From 7b7135cff787a0db33c0c6079911ebe75504aa89 Mon Sep 17 00:00:00 2001 From: Olivier Lamy Date: Tue, 8 Jan 2013 22:47:47 +0000 Subject: [PATCH] [MRM-1736] map roles to ldap groups make authorizer impls dynamic git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1430611 13f79535-47bb-0310-9956-ffa450edef68 --- .../src/main/mdo/configuration.mdo | 9 +++ .../beans/RedbackRuntimeConfiguration.java | 16 +++++ ...faultRedbackRuntimeConfigurationAdmin.java | 45 +++++++++++++- .../web/security/ArchivaAuthorizer.java | 58 ++++++++++++++++--- 4 files changed, 120 insertions(+), 8 deletions(-) diff --git a/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo b/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo index 4f13ef806..a9a393b7c 100644 --- a/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo +++ b/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo @@ -1495,6 +1495,15 @@ * + + authorizerImpls + The authorizer impls to use. + 1.4.0+ + + String + * + + ldapConfiguration the ldap configuration diff --git a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java index 295380252..ac47544c9 100644 --- a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java +++ b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java @@ -39,6 +39,11 @@ public class RedbackRuntimeConfiguration */ private List userManagerImpls = new ArrayList(); + /** + * Field authorizerImpls. + */ + private java.util.List authorizerImpls; + private LdapConfiguration ldapConfiguration; /** @@ -153,12 +158,23 @@ public class RedbackRuntimeConfiguration this.usersCacheConfiguration = usersCacheConfiguration; } + public List getAuthorizerImpls() + { + return authorizerImpls; + } + + public void setAuthorizerImpls( List authorizerImpls ) + { + this.authorizerImpls = authorizerImpls; + } + @Override public String toString() { final StringBuilder sb = new StringBuilder(); sb.append( "RedbackRuntimeConfiguration" ); sb.append( "{userManagerImpls=" ).append( userManagerImpls ); + sb.append( ", authorizerImpls=" ).append( authorizerImpls ); sb.append( ", ldapConfiguration=" ).append( ldapConfiguration ); sb.append( ", migratedFromRedbackConfiguration=" ).append( migratedFromRedbackConfiguration ); sb.append( ", configurationProperties=" ).append( configurationProperties ); diff --git a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java index a4fea1b36..73f04ac0f 100644 --- a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java +++ b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java @@ -40,7 +40,10 @@ import org.springframework.stereotype.Service; import javax.annotation.PostConstruct; import javax.inject.Inject; import javax.inject.Named; +import java.util.Collection; +import java.util.HashSet; import java.util.List; +import java.util.Set; /** * @author Olivier Lamy @@ -75,7 +78,8 @@ public class DefaultRedbackRuntimeConfigurationAdmin if ( !redbackRuntimeConfiguration.isMigratedFromRedbackConfiguration() ) { // so migrate if available - String userManagerImpl = userConfiguration.getString( UserConfigurationKeys.USER_MANAGER_IMPL ); + String userManagerImpl = + userConfiguration.getConcatenatedList( UserConfigurationKeys.USER_MANAGER_IMPL, "jdo" ); if ( StringUtils.isNotEmpty( userManagerImpl ) ) { if ( StringUtils.contains( userManagerImpl, ',' ) ) @@ -92,6 +96,25 @@ public class DefaultRedbackRuntimeConfigurationAdmin } } + String authorizerImpls = + userConfiguration.getConcatenatedList( UserConfigurationKeys.AUTHORIZER_IMPL, "rbac" ); + + if ( StringUtils.isNotEmpty( authorizerImpls ) ) + { + if ( StringUtils.contains( authorizerImpls, ',' ) ) + { + String[] impls = StringUtils.split( authorizerImpls, ',' ); + for ( String impl : impls ) + { + redbackRuntimeConfiguration.getAuthorizerImpls().add( impl ); + } + } + else + { + redbackRuntimeConfiguration.getAuthorizerImpls().add( userManagerImpl ); + } + } + // now ldap LdapConfiguration ldapConfiguration = redbackRuntimeConfiguration.getLdapConfiguration(); @@ -130,6 +153,15 @@ public class DefaultRedbackRuntimeConfigurationAdmin updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration ); } + // we ensure authorizerImpls is not empty if so put + if ( redbackRuntimeConfiguration.getAuthorizerImpls().isEmpty() ) + { + log.info( + "redbackRuntimeConfiguration with empty authorizerImpls so force at least rbac implementation !" ); + redbackRuntimeConfiguration.getAuthorizerImpls().add( "rbac" ); + updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration ); + } + boolean save = false; // NPE free @@ -502,4 +534,15 @@ public class DefaultRedbackRuntimeConfigurationAdmin } return userConfiguration.getConcatenatedList( key, defaultValue ); } + + public Collection getKeys() + { + Collection keys = userConfiguration.getKeys(); + + Set keysSet = new HashSet( keys ); + + keysSet.addAll( getRedbackRuntimeConfiguration().getConfigurationProperties().keySet() ); + + return keysSet; + } } diff --git a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java index d5f6c9eed..cd599fa51 100644 --- a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java +++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java @@ -18,12 +18,16 @@ package org.apache.archiva.web.security; * under the License. */ +import org.apache.archiva.admin.model.RepositoryAdminException; +import org.apache.archiva.admin.model.beans.RedbackRuntimeConfiguration; +import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin; import org.apache.archiva.redback.authorization.AuthorizationDataSource; import org.apache.archiva.redback.authorization.AuthorizationException; import org.apache.archiva.redback.authorization.AuthorizationResult; import org.apache.archiva.redback.authorization.Authorizer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; import javax.inject.Inject; @@ -40,13 +44,10 @@ public class ArchivaAuthorizer private Logger log = LoggerFactory.getLogger( getClass() ); @Inject - @Named( value = "authorizer#rbac" ) - private Authorizer rbacAuthorizer; - + private ApplicationContext applicationContext; @Inject - @Named( value = "authorizer#ldap" ) - private Authorizer ldapAuthorizer; + private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin; public String getId() { @@ -58,11 +59,54 @@ public class ArchivaAuthorizer { log.debug( "isAuthorized source: {}", source ); - AuthorizationResult result = ldapAuthorizer.isAuthorized( source ); + try + { + RedbackRuntimeConfiguration redbackRuntimeConfiguration = + redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration(); + + AuthorizationException authorizationException = null; + + AuthorizationResult lastResult = null; + + for ( String id : redbackRuntimeConfiguration.getAuthorizerImpls() ) + { + Authorizer authorizer = getAuthorizer( id ); + AuthorizationResult result = null; + try + { + result = authorizer.isAuthorized( source ); + log.debug( "AuthorizationResult {} with id '{}", result, id ); + } + catch ( AuthorizationException e ) + { + log.debug( "AuthorizationException {} with id '{}", e.getMessage(), id ); + authorizationException = e; + } + if ( result.isAuthorized() ) + { + return result; + } - return rbacAuthorizer.isAuthorized( source ); + lastResult = result; + } + if ( authorizationException != null ) + { + throw authorizationException; + } + return lastResult; + } + catch ( RepositoryAdminException e ) + { + throw new AuthorizationException( e.getMessage(), e ); + } + + } + + private Authorizer getAuthorizer( String id ) + { + return applicationContext.getBean( "authorizer#" + id, Authorizer.class ); } public boolean isFinalImplementation() -- 2.39.5