diff options
| author | Jesse McConnell <jmcconnell@apache.org> | 2007-03-01 18:32:59 +0000 |
|---|---|---|
| committer | Jesse McConnell <jmcconnell@apache.org> | 2007-03-01 18:32:59 +0000 |
| commit | eecc68356ee8f203f9cf142480dd399aff7b8889 (patch) | |
| tree | 2a2a96e2a0350dc4151ae81b64dec1ae8a19f0dd | |
| parent | 013a962760e991e8396e35433f82a4f64f3c58cd (diff) | |
| download | archiva-eecc68356ee8f203f9cf142480dd399aff7b8889.tar.gz archiva-eecc68356ee8f203f9cf142480dd399aff7b8889.zip | |
Security role changes, added global repository manager that is the role for administering all repositories configuration wise, the particular repository managers now administer content _in_ their assigned repositories, observers get read access to corresponding repository (or global access to add if they get the global observer) and I also removed the archiva-edit-configuration operation since it was duplicated by the archiva-manage-configuraiton operation
git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@513431 13f79535-47bb-0310-9956-ffa450edef68
13 files changed, 56 insertions, 152 deletions
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java index e21bd6834..45d19de28 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java @@ -36,8 +36,6 @@ public class ArchivaRoleConstants public static final String GUEST_ROLE = "Guest"; - public static final String BASE_REPOSITORY_MANAGER = "Repository Manager Base"; - // dynamic role prefixes public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager"; @@ -65,6 +63,5 @@ public class ArchivaRoleConstants public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository"; public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository"; - - public static final String OPERATION_EDIT_CONFIGURATION = "archiva-edit-configuration"; + } diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java index 1dd7af2b2..f28444dbe 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java @@ -25,6 +25,8 @@ import org.codehaus.plexus.rbac.profile.RoleProfileException; /** * Role profile manager. * + * Role Structures are laid out as documented http://docs.codehaus.org/display/MAVENUSER/Archiva+Security+Roles + * * @author Brett Porter * @todo composition over inheritence? * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfileManager" role-hint="archiva" @@ -35,8 +37,9 @@ public class ArchivaRoleProfileManager public void initialize() throws RoleProfileException { - getRole( "archiva-repository-manager-base" ); - + getRole( "global-repository-manager" ); + getRole( "global-repository-observer" ); + mergeRoleProfiles( "system-administrator", "archiva-system-administrator" ); mergeRoleProfiles( "user-administrator", "archiva-user-administrator" ); mergeRoleProfiles( "guest", "archiva-guest" ); diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java index c84ce4440..4ea8e454d 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java @@ -41,7 +41,6 @@ public class ArchivaSystemAdministratorRoleProfile { List operations = new ArrayList(); operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION ); - operations.add( ArchivaRoleConstants.OPERATION_EDIT_CONFIGURATION ); operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS ); operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER ); operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX ); diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/BaseRepositoryManagerRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/BaseRepositoryManagerRoleProfile.java deleted file mode 100644 index a652aa73e..000000000 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/BaseRepositoryManagerRoleProfile.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.apache.maven.archiva.security; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.codehaus.plexus.rbac.profile.AbstractRoleProfile; - -import java.util.ArrayList; -import java.util.List; - -/** - * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" - * role-hint="archiva-repository-manager-base" - */ -public class BaseRepositoryManagerRoleProfile - extends AbstractRoleProfile -{ - public String getRoleName() - { - return ArchivaRoleConstants.BASE_REPOSITORY_MANAGER; - } - - public List getOperations() - { - List operations = new ArrayList(); - - operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION ); - - return operations; - } - - public boolean isPermanent() - { - return true; - } - - public boolean isAssignable() - { - return false; - } -} diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java index 824711117..50bcfbb6b 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java @@ -26,7 +26,7 @@ import java.util.List; /** * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" - * role-hint="archiva-repository-administrator" + * role-hint="global-repository-manager" */ public class GlobalRepositoryManagerRoleProfile extends AbstractRoleProfile @@ -49,9 +49,21 @@ public class GlobalRepositoryManagerRoleProfile public List getOperations() { List operations = new ArrayList(); + operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION ); operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY ); operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY ); operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY ); return operations; } + + public List getChildRoles() + { + List childRoles = new ArrayList(); + childRoles.add( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE ); + return childRoles; + } + + + + } diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java index 34e61dd2e..defd5e023 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java @@ -26,7 +26,7 @@ import java.util.List; /** * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" - * role-hint="archiva-repository-administrator" + * role-hint="global-repository-observer" */ public class GlobalRepositoryObserverRoleProfile extends AbstractRoleProfile @@ -48,6 +48,8 @@ public class GlobalRepositoryObserverRoleProfile public List getOperations() { - return null; + List operations = new ArrayList(); + operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); + return operations; } } diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java index da657de9c..a9b6510d2 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java @@ -50,61 +50,17 @@ public class RepositoryManagerDynamicRoleProfile { List operations = new ArrayList(); - // I'm not sure these are appropriate roles. operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY ); operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY ); - operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD ); return operations; } - - public List getChildRoles() - { - return Collections.singletonList( ArchivaRoleConstants.BASE_REPOSITORY_MANAGER ); - } - - public List getDynamicChildRoles( String string ) - { - return Collections.singletonList( - ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string ); - } - public boolean isAssignable() { return true; } - - public Role getRole( String resource ) - throws RoleProfileException - { - try - { - if ( rbacManager.roleExists( getRoleName( resource ) ) ) - { - return rbacManager.getRole( getRoleName( resource ) ); - } - else - { - // first time assign the role to the group administrator since they need the access - Role newRole = generateRole( resource ); - - Role repoAdmin = rbacManager.getRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE ); - repoAdmin.addChildRoleName( newRole.getName() ); - rbacManager.saveRole( repoAdmin ); - - return newRole; - } - } - catch ( RbacObjectNotFoundException ne ) - { - throw new RoleProfileException( "unable to get role", ne ); - } - catch ( RbacManagerException e ) - { - throw new RoleProfileException( "system error with rbac manager", e ); - } - } + } diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java index 84b696db8..d49affe1c 100644 --- a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java +++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java @@ -57,34 +57,4 @@ public class RepositoryObserverDynamicRoleProfile return true; } - public Role getRole( String resource ) - throws RoleProfileException -{ - try - { - if ( rbacManager.roleExists( getRoleName( resource ) ) ) - { - return rbacManager.getRole( getRoleName( resource ) ); - } - else - { - // first time assign the role to the group administrator since they need the access - Role newRole = generateRole( resource ); - - Role repoAdmin = rbacManager.getRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE ); - repoAdmin.addChildRoleName( newRole.getName() ); - rbacManager.saveRole( repoAdmin ); - - return newRole; - } - } - catch ( RbacObjectNotFoundException ne ) - { - throw new RoleProfileException( "unable to get role", ne ); - } - catch ( RbacManagerException e ) - { - throw new RoleProfileException( "system error with rbac manager", e ); - } -} } diff --git a/archiva-security/src/main/resources/META-INF/plexus/components.xml b/archiva-security/src/main/resources/META-INF/plexus/components.xml index d486b047f..bed50b59f 100644 --- a/archiva-security/src/main/resources/META-INF/plexus/components.xml +++ b/archiva-security/src/main/resources/META-INF/plexus/components.xml @@ -85,8 +85,22 @@ </component> <component> <role>org.codehaus.plexus.rbac.profile.RoleProfile</role> - <role-hint>archiva-repository-manager-base</role-hint> - <implementation>org.apache.maven.archiva.security.BaseRepositoryManagerRoleProfile</implementation> + <role-hint>global-repository-manager</role-hint> + <implementation>org.apache.maven.archiva.security.GlobalRepositoryManagerRoleProfile</implementation> + <requirements> + <requirement> + <role>org.codehaus.plexus.security.rbac.RBACManager</role> + </requirement> + <requirement> + <role>org.codehaus.plexus.PlexusContainer</role> + <field-name>container</field-name> + </requirement> + </requirements> + </component> + <component> + <role>org.codehaus.plexus.rbac.profile.RoleProfile</role> + <role-hint>global-repository-observer</role-hint> + <implementation>org.apache.maven.archiva.security.GlobalRepositoryObserverRoleProfile</implementation> <requirements> <requirement> <role>org.codehaus.plexus.security.rbac.RBACManager</role> diff --git a/archiva-webapp/pom.xml b/archiva-webapp/pom.xml index c9d02499a..4f3887ecf 100644 --- a/archiva-webapp/pom.xml +++ b/archiva-webapp/pom.xml @@ -264,7 +264,7 @@ <jettyEnvXml>src/jetty-env.xml</jettyEnvXml> <connectors> <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector"> - <port>9091</port> + <port>9090</port> <maxIdleTime>60000</maxIdleTime> </connector> </connectors> diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp index ba45254a3..b722d305a 100644 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp @@ -35,7 +35,7 @@ <div> <div style="float: right"> <%-- TODO replace with icons --%> - <pss:ifAuthorized permission="archiva-edit-configuration" resource="*"> + <pss:ifAuthorized permission="archiva-manage-configuration"> <a href="<ww:url action="configure" />">Edit Configuration</a> </pss:ifAuthorized> </div> diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp index c9b3e1f61..ec4c59c7c 100644 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp @@ -39,7 +39,7 @@ <div> <div style="float: right"> <%-- TODO replace with icons --%> - <pss:ifAuthorized permission="archiva-add-repository"> + <pss:ifAuthorized permission="archiva-manage-configuration"> <ww:url id="addRepositoryUrl" action="addRepository" method="input"/> <ww:a href="%{addRepositoryUrl}">Add Repository</ww:a> </pss:ifAuthorized> @@ -52,9 +52,10 @@ <strong>There are no managed repositories configured yet.</strong> </c:if> <c:forEach items="${repositories}" var="repository" varStatus="i"> - <pss:ifAnyAuthorized permissions="archiva-edit-repository, archiva-delete-repository" resource="${repository.id}"> + <div> <div style="float: right"> + <pss:ifAnyAuthorized permissions="archiva-manage-configuration"> <ww:url id="editRepositoryUrl" action="editRepository" method="input"> <ww:param name="repoId" value="%{'${repository.id}'}"/> </ww:url> @@ -64,6 +65,7 @@ <%-- TODO replace with icons --%> <ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a> <ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a> + </pss:ifAnyAuthorized> </div> <h3>${repository.name}</h3> <table class="infoTable"> @@ -142,7 +144,6 @@ </tr> </table> </div> - </pss:ifAnyAuthorized> </c:forEach> </div> diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp index 8171bc6c2..de6479873 100644 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp @@ -20,6 +20,7 @@ <%@ taglib prefix="ww" uri="/webwork" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="my" tagdir="/WEB-INF/tags" %> +<%@ taglib prefix="pss" uri="/plexusSecuritySystem" %> <html> <head> @@ -33,10 +34,14 @@ <div id="contentArea"> <div> + <%-- TODO replace with icons --%> <div style="float: right"> - <a href="<ww:url action="addProxiedRepository" method="input" />">Add Repository</a> + <pss:ifAuthorized permission="archiva-manage-configuration"> + <a href="<ww:url action="addProxiedRepository" method="input" />">Add Repository</a> + </pss:ifAuthorized> </div> + <h2>Proxied Repositories</h2> </div> @@ -48,10 +53,12 @@ <div> <div style="float: right"> <%-- TODO replace with icons --%> - <a href="<ww:url action="editProxiedRepository" method="input"><ww:param name="repoId" value="%{'${repository.id}'}" /></ww:url>">Edit + <pss:ifAuthorized permission="archiva-manage-configuration"> + <a href="<ww:url action="editProxiedRepository" method="input"><ww:param name="repoId" value="%{'${repository.id}'}" /></ww:url>">Edit Repository</a> | <a href="<ww:url action="deleteProxiedRepository" method="input"><ww:param name="repoId" value="%{'${repository.id}'}" /></ww:url>">Delete - Repository</a> + Repository</a> + </pss:ifAuthorized> </div> <h3>${repository.name}</h3> <table class="infoTable"> |