start to migrate Archiva to the new role creation technique

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@450765 13f79535-47bb-0310-9956-ffa450edef68

8 files changed, 359 insertions, 0 deletions

diff --git a/archiva-security/pom.xml b/archiva-security/pom.xml
new file mode 100644
index 000000000..0643432e6
--- /dev/null
+++ b/archiva-security/pom.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?><project>
+  <parent>
+    <artifactId>archiva</artifactId>
+    <groupId>org.apache.maven.archiva</groupId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>archiva-security</artifactId>
+  <name>Archiva Security Configuration</name>
+  <dependencies>
+    <dependency>
+      <groupId>org.codehaus.plexus.security</groupId>
+      <artifactId>plexus-security-rbac-profile</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus.security</groupId>
+      <artifactId>plexus-security-system</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaGuestRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaGuestRoleProfile.java
new file mode 100644
index 000000000..c8ba7d127
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaGuestRoleProfile.java
@@ -0,0 +1,48 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+ * @todo why does this need to be created in the client app?
+ * @todo composition instead of inheritence?
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" role-hint="archiva-guest"
+ */
+public class ArchivaGuestRoleProfile
+    extends AbstractRoleProfile
+{
+    public String getRoleName()
+    {
+        return ArchivaRoleConstants.GUEST_ROLE;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ArchivaRoleConstants.OPERATION_ACTIVE_GUEST );
+        return operations;
+    }
+
+    public boolean isAssignable()
+    {
+        return false;
+    }
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
new file mode 100644
index 000000000..adef01f19
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
@@ -0,0 +1,31 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+public class ArchivaRoleConstants
+{
+    // globalish roles
+    public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
+    public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
+    public static final String REGISTERED_USER_ROLE = "Registered User";
+    public static final String GUEST_ROLE = "Guest";
+
+    // operations
+    public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
+    public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
+    public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java
new file mode 100644
index 000000000..1eb72ffb9
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java
@@ -0,0 +1,40 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.DefaultRoleProfileManager;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+
+/**
+ * Role profile manager.
+ *
+ * @author Brett Porter
+ * @todo composition over inheritence?
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfileManager" role-hint="archiva"
+ */
+public class ArchivaRoleProfileManager
+    extends DefaultRoleProfileManager
+{
+    public void initialize()
+        throws RoleProfileException
+    {
+        mergeRoleProfiles( "system-administrator", "archiva-system-administrator" );
+        mergeRoleProfiles( "user-administrator", "archiva-user-administrator" );
+        mergeRoleProfiles( "guest", "archiva-guest" );
+        setInitialized( true ); //todo remove the initialization idea from profile managers
+    }
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
new file mode 100644
index 000000000..81d354176
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
@@ -0,0 +1,49 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @todo why does this need to be created in the client app?
+ * @todo composition instead of inheritence?
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" role-hint="archiva-system-administrator"
+ */
+public class ArchivaSystemAdministratorRoleProfile
+    extends AbstractRoleProfile
+{
+    public String getRoleName()
+    {
+        return ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
+        operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
+        return operations;
+    }
+
+    public boolean isAssignable()
+    {
+        return false;
+    }
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUserAdministratorRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUserAdministratorRoleProfile.java
new file mode 100644
index 000000000..b7f2db673
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUserAdministratorRoleProfile.java
@@ -0,0 +1,48 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractRoleProfile;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @todo why does this need to be created in the client app?
+ * @todo composition instead of inheritence?
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile" role-hint="archiva-user-administrator"
+ */
+public class ArchivaUserAdministratorRoleProfile
+    extends AbstractRoleProfile
+{
+    public String getRoleName()
+    {
+        return ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
+        return operations;
+    }
+
+    public boolean isAssignable()
+    {
+        return false;
+    }
+}
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RoleProfileEnvironmentCheck.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RoleProfileEnvironmentCheck.java
new file mode 100644
index 000000000..6e55ae6d4
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RoleProfileEnvironmentCheck.java
@@ -0,0 +1,54 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.logging.AbstractLogEnabled;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.rbac.profile.RoleProfileManager;
+import org.codehaus.plexus.security.system.check.EnvironmentCheck;
+
+import java.util.List;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.security.system.check.EnvironmentCheck"
+ * role-hint="archiva-role-profile-check"
+ * @todo isn't this standard? Shouldn't it be something initializable so it doesn't need to be checked all the time?
+ */
+public class RoleProfileEnvironmentCheck
+    extends AbstractLogEnabled
+    implements EnvironmentCheck
+{
+    /**
+     * @plexus.requirement role-hint="archiva"
+     */
+    private RoleProfileManager roleProfileManager;
+
+    public void validateEnvironment( List list )
+    {
+        try
+        {
+            if ( !roleProfileManager.isInitialized() )
+            {
+                roleProfileManager.initialize();
+            }
+        }
+        catch ( RoleProfileException rpe )
+        {
+            list.add( "error inititalizing the role manager: " + rpe.getMessage() );
+        }
+    }
+}
diff --git a/archiva-security/src/main/resources/META-INF/plexus/components.xml b/archiva-security/src/main/resources/META-INF/plexus/components.xml
new file mode 100644
index 000000000..9fc5dbf18
--- /dev/null
+++ b/archiva-security/src/main/resources/META-INF/plexus/components.xml
@@ -0,0 +1,67 @@
+<component-set>
+  <components>
+    <!-- TODO: wouldn't need to redeclare if it was composition -->
+    <!-- TODO: why is the container a requirement? -->
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfileManager</role>
+      <role-hint>archiva</role-hint>
+      <implementation>org.apache.maven.archiva.security.ArchivaRoleProfileManager</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+          <field-name>knownRoleProfiles</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+          <field-name>knownDynamicRoleProfiles</field-name>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+      <role-hint>archiva-system-administrator</role-hint>
+      <implementation>org.apache.maven.archiva.security.ArchivaSystemAdministratorRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+      <role-hint>archiva-user-administrator</role-hint>
+      <implementation>org.apache.maven.archiva.security.ArchivaUserAdministratorRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+      <role-hint>archiva-guest</role-hint>
+      <implementation>org.apache.maven.archiva.security.ArchivaGuestRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.PlexusContainer</role>
+          <field-name>container</field-name>
+        </requirement>
+      </requirements>
+    </component>
+  </components>
+</component-set>