From dd3f12a49f0b23a086dd336660c1ce81f7c62261 Mon Sep 17 00:00:00 2001 From: Jesse McConnell Date: Mon, 11 Sep 2006 08:05:03 +0000 Subject: [PATCH] plexus-security integration part deux, we have access control working using user manager based authentication, jdo user manager store and jdo rbac authz stores. sample authz is included in several of the jsp files. notes, the jsp/admin/rbac jsp files are temporary, useful for debugging potential role issues for the moment only, they are not meant to be a lasting part of archiva. derby is the db being used, and its located in src/main/webapp/WEB-INF/database if you are using jetty locally git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@442119 13f79535-47bb-0310-9956-ffa450edef68 --- archiva-webapp/pom.xml | 48 ++- .../maven/archiva/web/action/ProxyAction.java | 4 +- .../archiva/web/action/ReportsAction.java | 3 +- .../archiva/web/action/SearchAction.java | 4 +- .../web/action/ShowArtifactAction.java | 4 +- .../AbstractConfigureRepositoryAction.java | 12 +- .../web/action/admin/ConfigureAction.java | 4 +- .../web/action/admin/NewUserAction.java | 171 +++++++++++ .../action/admin/RunRepositoryTaskAction.java | 4 +- .../action/admin/UserManagementAction.java | 187 ++++++++++++ .../interceptor/ConfigurationInterceptor.java | 12 + .../archiva/web/util/DefaultRoleManager.java | 288 ++++++++++++++++++ .../maven/archiva/web/util/RoleManager.java | 39 +++ .../resources/META-INF/plexus/application.xml | 87 +++++- archiva-webapp/src/main/resources/xwork.xml | 117 ++++++- .../main/webapp/WEB-INF/jsp/admin/index.jsp | 13 +- .../main/webapp/WEB-INF/jsp/admin/rbac/README | 6 + .../WEB-INF/jsp/admin/rbac/operation.jsp | 43 +++ .../WEB-INF/jsp/admin/rbac/operations.jsp | 55 ++++ .../WEB-INF/jsp/admin/rbac/permission.jsp | 46 +++ .../WEB-INF/jsp/admin/rbac/permissions.jsp | 59 ++++ .../WEB-INF/jsp/admin/rbac/resource.jsp | 42 +++ .../WEB-INF/jsp/admin/rbac/resources.jsp | 55 ++++ .../webapp/WEB-INF/jsp/admin/rbac/role.jsp | 67 ++++ .../webapp/WEB-INF/jsp/admin/rbac/roles.jsp | 55 ++++ .../src/main/webapp/WEB-INF/jsp/browse.jsp | 4 +- .../webapp/WEB-INF/jsp/decorators/default.jsp | 16 +- .../WEB-INF/jsp/{login.jsp => findUser.jsp} | 55 ++-- .../main/webapp/WEB-INF/jsp/loginRegister.jsp | 134 ++++++++ .../src/main/webapp/WEB-INF/jsp/register.jsp | 60 ---- .../src/main/webapp/WEB-INF/jsp/user.jsp | 168 ++++++++++ .../main/webapp/WEB-INF/jsp/userDetails.jsp | 52 ++++ 32 files changed, 1788 insertions(+), 126 deletions(-) create mode 100644 archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java create mode 100644 archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java create mode 100644 archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java create mode 100644 archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/README create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operation.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operations.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permission.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permissions.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resource.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resources.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/role.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/roles.jsp rename archiva-webapp/src/main/webapp/WEB-INF/jsp/{login.jsp => findUser.jsp} (50%) create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp delete mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp create mode 100644 archiva-webapp/src/main/webapp/WEB-INF/jsp/userDetails.jsp diff --git a/archiva-webapp/pom.xml b/archiva-webapp/pom.xml index 5a84610b6..82d48a15b 100644 --- a/archiva-webapp/pom.xml +++ b/archiva-webapp/pom.xml @@ -127,17 +127,22 @@ org.codehaus.plexus.security - plexus-security-authentication-provider-memory + plexus-security-authentication-provider-user-manager 1.0-SNAPSHOT org.codehaus.plexus.security - plexus-security-user-management-provider-memory + plexus-security-user-management-api 1.0-SNAPSHOT org.codehaus.plexus.security - plexus-security-authorization-rbac-store-memory + plexus-security-user-management-provider-jdo + 1.0-SNAPSHOT + + + org.codehaus.plexus.security + plexus-security-authorization-rbac-store-jdo 1.0-SNAPSHOT @@ -149,6 +154,43 @@ org.codehaus.plexus.security plexus-security-authorization-rbac-authorizer 1.0-SNAPSHOT + + + org.codehaus.plexus + plexus-jdo2 + 1.0-alpha-7-SNAPSHOT + + + xerces + xercesImpl + + + xerces + xmlParserAPIs + + + + + org.codehaus.plexus + plexus-utils + 1.2 + + + org.apache.derby + derby + 10.1.2.1 + + + jpox + jpox + 1.1.1 + + + + javax.sql + jdbc-stdext + + diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ProxyAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ProxyAction.java index 219dbfcae..5ae074d6d 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ProxyAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ProxyAction.java @@ -16,10 +16,10 @@ package org.apache.maven.archiva.web.action; * limitations under the License. */ -import com.opensymphony.xwork.ActionSupport; import org.apache.maven.archiva.proxy.ProxyException; import org.apache.maven.archiva.proxy.ProxyManager; import org.apache.maven.wagon.ResourceDoesNotExistException; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; import java.io.File; import java.io.FileInputStream; @@ -32,7 +32,7 @@ import java.io.InputStream; * @plexus.component role="com.opensymphony.xwork.Action" role-hint="proxyAction" */ public class ProxyAction - extends ActionSupport + extends PlexusActionSupport { /** * @plexus.requirement diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java index 9b0bfdebc..47293bca2 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java @@ -31,6 +31,7 @@ import org.apache.maven.archiva.reporting.ReportingDatabase; import org.apache.maven.archiva.reporting.ReportingStoreException; import org.apache.maven.artifact.repository.ArtifactRepository; import org.apache.maven.artifact.resolver.filter.ArtifactFilter; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; import java.util.ArrayList; import java.util.Iterator; @@ -43,7 +44,7 @@ import java.util.Map; * @plexus.component role="com.opensymphony.xwork.Action" role-hint="reportsAction" */ public class ReportsAction - extends ActionSupport + extends PlexusActionSupport implements Preparable { /** diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/SearchAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/SearchAction.java index 7eac71e79..4f1f581d5 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/SearchAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/SearchAction.java @@ -16,7 +16,6 @@ package org.apache.maven.archiva.web.action; * limitations under the License. */ -import com.opensymphony.xwork.ActionSupport; import org.apache.lucene.index.Term; import org.apache.lucene.queryParser.MultiFieldQueryParser; import org.apache.lucene.queryParser.ParseException; @@ -32,6 +31,7 @@ import org.apache.maven.archiva.indexer.RepositoryIndexSearchException; import org.apache.maven.archiva.indexer.lucene.LuceneQuery; import org.apache.maven.archiva.indexer.lucene.LuceneRepositoryArtifactIndex; import org.apache.maven.archiva.indexer.record.StandardIndexRecordFields; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; import java.io.File; import java.net.MalformedURLException; @@ -43,7 +43,7 @@ import java.util.List; * @plexus.component role="com.opensymphony.xwork.Action" role-hint="searchAction" */ public class SearchAction - extends ActionSupport + extends PlexusActionSupport { /** * Query string. diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java index 113910483..eb9ea5dab 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java @@ -16,7 +16,6 @@ package org.apache.maven.archiva.web.action; * limitations under the License. */ -import com.opensymphony.xwork.ActionSupport; import org.apache.lucene.index.Term; import org.apache.lucene.search.TermQuery; import org.apache.maven.archiva.configuration.Configuration; @@ -40,6 +39,7 @@ import org.apache.maven.project.MavenProjectBuilder; import org.apache.maven.project.ProjectBuildingException; import org.codehaus.plexus.util.StringUtils; import org.codehaus.plexus.util.xml.pull.XmlPullParserException; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; import java.io.File; import java.io.IOException; @@ -59,7 +59,7 @@ import java.util.Set; * @plexus.component role="com.opensymphony.xwork.Action" role-hint="showArtifactAction" */ public class ShowArtifactAction - extends ActionSupport + extends PlexusActionSupport { /** * @plexus.requirement diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java index e901d5bca..93c560619 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java @@ -16,7 +16,6 @@ package org.apache.maven.archiva.web.action.admin; * limitations under the License. */ -import com.opensymphony.xwork.ActionSupport; import com.opensymphony.xwork.ModelDriven; import com.opensymphony.xwork.Preparable; import org.apache.maven.archiva.configuration.AbstractRepositoryConfiguration; @@ -25,6 +24,8 @@ import org.apache.maven.archiva.configuration.ConfigurationChangeException; import org.apache.maven.archiva.configuration.ConfigurationStore; import org.apache.maven.archiva.configuration.ConfigurationStoreException; import org.apache.maven.archiva.configuration.InvalidConfigurationException; +import org.apache.maven.archiva.web.util.RoleManager; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; import java.io.IOException; @@ -34,7 +35,7 @@ import java.io.IOException; * @author Brett Porter */ public abstract class AbstractConfigureRepositoryAction - extends ActionSupport + extends PlexusActionSupport implements ModelDriven, Preparable { /** @@ -42,6 +43,11 @@ public abstract class AbstractConfigureRepositoryAction */ private ConfigurationStore configurationStore; + /** + * @plexus.requirement + */ + protected RoleManager roleManager; + /** * The repository. */ @@ -92,6 +98,8 @@ public abstract class AbstractConfigureRepositoryAction { addRepository(); + roleManager.addRepository( getRepoId() ); + configurationStore.storeConfiguration( configuration ); // TODO: do we need to check if indexing is needed? diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java index 626615c35..ee0f245b7 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java @@ -16,7 +16,6 @@ package org.apache.maven.archiva.web.action.admin; * limitations under the License. */ -import com.opensymphony.xwork.ActionSupport; import com.opensymphony.xwork.ModelDriven; import com.opensymphony.xwork.Preparable; import org.apache.maven.archiva.configuration.Configuration; @@ -26,6 +25,7 @@ import org.apache.maven.archiva.configuration.ConfigurationStoreException; import org.apache.maven.archiva.configuration.InvalidConfigurationException; import org.apache.maven.archiva.indexer.RepositoryIndexException; import org.apache.maven.archiva.indexer.RepositoryIndexSearchException; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; import java.io.File; import java.io.IOException; @@ -36,7 +36,7 @@ import java.io.IOException; * @plexus.component role="com.opensymphony.xwork.Action" role-hint="configureAction" */ public class ConfigureAction - extends ActionSupport + extends PlexusActionSupport implements ModelDriven, Preparable { /** diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java new file mode 100644 index 000000000..2b288a76f --- /dev/null +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java @@ -0,0 +1,171 @@ +package org.apache.maven.archiva.web.action.admin; + + +/* + * Copyright 2005 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import org.codehaus.plexus.security.system.SecuritySystem; +import org.codehaus.plexus.security.user.User; +import org.codehaus.plexus.security.user.UserManager; +import org.codehaus.plexus.security.user.policy.PasswordRuleViolationException; +import org.codehaus.plexus.security.user.policy.PasswordRuleViolations; +import org.codehaus.plexus.util.StringUtils; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; +import org.apache.maven.archiva.web.util.RoleManager; + +import java.util.Iterator; +import java.util.List; + +/** + * LoginAction: + * + * @author Jesse McConnell + * @author Joakim Erdfelt + * @version $Id:$ + * @plexus.component role="com.opensymphony.xwork.Action" + * role-hint="newUser" + */ +public class NewUserAction + extends PlexusActionSupport +{ + + /** + * @plexus.requirement + */ + private SecuritySystem securitySystem; + + /** + * @plexus.requirement + */ + private RoleManager roleManager; + + private String username; + + private String password; + + private String passwordConfirm; + + private String email; + + private String fullName; + + public String createUser() + { + // TODO: use commons-validator for these fields. + + if ( StringUtils.isEmpty( username ) ) + { + addActionError( "User Name is required." ); + } + + if ( StringUtils.isEmpty( fullName ) ) + { + addActionError( "Full Name is required." ); + } + + if ( StringUtils.isEmpty( email ) ) + { + addActionError( "Email Address is required." ); + } + + // TODO: Validate Email Address (use commons-validator) + + if ( StringUtils.equals( password, passwordConfirm ) ) + { + addActionError( "Passwords do not match." ); + } + + UserManager um = securitySystem.getUserManager(); + + User user = um.createUser( username, fullName, email ); + + user.setPassword( password ); + + try + { + um.addUser( user ); + } + catch ( PasswordRuleViolationException e ) + { + PasswordRuleViolations violations = e.getViolations(); + List violationList = violations.getLocalizedViolations(); + Iterator it = violationList.iterator(); + while ( it.hasNext() ) + { + addActionError( (String) it.next() ); + } + } + + if ( hasActionErrors() ) + { + return ERROR; + } + + roleManager.addUser( user.getPrincipal().toString() ); + + return SUCCESS; + } + + public String getUsername() + { + return username; + } + + public void setUsername( String username ) + { + this.username = username; + } + + public String getPassword() + { + return password; + } + + public void setPassword( String password ) + { + this.password = password; + } + + public String getEmail() + { + return email; + } + + public void setEmail( String email ) + { + this.email = email; + } + + public String getFullName() + { + return fullName; + } + + public void setFullName( String fullName ) + { + this.fullName = fullName; + } + + public String getPasswordConfirm() + { + return passwordConfirm; + } + + public void setPasswordConfirm( String passwordConfirm ) + { + this.passwordConfirm = passwordConfirm; + } +} diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java index a87e861fa..23ad9b0db 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java @@ -16,9 +16,9 @@ package org.apache.maven.archiva.web.action.admin; * limitations under the License. */ -import com.opensymphony.xwork.ActionSupport; import org.apache.maven.archiva.scheduler.RepositoryTaskScheduler; import org.apache.maven.archiva.scheduler.TaskExecutionException; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; /** * Configures the application. @@ -26,7 +26,7 @@ import org.apache.maven.archiva.scheduler.TaskExecutionException; * @plexus.component role="com.opensymphony.xwork.Action" role-hint="runRepositoryTaskAction" */ public class RunRepositoryTaskAction - extends ActionSupport + extends PlexusActionSupport { /** * @plexus.requirement diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java new file mode 100644 index 000000000..f1b3944ce --- /dev/null +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java @@ -0,0 +1,187 @@ +package org.apache.maven.archiva.web.action.admin; + + +/* + * Copyright 2005 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import com.opensymphony.xwork.ModelDriven; +import com.opensymphony.xwork.Preparable; +import org.codehaus.plexus.security.rbac.RBACManager; +import org.codehaus.plexus.security.user.User; +import org.codehaus.plexus.security.user.UserManager; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; + +import java.util.ArrayList; +import java.util.List; + +/** + * LoginAction: + * + * @author Jesse McConnell + * @version $Id:$ + * @plexus.component role="com.opensymphony.xwork.Action" + * role-hint="userManagement" + */ +public class UserManagementAction + extends PlexusActionSupport + implements ModelDriven, Preparable +{ + + /** + * @plexus.requirement + */ + private UserManager userManager; + + /** + * @plexus.requirement + */ + private RBACManager rbacManager; + + private User user; + + private String username; + + private String principal; + + private List availableRoles; + + private List assignedRoles; + + private List resources; + + private String resourceName; + + public void prepare() + throws Exception + { + if ( username == null ) + { + username = ( (User) session.get( "user" ) ).getUsername(); + user = userManager.findUser( username ); + } + else + { + user = userManager.findUser( username ); + } + + resources = rbacManager.getAllResources(); + + availableRoles = rbacManager.getAllAssignableRoles(); + + principal = ( (User) session.get( "user" ) ).getPrincipal().toString(); + + if ( principal != null && rbacManager.userAssignmentExists( principal ) ) + { + getLogger().info( "recovering assigned roles" ); + assignedRoles = new ArrayList( rbacManager.getAssignedRoles( principal ) ); + availableRoles = new ArrayList( rbacManager.getUnassignedRoles( principal ) ); + } + else + { + getLogger().info( "new assigned roles" ); + assignedRoles = new ArrayList(); + availableRoles = rbacManager.getAllAssignableRoles(); + + } + + getLogger().info( "assigned roles: " + assignedRoles.size() ); + getLogger().info( "available roles: " + availableRoles.size() ); + } + + public String save() + throws Exception + { + User temp = userManager.findUser( username ); + + temp.setEmail( user.getEmail() ); + temp.setFullName( user.getFullName() ); + temp.setLocked( user.isLocked() ); + + userManager.updateUser( temp ); + + return SUCCESS; + } + + public Object getModel() + { + return user; + } + + public String getUsername() + { + return username; + } + + public void setUsername( String username ) + { + this.username = username; + } + + public User getUser() + { + return user; + } + + public String getPrincipal() + { + return principal; + } + + public void setPrincipal( String principal ) + { + this.principal = principal; + } + + public List getAvailableRoles() + { + return availableRoles; + } + + public void setAvailableRoles( List availableRoles ) + { + this.availableRoles = availableRoles; + } + + public List getAssignedRoles() + { + return assignedRoles; + } + + public void setAssignedRoles( List assignedRoles ) + { + this.assignedRoles = assignedRoles; + } + + public List getResources() + { + return resources; + } + + public void setResources( List resources ) + { + this.resources = resources; + } + + public String getResourceName() + { + return resourceName; + } + + public void setResourceName( String resourceName ) + { + this.resourceName = resourceName; + } +} diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java index 11f92f518..5695f01aa 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java @@ -20,6 +20,7 @@ import com.opensymphony.xwork.ActionInvocation; import com.opensymphony.xwork.interceptor.Interceptor; import org.apache.maven.archiva.configuration.Configuration; import org.apache.maven.archiva.configuration.ConfigurationStore; +import org.apache.maven.archiva.web.util.RoleManager; import org.codehaus.plexus.logging.AbstractLogEnabled; /** @@ -37,6 +38,17 @@ public class ConfigurationInterceptor */ private ConfigurationStore configurationStore; + /** + * @plexus.requirement + */ + private RoleManager roleManager; + + /** + * + * @param actionInvocation + * @return + * @throws Exception + */ public String intercept( ActionInvocation actionInvocation ) throws Exception { diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java new file mode 100644 index 000000000..19a403cc8 --- /dev/null +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java @@ -0,0 +1,288 @@ +package org.apache.maven.archiva.web.util; + +/* +* Copyright 2005 The Apache Software Foundation. +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable; +import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException; +import org.codehaus.plexus.security.rbac.Operation; +import org.codehaus.plexus.security.rbac.Permission; +import org.codehaus.plexus.security.rbac.RBACManager; +import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException; +import org.codehaus.plexus.security.rbac.RbacStoreException; +import org.codehaus.plexus.security.rbac.Resource; +import org.codehaus.plexus.security.rbac.Role; +import org.codehaus.plexus.security.rbac.UserAssignment; + +/** + * DefaultRoleManager: + * + * @author Jesse McConnell + * @version $Id:$ + * @plexus.component role="org.apache.maven.archiva.web.util.RoleManager" + * role-hint="default" + */ +public class DefaultRoleManager + implements RoleManager, Initializable +{ + + /** + * @plexus.requirement + */ + private RBACManager manager; + + private boolean initialized; + + public void initialize() + throws InitializationException + { + + // initialize the operations + + if ( !manager.operationExists( "add-repository" ) ) + { + Operation operation = manager.createOperation( "add-repository" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "edit-repository" ) ) + { + Operation operation = manager.createOperation( "edit-repository" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "delete-repository" ) ) + { + Operation operation = manager.createOperation( "delete-repository" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "edit-configuration" ) ) + { + Operation operation = manager.createOperation( "edit-configuration" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "run-indexer" ) ) + { + Operation operation = manager.createOperation( "run-indexer" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "regenerate-index" ) ) + { + Operation operation = manager.createOperation( "regenerate-index" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "get-reports" ) ) + { + Operation operation = manager.createOperation( "get-reports" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "regenerate-reports" ) ) + { + Operation operation = manager.createOperation( "regenerate-reports" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "edit-user" ) ) + { + Operation operation = manager.createOperation( "edit-user" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "edit-all-users" ) ) + { + Operation operation = manager.createOperation( "edit-all-users" ); + manager.saveOperation( operation ); + } + + if ( !manager.operationExists( "remove-roles" ) ) + { + Operation operation = manager.createOperation( "remove-roles" ); + manager.saveOperation( operation ); + } + + try + { + if ( !manager.permissionExists( "Edit Configuration" ) ) + { + Permission editConfiguration = + manager.createPermission( "Edit Configuration", "edit-configuration", manager.getGlobalResource().getIdentifier() ); + manager.savePermission( editConfiguration ); + } + + if ( !manager.permissionExists( "Run Indexer" ) ) + { + Permission runIndexer = manager.createPermission( "Run Indexer", "run-indexer", manager.getGlobalResource().getIdentifier() ); + + manager.savePermission( runIndexer ); + } + + if ( !manager.permissionExists( "Add Repository" ) ) + { + Permission runIndexer = manager.createPermission( "Add Repository", "add-repository", manager.getGlobalResource().getIdentifier() ); + manager.savePermission( runIndexer ); + } + + if ( !manager.permissionExists( "Edit All Users" ) ) + { + Permission editAllUsers = manager.createPermission( "Edit All Users", "edit-all-users", manager.getGlobalResource().getIdentifier() ); + + manager.savePermission( editAllUsers ); + } + + if ( !manager.permissionExists( "Remove Roles" ) ) + { + Permission editAllUsers = manager.createPermission( "Remove Roles", "remove-roles", manager.getGlobalResource().getIdentifier() ); + + manager.savePermission( editAllUsers ); + } + + + if ( !manager.permissionExists( "Regenerate Index" ) ) + { + Permission regenIndex = manager.createPermission( "Regenerate Index", "regenerate-index", manager.getGlobalResource().getIdentifier() ); + + manager.savePermission( regenIndex ); + } + + if ( !manager.roleExists( "User Administrator" ) ) + { + Role userAdmin = manager.createRole( "User Administrator" ); + userAdmin.addPermission( manager.getPermission( "Edit All Users" ) ); + userAdmin.addPermission( manager.getPermission( "Remove Roles" ) ); + userAdmin.setAssignable( true ); + manager.saveRole( userAdmin ); + } + + if ( !manager.roleExists( "System Administrator" ) ) + { + Role admin = manager.createRole( "System Administrator" ); + admin.addChildRole( manager.getRole( "User Administrator" ) ) ; + admin.addPermission( manager.getPermission( "Edit Configuration" ) ); + admin.addPermission( manager.getPermission( "Run Indexer" ) ); + admin.addPermission( manager.getPermission( "Add Repository") ); + admin.addPermission( manager.getPermission( "Regenerate Index" ) ); + admin.setAssignable( true ); + manager.saveRole( admin ); + } + + + + } + catch ( RbacObjectNotFoundException ne ) + { + throw new InitializationException( "error in role initialization", ne ); + } + + initialized = true; + } + + public void addUser( String principal ) + throws RbacStoreException + { + try + { + // make the resource + Resource usernameResource = manager.createResource( principal ); + manager.saveResource( usernameResource ); + + Permission editUser = manager.createPermission( "Edit Myself" ); + editUser.setOperation( manager.getOperation( "edit-user" ) ); + editUser.setResource( manager.getResource( principal ) ); + editUser = manager.savePermission( editUser ); + + // todo this one role a user will go away when we have expressions in the resources + Role userRole = manager.createRole( "Personal Role - " + principal ); + userRole.addPermission( editUser ); + userRole = manager.saveRole( userRole ); + + UserAssignment assignment = manager.createUserAssignment( principal ); + assignment.addRole( userRole ); + manager.saveUserAssignment( assignment ); + + } + catch ( RbacObjectNotFoundException ne ) + { + throw new RbacStoreException( "rbac object not found in repo role creation", ne ); + } + } + + public void addRepository( String repositoryName ) + throws RbacStoreException + { + try + { + // make the resource + Resource repoResource = manager.createResource( repositoryName ); + repoResource = manager.saveResource( repoResource ); + + // make the permissions + Permission editRepo = manager.createPermission( "Edit Repository - " + repositoryName ); + editRepo.setOperation( manager.getOperation( "edit-repository" ) ); + editRepo.setResource( repoResource ); + editRepo = manager.savePermission( editRepo ); + + Permission deleteRepo = manager.createPermission( "Delete Repository - " + repositoryName ); + deleteRepo.setOperation( manager.getOperation( "delete-repository" ) ); + deleteRepo.setResource( repoResource ); + deleteRepo = manager.savePermission( deleteRepo ); + + Permission getReports = + manager.createPermission( "Get Reports - " + repositoryName ); + getReports.setOperation( manager.getOperation( "get-reports" ) ); + getReports.setResource( repoResource ); + getReports = manager.savePermission( getReports ); + + Permission regenReports = manager.createPermission( "Regenerate Reports - " + repositoryName ); + regenReports.setOperation( manager.getOperation( "regenerate-reports" ) ); + regenReports.setResource( repoResource ); + regenReports = manager.savePermission( regenReports ); + + // make the roles + Role repositoryObserver = manager.createRole( "Repository Manager - " + repositoryName ); + repositoryObserver.addPermission( editRepo ); + repositoryObserver.setAssignable( true ); + repositoryObserver = manager.saveRole( repositoryObserver ); + + Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName ); + repositoryManager.addPermission( editRepo ); + repositoryManager.addPermission( deleteRepo ); + repositoryManager.addPermission( regenReports ); + repositoryManager.addChildRole( repositoryObserver ); + repositoryManager.setAssignable( true ); + manager.saveRole( repositoryManager ); + + } + catch ( RbacObjectNotFoundException ne ) + { + throw new RbacStoreException( "rbac object not found in repo role creation", ne ); + } + } + + public boolean isInitialized() + { + return initialized; + } + + public void setInitialized( boolean initialized ) + { + this.initialized = initialized; + } +} diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java new file mode 100644 index 000000000..220ee8ea3 --- /dev/null +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java @@ -0,0 +1,39 @@ +package org.apache.maven.archiva.web.util; + +import org.codehaus.plexus.security.rbac.RbacStoreException; + +/* + * Copyright 2005 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * RoleManager: + * + * @author Jesse McConnell + * @version $Id:$ + * + */ +public interface RoleManager +{ + public static final String ROLE = RoleManager.class.getName(); + + public void addRepository( String repositoryName ) + throws RbacStoreException; + + public void addUser( String principal ) + throws RbacStoreException; + + public boolean isInitialized(); +} diff --git a/archiva-webapp/src/main/resources/META-INF/plexus/application.xml b/archiva-webapp/src/main/resources/META-INF/plexus/application.xml index c17d9b2be..e5cb475e6 100644 --- a/archiva-webapp/src/main/resources/META-INF/plexus/application.xml +++ b/archiva-webapp/src/main/resources/META-INF/plexus/application.xml @@ -56,20 +56,24 @@ org.apache.maven DEBUG + + org.codehaus.plexus.security + INFO + - + org.codehaus.plexus.security.system.SecuritySystem org.codehaus.plexus.security.system.DefaultSecuritySystem default org.codehaus.plexus.security.authentication.Authenticator - memory + user-manager org.codehaus.plexus.security.authorization.Authorizer @@ -77,7 +81,7 @@ org.codehaus.plexus.security.user.UserManager - memory + jdo @@ -88,13 +92,86 @@ org.codehaus.plexus.security.authorization.rbac.RbacAuthorizer - org.codehaus.plexus.security.authorization.rbac.store.RbacStore - memory + org.codehaus.plexus.security.rbac.RBACManager + jdo + + + org.codehaus.plexus.security.authorization.rbac.evaluator.PermissionEvaluator + default + + org.codehaus.plexus.jdo.JdoFactory + org.codehaus.plexus.jdo.DefaultConfigurableJdoFactory + + + + + + + + org.apache.derby.jdbc.EmbeddedDriver + jdbc:derby:${plexus.home}/database;create=true + sa + + + + + + + org.jpox.PersistenceManagerFactoryImpl + + + org.jpox.autoCreateSchema + true + + + org.jpox.autoStartMechanism + SchemaTable + + + org.jpox.autoStartMechanismMode + Ignored + + + org.jpox.validateTables + false + + + org.jpox.validateConstraints + false + + + org.jpox.transactionIsolation + READ_UNCOMMITTED + + + org.jpox.poid.transactionIsolation + READ_UNCOMMITTED + + + + + diff --git a/archiva-webapp/src/main/resources/xwork.xml b/archiva-webapp/src/main/resources/xwork.xml index b9d78897c..43af86a92 100644 --- a/archiva-webapp/src/main/resources/xwork.xml +++ b/archiva-webapp/src/main/resources/xwork.xml @@ -126,17 +126,16 @@ - - /WEB-INF/jsp/login.jsp + + /WEB-INF/jsp/loginRegister.jsp browse - - /WEB-INF/jsp/logout.jsp + + /WEB-INF/jsp/logout.jsp - - /WEB-INF/jsp/register.jsp + login @@ -237,6 +236,112 @@ /admin/reports.action?reportGroup=${reportGroup}&repositoryId=${repositoryId}&filter=${filter} /admin/reports.action?reportGroup=${reportGroup}&repositoryId=${repositoryId}&filter=${filter} + + + + /WEB-INF/jsp/user.jsp + + + + + + /WEB-INF/jsp/userDetails.jsp + + + + /WEB-INF/jsp/findUser.jsp + + + + user + + + + user + + + + /WEB-INF/jsp/admin/rbac/permissions.jsp + + + + + /WEB-INF/jsp/admin/rbac/permission.jsp + + + + + permissions + + + + permissions + + + + /WEB-INF/jsp/admin/rbac/operations.jsp + + + + + /WEB-INF/jsp/admin/rbac/operation.jsp + + + + + operations + + + + operations + + + + /WEB-INF/jsp/admin/rbac/resources.jsp + + + + + /WEB-INF/jsp/admin/rbac/resource.jsp + + + + + resources + + + + /WEB-INF/jsp/admin/rbac/resources.jsp + + + + /WEB-INF/jsp/admin/rbac/roles.jsp + + + + + /WEB-INF/jsp/admin/rbac/role.jsp + + + + + roles + + + + roles + + + + role + + + + role + + + + diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp index bba9821c9..a70ecbdfb 100644 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp @@ -16,6 +16,7 @@ <%@ taglib prefix="ww" uri="/webwork" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> +<%@ taglib prefix="pss" uri="plexusSecuritySystem" %> @@ -50,7 +51,11 @@ <%-- TODO: a "delete index and run now" operation should be here too (really clean, remove deletions that didn't get picked up) --%> - ">Run Now + + + ">Run Now + + @@ -77,7 +82,11 @@
<%-- TODO replace with icons --%> - ">Add Repository
+ + + Add Repository + +

Managed Repositories

diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/README b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/README new file mode 100644 index 000000000..ac36178d2 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/README @@ -0,0 +1,6 @@ +NOTE: since this is the first application of plexus-security I have these pages here for analyzing the roles +from rbac. + +these will be removed shortly + +nada que ver aqui! :P \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operation.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operation.jsp new file mode 100644 index 000000000..150d22617 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operation.jsp @@ -0,0 +1,43 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + + Configuration + + + + + +

Operation Modification

+ +
+ + + + + +
+
+ + +
+ +
+ + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operations.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operations.jsp new file mode 100644 index 000000000..ef4024f61 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operations.jsp @@ -0,0 +1,55 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + + Configuration + + + + + +

Available Operations

+ +
+ + + + + + +

Roles|Permissions|Operations|Resources

+ + + + + + ${operation.name} + + + ${operation.name}
+
+ +

+ + + new
+

+
+ + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permission.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permission.jsp new file mode 100644 index 000000000..cedb1fe32 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permission.jsp @@ -0,0 +1,46 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + + Configuration + + + + + +

Permission Modification

+ +
+ + + + + +
+
+
+
+
+ or
+
+
+
+
+ + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permissions.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permissions.jsp new file mode 100644 index 000000000..a702b7ab5 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permissions.jsp @@ -0,0 +1,59 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + + Configuration + + + + + +

Available Permissions

+ +
+ + + + + +

Roles|Permissions|Operations|Resources

+ +

+ Permissions list page +

+ + + + + ${permission.name} + + + ${permission.name}
+
+ +

+ + + new
+

+ + +
+ \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resource.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resource.jsp new file mode 100644 index 000000000..c030e9014 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resource.jsp @@ -0,0 +1,42 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + + Configuration + + + + + +

Resource Modification

+ +
+ + + + + +
+ +
+
+ +
+ + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resources.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resources.jsp new file mode 100644 index 000000000..4d7d0c5f9 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resources.jsp @@ -0,0 +1,55 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + + Configuration + + + + + +

Available Resources

+ +
+ + + + + + +

Roles|Permissions|Operations|Resources

+ + + + + + ${resource.identifier} + + ${resource.identifier}
+
+ +

+ + + new
+

+
+ + + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/role.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/role.jsp new file mode 100644 index 000000000..d5fa08add --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/role.jsp @@ -0,0 +1,67 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + + Configuration + + + + + +

Role Modification

+ +
+ + + + + +
+
+
+
+ Currently Assigned Permissions:
+ + + + ${permission.name} + + ${permission.name} | remove
+
+
+
+
+ Currently Assigned Roles:
+ + + + + + ${arole.name} | remove
+
+
+
+ +

+ +

+
+
+ + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/roles.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/roles.jsp new file mode 100644 index 000000000..8c3e7958d --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/roles.jsp @@ -0,0 +1,55 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + + Configuration + + + + + +

Available Roles

+ +
+ + + + + + + +

Roles|Permissions|Operations|Resources

+ + + + + ${role.name} + + + ${role.name}
+
+ +

+ + + new
+

+
+ + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/browse.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/browse.jsp index 313946fb5..ba2fe728a 100644 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/browse.jsp +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/browse.jsp @@ -16,6 +16,7 @@ <%@ taglib prefix="ww" uri="/webwork" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> +<%@ taglib prefix="pss" uri="plexusSecuritySystem" %> @@ -26,7 +27,6 @@

Browse Repository

-

Groups

@@ -43,6 +43,8 @@
+ + <%-- TODO: later, when supported in metadata

Category

diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp index a53064338..61078be10 100644 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp @@ -18,6 +18,7 @@ <%@ taglib uri="/webwork" prefix="ww" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <%@ taglib prefix="my" tagdir="/WEB-INF/tags" %> +<%@ taglib prefix="pss" uri="plexusSecuritySystem" %> Maven Archiva :: @@ -60,14 +61,15 @@ <div class="xleft"> <ww:url id="loginUrl" action="login" namespace="/"/> <ww:url id="logoutUrl" action="logout" namespace="/"/> - <ww:url id="registerUrl" action="register" namespace="/"/> + <ww:url id="manageUserUrl" action="user" namespace="/admin"/> + <ww:if test="${sessionScope.authStatus != true}"> - <ww:a href="%{loginUrl}">Login</ww:a> - or - <ww:a href="%{registerUrl}">Register</ww:a> + <ww:a href="%{loginUrl}">Login/Register</ww:a> + </ww:if> <ww:else> Welcome, <b>${sessionScope.user.username}</b> - + <ww:a href="%{manageUserUrl}">Settings</ww:a> - <ww:a href="%{logoutUrl}">Logout</ww:a> </ww:else> </div> @@ -120,11 +122,17 @@ <li class="none"> <my:currentWWUrl action="proxiedRepositories" namespace="/admin">Proxied Repositories</my:currentWWUrl> </li> + <%-- TODO: add back after synced repos are implemented <li class="none"> <my:currentWWUrl action="syncedRepositories" namespace="/admin">Synced Repositories</my:currentWWUrl> </li> --%> + <pss:ifAuthorized permission="edit-all-users"> + <li class="none"> + <my:currentWWUrl action="userManagement" namespace="/admin">User Management</my:currentWWUrl> + </li> + </pss:ifAuthorized> </ul> </li> </ul> diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/login.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/findUser.jsp similarity index 50% rename from archiva-webapp/src/main/webapp/WEB-INF/jsp/login.jsp rename to archiva-webapp/src/main/webapp/WEB-INF/jsp/findUser.jsp index 911cfff33..716f89c8c 100644 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/login.jsp +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/findUser.jsp @@ -15,43 +15,34 @@ --%> <%@ taglib prefix="ww" uri="/webwork" %> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - <html> <head> - <title>Login Page - + User Management - Find a User + -

Login

- -
-
- - - - - - - - - - - - - - -
Username:
Password:
-
-

- - - New user? - Register! -

-
-
+ +

User Management

+ +
+ +
+ + + +
+
+
+ - + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp new file mode 100644 index 000000000..32965c5c6 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp @@ -0,0 +1,134 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> +<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> + + + + Login Page + + + + + +
+ +
+ + +
+
+
+ + + + diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp deleted file mode 100644 index 0147c2638..000000000 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp +++ /dev/null @@ -1,60 +0,0 @@ -<%-- - ~ Copyright 2005-2006 The Apache Software Foundation. - ~ - ~ Licensed under the Apache License, Version 2.0 (the "License"); - ~ you may not use this file except in compliance with the License. - ~ You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --%> - -<%@ taglib prefix="ww" uri="/webwork" %> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - - - - Registration Page - - - - - -

Registration

- -
-
- - - - - - - - - - - - - - - - - - - - - - -
Username:
Password:
Full Name:
Email Address:
-
-
-
- - - diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp new file mode 100644 index 000000000..3c5602a03 --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp @@ -0,0 +1,168 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> +<%@ taglib prefix="pss" uri="plexusSecuritySystem" %> + + + User Management - Find a User + + + + + +
+ +
+ +
+
+
+ + + + \ No newline at end of file diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/userDetails.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/userDetails.jsp new file mode 100644 index 000000000..55e18742a --- /dev/null +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/userDetails.jsp @@ -0,0 +1,52 @@ +<%-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --%> + +<%@ taglib prefix="ww" uri="/webwork" %> + + + User Management - Find a User + + + + + +
+ +
+ + + +
+
+
+ + + \ No newline at end of file -- 2.39.5