRepository( "snapshots" );
+ setupRepository( "secret" );
+
+ // some assigned repo observer roles.
+ assignRepositoryObserverRole( USER_ALPACA, "corporate" );
+ assignRepositoryObserverRole( USER_ALPACA, "central" );
+ assignRepositoryObserverRole( USER_GUEST, "corporate" );
+ // the global repo observer role.
+ assignGlobalRepositoryObserverRole( USER_ADMIN );
+
+ assertRepoIds( new String[]{ "central", "corporate" }, userRepos.getObservableRepositoryIds( USER_ALPACA ) );
+ assertRepoIds( new String[]{ "coporate" }, userRepos.getObservableRepositoryIds( USER_GUEST ) );
+ assertRepoIds( new String[]{ "central", "internal", "corporate", "snapshots", "secret" },
+ userRepos.getObservableRepositoryIds( USER_ADMIN ) );
+
+ }
+
+ @After
+ public void tearDown()
+ throws Exception
+ {
+ super.tearDown();
+ restoreGuestInitialValues( USER_ALPACA );
+ restoreGuestInitialValues( USER_GUEST );
+ restoreGuestInitialValues( USER_ADMIN );
+ }
+
+ private void assertRepoIds( String[] expectedRepoIds, List<String> observableRepositoryIds )
+ {
+ assertNotNull( "Observable Repository Ids cannot be null.", observableRepositoryIds );
+
+ if ( expectedRepoIds.length != observableRepositoryIds.size() )
+ {
+ fail( "Size of Observable Repository Ids wrong, expected <" + expectedRepoIds.length + "> but got <"
+ + observableRepositoryIds.size() + "> instead. \nExpected: ["
+ + StringUtils.join( expectedRepoIds, "," ) + "]\nActual: ["
+ + StringUtils.join( observableRepositoryIds.iterator(), "," ) + "]" );
+ }
+ }
+
+ private void assignGlobalRepositoryObserverRole( String principal )
+ throws Exception
+ {
+ roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GLOBAL_REPOSITORY_OBSERVER, principal );
+ }
+}
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.codehaus.plexus.redback.role.RoleManager;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+
+/**
+ * RoleProfilesTest
+ *
+ * @version $Id: RoleManagerTest.java 4330 2007-05-10 17:28:56Z jmcconnell $
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public class RoleManagerTest
+ extends TestCase
+{
+
+ @Inject
+ RoleManager roleManager;
+
+ @Test
+ public void testExpectedRoles()
+ throws Exception
+ {
+ assertNotNull( roleManager );
+
+ assertTrue( roleManager.roleExists( "system-administrator" ) );
+ assertTrue( roleManager.roleExists( "user-administrator" ) );
+ assertTrue( roleManager.roleExists( "archiva-global-repository-observer" ) );
+ assertTrue( roleManager.roleExists( "archiva-guest" ) );
+ assertTrue( roleManager.roleExists( "guest" ) );
+ }
+}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import com.google.common.collect.Lists;
-import junit.framework.TestCase;
-import net.sf.ehcache.CacheManager;
-import org.apache.commons.io.FileUtils;
-import org.apache.maven.archiva.configuration.ArchivaConfiguration;
-import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.codehaus.plexus.redback.rbac.RBACManager;
-import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
-import org.codehaus.plexus.redback.rbac.UserAssignment;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.system.SecuritySystem;
-import org.codehaus.plexus.redback.users.User;
-import org.codehaus.plexus.redback.users.UserManager;
-import org.junit.Before;
-import org.junit.runner.RunWith;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.io.File;
-
-/**
- * AbstractSecurityTest
- *
- * @version $Id: AbstractSecurityTest
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public abstract class AbstractSecurityTest
- extends TestCase
-{
-
- protected Logger log = LoggerFactory.getLogger( getClass() );
-
- protected static final String USER_GUEST = "guest";
-
- protected static final String USER_ADMIN = "admin";
-
- protected static final String USER_ALPACA = "alpaca";
-
- @Inject
- @Named( value = "securitySystem#testable" )
- protected SecuritySystem securitySystem;
-
- @Inject
- @Named( value = "rBACManager#memory" )
- protected RBACManager rbacManager;
-
- @Inject
- protected RoleManager roleManager;
-
- @Inject
- @Named( value = "archivaConfiguration#default" )
- private ArchivaConfiguration archivaConfiguration;
-
- @Inject
- protected UserRepositories userRepos;
-
- protected void setupRepository( String repoId )
- throws Exception
- {
- // Add repo to configuration.
- ManagedRepositoryConfiguration repoConfig = new ManagedRepositoryConfiguration();
- repoConfig.setId( repoId );
- repoConfig.setName( "Testable repo <" + repoId + ">" );
- repoConfig.setLocation( new File( "./target/test-repo/" + repoId ).getPath() );
- if ( !archivaConfiguration.getConfiguration().getManagedRepositoriesAsMap().containsKey( repoId ) )
- {
- archivaConfiguration.getConfiguration().addManagedRepository( repoConfig );
- }
-
- // Add repo roles to security.
- userRepos.createMissingRepositoryRoles( repoId );
- }
-
- protected void assignRepositoryObserverRole( String principal, String repoId )
- throws Exception
- {
- roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId, principal );
- }
-
- protected User createUser( String principal, String fullname )
- {
- UserManager userManager = securitySystem.getUserManager();
-
- User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );
- securitySystem.getPolicy().setEnabled( false );
- userManager.addUser( user );
- securitySystem.getPolicy().setEnabled( true );
-
- return user;
- }
-
- @Override
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
-
- File srcConfig = new File( "./src/test/resources/repository-archiva.xml" );
- File destConfig = new File( "./target/test-conf/archiva.xml" );
-
- destConfig.getParentFile().mkdirs();
- destConfig.delete();
-
- FileUtils.copyFile( srcConfig, destConfig );
-
- // Some basic asserts.
- assertNotNull( securitySystem );
- assertNotNull( rbacManager );
- assertNotNull( roleManager );
- assertNotNull( userRepos );
- assertNotNull( archivaConfiguration );
-
- // Setup Admin User.
- User adminUser = createUser( USER_ADMIN, "Admin User" );
- roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
-
- // Setup Guest User.
- User guestUser = createUser( USER_GUEST, "Guest User" );
- roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );
- }
-
- protected void restoreGuestInitialValues( String userId )
- throws Exception
- {
- UserAssignment userAssignment = null;
- try
- {
- userAssignment = rbacManager.getUserAssignment( userId );
- }
- catch ( RbacObjectNotFoundException e )
- {
- log.info( "ignore RbacObjectNotFoundException for id {} during restoreGuestInitialValues", userId );
- return;
- }
- userAssignment.setRoleNames( Lists.newArrayList( "Guest" ) );
- rbacManager.saveUserAssignment( userAssignment );
- CacheManager.getInstance().clearAll();
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import com.google.common.collect.Lists;
-import net.sf.ehcache.CacheManager;
-import org.codehaus.plexus.redback.authentication.AuthenticationException;
-import org.codehaus.plexus.redback.authentication.AuthenticationResult;
-import org.codehaus.plexus.redback.authorization.UnauthorizedException;
-import org.codehaus.plexus.redback.rbac.UserAssignment;
-import org.codehaus.plexus.redback.system.DefaultSecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySession;
-import org.codehaus.plexus.redback.users.User;
-import org.codehaus.plexus.redback.users.UserManager;
-import org.easymock.MockControl;
-import org.junit.Before;
-import org.junit.Test;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import javax.servlet.http.HttpServletRequest;
-import java.util.Arrays;
-
-/**
- * ArchivaServletAuthenticatorTest
- */
-public class ArchivaServletAuthenticatorTest
- extends AbstractSecurityTest
-{
- @Inject
- @Named( value = "servletAuthenticator#test" )
- private ServletAuthenticator servletAuth;
-
- private MockControl httpServletRequestControl;
-
- private HttpServletRequest request;
-
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
-
- httpServletRequestControl = MockControl.createControl( HttpServletRequest.class );
- request = (HttpServletRequest) httpServletRequestControl.getMock();
-
- setupRepository( "corporate" );
- }
-
- protected String getPlexusConfigLocation()
- {
- return "org/apache/maven/archiva/security/ArchivaServletAuthenticatorTest.xml";
- }
-
- protected void assignRepositoryManagerRole( String principal, String repoId )
- throws Exception
- {
- roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId, principal );
- }
-
- @Test
- public void testIsAuthenticatedUserExists()
- throws Exception
- {
- AuthenticationResult result = new AuthenticationResult( true, "user", null );
- boolean isAuthenticated = servletAuth.isAuthenticated( request, result );
-
- assertTrue( isAuthenticated );
- }
-
- @Test
- public void testIsAuthenticatedUserDoesNotExist()
- throws Exception
- {
- AuthenticationResult result = new AuthenticationResult( false, "non-existing-user", null );
- try
- {
- servletAuth.isAuthenticated( request, result );
- fail( "Authentication exception should have been thrown." );
- }
- catch ( AuthenticationException e )
- {
- assertEquals( "User Credentials Invalid", e.getMessage() );
- }
- }
-
- @Test
- public void testIsAuthorizedUserHasWriteAccess()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- assignRepositoryManagerRole( USER_ALPACA, "corporate" );
-
- UserManager userManager = securitySystem.getUserManager();
- User user = userManager.findUser( USER_ALPACA );
-
- AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
-
- SecuritySession session = new DefaultSecuritySession( result, user );
- boolean isAuthorized =
- servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
-
- assertTrue( isAuthorized );
-
- restoreGuestInitialValues( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedUserHasNoWriteAccess()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- assignRepositoryObserverRole( USER_ALPACA, "corporate" );
-
- httpServletRequestControl.expectAndReturn( request.getRemoteAddr(), "192.168.111.111" );
-
- UserManager userManager = securitySystem.getUserManager();
- User user = userManager.findUser( USER_ALPACA );
-
- AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
-
- SecuritySession session = new DefaultSecuritySession( result, user );
-
- httpServletRequestControl.replay();
-
- try
- {
- servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
- fail( "UnauthorizedException should have been thrown." );
- }
- catch ( UnauthorizedException e )
- {
- assertEquals( "Access denied for repository corporate", e.getMessage() );
- }
-
- httpServletRequestControl.verify();
-
- restoreGuestInitialValues( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedUserHasReadAccess()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- assignRepositoryObserverRole( USER_ALPACA, "corporate" );
-
- UserManager userManager = securitySystem.getUserManager();
- User user = userManager.findUser( USER_ALPACA );
-
- AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
-
- SecuritySession session = new DefaultSecuritySession( result, user );
- boolean isAuthorized =
- servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
-
- assertTrue( isAuthorized );
-
- restoreGuestInitialValues( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedUserHasNoReadAccess()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- UserManager userManager = securitySystem.getUserManager();
- User user = userManager.findUser( USER_ALPACA );
-
- AuthenticationResult result = new AuthenticationResult( true, USER_ALPACA, null );
-
- SecuritySession session = new DefaultSecuritySession( result, user );
- try
- {
- servletAuth.isAuthorized( request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
- fail( "UnauthorizedException should have been thrown." );
- }
- catch ( UnauthorizedException e )
- {
- assertEquals( "Access denied for repository corporate", e.getMessage() );
- }
-
- restoreGuestInitialValues( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedGuestUserHasWriteAccess()
- throws Exception
- {
- assignRepositoryManagerRole( USER_GUEST, "corporate" );
- boolean isAuthorized =
- servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
-
- assertTrue( isAuthorized );
-
- // cleanup previously add karma
- restoreGuestInitialValues(USER_GUEST);
-
- }
-
- @Test
- public void testIsAuthorizedGuestUserHasNoWriteAccess()
- throws Exception
- {
- assignRepositoryObserverRole( USER_GUEST, "corporate" );
-
- boolean isAuthorized =
- servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
- assertFalse( isAuthorized );
-
- // cleanup previously add karma
- restoreGuestInitialValues(USER_GUEST);
-
- }
-
- @Test
- public void testIsAuthorizedGuestUserHasReadAccess()
- throws Exception
- {
- assignRepositoryObserverRole( USER_GUEST, "corporate" );
-
- boolean isAuthorized =
- servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
-
- assertTrue( isAuthorized );
-
- // cleanup previously add karma
- restoreGuestInitialValues(USER_GUEST);
- }
-
- @Test
- public void testIsAuthorizedGuestUserHasNoReadAccess()
- throws Exception
- {
- boolean isAuthorized =
- servletAuth.isAuthorized( USER_GUEST, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
-
- assertFalse( isAuthorized );
- }
-
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.commons.lang.StringUtils;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.util.List;
-
-/**
- * DefaultUserRepositoriesTest
- *
- * @version $Id$
- */
-public class DefaultUserRepositoriesTest
- extends AbstractSecurityTest
-{
-
-
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
- restoreGuestInitialValues( USER_ALPACA );
- restoreGuestInitialValues( USER_GUEST );
- restoreGuestInitialValues( USER_ADMIN );
- }
-
- @Test
- public void testGetObservableRepositoryIds()
- throws Exception
- {
- // create some users.
- createUser( USER_ALPACA, "Al 'Archiva' Paca" );
-
- assertEquals( "Expected users", 3, securitySystem.getUserManager().getUsers().size() );
-
- // some unassigned repo observer roles.
- setupRepository( "central" );
- setupRepository( "corporate" );
- setupRepository( "internal" );
- setupRepository( "snapshots" );
- setupRepository( "secret" );
-
- // some assigned repo observer roles.
- assignRepositoryObserverRole( USER_ALPACA, "corporate" );
- assignRepositoryObserverRole( USER_ALPACA, "central" );
- assignRepositoryObserverRole( USER_GUEST, "corporate" );
- // the global repo observer role.
- assignGlobalRepositoryObserverRole( USER_ADMIN );
-
- assertRepoIds( new String[]{ "central", "corporate" }, userRepos.getObservableRepositoryIds( USER_ALPACA ) );
- assertRepoIds( new String[]{ "coporate" }, userRepos.getObservableRepositoryIds( USER_GUEST ) );
- assertRepoIds( new String[]{ "central", "internal", "corporate", "snapshots", "secret" },
- userRepos.getObservableRepositoryIds( USER_ADMIN ) );
-
- }
-
- @After
- public void tearDown()
- throws Exception
- {
- super.tearDown();
- restoreGuestInitialValues( USER_ALPACA );
- restoreGuestInitialValues( USER_GUEST );
- restoreGuestInitialValues( USER_ADMIN );
- }
-
- private void assertRepoIds( String[] expectedRepoIds, List<String> observableRepositoryIds )
- {
- assertNotNull( "Observable Repository Ids cannot be null.", observableRepositoryIds );
-
- if ( expectedRepoIds.length != observableRepositoryIds.size() )
- {
- fail( "Size of Observable Repository Ids wrong, expected <" + expectedRepoIds.length + "> but got <"
- + observableRepositoryIds.size() + "> instead. \nExpected: ["
- + StringUtils.join( expectedRepoIds, "," ) + "]\nActual: ["
- + StringUtils.join( observableRepositoryIds.iterator(), "," ) + "]" );
- }
- }
-
- private void assignGlobalRepositoryObserverRole( String principal )
- throws Exception
- {
- roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GLOBAL_REPOSITORY_OBSERVER, principal );
- }
-}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-
-/**
- * RoleProfilesTest
- *
- * @version $Id: RoleManagerTest.java 4330 2007-05-10 17:28:56Z jmcconnell $
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class RoleManagerTest
- extends TestCase
-{
-
- @Inject
- RoleManager roleManager;
-
- @Test
- public void testExpectedRoles()
- throws Exception
- {
- assertNotNull( roleManager );
-
- assertTrue( roleManager.roleExists( "system-administrator" ) );
- assertTrue( roleManager.roleExists( "user-administrator" ) );
- assertTrue( roleManager.roleExists( "archiva-global-repository-observer" ) );
- assertTrue( roleManager.roleExists( "archiva-guest" ) );
- assertTrue( roleManager.roleExists( "guest" ) );
- }
-}
<alias name="securitySystem#testable" alias="securitySystem"/>
- <bean name="userRepositories" class="org.apache.maven.archiva.security.DefaultUserRepositories">
+ <bean name="userRepositories" class="org.apache.archiva.security.DefaultUserRepositories">
<property name="securitySystem" ref="securitySystem#testable"/>
<property name="roleManager" ref="roleManager"/>
<property name="archivaConfiguration" ref="archivaConfiguration"/>
<alias name="roleTemplateProcessor" alias="roleTemplateProcessor#test"/>
- <bean name="servletAuthenticator" class="org.apache.maven.archiva.security.ArchivaServletAuthenticator">
+ <bean name="servletAuthenticator" class="org.apache.archiva.security.ArchivaServletAuthenticator">
<property name="securitySystem" ref="securitySystem#testable"/>
</bean>
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
-import org.apache.maven.archiva.security.AccessDeniedException;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
-import org.apache.maven.archiva.security.ArchivaSecurityException;
-import org.apache.maven.archiva.security.PrincipalNotFoundException;
-import org.apache.maven.archiva.security.ServletAuthenticator;
-import org.apache.maven.archiva.security.UserRepositories;
+import org.apache.archiva.security.AccessDeniedException;
+import org.apache.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaSecurityException;
+import org.apache.archiva.security.PrincipalNotFoundException;
+import org.apache.archiva.security.ServletAuthenticator;
+import org.apache.archiva.security.UserRepositories;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ConfigurationNames;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.UserAssignment;
import org.apache.commons.lang.StringUtils;
import org.apache.maven.archiva.common.ArchivaException;
import org.apache.maven.archiva.model.Keys;
-import org.apache.maven.archiva.security.ArchivaXworkUser;
-import org.apache.maven.archiva.security.UserRepositories;
+import org.apache.archiva.security.ArchivaXworkUser;
+import org.apache.archiva.security.UserRepositories;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.shared.dependency.tree.DependencyNode;
import org.apache.maven.shared.dependency.tree.DependencyTreeBuilderException;
import org.apache.archiva.audit.Auditable;\r
import org.apache.archiva.metadata.repository.RepositorySessionFactory;\r
import org.apache.commons.lang.StringUtils;\r
-import org.apache.maven.archiva.security.ArchivaXworkUser;\r
+import org.apache.archiva.security.ArchivaXworkUser;\r
import org.apache.struts2.ServletActionContext;\r
import org.apache.struts2.interceptor.SessionAware;\r
import org.codehaus.plexus.redback.users.User;\r
* under the License.
*/
-import org.apache.maven.archiva.security.AccessDeniedException;
-import org.apache.maven.archiva.security.ArchivaSecurityException;
-import org.apache.maven.archiva.security.PrincipalNotFoundException;
-import org.apache.maven.archiva.security.UserRepositories;
+import org.apache.archiva.security.AccessDeniedException;
+import org.apache.archiva.security.ArchivaSecurityException;
+import org.apache.archiva.security.PrincipalNotFoundException;
+import org.apache.archiva.security.UserRepositories;
import javax.inject.Inject;
import java.util.Collections;
* under the License.
*/
-import com.google.common.collect.Lists;
import com.opensymphony.xwork2.Preparable;
import com.opensymphony.xwork2.Validateable;
import org.apache.archiva.audit.AuditEvent;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataException;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
-import org.apache.maven.archiva.security.AccessDeniedException;
-import org.apache.maven.archiva.security.ArchivaSecurityException;
-import org.apache.maven.archiva.security.PrincipalNotFoundException;
-import org.apache.maven.archiva.security.UserRepositories;
+import org.apache.archiva.security.AccessDeniedException;
+import org.apache.archiva.security.ArchivaSecurityException;
+import org.apache.archiva.security.PrincipalNotFoundException;
+import org.apache.archiva.security.UserRepositories;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Controller;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataException;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
-import org.apache.maven.archiva.security.AccessDeniedException;
-import org.apache.maven.archiva.security.ArchivaSecurityException;
-import org.apache.maven.archiva.security.PrincipalNotFoundException;
-import org.apache.maven.archiva.security.UserRepositories;
+import org.apache.archiva.security.AccessDeniedException;
+import org.apache.archiva.security.ArchivaSecurityException;
+import org.apache.archiva.security.PrincipalNotFoundException;
+import org.apache.archiva.security.UserRepositories;
import org.apache.maven.model.Model;
import org.apache.maven.model.io.xpp3.MavenXpp3Writer;
import org.codehaus.plexus.taskqueue.TaskQueueException;
import org.apache.archiva.scheduler.repository.RepositoryArchivaTaskScheduler;
import org.apache.archiva.scheduler.repository.RepositoryTask;
import org.apache.commons.lang.StringUtils;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.plexus.taskqueue.TaskQueueException;
import org.apache.archiva.repository.scanner.RepositoryScanner;
import org.apache.commons.lang.StringUtils;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.codehaus.plexus.cache.Cache;
import org.codehaus.plexus.redback.rbac.Resource;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.IndeterminateConfigurationException;
import org.apache.maven.archiva.configuration.OrganisationInformation;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.plexus.registry.RegistryException;
import org.codehaus.redback.integration.interceptor.SecureAction;
import org.apache.maven.archiva.configuration.IndeterminateConfigurationException;
import org.apache.maven.archiva.configuration.ProxyConnectorConfiguration;
import org.apache.maven.archiva.configuration.functors.ProxyConnectorSelectionPredicate;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.plexus.registry.RegistryException;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;\r
import org.apache.maven.archiva.configuration.Configuration;\r
import org.apache.maven.archiva.configuration.LegacyArtifactPath;\r
-import org.apache.maven.archiva.security.ArchivaRoleConstants;\r
+import org.apache.archiva.security.ArchivaRoleConstants;\r
import org.apache.maven.archiva.web.action.AbstractActionSupport;\r
import org.apache.archiva.web.util.ContextUtils;\r
import org.apache.struts2.interceptor.ServletRequestAware;\r
import org.apache.maven.archiva.configuration.IndeterminateConfigurationException;
import org.apache.maven.archiva.configuration.NetworkProxyConfiguration;
import org.apache.maven.archiva.configuration.functors.NetworkProxySelectionPredicate;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.plexus.registry.RegistryException;
import com.opensymphony.xwork2.Preparable;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.NetworkProxyConfiguration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.redback.integration.interceptor.SecureAction;
* under the License.
*/
-import org.apache.archiva.admin.AuditInformation;
import org.apache.archiva.admin.repository.managed.ManagedRepositoryAdmin;
import org.apache.archiva.audit.Auditable;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.IndeterminateConfigurationException;
import org.apache.maven.archiva.configuration.InvalidConfigurationException;
import org.apache.maven.archiva.configuration.ProxyConnectorConfiguration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.codehaus.plexus.redback.rbac.Resource;
-import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.registry.RegistryException;
import org.codehaus.redback.integration.interceptor.SecureAction;
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
import org.codehaus.redback.integration.interceptor.SecureActionException;
-import org.codehaus.redback.rest.services.RedbackAuthenticationThreadLocal;
-import org.codehaus.redback.rest.services.RedbackRequestInformation;
import javax.inject.Inject;
import java.io.IOException;
import java.util.ArrayList;
-import java.util.Date;
import java.util.List;
/**
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.apache.maven.archiva.configuration.RemoteRepositoryConfiguration;
import org.apache.maven.archiva.configuration.functors.RepositoryConfigurationComparator;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.apache.archiva.web.util.ContextUtils;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.maven.archiva.configuration.RepositoryScanningConfiguration;
import org.apache.maven.archiva.configuration.functors.FiletypeSelectionPredicate;
import org.apache.maven.archiva.configuration.functors.FiletypeToMapClosure;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.plexus.registry.RegistryException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractRepositoryBasedAction;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.redback.integration.interceptor.SecureAction;
import org.apache.archiva.metadata.repository.RepositorySession;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils;
-import org.apache.maven.archiva.security.AccessDeniedException;
-import org.apache.maven.archiva.security.ArchivaSecurityException;
-import org.apache.maven.archiva.security.PrincipalNotFoundException;
-import org.apache.maven.archiva.security.UserRepositories;
+import org.apache.archiva.security.AccessDeniedException;
+import org.apache.archiva.security.ArchivaSecurityException;
+import org.apache.archiva.security.PrincipalNotFoundException;
+import org.apache.archiva.security.UserRepositories;
import org.apache.maven.archiva.web.action.AbstractActionSupport;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.codehaus.redback.integration.interceptor.SecureAction;
--- /dev/null
+package org.apache.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * UserRepositories stub used for testing.
+ *
+ * @version $Id$
+ */
+public class UserRepositoriesStub
+ implements UserRepositories
+{
+ private List<String> repoIds = Collections.singletonList( "test-repo" );
+
+ public void createMissingRepositoryRoles( String repoId )
+ throws ArchivaSecurityException
+ {
+ }
+
+ public List<String> getObservableRepositoryIds( String principal )
+ throws ArchivaSecurityException
+ {
+ return repoIds;
+ }
+
+ public void setObservableRepositoryIds( List<String> repoIds )
+ {
+ this.repoIds = repoIds;
+ }
+
+ public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
+ throws ArchivaSecurityException
+ {
+ return false;
+ }
+
+ public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
+ {
+ return false;
+ }
+
+ public List<String> getManagableRepositoryIds( String principal )
+ throws ArchivaSecurityException
+ {
+ return null;
+ }
+
+ public List<String> getRepoIds()
+ {
+ return repoIds;
+ }
+
+ public void setRepoIds( List<String> repoIds )
+ {
+ this.repoIds = repoIds;
+ }
+}
+++ /dev/null
-package org.apache.maven.archiva.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import java.util.Collections;
-import java.util.List;
-
-/**
- * UserRepositories stub used for testing.
- *
- * @version $Id$
- */
-public class UserRepositoriesStub
- implements UserRepositories
-{
- private List<String> repoIds = Collections.singletonList( "test-repo" );
-
- public void createMissingRepositoryRoles( String repoId )
- throws ArchivaSecurityException
- {
- }
-
- public List<String> getObservableRepositoryIds( String principal )
- throws ArchivaSecurityException
- {
- return repoIds;
- }
-
- public void setObservableRepositoryIds( List<String> repoIds )
- {
- this.repoIds = repoIds;
- }
-
- public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
- throws ArchivaSecurityException
- {
- return false;
- }
-
- public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- {
- return false;
- }
-
- public List<String> getManagableRepositoryIds( String principal )
- throws ArchivaSecurityException
- {
- return null;
- }
-
- public List<String> getRepoIds()
- {
- return repoIds;
- }
-
- public void setRepoIds( List<String> repoIds )
- {
- this.repoIds = repoIds;
- }
-}
import org.apache.archiva.metadata.repository.memory.TestMetadataResolver;
import org.apache.archiva.metadata.repository.storage.maven2.MavenProjectFacet;
import org.apache.archiva.metadata.repository.storage.maven2.MavenProjectParent;
-import org.apache.maven.archiva.security.UserRepositoriesStub;
+import org.apache.archiva.security.UserRepositoriesStub;
import org.apache.struts2.StrutsSpringTestCase;
-import java.io.File;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.archiva.metadata.repository.RepositorySession;
import org.apache.archiva.metadata.repository.memory.TestRepositorySessionFactory;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
-import org.apache.maven.archiva.security.UserRepositories;
+import org.apache.archiva.security.UserRepositories;
import org.easymock.MockControl;
import java.util.ArrayList;
import org.apache.commons.io.FileUtils;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.Configuration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.archiva.web.validator.utils.ValidatorUtil;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.registry.Registry;
import org.apache.maven.archiva.configuration.ProxyConnectorConfiguration;
import org.apache.maven.archiva.configuration.RemoteRepositoryConfiguration;
import org.apache.maven.archiva.configuration.RepositoryGroupConfiguration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.action.AbstractActionTestCase;
import org.apache.maven.archiva.web.action.AuditEventArgumentsMatcher;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
-import org.codehaus.plexus.redback.users.User;
-import org.codehaus.plexus.redback.users.jdo.JdoUser;
import org.codehaus.plexus.registry.RegistryException;
import org.codehaus.redback.integration.interceptor.SecureActionBundle;
import org.codehaus.redback.integration.interceptor.SecureActionException;
-import org.codehaus.redback.rest.services.RedbackRequestInformation;
import org.easymock.MockControl;
import java.io.File;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.apache.archiva.web.validator.utils.ValidatorUtil;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.registry.Registry;
import org.apache.archiva.metadata.repository.stats.RepositoryStatisticsManager;
import org.apache.archiva.reports.RepositoryProblemFacet;
import org.apache.commons.io.IOUtils;
-import org.apache.maven.archiva.security.UserRepositoriesStub;
+import org.apache.archiva.security.UserRepositoriesStub;
import org.apache.maven.archiva.web.action.AbstractActionTestCase;
import org.easymock.MockControl;
import org.junit.After;
<alias name="repositorySessionFactory#test" alias="repositorySessionFactory"/>
- <bean name="userRepositories#test" class="org.apache.maven.archiva.security.UserRepositoriesStub"/>
+ <bean name="userRepositories#test" class="org.apache.archiva.security.UserRepositoriesStub"/>
<alias name="userRepositories#test" alias="userRepositories"/>
<alias name="repositorySessionFactory#test" alias="repositorySessionFactory"/>
- <bean name="userRepositories#test" class="org.apache.maven.archiva.security.UserRepositoriesStub"/>
+ <bean name="userRepositories#test" class="org.apache.archiva.security.UserRepositoriesStub"/>
<alias name="userRepositories#test" alias="userRepositories"/>
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataMerge;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
-import org.apache.maven.archiva.security.ServletAuthenticator;
+import org.apache.archiva.security.ServletAuthenticator;
import org.apache.maven.archiva.webdav.util.MimeTypes;
import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
import org.apache.maven.archiva.webdav.util.WebdavMethodUtil;
import org.apache.jackrabbit.webdav.DavServletRequest;
import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.apache.jackrabbit.webdav.WebdavRequest;
-import org.apache.maven.archiva.security.ServletAuthenticator;
+import org.apache.archiva.security.ServletAuthenticator;
import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
import org.apache.maven.archiva.webdav.util.WebdavMethodUtil;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.apache.maven.archiva.configuration.ConfigurationEvent;
import org.apache.maven.archiva.configuration.ConfigurationListener;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.apache.maven.archiva.security.ServletAuthenticator;
+import org.apache.archiva.security.ServletAuthenticator;
import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
*/
import org.apache.commons.lang.StringUtils;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import java.util.ArrayList;
import java.util.List;
import org.apache.jackrabbit.webdav.DavSessionProvider;
import org.apache.jackrabbit.webdav.WebdavRequest;
import org.apache.jackrabbit.webdav.WebdavRequestImpl;
-import org.apache.maven.archiva.security.ServletAuthenticator;
+import org.apache.archiva.security.ServletAuthenticator;
import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
* under the License.
*/
-import org.apache.maven.archiva.security.ArchivaServletAuthenticator;
+import org.apache.archiva.security.ArchivaServletAuthenticator;
import org.codehaus.plexus.redback.authorization.UnauthorizedException;
public class MockServletAuthenticator
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
-import org.apache.maven.archiva.security.ServletAuthenticator;
+import org.apache.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ServletAuthenticator;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.UnauthorizedException;
\r
import java.util.List;\r
\r
-import org.apache.maven.archiva.security.ArchivaRoleConstants;\r
-import org.apache.maven.archiva.security.ArchivaSecurityException;\r
-import org.apache.maven.archiva.security.UserRepositories;\r
+import org.apache.archiva.security.ArchivaRoleConstants;\r
+import org.apache.archiva.security.ArchivaSecurityException;\r
+import org.apache.archiva.security.UserRepositories;\r
import org.apache.xmlrpc.XmlRpcException;\r
import org.apache.xmlrpc.XmlRpcRequest;\r
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;\r
import java.util.List;
-import org.apache.maven.archiva.security.ArchivaSecurityException;
-import org.apache.maven.archiva.security.PrincipalNotFoundException;
-import org.apache.maven.archiva.security.UserRepositories;
+import org.apache.archiva.security.ArchivaSecurityException;
+import org.apache.archiva.security.PrincipalNotFoundException;
+import org.apache.archiva.security.UserRepositories;
import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler;
public class XmlRpcUserRepositories
\r
import junit.framework.TestCase;\r
import org.apache.archiva.web.xmlrpc.security.XmlRpcAuthenticator;\r
-import org.apache.maven.archiva.security.ArchivaRoleConstants;\r
+import org.apache.archiva.security.ArchivaRoleConstants;\r
import org.apache.xmlrpc.XmlRpcRequest;\r
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;\r
import org.codehaus.plexus.redback.role.RoleManager;\r
import org.apache.maven.archiva.repository.content.ManagedLegacyRepositoryContent;
import org.apache.maven.archiva.repository.content.PathParser;
import org.apache.maven.archiva.repository.layout.LayoutException;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.registry.Registry;
import org.easymock.MockControl;