diff options
| author | Maria Odea B. Ching <oching@apache.org> | 2008-10-20 05:59:47 +0000 |
|---|---|---|
| committer | Maria Odea B. Ching <oching@apache.org> | 2008-10-20 05:59:47 +0000 |
| commit | c303ba78c70a220c54b0501bf5239f5870d03ad9 (patch) | |
| tree | 6d95b53c96b67ccf0ddba0054080440e49d2d42b /archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security | |
| parent | c64358cfd11f1c506afcc9cc2a4df5bc4f01b69a (diff) | |
| download | archiva-c303ba78c70a220c54b0501bf5239f5870d03ad9.tar.gz archiva-c303ba78c70a220c54b0501bf5239f5870d03ad9.zip | |
merged MRM-124 branch (-r706118) - archiva web services
git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@706126 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security')
6 files changed, 891 insertions, 0 deletions
diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml new file mode 100644 index 000000000..8736f8071 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml @@ -0,0 +1,83 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright 2005-2006 The Apache Software Foundation. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.archiva</groupId> + <artifactId>archiva-xmlrpc</artifactId> + <version>1.2-SNAPSHOT</version> + <relativePath>../pom.xml</relativePath> + </parent> + <artifactId>archiva-xmlrpc-security</artifactId> + <name>Archiva Web :: XML-RPC Security</name> + <dependencies> + <dependency> + <groupId>org.apache.xmlrpc</groupId> + <artifactId>xmlrpc-server</artifactId> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.codehaus.redback</groupId> + <artifactId>redback-system</artifactId> + </dependency> + <dependency> + <groupId>org.apache.archiva</groupId> + <artifactId>archiva-security</artifactId> + </dependency> + <dependency> + <groupId>org.codehaus.plexus</groupId> + <artifactId>plexus-spring</artifactId> + <scope>test</scope> + </dependency> + <!-- use spring for the unit tests? + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + --> + <dependency> + <groupId>org.codehaus.redback</groupId> + <artifactId>redback-authorization-rbac</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.codehaus.redback</groupId> + <artifactId>redback-keys-memory</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.codehaus.redback</groupId> + <artifactId>redback-users-memory</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.codehaus.redback</groupId> + <artifactId>redback-rbac-memory</artifactId> + <scope>test</scope> + </dependency> + </dependencies> +</project> diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/ServiceMethodsPermissionsMapping.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/ServiceMethodsPermissionsMapping.java new file mode 100644 index 000000000..333b4218e --- /dev/null +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/ServiceMethodsPermissionsMapping.java @@ -0,0 +1,69 @@ +package org.apache.archiva.web.xmlrpc.security; + + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import java.util.ArrayList; +import java.util.List; + +/** + * ServiceMethodsPermissionsMapping + * + * Used by the XmlRpcAuthenticationHandler to check the permissions specific to the requested service method. + * New methods in exposed services must be registered in the appropriate operation below. + * + * @version $Id: ServiceMethodsPermissionsMapping.java + */ +public class ServiceMethodsPermissionsMapping +{ + public static final List<String> SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION = new ArrayList<String>() + { + { + add( "AdministrationService.configureRepositoryConsumer" ); + add( "AdministrationService.configureDatabaseConsumer" ); + add( "AdministrationService.executeDatabaseScanner" ); + add( "AdministrationService.getAllManagedRepositories" ); + add( "AdministrationService.getAllRemoteRepositories" ); + add( "AdministrationService.getAllDatabaseConsumers" ); + add( "AdministrationService.getAllRepositoryConsumers" ); + add( "AdministrationService.deleteArtifact" ); + } + }; + + public static final List<String> SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER = new ArrayList<String>() + { + { + add( "AdministrationService.executeRepositoryScanner"); + } + }; + + public static final List<String> SERVICE_METHODS_FOR_OPERATION_ACCESS_REPORT = new ArrayList<String>(); + + public static final List<String> SERVICE_METHODS_FOR_OPERATION_REPOSITORY_ACCESS = new ArrayList<String>(); + + public static final List<String> SERVICE_METHODS_FOR_OPERATION_ADD_REPOSITORY = new ArrayList<String>(); + + public static final List<String> SERVICE_METHODS_FOR_OPERATION_DELETE_REPOSITORY = new ArrayList<String>(); + + public static final List<String> SERVICE_METHODS_FOR_OPERATION_EDIT_REPOSITORY = new ArrayList<String>(); + + public static final List<String> SERVICE_METHODS_FOR_OPERATION_REPOSITORY_UPLOAD = new ArrayList<String>(); + +} diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java new file mode 100644 index 000000000..40ee2fd6f --- /dev/null +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java @@ -0,0 +1,117 @@ +package org.apache.archiva.web.xmlrpc.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.xmlrpc.XmlRpcException;
+import org.apache.xmlrpc.XmlRpcRequest;
+import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
+import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler;
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.AuthorizationResult;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+
+/**
+ * XmlRpcAuthenticator
+ *
+ * Custom authentication and authorization handler for xmlrpc requests.
+ *
+ * @version $Id
+ */
+public class XmlRpcAuthenticator
+ implements AuthenticationHandler
+{
+ private final SecuritySystem securitySystem;
+
+ public XmlRpcAuthenticator( SecuritySystem securitySystem )
+ {
+ this.securitySystem = securitySystem;
+ }
+
+ public boolean isAuthorized( XmlRpcRequest pRequest )
+ throws XmlRpcException
+ {
+ if ( pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl )
+ {
+ XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl) pRequest.getConfig();
+ SecuritySession session =
+ authenticate( new PasswordBasedAuthenticationDataSource( config.getBasicUserName(),
+ config.getBasicPassword() ) );
+ String method = pRequest.getMethodName();
+ AuthorizationResult result = authorize( session, method );
+
+ return result.isAuthorized();
+ }
+
+ throw new XmlRpcException( "Unsupported transport (must be http)" );
+ }
+
+ private SecuritySession authenticate( PasswordBasedAuthenticationDataSource authenticationDataSource )
+ throws XmlRpcException
+ {
+ try
+ {
+ return securitySystem.authenticate( authenticationDataSource );
+ }
+ catch ( AccountLockedException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage(), e );
+ }
+ catch ( AuthenticationException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage(), e );
+ }
+ catch ( UserNotFoundException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage(), e );
+ }
+ }
+
+ private AuthorizationResult authorize( SecuritySession session, String methodName )
+ throws XmlRpcException
+ {
+ try
+ {
+ // sample attempt at simplifying authorization checking of requested service method
+ // TODO test with a sample client to see if this would work!
+ if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION.contains( methodName ) )
+ {
+ return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
+ }
+ else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER.contains( methodName ) )
+ {
+ return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_RUN_INDEXER );
+ }
+ else
+ {
+ return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE );
+ }
+ }
+ catch ( AuthorizationException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage(), e );
+ }
+ }
+}
diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java new file mode 100644 index 000000000..721aa828d --- /dev/null +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java @@ -0,0 +1,220 @@ +package org.apache.archiva.xmlrpc.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.web.xmlrpc.security.XmlRpcAuthenticator;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.xmlrpc.XmlRpcRequest;
+import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
+import org.codehaus.plexus.redback.role.RoleManager;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserManager;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.codehaus.plexus.spring.PlexusInSpringTestCase;
+import org.easymock.MockControl;
+import org.easymock.classextension.MockClassControl;
+
+/**
+ * XmlRpcAuthenticatorTest
+ *
+ * @version $Id XmlRpcAuthenticatorTest.java
+ */
+public class XmlRpcAuthenticatorTest
+//extends AbstractDependencyInjectionSpringContextTests
+ extends PlexusInSpringTestCase
+{
+ protected static final String USER_GUEST = "guest";
+
+ protected static final String USER_ADMIN = "admin";
+
+ protected static final String USER_ALPACA = "alpaca";
+
+ private static final String PASSWORD = "password123";
+
+ protected SecuritySystem securitySystem;
+
+ protected RoleManager roleManager;
+
+ private MockControl xmlRpcRequestControl;
+
+ private XmlRpcRequest xmlRpcRequest;
+
+ private XmlRpcAuthenticator authenticator;
+
+ private MockControl configControl;
+
+ private XmlRpcHttpRequestConfigImpl config;
+
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+
+ securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" );
+ roleManager = (RoleManager) lookup( RoleManager.class, "default" );
+
+ // Some basic asserts.
+ assertNotNull( securitySystem );
+ assertNotNull( roleManager );
+
+ // Setup Admin User.
+ User adminUser = createUser( USER_ADMIN, "Admin User", null );
+ roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
+
+ // Setup Guest User.
+ User guestUser = createUser( USER_GUEST, "Guest User", null );
+ roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );
+
+ configControl = MockClassControl.createControl( XmlRpcHttpRequestConfigImpl.class );
+ config = ( XmlRpcHttpRequestConfigImpl ) configControl.getMock();
+
+ xmlRpcRequestControl = MockControl.createControl( XmlRpcRequest.class );
+ xmlRpcRequest = ( XmlRpcRequest ) xmlRpcRequestControl.getMock();
+
+ authenticator = new XmlRpcAuthenticator( securitySystem );
+ }
+
+ private User createUser( String principal, String fullname, String password )
+ throws UserNotFoundException
+ {
+ UserManager userManager = securitySystem.getUserManager();
+
+ User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );
+ securitySystem.getPolicy().setEnabled( false );
+ userManager.addUser( user );
+ securitySystem.getPolicy().setEnabled( true );
+
+ user.setPassword( password );
+ userManager.updateUser( user );
+
+ return user;
+ }
+
+ public void testIsAuthorizedUserExistsButNotAuthorized()
+ throws Exception
+ {
+ createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );
+
+ UserManager userManager = securitySystem.getUserManager();
+ try
+ {
+ User user = userManager.findUser( USER_ALPACA );
+ assertEquals( USER_ALPACA, user.getPrincipal() );
+ }
+ catch ( UserNotFoundException e )
+ {
+ fail( "User should exist in the database." );
+ }
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
+
+ configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
+
+ configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+ "AdministrationService.getAllManagedRepositories" );
+
+ xmlRpcRequestControl.replay();
+ configControl.replay();
+
+ boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
+
+ xmlRpcRequestControl.verify();
+ configControl.verify();
+
+ assertFalse( isAuthorized );
+ }
+
+ public void testIsAuthorizedUserExistsAndAuthorized()
+ throws Exception
+ {
+ createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );
+
+ UserManager userManager = securitySystem.getUserManager();
+ try
+ {
+ User user = userManager.findUser( USER_ALPACA );
+ assertEquals( USER_ALPACA, user.getPrincipal() );
+ }
+ catch ( UserNotFoundException e )
+ {
+ fail( "User should exist in the database." );
+ }
+
+ //TODO cannot assign global repo manager role - it says role does not exist :|
+
+ //roleManager.assignRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, USER_ALPACA );
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
+
+ configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
+
+ configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+ "AdministrationService.getAllManagedRepositories" );
+
+ xmlRpcRequestControl.replay();
+ configControl.replay();
+
+ boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
+
+ xmlRpcRequestControl.verify();
+ configControl.verify();
+
+ //assertTrue( isAuthorized );
+ }
+
+ public void testIsAuthorizedUserDoesNotExist()
+ throws Exception
+ {
+ UserManager userManager = securitySystem.getUserManager();
+ try
+ {
+ userManager.findUser( USER_ALPACA );
+ fail( "User should not exist in the database." );
+ }
+ catch ( UserNotFoundException e )
+ {
+ assertEquals( "Unable to find user 'alpaca'", e.getMessage() );
+ }
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
+
+ configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
+
+ configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+ "AdministrationService.getAllManagedRepositories" );
+
+ xmlRpcRequestControl.replay();
+ configControl.replay();
+
+ boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
+
+ xmlRpcRequestControl.verify();
+ configControl.verify();
+
+ assertFalse( isAuthorized );
+ }
+}
diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/META-INF/redback/redback-core.xml b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/META-INF/redback/redback-core.xml new file mode 100644 index 000000000..289043991 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/META-INF/redback/redback-core.xml @@ -0,0 +1,210 @@ +<redback-role-model> + <modelVersion>1.0.0</modelVersion> + <applications> + <application> + <id>Redback XWork Integration Security Core</id> + <version>1.0</version> + <resources> + <resource> + <id>global</id> + <name>*</name> + <permanent>true</permanent> + <description> + global resource implies full access for authorization + </description> + </resource> + <resource> + <id>username</id> + <name>${username}</name> + <permanent>true</permanent> + <description> + replaced with the username of the principal at authorization + check time + </description> + </resource> + </resources> + <operations> + <operation> + <id>configuration-edit</id> + <name>configuration-edit</name> + <description>edit configuration</description> + <permanent>true</permanent> + </operation> + <operation> + <id>user-management-user-create</id> + <name>user-management-user-create</name> + <description>create user</description> + <permanent>true</permanent> + </operation> + <operation> + <id>user-management-user-edit</id> + <name>user-management-user-edit</name> + <description>edit user</description> + <permanent>true</permanent> + </operation> + <operation> + <id>user-management-user-role</id> + <name>user-management-user-role</name> + <description>user roles</description> + <permanent>true</permanent> + </operation> + <operation> + <id>user-management-user-delete</id> + <name>user-management-user-delete</name> + <description>delete user</description> + <permanent>true</permanent> + </operation> + <operation> + <id>user-management-user-list</id> + <name>user-management-user-list</name> + <description>list users</description> + <permanent>true</permanent> + </operation> + <operation> + <id>user-management-role-grant</id> + <name>user-management-role-grant</name> + <description>grant role</description> + <permanent>true</permanent> + </operation> + <operation> + <id>user-management-role-drop</id> + <name>user-management-role-drop</name> + <description>drop role</description> + <permanent>true</permanent> + </operation> + <operation> + <id>user-management-rbac-admin</id> + <name>user-management-rbac-admin</name> + <description>administer rbac</description> + <permanent>true</permanent> + </operation> + <operation> + <id>guest-access</id> + <name>guest-access</name> + <description>access guest</description> + <permanent>true</permanent> + </operation> + <operation> + <id>add-repository</id> + <name>add-repository</name> + <description>add repository</description> + <permanent>true</permanent> + </operation> + </operations> + <roles> + <role> + <id>system-administrator</id> + <name>System Administrator</name> + <permanent>true</permanent> + <assignable>true</assignable> + <permissions> + <permission> + <id>edit-redback-configuration</id> + <name>Edit Redback Configuration</name> + <operation>configuration-edit</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + <permission> + <id>manage-rbac-setup</id> + <name>User RBAC Management</name> + <operation>user-management-rbac-admin</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + </permissions> + <childRoles> + <childRole>user-administrator</childRole> + </childRoles> + </role> + <role> + <id>user-administrator</id> + <name>User Administrator</name> + <permanent>true</permanent> + <assignable>true</assignable> + <permissions> + <permission> + <id>drop-roles-for-anyone</id> + <name>Drop Roles for Anyone</name> + <operation>user-management-role-drop</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + <permission> + <id>grant-roles-for-anyone</id> + <name>Grant Roles for Anyone</name> + <operation>user-management-role-grant</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + <permission> + <id>user-create</id> + <name>Create Users</name> + <operation>user-management-user-create</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + <permission> + <id>user-delete</id> + <name>Delete Users</name> + <operation>user-management-user-delete</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + <permission> + <id>user-edit</id> + <name>Edit Users</name> + <operation>user-management-user-edit</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + <permission> + <id>access-users-roles</id> + <name>Access Users Roles</name> + <operation>user-management-user-role</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + <permission> + <id>access-user-list</id> + <name>Access User List</name> + <operation>user-management-user-list</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + </permissions> + </role> + <role> + <id>registered-user</id> + <name>Registered User</name> + <permanent>true</permanent> + <assignable>true</assignable> + <permissions> + <permission> + <id>edit-user-by-username</id> + <name>Edit User Data by Username</name> + <operation>user-management-user-edit</operation> + <resource>username</resource> + <permanent>true</permanent> + </permission> + </permissions> + </role> + <role> + <id>guest</id> + <name>Guest</name> + <permanent>true</permanent> + <assignable>true</assignable> + <permissions> + <permission> + <id>guest-permission</id> + <name>Guest Permission</name> + <operation>guest-access</operation> + <resource>global</resource> + <permanent>true</permanent> + </permission> + </permissions> + </role> + </roles> + </application> + </applications> +</redback-role-model>
\ No newline at end of file diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.xml b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.xml new file mode 100644 index 000000000..9c7b9344f --- /dev/null +++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/resources/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.xml @@ -0,0 +1,192 @@ +<?xml version="1.0" ?> +<component-set> + <components> + + <!-- x + <component> + <role>org.apache.maven.archiva.security.UserRepositories</role> + <role-hint>default</role-hint> + <implementation>org.apache.maven.archiva.security.DefaultUserRepositories</implementation> + <description>DefaultUserRepositories</description> + <requirements> + <requirement> + <role>org.codehaus.plexus.redback.system.SecuritySystem</role> + <role-hint>testable</role-hint> + <field-name>securitySystem</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.rbac.RBACManager</role> + <role-hint>memory</role-hint> + <field-name>rbacManager</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.role.RoleManager</role> + <role-hint>default</role-hint> + <field-name>roleManager</field-name> + </requirement> + <requirement> + <role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role> + <field-name>archivaConfiguration</field-name> + </requirement> + </requirements> + </component> + --> + + <component> + <role>org.codehaus.plexus.redback.system.SecuritySystem</role> + <role-hint>testable</role-hint> + <implementation>org.codehaus.plexus.redback.system.DefaultSecuritySystem</implementation> + <description>DefaultSecuritySystem:</description> + <requirements> + <requirement> + <role>org.codehaus.plexus.redback.authentication.AuthenticationManager</role> + <field-name>authnManager</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.authorization.Authorizer</role> + <role-hint>rbac</role-hint> + <field-name>authorizer</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.users.UserManager</role> + <role-hint>memory</role-hint> + <field-name>userManager</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.keys.KeyManager</role> + <role-hint>memory</role-hint> + <field-name>keyManager</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role> + <field-name>policy</field-name> + </requirement> + </requirements> + </component> + + <component> + <role>org.codehaus.plexus.redback.authorization.Authorizer</role> + <role-hint>rbac</role-hint> + <implementation>org.codehaus.plexus.redback.authorization.rbac.RbacAuthorizer</implementation> + <description>RbacAuthorizer:</description> + <requirements> + <requirement> + <role>org.codehaus.plexus.redback.rbac.RBACManager</role> + <role-hint>memory</role-hint> + <field-name>manager</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.users.UserManager</role> + <role-hint>memory</role-hint> + <field-name>userManager</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role> + <role-hint>default</role-hint> + <field-name>evaluator</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role> + <role-hint>default</role-hint> + <field-name>config</field-name> + </requirement> + </requirements> + </component> + + <component> + <role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role> + <role-hint>default</role-hint> + <implementation>org.codehaus.plexus.redback.authorization.rbac.evaluator.DefaultPermissionEvaluator</implementation> + <requirements> + <requirement> + <role>org.codehaus.plexus.redback.users.UserManager</role> + <role-hint>memory</role-hint> + <field-name>userManager</field-name> + </requirement> + </requirements> + </component> + + <component> + <role>org.codehaus.plexus.redback.role.RoleManager</role> + <role-hint>default</role-hint> + <implementation>org.codehaus.plexus.redback.role.DefaultRoleManager</implementation> + <description>RoleProfileManager:</description> + <requirements> + <requirement> + <role>org.codehaus.plexus.redback.role.validator.RoleModelValidator</role> + <role-hint>default</role-hint> + <field-name>modelValidator</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role> + <role-hint>default</role-hint> + <field-name>modelProcessor</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role> + <role-hint>default</role-hint> + <field-name>templateProcessor</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.redback.rbac.RBACManager</role> + <role-hint>memory</role-hint> + <field-name>rbacManager</field-name> + </requirement> + </requirements> + </component> + + <component> + <role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role> + <role-hint>default</role-hint> + <implementation>org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor</implementation> + <description>DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager</description> + <requirements> + <requirement> + <role>org.codehaus.plexus.redback.rbac.RBACManager</role> + <role-hint>memory</role-hint> + <field-name>rbacManager</field-name> + </requirement> + </requirements> + </component> + + <component> + <role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role> + <role-hint>default</role-hint> + <implementation>org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor</implementation> + <description>DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager</description> + <requirements> + <requirement> + <role>org.codehaus.plexus.redback.rbac.RBACManager</role> + <role-hint>memory</role-hint> + <field-name>rbacManager</field-name> + </requirement> + </requirements> + </component> + + <!-- + <component> + <role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role> + <implementation>org.apache.maven.archiva.configuration.DefaultArchivaConfiguration</implementation> + <requirements> + <requirement> + <role>org.codehaus.plexus.registry.Registry</role> + <role-hint>configured</role-hint> + </requirement> + </requirements> + </component> + <component> + <role>org.codehaus.plexus.registry.Registry</role> + <role-hint>configured</role-hint> + <implementation>org.codehaus.plexus.registry.commons.CommonsConfigurationRegistry</implementation> + <configuration> + <properties> + <system/> + <xml fileName="${basedir}/target/test-conf/archiva.xml" + config-name="org.apache.maven.archiva.base" config-at="org.apache.maven.archiva"/> + </properties> + </configuration> + </component> + --> + + </components> +</component-set>
\ No newline at end of file |