diff options
| author | Olivier Lamy <olamy@apache.org> | 2013-01-15 14:05:15 +0000 |
|---|---|---|
| committer | Olivier Lamy <olamy@apache.org> | 2013-01-15 14:05:15 +0000 |
| commit | 0a6be89ea5a6aac401f5929429c0b8a0449d5632 (patch) | |
| tree | 6c08ec12226c4eeb36a6e4e2931ae8e687cda413 /redback-authorization | |
| parent | eacd24413fec677d35faa63498a972b58cfe06f2 (diff) | |
| download | archiva-0a6be89ea5a6aac401f5929429c0b8a0449d5632.tar.gz archiva-0a6be89ea5a6aac401f5929429c0b8a0449d5632.zip | |
remove redback-authorization-ldap module
git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1433422 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'redback-authorization')
4 files changed, 1 insertions, 416 deletions
diff --git a/redback-authorization/redback-authorization-providers/pom.xml b/redback-authorization/redback-authorization-providers/pom.xml index 30752876c..757337fb7 100644 --- a/redback-authorization/redback-authorization-providers/pom.xml +++ b/redback-authorization/redback-authorization-providers/pom.xml @@ -30,6 +30,5 @@ <modules> <module>redback-authorization-rbac</module> <module>redback-authorization-open</module> - <module>redback-authorization-ldap</module> - </modules> + </modules> </project> diff --git a/redback-authorization/redback-authorization-providers/redback-authorization-ldap/pom.xml b/redback-authorization/redback-authorization-providers/redback-authorization-ldap/pom.xml deleted file mode 100644 index 747e94c1c..000000000 --- a/redback-authorization/redback-authorization-providers/redback-authorization-ldap/pom.xml +++ /dev/null @@ -1,83 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ~ Licensed to the Apache Software Foundation (ASF) under one - ~ or more contributor license agreements. See the NOTICE file - ~ distributed with this work for additional information - ~ regarding copyright ownership. The ASF licenses this file - ~ to you under the Apache License, Version 2.0 (the - ~ "License"); you may not use this file except in compliance - ~ with the License. You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, - ~ software distributed under the License is distributed on an - ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - ~ KIND, either express or implied. See the License for the - ~ specific language governing permissions and limitations - ~ under the License. - --> -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> - - <modelVersion>4.0.0</modelVersion> - - <parent> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-authorization-providers</artifactId> - <version>2.1-SNAPSHOT</version> - </parent> - - <artifactId>redback-authorization-ldap</artifactId> - <packaging>bundle</packaging> - <name>Redback :: Authorization Provider :: Ldap</name> - - <dependencies> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-authorization-api</artifactId> - </dependency> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-rbac-model</artifactId> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-context-support</artifactId> - </dependency> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-common-ldap</artifactId> - </dependency> - <dependency> - <groupId>javax.annotation</groupId> - <artifactId>jsr250-api</artifactId> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - <configuration> - <instructions> - <Export-Package> - org.apache.archiva.redback.authorization.ldap;version=${project.version};-split-package:=merge-first - </Export-Package> - <Import-Package> - org.apache.archiva.redback.authorization;version=${project.version}, - org.springframework.stereotype;version="[3,4)", - javax.inject, - org.apache.archiva.redback.common.ldap, - org.apache.archiva.redback.common.ldap.role, - org.apache.archiva.redback.rbac, - org.apache.commons.lang, - org.slf4j - </Import-Package> - </instructions> - </configuration> - </plugin> - </plugins> - </build> - -</project> diff --git a/redback-authorization/redback-authorization-providers/redback-authorization-ldap/src/main/java/org/apache/archiva/redback/authorization/ldap/LdapAuthorizer.java b/redback-authorization/redback-authorization-providers/redback-authorization-ldap/src/main/java/org/apache/archiva/redback/authorization/ldap/LdapAuthorizer.java deleted file mode 100644 index 486744dd3..000000000 --- a/redback-authorization/redback-authorization-providers/redback-authorization-ldap/src/main/java/org/apache/archiva/redback/authorization/ldap/LdapAuthorizer.java +++ /dev/null @@ -1,297 +0,0 @@ -package org.apache.archiva.redback.authorization.ldap; -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.apache.archiva.redback.authorization.AuthorizationDataSource; -import org.apache.archiva.redback.authorization.AuthorizationException; -import org.apache.archiva.redback.authorization.AuthorizationResult; -import org.apache.archiva.redback.authorization.Authorizer; -import org.apache.archiva.redback.common.ldap.MappingException; -import org.apache.archiva.redback.common.ldap.role.LdapRoleMapper; -import org.apache.archiva.redback.rbac.Permission; -import org.apache.archiva.redback.rbac.RBACManager; -import org.apache.archiva.redback.rbac.RbacManagerException; -import org.apache.archiva.redback.rbac.RbacObjectNotFoundException; -import org.apache.archiva.redback.rbac.Resource; -import org.apache.archiva.redback.rbac.Role; -import org.apache.archiva.redback.rbac.UserAssignment; -import org.apache.archiva.redback.users.UserManagerException; -import org.apache.archiva.redback.users.UserNotFoundException; -import org.apache.commons.lang.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import javax.inject.Inject; -import javax.inject.Named; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; - -/** - * @author Olivier Lamy - * @since 2.1 - */ -@Service( "authorizer#ldap" ) -public class LdapAuthorizer - implements Authorizer -{ - - private Logger log = LoggerFactory.getLogger( getClass() ); - - @Inject - @Named( value = "rbacManager#cached" ) - private RBACManager rbacManager; - - @Inject - private LdapRoleMapper ldapRoleMapper; - - - public String getId() - { - return "ldap"; - } - - public AuthorizationResult isAuthorized( AuthorizationDataSource source ) - throws AuthorizationException - { - - String userName = StringUtils.isEmpty( source.getPrincipal() ) ? "guest" : source.getPrincipal(); - String operation = source.getPermission(); - String resource = source.getResource(); - try - { - List<String> roles = ldapRoleMapper.getRoles( userName ); - - Map<String, List<Permission>> permissionMap = getAssignedPermissionMap( roles ); - - if ( permissionMap.keySet().contains( operation ) ) - { - for ( Permission permission : permissionMap.get( operation ) ) - { - - log.debug( "checking permission {} for operation {} resource {}", - ( permission != null ? permission.getName() : "null" ), operation, resource ); - - if ( evaluate( permission, operation, resource, userName ) ) - { - return new AuthorizationResult( true, permission, null ); - } - } - - log.debug( "no permission found for operation {} resource {}", operation, resource ); - } - else - { - log.debug( "permission map does not contain operation: {}", operation ); - } - - } - catch ( MappingException e ) - { - log.info( "skip MappingException trying to find LDAP roles for user: '{}", userName ); - } - catch ( RbacManagerException e ) - { - log.info( "skip RbacManagerException trying to find LDAP roles for user: '{}", userName ); - } - return null; - - } - - - - public Map<String, List<Permission>> getAssignedPermissionMap( List<String> roles ) - throws RbacObjectNotFoundException, RbacManagerException - { - return getPermissionMapByOperation( getAssignedPermissions( roles ) ); - } - - public Set<Permission> getAssignedPermissions( List<String> roles ) - throws RbacObjectNotFoundException, RbacManagerException - { - - Set<Permission> permissionSet = new HashSet<Permission>(); - - boolean childRoleNamesUpdated = false; - - Iterator<String> it = roles.iterator(); - while ( it.hasNext() ) - { - String roleName = it.next(); - try - { - Role role = rbacManager.getRole( roleName ); - gatherUniquePermissions( role, permissionSet ); - } - catch ( RbacObjectNotFoundException e ) - { - // Found a bad role name. remove it! - it.remove(); - childRoleNamesUpdated = true; - } - } - - return permissionSet; - } - - private void gatherUniquePermissions( Role role, Collection<Permission> coll ) - throws RbacManagerException - { - if ( role.getPermissions() != null ) - { - for ( Permission permission : role.getPermissions() ) - { - if ( !coll.contains( permission ) ) - { - coll.add( permission ); - } - } - } - - if ( role.hasChildRoles() ) - { - Map<String, Role> childRoles = getChildRoles( role ); - Iterator<Role> it = childRoles.values().iterator(); - while ( it.hasNext() ) - { - Role child = it.next(); - gatherUniquePermissions( child, coll ); - } - } - } - - public Map<String, Role> getChildRoles( Role role ) - throws RbacManagerException - { - Map<String, Role> childRoles = new HashMap<String, Role>(); - - boolean childRoleNamesUpdated = false; - - Iterator<String> it = role.getChildRoleNames().listIterator(); - while ( it.hasNext() ) - { - String roleName = it.next(); - try - { - Role child = rbacManager.getRole( roleName ); - childRoles.put( child.getName(), child ); - } - catch ( RbacObjectNotFoundException e ) - { - // Found a bad roleName! - remove it. - it.remove(); - childRoleNamesUpdated = true; - } - } - - return childRoles; - } - - - private Map<String, List<Permission>> getPermissionMapByOperation( Collection<Permission> permissions ) - { - Map<String, List<Permission>> userPermMap = new HashMap<String, List<Permission>>(); - - for ( Permission permission : permissions ) - { - List<Permission> permList = userPermMap.get( permission.getOperation().getName() ); - - if ( permList != null ) - { - permList.add( permission ); - } - else - { - List<Permission> newPermList = new ArrayList<Permission>( permissions.size() ); - newPermList.add( permission ); - userPermMap.put( permission.getOperation().getName(), newPermList ); - } - } - - return userPermMap; - } - - public boolean evaluate( Permission permission, String operation, String resource, String principal ) - { - String permissionResource = permission.getResource().getIdentifier(); - - // expression evaluation checking - /*if ( permissionResource.startsWith( "${" ) ) - { - String tempStr = permissionResource.substring( 2, permissionResource.indexOf( '}' ) ); - - if ( "username".equals( tempStr ) ) - { - try - { - permissionResource = userManager.findUser( principal ).getUsername(); - } - catch ( UserNotFoundException e ) - { - throw new PermissionEvaluationException( "unable to locate user to retrieve username", e ); - } - catch ( UserManagerException e ) - { - throw new PermissionEvaluationException( "trouble finding user: " + e.getMessage(), e ); - } - } - }*/ - - // check if this permission applies to the operation at all - if ( permission.getOperation().getName().equals( operation ) ) - { - // check if it is a global resource, if it is then since the operations match we return true - if ( Resource.GLOBAL.equals( permission.getResource().getIdentifier() ) ) - { - return true; - } - - // if we are not checking a specific resource, the operation is enough - if ( resource == null ) - { - return true; - } - - // check if the resource identifier of the permission matches the resource we are checking against - // if it does then return true - if ( permissionResource.equals( resource ) ) - { - return true; - } - } - - return false; - } - - public boolean isFinalImplementation() - { - return true; - } - - public String getDescriptionKey() - { - return "archiva.redback.authorizer.ldap"; - } -} diff --git a/redback-authorization/redback-authorization-providers/redback-authorization-ldap/src/main/resources/META-INF/spring-context.xml b/redback-authorization/redback-authorization-providers/redback-authorization-ldap/src/main/resources/META-INF/spring-context.xml deleted file mode 100644 index 56f7bb102..000000000 --- a/redback-authorization/redback-authorization-providers/redback-authorization-ldap/src/main/resources/META-INF/spring-context.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml version="1.0"?> - -<!-- - ~ Licensed to the Apache Software Foundation (ASF) under one - ~ or more contributor license agreements. See the NOTICE file - ~ distributed with this work for additional information - ~ regarding copyright ownership. The ASF licenses this file - ~ to you under the Apache License, Version 2.0 (the - ~ "License"); you may not use this file except in compliance - ~ with the License. You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, - ~ software distributed under the License is distributed on an - ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - ~ KIND, either express or implied. See the License for the - ~ specific language governing permissions and limitations - ~ under the License. - --> -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:context="http://www.springframework.org/schema/context" - xsi:schemaLocation="http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-3.0.xsd - http://www.springframework.org/schema/context - http://www.springframework.org/schema/context/spring-context-3.0.xsd" - default-lazy-init="true"> - - <context:annotation-config /> - <context:component-scan - base-package="org.apache.archiva.redback.authorization.ldap"/> - -</beans>
\ No newline at end of file |