diff options
| author | Olivier Lamy <olamy@apache.org> | 2013-01-07 16:23:14 +0000 |
|---|---|---|
| committer | Olivier Lamy <olamy@apache.org> | 2013-01-07 16:23:14 +0000 |
| commit | 2ab87f190776ece15838b3cc87bef553d8b58d81 (patch) | |
| tree | 3c2dde808a93361ca31a4fcf92b1b56932d0fa9f /redback-rbac | |
| parent | eeab891d1b878ece7baf19126aed04cc837d1e58 (diff) | |
| download | archiva-2ab87f190776ece15838b3cc87bef553d8b58d81.tar.gz archiva-2ab87f190776ece15838b3cc87bef553d8b58d81.zip | |
move this module in the correct place
git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1429879 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'redback-rbac')
9 files changed, 0 insertions, 624 deletions
diff --git a/redback-rbac/pom.xml b/redback-rbac/pom.xml index f22411d19..08e0bd670 100644 --- a/redback-rbac/pom.xml +++ b/redback-rbac/pom.xml @@ -32,6 +32,5 @@ <module>redback-rbac-providers</module> <module>redback-rbac-role-manager</module> <module>redback-rbac-tests</module> - <module>redback-authorization-rbac</module> </modules> </project> diff --git a/redback-rbac/redback-authorization-rbac/pom.xml b/redback-rbac/redback-authorization-rbac/pom.xml deleted file mode 100644 index 7dab09593..000000000 --- a/redback-rbac/redback-authorization-rbac/pom.xml +++ /dev/null @@ -1,91 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ~ Licensed to the Apache Software Foundation (ASF) under one - ~ or more contributor license agreements. See the NOTICE file - ~ distributed with this work for additional information - ~ regarding copyright ownership. The ASF licenses this file - ~ to you under the Apache License, Version 2.0 (the - ~ "License"); you may not use this file except in compliance - ~ with the License. You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, - ~ software distributed under the License is distributed on an - ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - ~ KIND, either express or implied. See the License for the - ~ specific language governing permissions and limitations - ~ under the License. - --> -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> - - <modelVersion>4.0.0</modelVersion> - - <parent> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-authorization-providers</artifactId> - <version>2.1-SNAPSHOT</version> - <relativePath>../../redback-authorization/redback-authorization-providers/pom.xml</relativePath> - </parent> - - <artifactId>redback-authorization-rbac</artifactId> - <packaging>bundle</packaging> - <name>Redback :: Authorization Provider :: RBAC</name> - - <dependencies> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-users-api</artifactId> - </dependency> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-authorization-api</artifactId> - </dependency> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-rbac-cached</artifactId> - </dependency> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-rbac-memory</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-users-configurable</artifactId> - <scope>runtime</scope> - </dependency> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-users-memory</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.apache.archiva.redback</groupId> - <artifactId>redback-rbac-model</artifactId> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-context-support</artifactId> - </dependency> - <dependency> - <groupId>javax.annotation</groupId> - <artifactId>jsr250-api</artifactId> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-simple</artifactId> - <scope>test</scope> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.felix</groupId> - <artifactId>maven-bundle-plugin</artifactId> - </plugin> - </plugins> - </build> - -</project> diff --git a/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/RbacAuthorizer.java b/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/RbacAuthorizer.java deleted file mode 100644 index 2ce17b4c8..000000000 --- a/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/RbacAuthorizer.java +++ /dev/null @@ -1,199 +0,0 @@ -package org.apache.archiva.redback.authorization.rbac; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.apache.archiva.redback.authorization.AuthorizationDataSource; -import org.apache.archiva.redback.authorization.AuthorizationException; -import org.apache.archiva.redback.authorization.AuthorizationResult; -import org.apache.archiva.redback.authorization.Authorizer; -import org.apache.archiva.redback.authorization.NotAuthorizedException; -import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluationException; -import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluator; -import org.apache.archiva.redback.rbac.Permission; -import org.apache.archiva.redback.rbac.RBACManager; -import org.apache.archiva.redback.rbac.RbacManagerException; -import org.apache.archiva.redback.rbac.RbacObjectNotFoundException; -import org.apache.archiva.redback.users.User; -import org.apache.archiva.redback.users.UserManager; -import org.apache.archiva.redback.users.UserManagerException; -import org.apache.archiva.redback.users.UserNotFoundException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Service; - -import javax.inject.Inject; -import javax.inject.Named; -import java.util.List; -import java.util.Map; - -/** - * RbacAuthorizer: - * - * @author Jesse McConnell <jmcconnell@apache.org> - */ -@Service("authorizer#rbac") -public class RbacAuthorizer - implements Authorizer -{ - private Logger log = LoggerFactory.getLogger( getClass() ); - - @Inject - @Named(value = "rbacManager#cached") - private RBACManager manager; - - @Inject - @Named(value = "userManager#configurable") - private UserManager userManager; - - @Inject - private PermissionEvaluator evaluator; - - public String getId() - { - return "rbac"; - } - - /** - * @param source - * @return - * @throws AuthorizationException - */ - public AuthorizationResult isAuthorized( AuthorizationDataSource source ) - throws AuthorizationException - { - String principal = source.getPrincipal(); - String operation = source.getPermission(); - String resource = source.getResource(); - - try - { - if ( principal != null ) - { - // Set permissions = manager.getAssignedPermissions( principal.toString(), operation ); - Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( principal ); - - if ( permissionMap.keySet().contains( operation ) ) - { - for ( Permission permission : permissionMap.get( operation ) ) - { - - log.debug( "checking permission {} for operation {} resource {}", - ( permission != null ? permission.getName() : "null" ), operation, resource ); - - if ( evaluator.evaluate( permission, operation, resource, principal ) ) - { - return new AuthorizationResult( true, permission, null ); - } - } - - log.debug( "no permission found for operation {} resource {}", operation, resource ); - } - else - { - log.debug( "permission map does not contain operation: {}", operation ); - } - } - // check if guest user is enabled, if so check the global permissions - User guest = userManager.getGuestUser(); - - if ( !guest.isLocked() ) - { - // Set permissions = manager.getAssignedPermissions( principal.toString(), operation ); - Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( guest.getUsername() ); - - if ( permissionMap.keySet().contains( operation ) ) - { - for ( Permission permission : permissionMap.get( operation ) ) - { - log.debug( "checking permission {}", permission.getName() ); - - if ( evaluator.evaluate( permission, operation, resource, guest.getUsername() ) ) - { - return new AuthorizationResult( true, permission, null ); - } - } - } - } - - return new AuthorizationResult( false, null, new NotAuthorizedException( "no matching permissions" ) ); - } - catch ( PermissionEvaluationException pe ) - { - return new AuthorizationResult( false, null, pe ); - } - catch ( RbacObjectNotFoundException nfe ) - { - return new AuthorizationResult( false, null, nfe ); - } - catch ( UserNotFoundException ne ) - { - return new AuthorizationResult( false, null, - new NotAuthorizedException( "no matching permissions, guest not found" ) ); - } - catch ( RbacManagerException rme ) - { - return new AuthorizationResult( false, null, rme ); - } - catch ( UserManagerException e ) - { - return new AuthorizationResult( false, null, e ); - } - } - - public RBACManager getManager() - { - return manager; - } - - public void setManager( RBACManager manager ) - { - this.manager = manager; - } - - public UserManager getUserManager() - { - return userManager; - } - - public void setUserManager( UserManager userManager ) - { - this.userManager = userManager; - } - - public PermissionEvaluator getEvaluator() - { - return evaluator; - } - - public void setEvaluator( PermissionEvaluator evaluator ) - { - this.evaluator = evaluator; - } - - public boolean isFinalImplementation() - { - return true; - } - - public String getDescriptionKey() - { - return "archiva.redback.authorizer.rbac"; - } -} diff --git a/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/DefaultPermissionEvaluator.java b/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/DefaultPermissionEvaluator.java deleted file mode 100644 index c3d033d83..000000000 --- a/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/DefaultPermissionEvaluator.java +++ /dev/null @@ -1,110 +0,0 @@ -package org.apache.archiva.redback.authorization.rbac.evaluator; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.apache.archiva.redback.rbac.Resource; -import org.apache.archiva.redback.users.UserManager; -import org.apache.archiva.redback.users.UserManagerException; -import org.apache.archiva.redback.users.UserNotFoundException; -import org.apache.archiva.redback.rbac.Permission; -import org.springframework.stereotype.Service; - -import javax.inject.Inject; -import javax.inject.Named; - -/** - * DefaultPermissionEvaluator: - * <p/> - * Currently only one expression is available for evaluation, ${username} will be replaced with the username - * of the person making the authorization check - * - * @author Jesse McConnell <jesse@codehaus.org> - */ -@Service("permissionEvaluator") -public class DefaultPermissionEvaluator - implements PermissionEvaluator -{ - @Inject - @Named(value = "userManager#configurable") - private UserManager userManager; - - public boolean evaluate( Permission permission, String operation, String resource, String principal ) - throws PermissionEvaluationException - { - String permissionResource = permission.getResource().getIdentifier(); - - // expression evaluation checking - if ( permissionResource.startsWith( "${" ) ) - { - String tempStr = permissionResource.substring( 2, permissionResource.indexOf( '}' ) ); - - if ( "username".equals( tempStr ) ) - { - try - { - permissionResource = userManager.findUser( principal ).getUsername(); - } - catch ( UserNotFoundException e ) - { - throw new PermissionEvaluationException( "unable to locate user to retrieve username", e ); - } - catch ( UserManagerException e ) - { - throw new PermissionEvaluationException( "trouble finding user: " + e.getMessage(), e ); - } - } - } - - // check if this permission applies to the operation at all - if ( permission.getOperation().getName().equals( operation ) ) - { - // check if it is a global resource, if it is then since the operations match we return true - if ( Resource.GLOBAL.equals( permission.getResource().getIdentifier() ) ) - { - return true; - } - - // if we are not checking a specific resource, the operation is enough - if ( resource == null ) - { - return true; - } - - // check if the resource identifier of the permission matches the resource we are checking against - // if it does then return true - if ( permissionResource.equals( resource ) ) - { - return true; - } - } - - return false; - } - - public UserManager getUserManager() - { - return userManager; - } - - public void setUserManager( UserManager userManager ) - { - this.userManager = userManager; - } -} diff --git a/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluationException.java b/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluationException.java deleted file mode 100644 index 15d4c8361..000000000 --- a/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluationException.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.apache.archiva.redback.authorization.rbac.evaluator; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -/** - * PermissionEvaluationException: - * - * @author Jesse McConnell <jmcconnell@apache.org> - * - */ -public class PermissionEvaluationException - extends Exception -{ - public PermissionEvaluationException( String string ) - { - super( string ); - } - - public PermissionEvaluationException( String string, Throwable throwable ) - { - super( string, throwable ); - } - -} diff --git a/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluator.java b/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluator.java deleted file mode 100644 index 8dc0014a5..000000000 --- a/redback-rbac/redback-authorization-rbac/src/main/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluator.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.apache.archiva.redback.authorization.rbac.evaluator; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.apache.archiva.redback.rbac.Permission; - - -/** - * PermissionEvaluator: - * - * @author Jesse McConnell <jmcconnell@apache.org> - * - */ -public interface PermissionEvaluator -{ - boolean evaluate( Permission permission, String operation, String resource, String principal ) - throws PermissionEvaluationException; -} diff --git a/redback-rbac/redback-authorization-rbac/src/main/resources/META-INF/spring-context.xml b/redback-rbac/redback-authorization-rbac/src/main/resources/META-INF/spring-context.xml deleted file mode 100644 index 9a306403a..000000000 --- a/redback-rbac/redback-authorization-rbac/src/main/resources/META-INF/spring-context.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml version="1.0"?> - -<!-- - ~ Licensed to the Apache Software Foundation (ASF) under one - ~ or more contributor license agreements. See the NOTICE file - ~ distributed with this work for additional information - ~ regarding copyright ownership. The ASF licenses this file - ~ to you under the Apache License, Version 2.0 (the - ~ "License"); you may not use this file except in compliance - ~ with the License. You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, - ~ software distributed under the License is distributed on an - ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - ~ KIND, either express or implied. See the License for the - ~ specific language governing permissions and limitations - ~ under the License. - --> -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:context="http://www.springframework.org/schema/context" - xsi:schemaLocation="http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-3.0.xsd - http://www.springframework.org/schema/context - http://www.springframework.org/schema/context/spring-context-3.0.xsd" - default-lazy-init="true"> - - <context:annotation-config /> - <context:component-scan - base-package="org.apache.archiva.redback.authorization.rbac"/> - -</beans>
\ No newline at end of file diff --git a/redback-rbac/redback-authorization-rbac/src/test/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluatorTest.java b/redback-rbac/redback-authorization-rbac/src/test/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluatorTest.java deleted file mode 100644 index fdff955c9..000000000 --- a/redback-rbac/redback-authorization-rbac/src/test/java/org/apache/archiva/redback/authorization/rbac/evaluator/PermissionEvaluatorTest.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.apache.archiva.redback.authorization.rbac.evaluator; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import junit.framework.TestCase; -import org.apache.archiva.redback.rbac.Permission; -import org.apache.archiva.redback.rbac.Operation; -import org.apache.archiva.redback.rbac.Resource; -import org.apache.archiva.redback.rbac.memory.MemoryOperation; -import org.apache.archiva.redback.rbac.memory.MemoryPermission; -import org.apache.archiva.redback.rbac.memory.MemoryResource; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -import javax.inject.Inject; - -@RunWith( SpringJUnit4ClassRunner.class ) -@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } ) -public class PermissionEvaluatorTest - extends TestCase -{ - - @Inject - PermissionEvaluator permissionEvaluator; - - @Test - public void testNullResource() - throws PermissionEvaluationException - { - // null resources should be considered as matching if any resource is obtained. - // we do this instead of using "global" as that is the inverse - you are allocated global rights, - // which is right to everything. null is the right to anything. - - Resource resource = new MemoryResource(); - resource.setIdentifier( "Resource" ); - - Operation operation = new MemoryOperation(); - operation.setName( "Operation" ); - - Permission permission = new MemoryPermission(); - permission.setName( "Permission" ); - permission.setOperation( operation ); - permission.setResource( resource ); - - assertTrue( permissionEvaluator.evaluate( permission, "Operation", null, "brett" ) ); - } -} diff --git a/redback-rbac/redback-authorization-rbac/src/test/resources/spring-context.xml b/redback-rbac/redback-authorization-rbac/src/test/resources/spring-context.xml deleted file mode 100644 index 926b77aaa..000000000 --- a/redback-rbac/redback-authorization-rbac/src/test/resources/spring-context.xml +++ /dev/null @@ -1,47 +0,0 @@ -<?xml version="1.0"?> - -<!-- - ~ Licensed to the Apache Software Foundation (ASF) under one - ~ or more contributor license agreements. See the NOTICE file - ~ distributed with this work for additional information - ~ regarding copyright ownership. The ASF licenses this file - ~ to you under the Apache License, Version 2.0 (the - ~ "License"); you may not use this file except in compliance - ~ with the License. You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, - ~ software distributed under the License is distributed on an - ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - ~ KIND, either express or implied. See the License for the - ~ specific language governing permissions and limitations - ~ under the License. - --> -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://www.springframework.org/schema/beans - http://www.springframework.org/schema/beans/spring-beans-3.0.xsd" - default-lazy-init="true"> - - <bean name="userManager#cached" class="org.apache.archiva.redback.users.cached.CachedUserManager"> - <property name="userImpl" ref="userManager#memory"/> - <property name="usersCache" ref="cache#users"/> - </bean> - - <alias name="userManager#memory" alias="userManager#jdo"/> - - <bean name="cache#users" class="org.apache.archiva.redback.components.cache.ehcache.EhcacheCache" - init-method="initialize"> - <property name="diskPersistent" value="false"/> - <property name="eternal" value="false"/> - <property name="maxElementsInMemory" value="1000"/> - <property name="memoryEvictionPolicy" value="LRU"/> - <property name="name" value="usersCache"/> - <property name="timeToIdleSeconds" value="1800"/> - <property name="timeToLiveSeconds" value="14400"/> - </bean> - - - <alias name="userConfiguration#redback" alias="userConfiguration#default"/> -</beans>
\ No newline at end of file |