diff options
Diffstat (limited to 'archiva-webapp')
17 files changed, 420 insertions, 825 deletions
diff --git a/archiva-webapp/pom.xml b/archiva-webapp/pom.xml index dcc723a59..8018e19ce 100644 --- a/archiva-webapp/pom.xml +++ b/archiva-webapp/pom.xml @@ -102,6 +102,10 @@ </dependency> <dependency> <groupId>org.apache.maven.archiva</groupId> + <artifactId>archiva-security</artifactId> + </dependency> + <dependency> + <groupId>org.apache.maven.archiva</groupId> <artifactId>archiva-applet</artifactId> <!-- TODO: actually, just exclude from WAR plugin --> <scope>provided</scope> @@ -194,6 +198,11 @@ </exclusions> </dependency> <dependency> + <groupId>org.codehaus.plexus.security</groupId> + <artifactId>plexus-security-keys-jdo</artifactId> + <version>1.0-SNAPSHOT</version> + </dependency> + <dependency> <groupId>org.codehaus.plexus</groupId> <artifactId>plexus-utils</artifactId> <version>1.2</version> diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java index 6d3db8567..b1154fb86 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java @@ -17,6 +17,7 @@ package org.apache.maven.archiva.web; */ import org.codehaus.plexus.security.user.User; +import org.codehaus.plexus.security.rbac.RbacManagerException; /** * ArchivaSecurityDefaults @@ -30,14 +31,8 @@ public interface ArchivaSecurityDefaults { public static final String ROLE = ArchivaSecurityDefaults.class.getName(); - public static final String GUEST_ROLE = "Guest Role"; - public static final String GUEST_USERNAME = "guest"; - - public static final String CONFIGURATION_EDIT_OPERATION = "edit-configuration"; - - public static final String CONFIGURATION_EDIT_PERMISSION = "Edit Configuration"; - + public static final String INDEX_REGENERATE_OPERATION = "regenerate-index"; public static final String INDEX_REGENERATE_PERMISSION = "Regenerate Index"; @@ -96,6 +91,7 @@ public interface ArchivaSecurityDefaults public static final String USERS_EDIT_ALL_PERMISSION = "Edit All Users"; - public void ensureDefaultsExist(); - public User getGuestUser(); + public void ensureDefaultsExist() + throws RbacManagerException; + } diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java index 6bf544acf..23449f1ea 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java @@ -22,12 +22,7 @@ import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationExce import org.codehaus.plexus.security.rbac.Operation; import org.codehaus.plexus.security.rbac.Permission; import org.codehaus.plexus.security.rbac.RBACManager; -import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException; -import org.codehaus.plexus.security.rbac.Role; -import org.codehaus.plexus.security.user.User; -import org.codehaus.plexus.security.user.UserManager; -import org.codehaus.plexus.security.user.UserNotFoundException; -import org.codehaus.plexus.security.policy.UserSecurityPolicy; +import org.codehaus.plexus.security.rbac.RbacManagerException; /** * DefaultArchivaSecurityDefaults @@ -45,21 +40,10 @@ public class DefaultArchivaSecurityDefaults */ private RBACManager rbacManager; - /** - * @plexus.requirement - */ - private UserManager userManager; - - /** - * @plexus.requirement - */ - private UserSecurityPolicy securityPolicy; - private boolean initialized = false; - private User guestUser; - public void ensureDefaultsExist() + throws RbacManagerException { if ( initialized ) { @@ -69,12 +53,12 @@ public class DefaultArchivaSecurityDefaults ensureOperationsExist(); ensurePermissionsExist(); ensureRolesExist(); - ensureUsersExist(); initialized = true; } private void ensureOperationExists( String operationName ) + throws RbacManagerException { if ( !rbacManager.operationExists( operationName ) ) { @@ -84,11 +68,11 @@ public class DefaultArchivaSecurityDefaults } private void ensureOperationsExist() + throws RbacManagerException { ensureOperationExists( REPOSITORY_ADD_OPERATION ); ensureOperationExists( REPOSITORY_EDIT_OPERATION ); ensureOperationExists( REPOSITORY_DELETE_OPERATION ); - ensureOperationExists( CONFIGURATION_EDIT_OPERATION ); ensureOperationExists( INDEX_RUN_OPERATION ); ensureOperationExists( INDEX_REGENERATE_OPERATION ); ensureOperationExists( REPORTS_ACCESS_OPERATION ); @@ -102,26 +86,21 @@ public class DefaultArchivaSecurityDefaults } private void ensurePermissionExists( String permissionName, String operationName, String resourceIdentifier ) + throws RbacManagerException { if ( !rbacManager.permissionExists( permissionName ) ) { - Permission editConfiguration = rbacManager.createPermission( permissionName, operationName, - resourceIdentifier ); + Permission editConfiguration = + rbacManager.createPermission( permissionName, operationName, resourceIdentifier ); rbacManager.savePermission( editConfiguration ); } } private void ensurePermissionsExist() + throws RbacManagerException { String globalResource = rbacManager.getGlobalResource().getIdentifier(); - ensurePermissionExists( USERS_EDIT_ALL_PERMISSION, USERS_EDIT_ALL_OPERATION, globalResource ); - - ensurePermissionExists( CONFIGURATION_EDIT_PERMISSION, CONFIGURATION_EDIT_OPERATION, globalResource ); - - ensurePermissionExists( ROLES_GRANT_PERMISSION, ROLES_GRANT_OPERATION, globalResource ); - ensurePermissionExists( ROLES_REMOVE_PERMISSION, ROLES_REMOVE_OPERATION, globalResource ); - ensurePermissionExists( REPORTS_ACCESS_PERMISSION, REPORTS_ACCESS_OPERATION, globalResource ); ensurePermissionExists( REPORTS_GENERATE_PERMISSION, REPORTS_GENERATE_OPERATION, globalResource ); @@ -134,78 +113,35 @@ public class DefaultArchivaSecurityDefaults } private void ensureRolesExist() + throws RbacManagerException { - try - { - if ( !rbacManager.roleExists( USER_ADMINISTRATOR ) ) - { - Role userAdmin = rbacManager.createRole( USER_ADMINISTRATOR ); - userAdmin.addPermission( rbacManager.getPermission( USERS_EDIT_ALL_PERMISSION ) ); - userAdmin.addPermission( rbacManager.getPermission( ROLES_REMOVE_PERMISSION ) ); - userAdmin.addPermission( rbacManager.getPermission( ROLES_GRANT_PERMISSION ) ); - userAdmin.setAssignable( true ); - rbacManager.saveRole( userAdmin ); - } - - if ( !rbacManager.roleExists( SYSTEM_ADMINISTRATOR ) ) - { - Role admin = rbacManager.createRole( SYSTEM_ADMINISTRATOR ); - admin.addChildRoleName( rbacManager.getRole( USER_ADMINISTRATOR ).getName() ); - admin.addPermission( rbacManager.getPermission( CONFIGURATION_EDIT_PERMISSION ) ); - admin.addPermission( rbacManager.getPermission( INDEX_RUN_PERMISSION ) ); - admin.addPermission( rbacManager.getPermission( REPOSITORY_ADD_PERMISSION ) ); - admin.addPermission( rbacManager.getPermission( REPORTS_ACCESS_PERMISSION ) ); - admin.addPermission( rbacManager.getPermission( REPORTS_GENERATE_PERMISSION ) ); - admin.addPermission( rbacManager.getPermission( INDEX_REGENERATE_PERMISSION ) ); - admin.setAssignable( true ); - rbacManager.saveRole( admin ); - } - - if ( !rbacManager.roleExists( GUEST_ROLE ) ) - { - Role userAdmin = rbacManager.createRole( GUEST_ROLE ); - // No permissions. - userAdmin.setAssignable( true ); - rbacManager.saveRole( userAdmin ); - } - } - catch ( RbacObjectNotFoundException ne ) - { - getLogger().fatalError( "Unable to initialize Roles!", ne ); - throw new RuntimeException( "All Mandatory Defaults do not Exist!" ); - } + /* TODO! + if ( !rbacManager.roleExists( SYSTEM_ADMINISTRATOR ) ) + { + Role admin = rbacManager.createRole( SYSTEM_ADMINISTRATOR ); + admin.addChildRoleName( rbacManager.getRole( USER_ADMINISTRATOR ).getName() ); + admin.addPermission( rbacManager.getPermission( CONFIGURATION_EDIT_PERMISSION ) ); + admin.addPermission( rbacManager.getPermission( INDEX_RUN_PERMISSION ) ); + admin.addPermission( rbacManager.getPermission( REPOSITORY_ADD_PERMISSION ) ); + admin.addPermission( rbacManager.getPermission( REPORTS_ACCESS_PERMISSION ) ); + admin.addPermission( rbacManager.getPermission( REPORTS_GENERATE_PERMISSION ) ); + admin.addPermission( rbacManager.getPermission( INDEX_REGENERATE_PERMISSION ) ); + admin.setAssignable( true ); + rbacManager.saveRole( admin ); + } + */ } - public void ensureUsersExist() + public void initialize() + throws InitializationException { - if( !userManager.userExists( GUEST_USERNAME )) + try { - securityPolicy.setEnabled( false ); - this.guestUser = userManager.createUser( GUEST_USERNAME, "Guest User", "" ); - this.guestUser = userManager.addUser( this.guestUser ); - securityPolicy.setEnabled( true ); + ensureDefaultsExist(); } - else + catch ( RbacManagerException e ) { - try - { - this.guestUser = userManager.findUser( GUEST_USERNAME ); - } - catch ( UserNotFoundException e ) - { - throw new RuntimeException( "Unable to find user '" + GUEST_USERNAME + "'", e ); - } + throw new InitializationException( e.getMessage(), e ); } } - - public User getGuestUser() - { - return this.guestUser; - } - - public void initialize() - throws InitializationException - { - ensureDefaultsExist(); - } } diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java index 33b82da30..1d92656c7 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java @@ -26,6 +26,7 @@ import org.apache.maven.archiva.configuration.ConfigurationStoreException; import org.apache.maven.archiva.configuration.InvalidConfigurationException; import org.apache.maven.archiva.web.util.RoleManager; import org.codehaus.plexus.xwork.action.PlexusActionSupport; +import org.codehaus.plexus.security.rbac.RbacManagerException; import java.io.IOException; @@ -64,7 +65,8 @@ public abstract class AbstractConfigureRepositoryAction protected Configuration configuration; public String add() - throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException + throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException, + RbacManagerException { // TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded @@ -79,7 +81,8 @@ public abstract class AbstractConfigureRepositoryAction } public String edit() - throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException + throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException, + RbacManagerException { // TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded @@ -94,7 +97,8 @@ public abstract class AbstractConfigureRepositoryAction protected abstract AbstractRepositoryConfiguration getRepository( String id ); private String saveConfiguration() - throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException + throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException, + RbacManagerException { addRepository(); diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AddAdminUserAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AddAdminUserAction.java deleted file mode 100644 index 80fd1272a..000000000 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AddAdminUserAction.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.apache.maven.archiva.web.action.admin; - -/* - * Copyright 2001-2006 The Apache Software Foundation. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import org.apache.maven.archiva.web.util.RoleManager; -import org.codehaus.plexus.security.policy.UserSecurityPolicy; -import org.codehaus.plexus.security.ui.web.action.AbstractUserCredentialsAction; -import org.codehaus.plexus.security.ui.web.model.EditUserCredentials; -import org.codehaus.plexus.security.user.User; -import org.codehaus.plexus.security.user.UserManager; - -/** - * AddAdminUserAction - * - * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a> - * @version $Id$ - * - * @plexus.component role="com.opensymphony.xwork.Action" - * role-hint="addAdminAction" - * instantiation-strategy="per-lookup" - */ -public class AddAdminUserAction - extends AbstractUserCredentialsAction -{ - /** - * @plexus.requirement - */ - private RoleManager roleManager; - - /** - * @plexus.requirement - */ - private UserManager userManager; - - /** - * @plexus.requirement - */ - private UserSecurityPolicy userSecurityPolicy; - - private EditUserCredentials user; - - public String show() - { - if ( user == null ) - { - user = new EditUserCredentials( RoleManager.ADMIN_USERNAME ); - } - - return INPUT; - } - - public String submit() - { - if ( user == null ) - { - user = new EditUserCredentials( RoleManager.ADMIN_USERNAME ); - addActionError( "Invalid admin credentials, try again." ); - return ERROR; - } - - getLogger().info( "user = " + user ); - - // ugly hack to get around lack of cross module plexus-cdc efforts. - super.manager = userManager; - super.securityPolicy = userSecurityPolicy; - // TODO: Fix plexus-cdc to operate properly for cross-module creation efforts. - - internalUser = user; - - validateCredentialsStrict(); - - if ( userManager.userExists( RoleManager.ADMIN_USERNAME ) ) - { - // Means that the role name exist already. - // We need to fail fast and return to the previous page. - addActionError( "Admin User exists in database (someone else probably created the user before you)." ); - return ERROR; - } - - if ( hasActionErrors() || hasFieldErrors() ) - { - return ERROR; - } - - User u = userManager.createUser( RoleManager.ADMIN_USERNAME, user.getFullName(), user.getEmail() ); - if ( u == null ) - { - addActionError( "Unable to operate on null user." ); - return ERROR; - } - - u.setPassword( user.getPassword() ); - u.setLocked( false ); - u.setPasswordChangeRequired( false ); - - - userManager.addUser( u ); - - roleManager.addAdminUser( u.getPrincipal().toString() ); - - return SUCCESS; - } - - public EditUserCredentials getUser() - { - return user; - } - - public void setUser( EditUserCredentials user ) - { - this.user = user; - } -}
\ No newline at end of file diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java index 787606b76..9f604b3ef 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java @@ -26,8 +26,13 @@ import org.apache.maven.archiva.configuration.ConfigurationStoreException; import org.apache.maven.archiva.configuration.InvalidConfigurationException; import org.apache.maven.archiva.indexer.RepositoryIndexException; import org.apache.maven.archiva.indexer.RepositoryIndexSearchException; -import org.codehaus.plexus.xwork.action.PlexusActionSupport; +import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.scheduler.CronExpressionValidator; +import org.codehaus.plexus.security.rbac.Resource; +import org.codehaus.plexus.security.ui.web.interceptor.SecureAction; +import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle; +import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException; +import org.codehaus.plexus.xwork.action.PlexusActionSupport; import java.io.File; import java.io.IOException; @@ -39,7 +44,7 @@ import java.io.IOException; */ public class ConfigureAction extends PlexusActionSupport - implements ModelDriven, Preparable, Validateable + implements ModelDriven, Preparable, Validateable, SecureAction { /** * @plexus.requirement @@ -72,10 +77,10 @@ public class ConfigureAction //validate cron expression cronValidator = new CronExpressionValidator(); - if( !cronValidator.validate( getCronExpression() ) ) + if ( !cronValidator.validate( getCronExpression() ) ) { addActionError( "Invalid Cron Expression" ); - } + } } public String execute() @@ -114,15 +119,29 @@ public class ConfigureAction while ( i < cronEx.length ) { - switch( i ) + switch ( i ) { - case 0 : second = cronEx[i]; break; - case 1 : minute = cronEx[i]; break; - case 2 : hour = cronEx[i]; break; - case 3 : dayOfMonth = cronEx[i]; break; - case 4 : month = cronEx[i]; break; - case 5 : dayOfWeek = cronEx[i]; break; - case 6 : year = cronEx[i]; break; + case 0: + second = cronEx[i]; + break; + case 1: + minute = cronEx[i]; + break; + case 2: + hour = cronEx[i]; + break; + case 3: + dayOfMonth = cronEx[i]; + break; + case 4: + month = cronEx[i]; + break; + case 5: + dayOfWeek = cronEx[i]; + break; + case 6: + year = cronEx[i]; + break; } i++; } @@ -213,8 +232,18 @@ public class ConfigureAction private String getCronExpression() { - return ( second + " " + minute + " " + hour + " " + dayOfMonth + " " + month + - " " + dayOfWeek + " " + year ).trim(); + return ( second + " " + minute + " " + hour + " " + dayOfMonth + " " + month + " " + dayOfWeek + " " + + year ).trim(); } + public SecureActionBundle getSecureActionBundle() + throws SecureActionException + { + SecureActionBundle bundle = new SecureActionBundle(); + + bundle.setRequiresAuthentication( true ); + bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, Resource.GLOBAL ); + + return bundle; + } } diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java index 338dd45b6..114f4c847 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java @@ -26,6 +26,7 @@ import org.apache.maven.archiva.web.ArchivaSecurityDefaults; import org.apache.maven.archiva.web.util.RoleManager; import org.codehaus.plexus.logging.AbstractLogEnabled; import org.codehaus.plexus.security.rbac.RBACManager; +import org.codehaus.plexus.security.rbac.RbacManagerException; import org.codehaus.plexus.security.user.User; import org.codehaus.plexus.security.user.UserManager; import org.codehaus.plexus.security.user.UserNotFoundException; @@ -126,6 +127,7 @@ public class ConfigurationInterceptor } public void ensureRepoRolesExist() + throws RbacManagerException { try { diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java index d5d9ce091..a09cec435 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java @@ -143,8 +143,7 @@ public class RepositoryAccess AuthenticationResult result; try { - result = httpAuth.getAuthenticationResult( request, response, archivaSecurity.getGuestUser().getPrincipal() - .toString() ); + result = httpAuth.getAuthenticationResult( request, response ); if ( !result.isAuthenticated() ) { diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java index 9805a01f6..67eb96952 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java @@ -18,22 +18,17 @@ package org.apache.maven.archiva.web.util; import org.apache.maven.archiva.web.ArchivaSecurityDefaults; import org.codehaus.plexus.logging.AbstractLogEnabled; -import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable; -import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException; import org.codehaus.plexus.security.rbac.Permission; import org.codehaus.plexus.security.rbac.RBACManager; -import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException; -import org.codehaus.plexus.security.rbac.RbacStoreException; +import org.codehaus.plexus.security.rbac.RbacManagerException; import org.codehaus.plexus.security.rbac.Resource; import org.codehaus.plexus.security.rbac.Role; -import org.codehaus.plexus.security.rbac.UserAssignment; import org.codehaus.plexus.security.user.User; import org.codehaus.plexus.security.user.UserManager; -import org.codehaus.plexus.security.user.UserManagerListener; -import org.codehaus.plexus.util.StringUtils; /** * DefaultRoleManager: + * @todo remove! * * @author Jesse McConnell <jmcconnell@apache.org> * @version $Id:$ @@ -42,174 +37,61 @@ import org.codehaus.plexus.util.StringUtils; */ public class DefaultRoleManager extends AbstractLogEnabled - implements RoleManager, UserManagerListener, Initializable + implements RoleManager { - /** - * @plexus.requirement - */ - private UserManager userManager; /** * @plexus.requirement */ private RBACManager manager; - - /** - * @plexus.requirement - */ - private ArchivaSecurityDefaults archivaSecurity; - - private boolean initialized; - - public void initialize() - throws InitializationException - { - archivaSecurity.ensureDefaultsExist(); - userManager.addUserManagerListener( this ); - initialized = true; - } - - public void addUser( String principal ) - throws RbacStoreException - { - // make the resource - Resource usernameResource = manager.createResource( principal ); - manager.saveResource( usernameResource ); - - Permission editUser = manager.createPermission( "Edit Myself - " + principal, "edit-user", principal ); - editUser = manager.savePermission( editUser ); - - // todo this one role a user will go away when we have expressions in the resources - String personalRoleName = "Personal Role - " + principal; - Role userRole = manager.createRole( personalRoleName ); - userRole.addPermission( editUser ); - userRole = manager.saveRole( userRole ); - - UserAssignment assignment = manager.createUserAssignment( principal ); - assignment.addRoleName( personalRoleName ); - manager.saveUserAssignment( assignment ); - } - - /** - * helper method for just creating an admin user assignment - * - * @param principal - * @throws RbacStoreException - * @throws RbacObjectNotFoundException - */ - public void addAdminUser( String principal ) - throws RbacStoreException - { - UserAssignment assignment = manager.createUserAssignment( principal ); - assignment.addRoleName( ArchivaSecurityDefaults.SYSTEM_ADMINISTRATOR ); - manager.saveUserAssignment( assignment ); - } public void addRepository( String repositoryName ) - throws RbacStoreException - { - try - { - // make the resource - Resource repoResource = manager.createResource( repositoryName ); - repoResource = manager.saveResource( repoResource ); - - // make the permissions - Permission editRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName ); - editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) ); - editRepo.setResource( repoResource ); - editRepo = manager.savePermission( editRepo ); - - Permission deleteRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName ); - deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) ); - deleteRepo.setResource( repoResource ); - deleteRepo = manager.savePermission( deleteRepo ); - - Permission accessRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName ); - accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) ); - accessRepo.setResource( repoResource ); - accessRepo = manager.savePermission( accessRepo ); - - Permission uploadRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName ); - uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) ); - uploadRepo.setResource( repoResource ); - uploadRepo = manager.savePermission( uploadRepo ); - - // make the roles - Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName ); - repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) ); - repositoryObserver.setAssignable( true ); - repositoryObserver = manager.saveRole( repositoryObserver ); - - Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName ); - repositoryManager.addPermission( editRepo ); - repositoryManager.addPermission( deleteRepo ); - repositoryManager.addPermission( accessRepo ); - repositoryManager.addPermission( uploadRepo ); - repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) ); - repositoryManager.addChildRoleName( repositoryObserver.getName() ); - repositoryManager.setAssignable( true ); - manager.saveRole( repositoryManager ); - } - catch ( RbacObjectNotFoundException ne ) - { - throw new RbacStoreException( "rbac object not found in repo role creation", ne ); - } - } - - public boolean isInitialized() - { - return initialized; - } - - public void setInitialized( boolean initialized ) - { - this.initialized = initialized; - } - - public void userManagerInit( boolean freshDatabase ) - { - // no-op - } - - public void userManagerUserAdded( User user ) + throws RbacManagerException { - if ( !StringUtils.equals( ADMIN_USERNAME, user.getUsername() ) ) - { - // We have a non-admin user. - String principal = user.getPrincipal().toString(); - - // Add the personal (dynamic) roles. - addUser( principal ); - - // Add the guest (static) role. - try - { - Role guestRole = manager.getRole( ArchivaSecurityDefaults.GUEST_ROLE ); - guestRole = manager.saveRole( guestRole ); - - UserAssignment assignment = manager.createUserAssignment( principal ); - assignment.addRoleName( guestRole.getName() ); - manager.saveUserAssignment( assignment ); - } - catch ( RbacStoreException e ) - { - getLogger().error( "Unable to add guest role to new user " + user.getUsername() + ".", e ); - } - catch ( RbacObjectNotFoundException e ) - { - getLogger().error( "Unable to add guest role to new user " + user.getUsername() + ".", e ); - } - } - } - - public void userManagerUserRemoved( User user ) - { - // TODO: Should remove the personal (dynamic) roles for this user too. + // make the resource + Resource repoResource = manager.createResource( repositoryName ); + repoResource = manager.saveResource( repoResource ); + + // make the permissions + Permission editRepo = + manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName ); + editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) ); + editRepo.setResource( repoResource ); + editRepo = manager.savePermission( editRepo ); + + Permission deleteRepo = + manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName ); + deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) ); + deleteRepo.setResource( repoResource ); + deleteRepo = manager.savePermission( deleteRepo ); + + Permission accessRepo = + manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName ); + accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) ); + accessRepo.setResource( repoResource ); + accessRepo = manager.savePermission( accessRepo ); + + Permission uploadRepo = + manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName ); + uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) ); + uploadRepo.setResource( repoResource ); + uploadRepo = manager.savePermission( uploadRepo ); + + // make the roles + Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName ); + repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) ); + repositoryObserver.setAssignable( true ); + repositoryObserver = manager.saveRole( repositoryObserver ); + + Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName ); + repositoryManager.addPermission( editRepo ); + repositoryManager.addPermission( deleteRepo ); + repositoryManager.addPermission( accessRepo ); + repositoryManager.addPermission( uploadRepo ); + repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) ); + repositoryManager.addChildRoleName( repositoryObserver.getName() ); + repositoryManager.setAssignable( true ); + manager.saveRole( repositoryManager ); } - public void userManagerUserUpdated( User user ) - { - // no-op - } } diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java index 9a58d6bdd..3f614d8b7 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java @@ -16,7 +16,7 @@ package org.apache.maven.archiva.web.util; * limitations under the License. */ -import org.codehaus.plexus.security.rbac.RbacStoreException; +import org.codehaus.plexus.security.rbac.RbacManagerException; /** * RoleManager: @@ -27,17 +27,8 @@ import org.codehaus.plexus.security.rbac.RbacStoreException; public interface RoleManager { public static final String ROLE = RoleManager.class.getName(); - - public static final String ADMIN_USERNAME = "admin"; public void addRepository( String repositoryName ) - throws RbacStoreException; + throws RbacManagerException; - public void addUser( String principal ) - throws RbacStoreException; - - public void addAdminUser( String principal ) - throws RbacStoreException; - - public boolean isInitialized(); } diff --git a/archiva-webapp/src/main/resources/META-INF/plexus/application.xml b/archiva-webapp/src/main/resources/META-INF/plexus/application.xml index 124967ab5..e2e092cc4 100644 --- a/archiva-webapp/src/main/resources/META-INF/plexus/application.xml +++ b/archiva-webapp/src/main/resources/META-INF/plexus/application.xml @@ -27,7 +27,7 @@ <configuration> <threshold>WARN</threshold> <default-appender>console,rolling</default-appender> - + <appenders> <appender> <id>console</id> @@ -35,7 +35,7 @@ <type>org.apache.log4j.ConsoleAppender</type> <conversion-pattern>%d [%t] %-5p %-30c{1} - %m%n</conversion-pattern> </appender> - + <appender> <id>rolling</id> <threshold>DEBUG</threshold> @@ -57,7 +57,7 @@ </property> </properties> </appender> - + <appender> <id>audit</id> <threshold>DEBUG</threshold> @@ -80,13 +80,13 @@ </properties> </appender> </appenders> - + <levels> <level> <hierarchy>org.apache.maven.archiva.web.servlet.repository.RepositoryMapping</hierarchy> <level>DEBUG, audit</level> </level> - + <!-- Help identify bugs during testing --> <level> <hierarchy>org.apache.maven</hierarchy> @@ -104,14 +104,14 @@ <level> <hierarchy>org.quartz</hierarchy> <level>INFO</level> - </level> + </level> <level> <hierarchy>org.apache.jasper</hierarchy> <level>INFO</level> </level> <level> - <hierarchy>com.opensymphony.xwork</hierarchy> - <level>INFO</level> + <hierarchy>com.opensymphony.xwork</hierarchy> + <level>INFO</level> </level> <level> <hierarchy>com.opensymphony.webwork</hierarchy> @@ -125,12 +125,12 @@ <hierarchy>JPOX</hierarchy> <level>WARN</level> </level> -<!-- - <level> - <hierarchy>JPOX.RDBMS.SQL</hierarchy> - <level>DEBUG</level> - </level> ---> + <!-- + <level> + <hierarchy>JPOX.RDBMS.SQL</hierarchy> + <level>DEBUG</level> + </level> + --> <level> <hierarchy>freemarker</hierarchy> <level>WARN</level> @@ -139,28 +139,70 @@ </configuration> </component> - <!-- plexus security components --> - <component> + <component> + <role>org.codehaus.plexus.security.system.ApplicationDetails</role> + <implementation>org.codehaus.plexus.security.system.DefaultApplicationDetails</implementation> + <description>DefaultApplicationDetails</description> + <configuration> + <application-name>Unconfigured Application Name</application-name> + <!-- Do not include the trailing '/' on the url. --> + <application-url>http://localhost:9090</application-url> + <timestamp-format>EEE, d MMM yyyy HH:mm:ss Z</timestamp-format> + </configuration> + </component> + + <component> + <role>org.codehaus.plexus.security.system.EmailSettings</role> + <implementation>org.codehaus.plexus.security.system.DefaultEmailSettings</implementation> + <description>DefaultEmailSettings</description> + <configuration> + <feedback>/feedback.action</feedback> + <from-address>security@unconfigured.com</from-address> + <from-username>Unconfigured Username</from-username> + </configuration> + </component> + + <component> <role>org.codehaus.plexus.security.system.SecuritySystem</role> <implementation>org.codehaus.plexus.security.system.DefaultSecuritySystem</implementation> <role-hint>default</role-hint> <requirements> <requirement> - <role>org.codehaus.plexus.security.authentication.Authenticator</role> - <role-hint>user-manager</role-hint> + <role>org.codehaus.plexus.security.authentication.AuthenticationManager</role> + <role-hint>default</role-hint> + <field-name>authnManager</field-name> </requirement> <requirement> <role>org.codehaus.plexus.security.authorization.Authorizer</role> <role-hint>rbac</role-hint> + <field-name>authorizer</field-name> </requirement> <requirement> <role>org.codehaus.plexus.security.user.UserManager</role> <role-hint>jdo</role-hint> + <field-name>userManager</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.security.keys.KeyManager</role> + <role-hint>jdo</role-hint> + <field-name>keyManager</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.security.policy.UserSecurityPolicy</role> + <role-hint>default</role-hint> + <field-name>policy</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.security.system.ApplicationDetails</role> + <field-name>applicationDetails</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.security.system.EmailSettings</role> + <field-name>emailSettings</field-name> </requirement> </requirements> </component> - <component> <role>org.codehaus.plexus.security.authorization.Authorizer</role> <role-hint>rbac</role-hint> @@ -171,11 +213,152 @@ <role-hint>jdo</role-hint> </requirement> <requirement> + <role>org.codehaus.plexus.security.user.UserManager</role> + <role-hint>jdo</role-hint> + <field-name>userManager</field-name> + </requirement> + <requirement> <role>org.codehaus.plexus.security.authorization.rbac.evaluator.PermissionEvaluator</role> <role-hint>default</role-hint> </requirement> </requirements> </component> + <component> + <role>org.codehaus.plexus.security.policy.PasswordRule</role> + <role-hint>character-length</role-hint> + <implementation>org.codehaus.plexus.security.policy.rules.CharacterLengthPasswordRule</implementation> + <description>Basic Password Rule, Checks for non-empty passwords that have between {@link + #setMinimumCharacters(int)} and {@link #setMaximumCharacters(int)} characters in length. + </description> + <configuration> + <enabled>true</enabled> + <minimum-characters>1</minimum-characters> + <maximum-characters>8</maximum-characters> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.security.policy.PasswordRule</role> + <role-hint>reuse</role-hint> + <implementation>org.codehaus.plexus.security.policy.rules.ReusePasswordRule</implementation> + <description>Password Rule, Checks supplied password found at {@link User#getPassword()} against the {@link + User#getPreviousEncodedPasswords()} to ensure that a password is not reused. + </description> + <configuration> + <enabled>true</enabled> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.security.policy.PasswordRule</role> + <role-hint>numerical-count</role-hint> + <implementation>org.codehaus.plexus.security.policy.rules.NumericalPasswordRule</implementation> + <description>Basic Password Rule, Checks for non-empty passwords that have at least {@link #setMinimumCount(int)} + of numerical characters contained within. + </description> + <configuration> + <enabled>true</enabled> + <minimum-count>1</minimum-count> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.security.policy.PasswordRule</role> + <role-hint>must-have</role-hint> + <implementation>org.codehaus.plexus.security.policy.rules.MustHavePasswordRule</implementation> + <description>Basic Password Rule, Checks for non-empty Passwords in non guest users.</description> + <configuration> + <enabled>true</enabled> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.security.policy.PasswordRule</role> + <role-hint>alpha-count</role-hint> + <implementation>org.codehaus.plexus.security.policy.rules.AlphaPasswordRule</implementation> + <description>Basic Password Rule, Checks for non-empty passwords that have at least {@link #setMinimumCount(int)} + of alpha characters contained within. + </description> + <configuration> + <enabled>true</enabled> + <minimum-count>1</minimum-count> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.security.policy.UserSecurityPolicy</role> + <role-hint>default</role-hint> + <implementation>org.codehaus.plexus.security.policy.DefaultUserSecurityPolicy</implementation> + <description>User Security Policy.</description> + <requirements> + <requirement> + <role>org.codehaus.plexus.security.policy.PasswordEncoder</role> + <role-hint>sha256</role-hint> + <field-name>passwordEncoder</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.security.policy.UserValidationSettings</role> + <field-name>userValidationSettings</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.security.policy.PasswordRule</role> + <field-name>rules</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.security.policy.RememberMeSettings</role> + <field-name>rememberMeSettings</field-name> + </requirement> + <requirement> + <role>org.codehaus.plexus.security.policy.SingleSignOnSettings</role> + <field-name>singleSignOnSettings</field-name> + </requirement> + </requirements> + <configuration> + <previous-passwords-count>6</previous-passwords-count> + <login-attempt-count>3</login-attempt-count> + <password-expiration-days>90</password-expiration-days> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.security.policy.RememberMeSettings</role> + <implementation>org.codehaus.plexus.security.policy.DefaultRememberMeSettings</implementation> + <description>DefaultRememberMeSettings</description> + <configuration> + <enabled>true</enabled> + <cookie-timeout>525600</cookie-timeout> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.security.policy.SingleSignOnSettings</role> + <implementation>org.codehaus.plexus.security.policy.DefaultSingleSignOnSettings</implementation> + <description>DefaultSingleSignOnSettings</description> + <configuration> + <enabled>true</enabled> + <cookie-timeout>30</cookie-timeout> + <cookie-domain>localhost</cookie-domain> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.security.policy.UserValidationSettings</role> + <implementation>org.codehaus.plexus.security.policy.DefaultUserValidationSettings</implementation> + <description>DefaultUserValidationSettings</description> + <configuration> + <email-validation-required>true</email-validation-required> + <!-- This is a timeout for the validation url (in minutes) - 2880 = 48 hours --> + <email-validation-timeout>2880</email-validation-timeout> + <email-login-path>/security/login!login.action</email-login-path> + <email-subject>Unconfigured Subject Line</email-subject> + </configuration> + </component> + <component> + <role>org.codehaus.plexus.mailsender.MailSender</role> + <implementation>org.codehaus.plexus.mailsender.javamail.JavamailMailSender</implementation> + <configuration> + <smtp-host>localhost</smtp-host> + <smtp-port>25</smtp-port> + <sslProvider>com.sun.net.ssl.internal.ssl.Provider</sslProvider> + <!-- + <username>mylogin</username> + <password>mypassword</password> + <sslMode>true</sslMode> + --> + </configuration> + </component> <component> @@ -213,6 +396,10 @@ <name>org.jpox.poid.transactionIsolation</name> <value>READ_UNCOMMITTED</value> </property> + <property> + <name>org.jpox.rdbms.dateTimezone</name> + <value>JDK_DEFAULT_TIMEZONE</value> + </property> </otherProperties> </configuration> </component> diff --git a/archiva-webapp/src/main/resources/xwork.xml b/archiva-webapp/src/main/resources/xwork.xml index 806e01095..b2ef0a535 100644 --- a/archiva-webapp/src/main/resources/xwork.xml +++ b/archiva-webapp/src/main/resources/xwork.xml @@ -20,25 +20,39 @@ <xwork> <!-- TODO: better error handling for exceptions needed! --> - <!-- Include webwork defaults (from WebWork JAR). --> - <include file="webwork-default.xml"/> + <!-- Include plexus-security xwork configurations. --> + <include file="xwork-security.xml"/> - <!-- Include plexus-security xwork configurations. --> - <include file="xwork-security.xml" /> - - <package name="base" extends="webwork-default"> + <package name="base" extends="security"> <interceptors> <interceptor name="configuration" class="configurationInterceptor"/> <interceptor name="pssSecureActions" class="pssSecureActionInterceptor"/> + <interceptor name="continuumConfigurationCheck" class="forceContinuumConfigurationInterceptor"/> + <interceptor name="pssForceAdminUser" class="pssForceAdminUserInterceptor"/> + <interceptor name="pssSecureActions" class="pssSecureActionInterceptor"/> + <interceptor name="pssAutoLogin" class="pssAutoLoginInterceptor"/> + <interceptor name="pssEnvironmentChecker" class="pssEnvironmentCheckInterceptor"/> + + <interceptor-stack name="unconfiguredStack"> + <interceptor-ref name="defaultStack"/> + <interceptor-ref name="pssEnvironmentChecker"/> + <interceptor-ref name="pssForceAdminUser"/> + <interceptor-ref name="pssAutoLogin"/> + <interceptor-ref name="pssSecureActions"/> + </interceptor-stack> + <interceptor-stack name="configuredStack"> <interceptor-ref name="defaultStack"/> - <interceptor-ref name="configuration"/> + <interceptor-ref name="pssEnvironmentChecker"/> + <interceptor-ref name="pssForceAdminUser"/> + <interceptor-ref name="pssAutoLogin"/> <interceptor-ref name="pssSecureActions"/> + <interceptor-ref name="configuration"/> </interceptor-stack> + <interceptor-stack name="configuredPrepareParamsStack"> <interceptor-ref name="paramsPrepareParamsStack"/> - <interceptor-ref name="configuration"/> - <interceptor-ref name="pssSecureActions"/> + <interceptor-ref name="configuredStack"/> </interceptor-stack> </interceptors> @@ -48,28 +62,27 @@ <global-results> <!-- TODO: want an extra message on the configure page when this first happens! --> <!-- TODO: can we send them back to the original location afterwards? --> - <result name="admin-user-needed" type="redirect-action"> - <param name="namespace">/admin</param> - <param name="actionName">addadmin</param> - </result> - <result name="config-needed" type="redirect-action"> <param name="namespace">/admin</param> <param name="actionName">configure</param> </result> - + <!-- This redirect is triggered by the configuration interceptor --> <result name="config-repository-needed" type="redirect-action"> <param name="namespace">/admin</param> <param name="actionName">addRepository</param> <param name="method">input</param> </result> - + <!-- The following security-* result names arrive from the plexus-security package --> - <result name="security-login-success" type="redirect-action">browse</result> - <result name="security-login-cancel" type="redirect-action">browse</result> - <result name="security-login-locked" type="redirect-action">browse</result> - <result name="security-logout" type="redirect-action">browse</result> + <result name="security-login-success" type="redirect-action">index</result> + <result name="security-login-cancel" type="redirect-action">index</result> + <result name="security-login-locked" type="redirect-action">index</result> + <result name="security-logout" type="redirect-action">index</result> + <result name="requires-authentication" type="redirect-action"> + <param name="actionName">login</param> + <param name="namespace">/security</param> + </result> <result name="security-register-success" type="redirect-action"> <param name="actionName">login</param> <param name="namespace">/security</param> @@ -78,14 +91,21 @@ <param name="actionName">login</param> <param name="namespace">/security</param> </result> - <result name="security-account-success" type="redirect-action">browse</result> - <result name="security-account-cancel" type="redirect-action">browse</result> - - <!-- These results are names that the SecuredActionInterceptor utilizes --> - <result name="requires-authentication">/WEB-INF/jsp/alert.jsp</result> - <result name="requires-authorization">/WEB-INF/jsp/alert.jsp</result> - - <!-- Generic Catchall for those action configurations that forget to + <result name="security-account-success" type="redirect-action">index</result> + <result name="security-account-cancel" type="redirect-action"> + <param name="actionName">login</param> + <param name="namespace">/security</param> + </result> + <result name="security-admin-user-created" type="redirect-action"> + <param name="actionName">login</param> + <param name="namespace">/security</param> + </result> + <result name="security-admin-user-needed" type="redirect-action"> + <param name="actionName">addadmin</param> + <param name="namespace">/security</param> + </result> + + <!-- Generic Catchall for those action configurations that forget to include a result for 'error' --> <result name="error">/WEB-INF/jsp/generalError.jsp</result> </global-results> @@ -93,24 +113,13 @@ <!-- Configuration for the default package. --> <package name="default" extends="base" namespace="/"> - <interceptors> - <interceptor name="configuration" class="configurationInterceptor"/> - <interceptor-stack name="configuredStack"> - <interceptor-ref name="defaultStack"/> - <interceptor-ref name="configuration"/> - <interceptor-ref name="pssSecureActions"/> - </interceptor-stack> - </interceptors> - <!-- Default interceptor stack. --> - <default-interceptor-ref name="configuredStack"/> - - <!-- This is the redirection facility for plexus-security, + <!-- This is the redirection facility for plexus-security, allowing plexus-security to call out from its own set of actions into the application webapp, using global result names. --> <action name="pssRedirect" class="pss-redirect" method="redirect"> <result type="redirect-action">browse</result> - </action> + </action> <action name="index" class="searchAction" method="input"> <result name="input">/WEB-INF/jsp/quickSearch.jsp</result> @@ -158,7 +167,7 @@ <action name="showArtifactDependees" class="showArtifactAction" method="dependees"> <result>/WEB-INF/jsp/showArtifact.jsp</result> </action> - + <action name="showArtifactDependencyTree" class="showArtifactAction" method="dependencyTree"> <result>/WEB-INF/jsp/showArtifact.jsp</result> </action> @@ -176,25 +185,15 @@ <!-- Configuration for the admin package. --> <package name="admin" namespace="/admin" extends="base"> - + <action name="index" class="configureAction" method="input"> <result name="input">/WEB-INF/jsp/admin/index.jsp</result> </action> - - <action name="addadmin" class="addAdminAction" method="show"> - <interceptor-ref name="defaultStack"/> - <result name="input">/WEB-INF/jsp/admin/createAdmin.jsp</result> - <result name="error">/WEB-INF/jsp/admin/createAdmin.jsp</result> - <result name="success" type="redirect-action"> - <param name="namespace">/</param> - <param name="actionName">browse</param> - </result> - </action> <action name="addRepository" class="configureRepositoryAction" method="add"> <result name="input">/WEB-INF/jsp/admin/addRepository.jsp</result> <result type="redirect-action">index</result> - <interceptor-ref name="defaultStack"/> + <interceptor-ref name="unconfiguredStack"/> </action> <action name="editRepository" class="configureRepositoryAction" method="edit"> @@ -258,13 +257,13 @@ <action name="configure" class="configureAction" method="input"> <result name="input">/WEB-INF/jsp/admin/configure.jsp</result> - <interceptor-ref name="defaultStack"/> + <interceptor-ref name="unconfiguredStack"/> </action> <action name="saveConfiguration" class="configureAction"> <result name="input">/WEB-INF/jsp/admin/configure.jsp</result> <result>/WEB-INF/jsp/admin/index.jsp</result> - <interceptor-ref name="defaultStack"/> + <interceptor-ref name="unconfiguredStack"/> </action> <action name="runIndexer" class="runRepositoryTaskAction" method="runIndexer"> diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/createAdmin.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/createAdmin.jsp deleted file mode 100644 index 04e7b0e47..000000000 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/createAdmin.jsp +++ /dev/null @@ -1,40 +0,0 @@ -<%-- - ~ Copyright 2005-2006 The Apache Software Foundation. - ~ - ~ Licensed under the Apache License, Version 2.0 (the "License"); - ~ you may not use this file except in compliance with the License. - ~ You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --%> - -<%@ taglib prefix="ww" uri="/webwork"%> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> - -<html> -<head> - <title>Create Admin User</title> - <ww:head/> -</head> - -<body> - -<c:import url="/WEB-INF/jsp/pss/include/formValidationResults.jspf" /> - -<h2>Create Admin User</h2> - -<ww:form action="addadmin!submit" namespace="/admin" theme="xhtml" - id="adminCreateForm" method="post" name="admincreate" cssClass="security adminCreate"> - <c:import url="/WEB-INF/jsp/pss/include/userCredentials.jspf" /> - <ww:submit value="Create Admin" /> -</ww:form> - -</body> - -</html> diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp index 702651fb9..af2284e04 100644 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp +++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp @@ -59,7 +59,7 @@ <div id="breadcrumbs"> <div class="xleft"> - <c:import url="/WEB-INF/jsp/pss/include/securityLinks.jspf" /> + <c:import url="/WEB-INF/jsp/pss/include/securityLinks.jsp"/> </div> <div class="xright"> @@ -92,7 +92,7 @@ <my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl> </li> </ul> - <pss:ifAnyAuthorized permissions="edit-all-users,access-reports,edit-configuration"> + <pss:ifAnyAuthorized permissions="archiva-manage-users,access-reports,archiva-manage-configuration"> <h5>Manage</h5> <ul> <pss:ifAuthorized permission="access-reports"> @@ -105,15 +105,14 @@ <a href="#">Synchronisation</a> </li> --%> - <pss:ifAnyAuthorized permissions="edit-configuration,edit-all-users"> - <pss:ifAuthorized permission="edit-all-users"> - <li class="none"> - <my:currentWWUrl action="userlist" namespace="/security">User Management</my:currentWWUrl> - </li> - </pss:ifAuthorized> - <pss:ifAuthorized permission="edit-configuration"> + <pss:ifAuthorized permission="archiva-manage-users"> <li class="none"> - <my:currentWWUrl action="index" namespace="/admin">Administration</my:currentWWUrl> + <my:currentWWUrl action="userlist" namespace="/security">User Management</my:currentWWUrl> + </li> + </pss:ifAuthorized> + <pss:ifAuthorized permission="archiva-manage-configuration"> + <li class="none"> + <my:currentWWUrl action="index" namespace="/admin">Administration</my:currentWWUrl> <ul> @@ -128,8 +127,7 @@ --%> </ul> </li> - </pss:ifAuthorized> - </pss:ifAnyAuthorized> + </pss:ifAuthorized> </ul> </pss:ifAnyAuthorized> <br/> diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/logout.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/logout.jsp deleted file mode 100644 index 59e0a8a92..000000000 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/logout.jsp +++ /dev/null @@ -1,37 +0,0 @@ -<%-- - ~ Copyright 2005-2006 The Apache Software Foundation. - ~ - ~ Licensed under the Apache License, Version 2.0 (the "License"); - ~ you may not use this file except in compliance with the License. - ~ You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --%> - -<%@ taglib prefix="ww" uri="/webwork" %> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - -<html> -<head> - <title>Logout Page</title> - <ww:head/> -</head> - -<body> - -<h1>Logout</h1> - -<div id="contentArea"> - <div id="nameColumn"> - You have been successfully logged out! - </div> -</div> - -</body> -</html> diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp deleted file mode 100644 index af7675016..000000000 --- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp +++ /dev/null @@ -1,63 +0,0 @@ -<%-- - ~ Copyright 2005-2006 The Apache Software Foundation. - ~ - ~ Licensed under the Apache License, Version 2.0 (the "License"); - ~ you may not use this file except in compliance with the License. - ~ You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --%> - -<%@ taglib prefix="ww" uri="/webwork" %> -<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> - -<html> -<head> - <title>Registration Page</title> - <ww:head/> -</head> - -<body> - -<div id="contentArea"> - <div id="searchBox"> - - <div id="results"> - <%-- This is where the "Account Created Successfully" type message goes. --%> - <div class="success"> - <ww:actionmessage /> - </div> - <%-- This is where errors from the action and other non-form field specific errors appear. --%> - <div class="errors"> - <ww:actionerror /> - </div> - </div> - - <h2>Register for an Account</h2> - - <%-- You don't need a table to wrap form elements in, - the ww:form creates the table, labels, context sensitive actionerrors, requirements indicators, etc... - - Joakim --%> - - <ww:form action="register" method="post"> - <%@ include file="/WEB-INF/jsp/admin/include/registerUserForm.jspf" %> - <ww:submit value="Register"/> - </ww:form> - - </div> -</div> - - -<div class="clear"> - <hr/> -</div> - -</body> - -</html> diff --git a/archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml b/archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml index 7dba3665d..92242e1f3 100644 --- a/archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml +++ b/archiva-webapp/src/test/resources/org/apache/maven/archiva/web/servlet/repository/RepositoryAccessTest.xml @@ -166,179 +166,9 @@ <name>org.jpox.poid.transactionIsolation</name> <value>READ_UNCOMMITTED</value> </property> - </otherProperties> - </configuration> - </component> - - </components> -</plexus> -<!-- - ~ Copyright 2005-2006 The Apache Software Foundation. - ~ - ~ Licensed under the Apache License, Version 2.0 (the "License"); - ~ you may not use this file except in compliance with the License. - ~ You may obtain a copy of the License at - ~ - ~ http://www.apache.org/licenses/LICENSE-2.0 - ~ - ~ Unless required by applicable law or agreed to in writing, software - ~ distributed under the License is distributed on an "AS IS" BASIS, - ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ~ See the License for the specific language governing permissions and - ~ limitations under the License. - --> - -<plexus> - <components> - <!-- - | Logger manager - --> - <component> - <role>org.codehaus.plexus.logging.LoggerManager</role> - <implementation>org.codehaus.plexus.logging.log4j.Log4JLoggerManager</implementation> - <lifecycle-handler>basic</lifecycle-handler> - - <configuration> - <threshold>DEBUG</threshold> - <default-appender>console</default-appender> - <appenders> - <appender> - <id>console</id> - <threshold>DEBUG</threshold> - <type>org.apache.log4j.ConsoleAppender</type> - <!-- <conversion-pattern>%d [%t] %-5p %-30c{1} - %m%n</conversion-pattern> --> - <conversion-pattern>%r [%t] %-5p %c %x - %m%n</conversion-pattern> - </appender> - </appenders> - <levels> - <!-- Help identify bugs during testing --> - <level> - <hierarchy>org.apache.maven</hierarchy> - <level>DEBUG</level> - </level> - <level> - <hierarchy>org.codehaus.plexus.security</hierarchy> - <level>DEBUG</level> - </level> - <!-- squelch noisy objects (for now) --> - <level> - <hierarchy>org.codehaus.plexus.mailsender.MailSender</hierarchy> - <level>INFO</level> - </level> - <level> - <hierarchy>org.quartz</hierarchy> - <level>INFO</level> - </level> - <level> - <hierarchy>org.apache.jasper</hierarchy> - <level>INFO</level> - </level> - <level> - <hierarchy>com.opensymphony.xwork</hierarchy> - <level>DEBUG</level> - </level> - <level> - <hierarchy>com.opensymphony.webwork</hierarchy> - <level>DEBUG</level> - </level> - <level> - <hierarchy>org.codehaus.plexus.PlexusContainer</hierarchy> - <level>INFO</level> - </level> - <level> - <hierarchy>JPOX</hierarchy> - <level>WARN</level> - </level> - <level> - <hierarchy>freemarker</hierarchy> - <level>WARN</level> - </level> - <level> - <hierarchy>freemarker</hierarchy> - <level>WARN</level> - </level> - </levels> - </configuration> - </component> - - - <component> - <role>org.codehaus.plexus.jdo.JdoFactory</role> - <implementation>org.codehaus.plexus.jdo.DefaultConfigurableJdoFactory</implementation> - <configuration> - - <!-- HSQLDB Configuration --> - <!-- - NOTE: NO NOT USE THIS CONFIGURATION FOR A PRODUCTION SYSTEM. - HSQLDB keeps all data in memory at all times. - - NOTE: JPOX 1.1.1 won't create the tables on start - http://www.jpox.org/servlet/jira/browse/CORE-2946 - --> - - <!-- - <driverName>org.hsqldb.jdbcDriver</driverName> - <url>jdbc:hsqldb:mem:test</url> - <userName>sa</userName> - <password></password> - --> - - <!-- Apache Derby Configuration --> - <driverName>org.apache.derby.jdbc.EmbeddedDriver</driverName> - <url>jdbc:derby:${basedir}/target/repoaccess/database;create=true</url> - <userName>sa</userName> - <password></password> - - <!-- MySql Configuration --> - <!-- - <driverName>com.mysql.jdbc.Driver</driverName> - <url>jdbc:mysql://localhost/archiva</url> - <userName>archiva</userName> - <password>archiva</password> - --> - - <!-- Postgresql Configuration --> - <!-- - <driverName>org.postgresql.Driver</driverName> - <url>jdbc:postgresql://localhost/continuum</url> - <userName>username</userName> - <password></password> - --> - - <!-- JPOX and JDO configuration --> - <persistenceManagerFactoryClass>org.jpox.PersistenceManagerFactoryImpl</persistenceManagerFactoryClass> - <otherProperties> - <property> - <name>javax.jdo.PersistenceManagerFactoryClass</name> - <value>org.jpox.PersistenceManagerFactoryImpl</value> - </property> <property> - <name>org.jpox.autoCreateSchema</name> - <value>true</value> - </property> - <property> - <name>org.jpox.autoStartMechanism</name> - <value>SchemaTable</value> - </property> - <property> - <name>org.jpox.autoStartMechanismMode</name> - <value>Ignored</value> - </property> - <property> - <name>org.jpox.validateTables</name> - <value>false</value> - </property> - <property> - <name>org.jpox.validateConstraints</name> - <value>false</value> - </property> - <property> - <name>org.jpox.transactionIsolation</name> - <value>READ_UNCOMMITTED</value> - </property> - <property> - <name>org.jpox.poid.transactionIsolation</name> - <value>READ_UNCOMMITTED</value> + <name>org.jpox.rdbms.dateTimezone</name> + <value>JDK_DEFAULT_TIMEZONE</value> </property> </otherProperties> </configuration> |