From: Joakim Erdfelt Date: Fri, 12 Oct 2007 21:35:41 +0000 (+0000) Subject: [MRM-398] configure guest access by default for pre-configured repositories X-Git-Tag: archiva-1.0-beta-3~95 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7fa01fb175b860c5379def8992630a4434ce4464;p=archiva.git [MRM-398] configure guest access by default for pre-configured repositories Newly added repositories are assigned to the guest user in read-only mode. git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@584279 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java index 45d19de28..0be90a7b0 100644 --- a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java +++ b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java @@ -63,5 +63,9 @@ public class ArchivaRoleConstants public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository"; public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository"; + + // Role templates + public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager"; + public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer"; } diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java index 7f846dc70..9a52f7aa6 100644 --- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java +++ b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java @@ -22,6 +22,10 @@ package org.apache.maven.archiva.web.action.admin.repositories; import org.apache.commons.io.FileUtils; import org.apache.maven.archiva.configuration.Configuration; import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; +import org.apache.maven.archiva.security.ArchivaRoleConstants; +import org.codehaus.plexus.redback.rbac.RBACManager; +import org.codehaus.plexus.redback.rbac.RbacManagerException; +import org.codehaus.plexus.redback.rbac.UserAssignment; import org.codehaus.plexus.redback.role.RoleManager; import org.codehaus.plexus.redback.role.RoleManagerException; @@ -43,6 +47,11 @@ public abstract class AbstractManagedRepositoriesAction * @plexus.requirement role-hint="default" */ protected RoleManager roleManager; + + /** + * @plexus.requirement role-hint="cached" + */ + protected RBACManager rbacManager; public RoleManager getRoleManager() { @@ -75,10 +84,32 @@ public abstract class AbstractManagedRepositoriesAction protected void addRepositoryRoles( ManagedRepositoryConfiguration newRepository ) throws RoleManagerException { + String repoId = newRepository.getId(); + // TODO: double check these are configured on start up // TODO: belongs in the business logic - roleManager.createTemplatedRole( "archiva-repository-manager", newRepository.getId() ); - roleManager.createTemplatedRole( "archiva-repository-observer", newRepository.getId() ); + + if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) ) + { + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ); + } + + if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) ) + { + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ); + } + + try + { + UserAssignment ua = rbacManager.getUserAssignment( ArchivaRoleConstants.GUEST_ROLE ); + ua.addRoleName( ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId ); + rbacManager.saveUserAssignment( ua ); + } + catch ( RbacManagerException e ) + { + getLogger().warn( "Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + + repoId + "] to Guest user.", e ); + } } protected void removeContents( ManagedRepositoryConfiguration existingRepository ) @@ -99,9 +130,18 @@ public abstract class AbstractManagedRepositoriesAction protected void removeRepositoryRoles( ManagedRepositoryConfiguration existingRepository ) throws RoleManagerException { - roleManager.removeTemplatedRole( "archiva-repository-manager", existingRepository.getId() ); - roleManager.removeTemplatedRole( "archiva-repository-observer", existingRepository.getId() ); + String repoId = existingRepository.getId(); + + if ( roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) ) + { + roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ); + } + + if ( roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) ) + { + roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ); + } - getLogger().debug( "removed user roles associated with repository " + existingRepository.getId() ); + getLogger().debug( "removed user roles associated with repository " + repoId ); } } diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/check/RoleExistanceEnvironmentCheck.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/check/RoleExistanceEnvironmentCheck.java deleted file mode 100644 index 7106faa9e..000000000 --- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/check/RoleExistanceEnvironmentCheck.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.apache.maven.archiva.web.check; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.apache.maven.archiva.configuration.ArchivaConfiguration; -import org.apache.maven.archiva.configuration.Configuration; -import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; -import org.apache.maven.archiva.database.ArchivaDAO; -import org.codehaus.plexus.logging.AbstractLogEnabled; -import org.codehaus.plexus.redback.role.RoleManager; -import org.codehaus.plexus.redback.role.RoleManagerException; -import org.codehaus.plexus.redback.system.check.EnvironmentCheck; - -import java.util.List; - -/** - * RoleExistanceEnvironmentCheck: - *

- * Under certain circumstances it is possible that the user store and/or role store - * have been wiped or reset and its important to see if there are repositories already - * configured in archiva that need to reinitialized in terms of having their roles created. - * - * @author: Jesse McConnell - * @version: $ID: - * @plexus.component role="org.codehaus.plexus.security.system.check.EnvironmentCheck" - * role-hint="repository-role-check" - */ -public class RoleExistanceEnvironmentCheck - extends AbstractLogEnabled - implements EnvironmentCheck -{ - /** - * @plexus.requirement role-hint="jdo" - */ - private ArchivaDAO dao; - - /** - * @plexus.requirement role-hint="default" - */ - private RoleManager roleManager; - - /** - * @plexus.requirement - */ - private ArchivaConfiguration configuration; - - private boolean checked; - - public void validateEnvironment( List list ) - { - if ( !checked ) - { - try - { - Configuration config = configuration.getConfiguration(); - for ( ManagedRepositoryConfiguration repository : config.getManagedRepositoriesAsMap().values() ) - { - if ( !roleManager.templatedRoleExists( "archiva-repository-manager", repository.getId() ) ) - { - roleManager.createTemplatedRole( "archiva-repository-manager", repository.getId() ); - } - - if ( !roleManager.templatedRoleExists( "archiva-repository-observer", repository.getId() ) ) - { - roleManager.createTemplatedRole( "archiva-repository-observer", repository.getId() ); - } - } - } - catch ( RoleManagerException rpe ) - { - list.add( this.getClass().getName() + "error initializing roles: " + rpe.getMessage() ); - getLogger().info( "error initializing roles", rpe ); - } - - checked = true; - } - } - -} diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java index 234e5f0e2..b2e37ec0d 100644 --- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java +++ b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java @@ -23,6 +23,7 @@ import org.apache.maven.archiva.common.ArchivaException; import org.apache.maven.archiva.configuration.ArchivaConfiguration; import org.apache.maven.archiva.configuration.ConfigurationNames; import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; +import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.logging.AbstractLogEnabled; import org.codehaus.plexus.redback.role.RoleManager; import org.codehaus.plexus.redback.role.RoleManagerException; @@ -69,19 +70,25 @@ public class SecuritySynchronization private void synchConfiguration( List repos ) { + // NOTE: Remote Repositories do not have roles or security placed around them. + for ( ManagedRepositoryConfiguration repoConfig : repos ) { // manage roles for repositories try { - if ( !roleManager.templatedRoleExists( "archiva-repository-observer", repoConfig.getId() ) ) + if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, + repoConfig.getId() ) ) { - roleManager.createTemplatedRole( "archiva-repository-observer", repoConfig.getId() ); + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, + repoConfig.getId() ); } - if ( !roleManager.templatedRoleExists( "archiva-repository-manager", repoConfig.getId() ) ) + if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, + repoConfig.getId() ) ) { - roleManager.createTemplatedRole( "archiva-repository-manager", repoConfig.getId() ); + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, + repoConfig.getId() ); } } catch ( RoleManagerException e ) @@ -89,7 +96,6 @@ public class SecuritySynchronization // Log error. getLogger().error( "Unable to create roles for configured repositories: " + e.getMessage(), e ); } - } } diff --git a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java index 7448fa0d5..779ad630e 100644 --- a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java +++ b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java @@ -25,6 +25,7 @@ import org.apache.commons.io.FileUtils; import org.apache.maven.archiva.configuration.ArchivaConfiguration; import org.apache.maven.archiva.configuration.Configuration; import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; +import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.PlexusTestCase; import org.codehaus.plexus.redback.role.RoleManager; import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle; @@ -119,9 +120,14 @@ public class AddManagedRepositoryActionTest { FileUtils.deleteDirectory( location ); - // TODO: should be in the business model - roleManager.createTemplatedRole( "archiva-repository-manager", REPO_ID ); - roleManager.createTemplatedRole( "archiva-repository-observer", REPO_ID ); + roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID ); + roleManagerControl.setReturnValue( false ); + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID ); + roleManagerControl.setVoidCallable(); + roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID ); + roleManagerControl.setReturnValue( false ); + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID ); + roleManagerControl.setVoidCallable(); roleManagerControl.replay(); diff --git a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java index 84c6fbb70..6f26257be 100644 --- a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java +++ b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java @@ -25,8 +25,10 @@ import org.apache.maven.archiva.configuration.ArchivaConfiguration; import org.apache.maven.archiva.configuration.Configuration; import org.apache.maven.archiva.configuration.IndeterminateConfigurationException; import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; +import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.PlexusTestCase; import org.codehaus.plexus.redback.role.RoleManager; +import org.codehaus.plexus.redback.role.RoleManagerException; import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle; import org.codehaus.plexus.redback.xwork.interceptor.SecureActionException; import org.codehaus.plexus.registry.RegistryException; @@ -114,8 +116,10 @@ public class DeleteManagedRepositoryActionTest } public void testDeleteRepositoryKeepContent() - throws RegistryException, IndeterminateConfigurationException + throws Exception { + prepareRoleManagerMock(); + Configuration configuration = prepDeletionTest( createRepository(), "delete-entry" ); String status = action.deleteEntry(); assertEquals( Action.SUCCESS, status ); @@ -126,8 +130,10 @@ public class DeleteManagedRepositoryActionTest } public void testDeleteRepositoryDeleteContent() - throws RegistryException, IndeterminateConfigurationException + throws Exception { + prepareRoleManagerMock(); + Configuration configuration = prepDeletionTest( createRepository(), "delete-contents" ); String status = action.deleteContents(); assertEquals( Action.SUCCESS, status ); @@ -226,4 +232,15 @@ public class DeleteManagedRepositoryActionTest repository.setDeleteReleasedSnapshots( true ); } + private void prepareRoleManagerMock() + throws RoleManagerException + { + roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID ); + roleManagerControl.setReturnValue( true ); + roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID ); + roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID ); + roleManagerControl.setReturnValue( true ); + roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID ); + roleManagerControl.replay(); + } } diff --git a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java index a3124f5e5..f596f42b7 100644 --- a/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java +++ b/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java @@ -24,6 +24,7 @@ import com.opensymphony.xwork.Action; import org.apache.maven.archiva.configuration.ArchivaConfiguration; import org.apache.maven.archiva.configuration.Configuration; import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; +import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.PlexusTestCase; import org.codehaus.plexus.redback.role.RoleManager; import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle; @@ -112,9 +113,14 @@ public class EditManagedRepositoryActionTest public void testEditRepository() throws Exception { - // TODO: should be in the business model - roleManager.createTemplatedRole( "archiva-repository-manager", REPO_ID ); - roleManager.createTemplatedRole( "archiva-repository-observer", REPO_ID ); + roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID ); + roleManagerControl.setReturnValue( false ); + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID ); + roleManagerControl.setVoidCallable(); + roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID ); + roleManagerControl.setReturnValue( false ); + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID ); + roleManagerControl.setVoidCallable(); roleManagerControl.replay();