From 8ce5a7d4f95e9e10e3195dd46e4b346d6a7f1f40 Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakime@apache.org>
Date: Fri, 19 Oct 2007 21:46:08 +0000
Subject: [PATCH] [MRM-398] configure guest access by default for
 pre-configured repositories * Moving redback initialization from a lazy init
 via xwork interceptor to archiva's startup process. * Changing UserAssignment
 process to check/create assignment before assigning new roles.

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@586622 13f79535-47bb-0310-9956-ffa450edef68
---
 .../web/startup/SecuritySynchronization.java  | 95 ++++++++++++++++---
 .../src/main/resources/xwork.xml              |  2 -
 2 files changed, 81 insertions(+), 16 deletions(-)

diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
index c63dbe060..0153a7b23 100644
--- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
+++ b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
@@ -19,6 +19,7 @@ package org.apache.maven.archiva.web.startup;
  * under the License.
  */
 
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.maven.archiva.common.ArchivaException;
 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
 import org.apache.maven.archiva.configuration.ConfigurationNames;
@@ -30,10 +31,14 @@ import org.codehaus.plexus.redback.rbac.RbacManagerException;
 import org.codehaus.plexus.redback.rbac.UserAssignment;
 import org.codehaus.plexus.redback.role.RoleManager;
 import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
 import org.codehaus.plexus.registry.Registry;
 import org.codehaus.plexus.registry.RegistryListener;
 
+import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
 
 /**
  * ConfigurationSynchronization
@@ -52,12 +57,17 @@ public class SecuritySynchronization
      * @plexus.requirement role-hint="default"
      */
     private RoleManager roleManager;
-    
+
     /**
      * @plexus.requirement role-hint="cached"
      */
     private RBACManager rbacManager;
 
+    /**
+     * @plexus.requirement role="org.codehaus.plexus.redback.system.check.EnvironmentCheck"
+     */
+    private Map<String, EnvironmentCheck> checkers;
+
     /**
      * @plexus.requirement
      */
@@ -79,24 +89,24 @@ public class SecuritySynchronization
     private void synchConfiguration( List<ManagedRepositoryConfiguration> repos )
     {
         // NOTE: Remote Repositories do not have roles or security placed around them.
-        
+
         for ( ManagedRepositoryConfiguration repoConfig : repos )
         {
             // manage roles for repositories
             try
             {
-                if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, 
-                                                       repoConfig.getId() ) )
+                if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoConfig
+                    .getId() ) )
                 {
-                    roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, 
-                                                     repoConfig.getId() );
+                    roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoConfig
+                        .getId() );
                 }
 
-                if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, 
-                                                       repoConfig.getId() ) )
+                if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoConfig
+                    .getId() ) )
                 {
-                    roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, 
-                                                     repoConfig.getId() );
+                    roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoConfig
+                        .getId() );
                 }
             }
             catch ( RoleManagerException e )
@@ -110,30 +120,87 @@ public class SecuritySynchronization
     public void startup()
         throws ArchivaException
     {
+        executeEnvironmentChecks();
+
         synchConfiguration( archivaConfiguration.getConfiguration().getManagedRepositories() );
         archivaConfiguration.addChangeListener( this );
-        
+
         if ( archivaConfiguration.isDefaulted() )
         {
             assignRepositoryObserverToGuestUser( archivaConfiguration.getConfiguration().getManagedRepositories() );
         }
     }
 
+    private void executeEnvironmentChecks()
+        throws ArchivaException
+    {
+        if ( ( checkers == null ) || CollectionUtils.isEmpty( checkers.values() ) )
+        {
+            throw new ArchivaException( "Unable to initialize the Redback Security Environment, "
+                + "no Environment Check components found." );
+        }
+
+        List<String> violations = new ArrayList<String>();
+
+        for ( Entry<String, EnvironmentCheck> entry : checkers.entrySet() )
+        {
+            EnvironmentCheck check = entry.getValue();
+            getLogger().info( "Running Environment Check: " + entry.getKey() );
+            check.validateEnvironment( violations );
+        }
+
+        if ( CollectionUtils.isNotEmpty( violations ) )
+        {
+            StringBuffer msg = new StringBuffer();
+            msg.append( "EnvironmentCheck Failure.\n" );
+            msg.append( "======================================================================\n" );
+            msg.append( " ENVIRONMENT FAILURE !! \n" );
+            msg.append( "\n" );
+
+            for ( String violation : violations )
+            {
+                msg.append( violation ).append( "\n" );
+            }
+
+            msg.append( "\n" );
+            msg.append( "======================================================================" );
+            getLogger().fatalError( msg.toString() );
+
+            throw new ArchivaException( "Unable to initialize Redback Security Environment, [" + violations.size()
+                + "] violation(s) encountered, See log for details." );
+        }
+    }
+
     private void assignRepositoryObserverToGuestUser( List<ManagedRepositoryConfiguration> repos )
     {
         for ( ManagedRepositoryConfiguration repoConfig : repos )
         {
             String repoId = repoConfig.getId();
+            
+            // TODO: Use the Redback / UserConfiguration..getString( "redback.default.guest" ) to get the right name.
+            String principal = "guest";
+            
             try
             {
-                UserAssignment ua = rbacManager.getUserAssignment( ArchivaRoleConstants.GUEST_ROLE );
+                UserAssignment ua;
+
+                if ( rbacManager.userAssignmentExists( principal ) )
+                {
+                    ua = rbacManager.getUserAssignment( principal );
+                }
+                else
+                {
+                    ua = rbacManager.createUserAssignment( principal );
+                }
+
                 ua.addRoleName( ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId );
                 rbacManager.saveUserAssignment( ua );
             }
             catch ( RbacManagerException e )
             {
-                getLogger().warn( "Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - "
-                                      + repoId + "] to Guest user.", e );
+                getLogger().warn(
+                                  "Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - "
+                                      + repoId + "] to " + principal + " user.", e );
             }
         }
     }
diff --git a/archiva-web/archiva-webapp/src/main/resources/xwork.xml b/archiva-web/archiva-webapp/src/main/resources/xwork.xml
index 2825a82b8..4966cbde7 100644
--- a/archiva-web/archiva-webapp/src/main/resources/xwork.xml
+++ b/archiva-web/archiva-webapp/src/main/resources/xwork.xml
@@ -35,12 +35,10 @@
       <interceptor name="redbackSecureActions" class="redbackSecureActionInterceptor"/>
       <interceptor name="redbackAutoLogin" class="redbackAutoLoginInterceptor"/>
       <interceptor name="redbackPolicyEnforcement" class="redbackPolicyEnforcementInterceptor"/>
-      <interceptor name="redbackEnvironmentChecker" class="redbackEnvironmentCheckInterceptor"/>
       <interceptor name="paramFilter" class="com.opensymphony.xwork.interceptor.ParameterFilterInterceptor"/>
 
       <interceptor-stack name="configuredArchivaStack">
         <interceptor-ref name="redbackForceAdminUser"/>
-        <interceptor-ref name="redbackEnvironmentChecker"/>
         <interceptor-ref name="redbackAutoLogin"/>
         <interceptor-ref name="defaultStack"/>
         <interceptor-ref name="paramFilter">
-- 
2.39.5