diff options
| author | Joakim Erdfelt <joakime@apache.org> | 2007-10-19 21:46:08 +0000 |
|---|---|---|
| committer | Joakim Erdfelt <joakime@apache.org> | 2007-10-19 21:46:08 +0000 |
| commit | 8ce5a7d4f95e9e10e3195dd46e4b346d6a7f1f40 (patch) | |
| tree | e94f79fffdf0d05119f0139d66870a782ea07747 /archiva-web | |
| parent | 8d22aca37f827ece225cebb4863e2edb77109293 (diff) | |
| download | archiva-8ce5a7d4f95e9e10e3195dd46e4b346d6a7f1f40.tar.gz archiva-8ce5a7d4f95e9e10e3195dd46e4b346d6a7f1f40.zip | |
[MRM-398] configure guest access by default for pre-configured repositories
* Moving redback initialization from a lazy init via xwork interceptor to archiva's startup process.
* Changing UserAssignment process to check/create assignment before assigning new roles.
git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@586622 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-web')
| -rw-r--r-- | archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java | 95 | ||||
| -rw-r--r-- | archiva-web/archiva-webapp/src/main/resources/xwork.xml | 2 |
2 files changed, 81 insertions, 16 deletions
diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java index c63dbe060..0153a7b23 100644 --- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java +++ b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java @@ -19,6 +19,7 @@ package org.apache.maven.archiva.web.startup; * under the License. */ +import org.apache.commons.collections.CollectionUtils; import org.apache.maven.archiva.common.ArchivaException; import org.apache.maven.archiva.configuration.ArchivaConfiguration; import org.apache.maven.archiva.configuration.ConfigurationNames; @@ -30,10 +31,14 @@ import org.codehaus.plexus.redback.rbac.RbacManagerException; import org.codehaus.plexus.redback.rbac.UserAssignment; import org.codehaus.plexus.redback.role.RoleManager; import org.codehaus.plexus.redback.role.RoleManagerException; +import org.codehaus.plexus.redback.system.check.EnvironmentCheck; import org.codehaus.plexus.registry.Registry; import org.codehaus.plexus.registry.RegistryListener; +import java.util.ArrayList; import java.util.List; +import java.util.Map; +import java.util.Map.Entry; /** * ConfigurationSynchronization @@ -52,13 +57,18 @@ public class SecuritySynchronization * @plexus.requirement role-hint="default" */ private RoleManager roleManager; - + /** * @plexus.requirement role-hint="cached" */ private RBACManager rbacManager; /** + * @plexus.requirement role="org.codehaus.plexus.redback.system.check.EnvironmentCheck" + */ + private Map<String, EnvironmentCheck> checkers; + + /** * @plexus.requirement */ private ArchivaConfiguration archivaConfiguration; @@ -79,24 +89,24 @@ public class SecuritySynchronization private void synchConfiguration( List<ManagedRepositoryConfiguration> repos ) { // NOTE: Remote Repositories do not have roles or security placed around them. - + for ( ManagedRepositoryConfiguration repoConfig : repos ) { // manage roles for repositories try { - if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, - repoConfig.getId() ) ) + if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoConfig + .getId() ) ) { - roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, - repoConfig.getId() ); + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoConfig + .getId() ); } - if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, - repoConfig.getId() ) ) + if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoConfig + .getId() ) ) { - roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, - repoConfig.getId() ); + roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoConfig + .getId() ); } } catch ( RoleManagerException e ) @@ -110,30 +120,87 @@ public class SecuritySynchronization public void startup() throws ArchivaException { + executeEnvironmentChecks(); + synchConfiguration( archivaConfiguration.getConfiguration().getManagedRepositories() ); archivaConfiguration.addChangeListener( this ); - + if ( archivaConfiguration.isDefaulted() ) { assignRepositoryObserverToGuestUser( archivaConfiguration.getConfiguration().getManagedRepositories() ); } } + private void executeEnvironmentChecks() + throws ArchivaException + { + if ( ( checkers == null ) || CollectionUtils.isEmpty( checkers.values() ) ) + { + throw new ArchivaException( "Unable to initialize the Redback Security Environment, " + + "no Environment Check components found." ); + } + + List<String> violations = new ArrayList<String>(); + + for ( Entry<String, EnvironmentCheck> entry : checkers.entrySet() ) + { + EnvironmentCheck check = entry.getValue(); + getLogger().info( "Running Environment Check: " + entry.getKey() ); + check.validateEnvironment( violations ); + } + + if ( CollectionUtils.isNotEmpty( violations ) ) + { + StringBuffer msg = new StringBuffer(); + msg.append( "EnvironmentCheck Failure.\n" ); + msg.append( "======================================================================\n" ); + msg.append( " ENVIRONMENT FAILURE !! \n" ); + msg.append( "\n" ); + + for ( String violation : violations ) + { + msg.append( violation ).append( "\n" ); + } + + msg.append( "\n" ); + msg.append( "======================================================================" ); + getLogger().fatalError( msg.toString() ); + + throw new ArchivaException( "Unable to initialize Redback Security Environment, [" + violations.size() + + "] violation(s) encountered, See log for details." ); + } + } + private void assignRepositoryObserverToGuestUser( List<ManagedRepositoryConfiguration> repos ) { for ( ManagedRepositoryConfiguration repoConfig : repos ) { String repoId = repoConfig.getId(); + + // TODO: Use the Redback / UserConfiguration..getString( "redback.default.guest" ) to get the right name. + String principal = "guest"; + try { - UserAssignment ua = rbacManager.getUserAssignment( ArchivaRoleConstants.GUEST_ROLE ); + UserAssignment ua; + + if ( rbacManager.userAssignmentExists( principal ) ) + { + ua = rbacManager.getUserAssignment( principal ); + } + else + { + ua = rbacManager.createUserAssignment( principal ); + } + ua.addRoleName( ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId ); rbacManager.saveUserAssignment( ua ); } catch ( RbacManagerException e ) { - getLogger().warn( "Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " - + repoId + "] to Guest user.", e ); + getLogger().warn( + "Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + + repoId + "] to " + principal + " user.", e ); } } } diff --git a/archiva-web/archiva-webapp/src/main/resources/xwork.xml b/archiva-web/archiva-webapp/src/main/resources/xwork.xml index 2825a82b8..4966cbde7 100644 --- a/archiva-web/archiva-webapp/src/main/resources/xwork.xml +++ b/archiva-web/archiva-webapp/src/main/resources/xwork.xml @@ -35,12 +35,10 @@ <interceptor name="redbackSecureActions" class="redbackSecureActionInterceptor"/> <interceptor name="redbackAutoLogin" class="redbackAutoLoginInterceptor"/> <interceptor name="redbackPolicyEnforcement" class="redbackPolicyEnforcementInterceptor"/> - <interceptor name="redbackEnvironmentChecker" class="redbackEnvironmentCheckInterceptor"/> <interceptor name="paramFilter" class="com.opensymphony.xwork.interceptor.ParameterFilterInterceptor"/> <interceptor-stack name="configuredArchivaStack"> <interceptor-ref name="redbackForceAdminUser"/> - <interceptor-ref name="redbackEnvironmentChecker"/> <interceptor-ref name="redbackAutoLogin"/> <interceptor-ref name="defaultStack"/> <interceptor-ref name="paramFilter"> |