mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
Browse Source

[MRM-569] Browse shows results for all repositories, regardless of security. 

Added ArchivaUser interface to obtain the active principal.
Added ArchivaXworkUser implementation to obtain principal from redback-xwork-integration layer.
Updated (Default)UserRepositories to utilize redback SecuritySystem.isAuthorized() properly.
Updated BrowseAction and ShowArtifactAction to show the limited view provided.



git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/branches/archiva-backend-security@591410 13f79535-47bb-0310-9956-ffa450edef68
remotes/archiva-backend-security@642424
Joakim Erdfelt 16 years ago
parent
5eb30ade94
commit
597723968f
12 changed files with 438 additions and 155 deletions
Split View Show Diff Stats
  1. 1
    1
      archiva-database/src/main/java/org/apache/maven/archiva/database/ProjectModelDAO.java
  2. 1
    1
      archiva-database/src/main/java/org/apache/maven/archiva/database/jdo/JdoProjectModelDAO.java
  3. 6
    5
      archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
  4. 36
    0
      archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java
  5. 30
    27
      archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
  6. 49
    108
      archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.java
  7. 27
    0
      archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.xml
  8. 111
    0
      archiva-web/archiva-security/src/test/resources/repository-archiva.xml
  9. 48
    3
      archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/BrowseAction.java
  10. 49
    6
      archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java
  11. 3
    4
      archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
  12. 77
    0
      archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java

+ 1
- 1
archiva-database/src/main/java/org/apache/maven/archiva/database/ProjectModelDAO.java View File

@@ -57,7 +57,7 @@ public interface ProjectModelDAO
public ArchivaProjectModel getProjectModel( String groupId, String artifactId, String version )
throws ObjectNotFoundException, ArchivaDatabaseException;

public List /*<ArchivaProjectModel>*/queryProjectModels( Constraint constraint )
public List<ArchivaProjectModel> queryProjectModels( Constraint constraint )
throws ObjectNotFoundException, ArchivaDatabaseException;

public ArchivaProjectModel saveProjectModel( ArchivaProjectModel model )

+ 1
- 1
archiva-database/src/main/java/org/apache/maven/archiva/database/jdo/JdoProjectModelDAO.java View File

@@ -74,7 +74,7 @@ public class JdoProjectModelDAO
return (ArchivaProjectModel) jdo.getObjectById( ArchivaProjectModel.class, key, null );
}

public List queryProjectModels( Constraint constraint )
public List<ArchivaProjectModel> queryProjectModels( Constraint constraint )
throws ObjectNotFoundException, ArchivaDatabaseException
{
return jdo.queryObjects( ArchivaProjectModel.class, constraint );

+ 6
- 5
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java View File

@@ -35,6 +35,10 @@ public class ArchivaRoleConstants
public static final String REGISTERED_USER_ROLE = "Registered User";

public static final String GUEST_ROLE = "Guest";
// principals
public static final String PRINCIPAL_GUEST = "guest";

// dynamic role prefixes
public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
@@ -69,15 +73,12 @@ public class ArchivaRoleConstants
public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer";
public static final String TEMPLATE_GLOBAL_REPOSITORY_OBSERVER = "archiva-global-repository-observer";
public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator";
public static final String TEMPLATE_GUEST = "archiva-guest";
public static String toRepositoryObserverRoleId( String repoId )
{
return TEMPLATE_REPOSITORY_OBSERVER + "-" + repoId;
}
public static String toRepositoryObserverRoleName( String repoId )
{
return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId;

+ 36
- 0
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java View File

@@ -0,0 +1,36 @@
package org.apache.maven.archiva.security;

/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

/**
* ArchivaUser- interface to access the active principal.
*
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @version $Id$
*/
public interface ArchivaUser
{
/**
* Get the active principal from the security system.
*
* @return the active principal. (if not authenticated, the guest principal is returned)
*/
public String getActivePrincipal();
}

+ 30
- 27
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java View File

@@ -19,21 +19,22 @@ package org.apache.maven.archiva.security;
* under the License.
*/

import org.codehaus.plexus.redback.rbac.Permission;
import java.util.ArrayList;
import java.util.List;

import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

/**
* DefaultUserRepositories
*
@@ -61,6 +62,11 @@ public class DefaultUserRepositories
*/
private RoleManager roleManager;
/**
* @plexus.requirement
*/
private ArchivaConfiguration archivaConfiguration;
public List<String> getObservableRepositoryIds( String principal )
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
{
@@ -73,39 +79,36 @@ public class DefaultUserRepositories
{
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
}

Map<String, List<Permission>> permissionMap = rbacManager.getAssignedPermissionMap( principal );
AuthenticationResult authn = new AuthenticationResult( true, principal, null );
SecuritySession securitySession = new DefaultSecuritySession( authn, user );
List<String> repoIds = new ArrayList<String>();

List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories();
for( Entry<String,List<Permission>> entry: permissionMap.entrySet() )
for ( ManagedRepositoryConfiguration repo : repos )
{
List<Permission> perms = entry.getValue();
for( Permission perm: perms )
try
{
System.out.println( "Principal[" + principal + "] : Permission[" + entry.getKey() + "]:" + perm.getName() + " - Operation:"
+ perm.getOperation().getName() + " - Resource:" + perm.getResource().getIdentifier() );
String repoId = repo.getId();
if ( securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
{
repoIds.add( repoId );
}
}
catch ( AuthorizationException e )
{
// swallow.
}
}
System.out.println("-");
return repoIds;
}
catch ( UserNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
}
catch ( RbacObjectNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find user role assignments for user " + principal, e );
}
catch ( RbacManagerException e )
{
throw new ArchivaSecurityException( "Unable to initialize underlying security framework: " + e.getMessage(),
e );
}
}

public void createMissingRepositoryRoles( String repoId )

+ 49
- 108
archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.java View File

@@ -19,22 +19,20 @@ package org.apache.maven.archiva.security;
* under the License.
*/

import java.io.File;
import java.util.List;

import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.PlexusTestCase;
import org.codehaus.plexus.redback.rbac.Operation;
import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.plexus.redback.rbac.Role;
import org.codehaus.plexus.redback.rbac.UserAssignment;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;

import java.util.List;

/**
* DefaultUserRepositoriesTest
*
@@ -44,8 +42,6 @@ import java.util.List;
public class DefaultUserRepositoriesTest
extends PlexusTestCase
{
private static final String PERMISSION_READ_REPOSITORY = "Archiva Read Repository";

private static final String USER_GUEST = "guest";

private static final String USER_ADMIN = "admin";
@@ -58,27 +54,28 @@ public class DefaultUserRepositoriesTest

private RoleManager roleManager;

private ArchivaConfiguration archivaConfiguration;

private UserRepositories userRepos;

public void testGetObservableRepositoryIds()
throws Exception
{
UserRepositories userRepos = (UserRepositories) lookup( UserRepositories.class, "default" );
assertNotNull( userRepos );

// create some users.
createUser( USER_ALPACA, "Al 'Archiva' Paca" );

assertEquals( "Expected users", 3, securitySystem.getUserManager().getUsers().size() );

// some unassigned repo observer roles.
userRepos.createMissingRepositoryRoles( "central" );
userRepos.createMissingRepositoryRoles( "coporate" );
userRepos.createMissingRepositoryRoles( "internal" );
userRepos.createMissingRepositoryRoles( "snapshots" );
userRepos.createMissingRepositoryRoles( "secret" );
setupRepository( "central" );
setupRepository( "corporate" );
setupRepository( "internal" );
setupRepository( "snapshots" );
setupRepository( "secret" );

// some assigned repo observer roles.
assignRepositoryObserverRole( USER_ALPACA, "central" );
assignRepositoryObserverRole( USER_ALPACA, "corporate" );
assignRepositoryObserverRole( USER_ALPACA, "central" );
assignRepositoryObserverRole( USER_GUEST, "corporate" );
// the global repo observer role.
assignGlobalRepositoryObserverRole( USER_ADMIN );
@@ -101,104 +98,30 @@ public class DefaultUserRepositoriesTest
}
}

private void assignGlobalRepositoryObserverRole( String principal )
throws Exception
{
Role role = createRepositoryObserverRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE,
PERMISSION_READ_REPOSITORY, Resource.GLOBAL );
assignRole( principal, role );
}

private void assignRepositoryObserverRole( String principal, String repoId )
throws Exception
{
// String roleId = ArchivaRoleConstants.toRepositoryObserverRoleId( repoId );
String roleId = ArchivaRoleConstants.toRepositoryObserverRoleName( repoId );
roleManager.assignRole( roleId, principal );
// Role role = createRepositoryObserverRole( roleName, PERMISSION_READ_REPOSITORY, repoId );
// assertEquals( roleName, role.getName() );
// assignRole( principal, role );
}

private void assignRole( String principal, Role role )
private void setupRepository( String repoId )
throws Exception
{
UserAssignment ua;

if ( rbacManager.userAssignmentExists( principal ) )
{
ua = rbacManager.getUserAssignment( principal );
}
else
{
ua = rbacManager.createUserAssignment( principal );
}

ua.addRoleName( role );

rbacManager.saveUserAssignment( ua );
// Add repo to configuration.
ManagedRepositoryConfiguration repoConfig = new ManagedRepositoryConfiguration();
repoConfig.setId( repoId );
repoConfig.setName( "Testable repo <" + repoId + ">" );
repoConfig.setLocation( getTestPath( "target/test-repo/" + repoId ) );
archivaConfiguration.getConfiguration().addManagedRepository( repoConfig );

// Add repo roles to security.
userRepos.createMissingRepositoryRoles( repoId );
}

private void createRepositoryObserverRole( String repoId )
private void assignGlobalRepositoryObserverRole( String principal )
throws Exception
{
createRepositoryObserverRole( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ),
PERMISSION_READ_REPOSITORY + "-" + repoId, repoId );
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GLOBAL_REPOSITORY_OBSERVER, principal );
}

private Role createRepositoryObserverRole( String roleName, String permissionName, String resourceId )
private void assignRepositoryObserverRole( String principal, String repoId )
throws Exception
{
if ( rbacManager.roleExists( roleName ) )
{
return rbacManager.getRole( roleName );
}

Permission perm;
Operation operationRepoAccess;
Resource resource;

// if ( rbacManager.resourceExists( resourceId ) )
// {
// resource = rbacManager.getResource( resourceId );
// }
// else
// {
// resource = rbacManager.createResource( resourceId );
// }
resource = rbacManager.createResource( resourceId );

// if ( rbacManager.operationExists( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) )
// {
// operationRepoAccess = rbacManager.getOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
// }
// else
// {
// operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
// }
operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );

// if ( rbacManager.permissionExists( permissionName ) )
// {
// perm = rbacManager.getPermission( permissionName );
// }
// else
// {
// perm = rbacManager.createPermission( permissionName );
// }
perm = rbacManager.createPermission( permissionName );
perm.setOperation( operationRepoAccess );
perm.setResource( resource );

Role role = rbacManager.createRole( roleName );
role.addPermission( perm );

rbacManager.saveOperation( operationRepoAccess );
rbacManager.savePermission( perm );
rbacManager.saveRole( role );

return role;
roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId, principal );
}

private User createUser( String principal, String fullname )
@@ -219,10 +142,27 @@ public class DefaultUserRepositoriesTest
{
super.setUp();

File srcConfig = getTestFile( "src/test/resources/repository-archiva.xml" );
File destConfig = getTestFile( "target/test-conf/archiva.xml" );

destConfig.getParentFile().mkdirs();
destConfig.delete();

FileUtils.copyFile( srcConfig, destConfig );

securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" );
rbacManager = (RBACManager) lookup( RBACManager.class, "memory" );
roleManager = (RoleManager) lookup( RoleManager.class, "default" );
userRepos = (UserRepositories) lookup( UserRepositories.class, "default" );
archivaConfiguration = (ArchivaConfiguration) lookup( ArchivaConfiguration.class );

// Some basic asserts.
assertNotNull( securitySystem );
assertNotNull( rbacManager );
assertNotNull( roleManager );
assertNotNull( userRepos );
assertNotNull( archivaConfiguration );

// Setup Admin User.
User adminUser = createUser( USER_ADMIN, "Admin User" );
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
@@ -230,5 +170,6 @@ public class DefaultUserRepositoriesTest
// Setup Guest User.
User guestUser = createUser( USER_GUEST, "Guest User" );
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );

}
}

+ 27
- 0
archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.xml View File

@@ -23,6 +23,10 @@
<role-hint>default</role-hint>
<field-name>roleManager</field-name>
</requirement>
<requirement>
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role>
<field-name>archivaConfiguration</field-name>
</requirement>
</requirements>
</component>
@@ -162,5 +166,28 @@
</requirements>
</component>
<component>
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role>
<implementation>org.apache.maven.archiva.configuration.DefaultArchivaConfiguration</implementation>
<requirements>
<requirement>
<role>org.codehaus.plexus.registry.Registry</role>
<role-hint>configured</role-hint>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.registry.Registry</role>
<role-hint>configured</role-hint>
<implementation>org.codehaus.plexus.registry.commons.CommonsConfigurationRegistry</implementation>
<configuration>
<properties>
<system/>
<xml fileName="${basedir}/target/test-conf/archiva.xml"
config-name="org.apache.maven.archiva.base" config-at="org.apache.maven.archiva"/>
</properties>
</configuration>
</component>
</components>
</component-set>

+ 111
- 0
archiva-web/archiva-security/src/test/resources/repository-archiva.xml View File

@@ -0,0 +1,111 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Licensed to the Apache Software Foundation (ASF) under one
~ or more contributor license agreements. See the NOTICE file
~ distributed with this work for additional information
~ regarding copyright ownership. The ASF licenses this file
~ to you under the Apache License, Version 2.0 (the
~ "License"); you may not use this file except in compliance
~ with the License. You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->

<configuration>

<version>2</version>
<repositoryScanning>
<fileTypes>
<fileType>
<id>artifacts</id>
<patterns>
<pattern>**/*.pom</pattern>
<pattern>**/*.jar</pattern>
<pattern>**/*.ear</pattern>
<pattern>**/*.war</pattern>
<pattern>**/*.car</pattern>
<pattern>**/*.sar</pattern>
<pattern>**/*.mar</pattern>
<pattern>**/*.rar</pattern>
<pattern>**/*.dtd</pattern>
<pattern>**/*.tld</pattern>
<pattern>**/*.tar.gz</pattern>
<pattern>**/*.tar.bz2</pattern>
<pattern>**/*.zip</pattern>
</patterns>
</fileType>
<fileType>
<id>indexable-content</id>
<patterns>
<pattern>**/*.txt</pattern>
<pattern>**/*.TXT</pattern>
<pattern>**/*.block</pattern>
<pattern>**/*.config</pattern>
<pattern>**/*.pom</pattern>
<pattern>**/*.xml</pattern>
<pattern>**/*.xsd</pattern>
<pattern>**/*.dtd</pattern>
<pattern>**/*.tld</pattern>
</patterns>
</fileType>
<fileType>
<id>auto-remove</id>
<patterns>
<pattern>**/*.bak</pattern>
<pattern>**/*~</pattern>
<pattern>**/*-</pattern>
</patterns>
</fileType>
<fileType>
<id>ignored</id>
<patterns>
<pattern>**/.htaccess</pattern>
<pattern>**/KEYS</pattern>
<pattern>**/*.rb</pattern>
<pattern>**/*.sh</pattern>
<pattern>**/.svn/**</pattern>
<pattern>**/.DAV/**</pattern>
</patterns>
</fileType>
</fileTypes>
<knownContentConsumers>
<knownContentConsumer>update-db-artifact</knownContentConsumer>
<knownContentConsumer>create-missing-checksums</knownContentConsumer>
<knownContentConsumer>update-db-repository-metadata</knownContentConsumer>
<knownContentConsumer>validate-checksum</knownContentConsumer>
<knownContentConsumer>validate-signature</knownContentConsumer>
<knownContentConsumer>index-content</knownContentConsumer>
<knownContentConsumer>auto-remove</knownContentConsumer>
<knownContentConsumer>auto-rename</knownContentConsumer>
</knownContentConsumers>
<invalidContentConsumers>
<invalidContentConsumer>update-db-bad-content</invalidContentConsumer>
</invalidContentConsumers>
</repositoryScanning>

<databaseScanning>
<cronExpression>0 0 * * ?</cronExpression>
<unprocessedConsumers>
<unprocessedConsumer>index-artifact</unprocessedConsumer>
<unprocessedConsumer>update-db-project</unprocessedConsumer>
<unprocessedConsumer>validate-repository-metadata</unprocessedConsumer>
<unprocessedConsumer>index-archive-toc</unprocessedConsumer>
<unprocessedConsumer>update-db-bytecode-stats</unprocessedConsumer>
<unprocessedConsumer>index-public-methods</unprocessedConsumer>
</unprocessedConsumers>
<cleanupConsumers>
<cleanupConsumer>not-present-remove-db-artifact</cleanupConsumer>
<cleanupConsumer>not-present-remove-db-project</cleanupConsumer>
<cleanupConsumer>not-present-remove-indexed</cleanupConsumer>
</cleanupConsumers>
</databaseScanning>

</configuration>

+ 48
- 3
archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/BrowseAction.java View File

@@ -22,8 +22,16 @@ package org.apache.maven.archiva.web.action;
import org.apache.commons.lang.StringUtils;
import org.apache.maven.archiva.database.browsing.BrowsingResults;
import org.apache.maven.archiva.database.browsing.RepositoryBrowsing;
import org.apache.maven.archiva.security.AccessDeniedException;
import org.apache.maven.archiva.security.ArchivaSecurityException;
import org.apache.maven.archiva.security.ArchivaUser;
import org.apache.maven.archiva.security.PrincipalNotFoundException;
import org.apache.maven.archiva.security.UserRepositories;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;

import java.util.Collections;
import java.util.List;

/**
* Browse the repository.
*
@@ -39,6 +47,16 @@ public class BrowseAction
* @plexus.requirement role-hint="default"
*/
private RepositoryBrowsing repoBrowsing;
/**
* @plexus.requirement
*/
private UserRepositories userRepositories;
/**
* @plexus.requirement role-hint="xwork"
*/
private ArchivaUser archivaUser;

private BrowsingResults results;

@@ -48,7 +66,7 @@ public class BrowseAction

public String browse()
{
this.results = repoBrowsing.getRoot();
this.results = repoBrowsing.getRoot( getPrincipal(), getObservableRepos() );
return SUCCESS;
}

@@ -61,7 +79,7 @@ public class BrowseAction
return ERROR;
}

this.results = repoBrowsing.selectGroupId( groupId );
this.results = repoBrowsing.selectGroupId( getPrincipal(), getObservableRepos(), groupId );
return SUCCESS;
}

@@ -81,9 +99,36 @@ public class BrowseAction
return ERROR;
}

this.results = repoBrowsing.selectArtifactId( groupId, artifactId );
this.results = repoBrowsing.selectArtifactId( getPrincipal(), getObservableRepos(), groupId, artifactId );
return SUCCESS;
}
private String getPrincipal()
{
return archivaUser.getActivePrincipal();
}
private List<String> getObservableRepos()
{
try
{
return userRepositories.getObservableRepositoryIds( getPrincipal() );
}
catch ( PrincipalNotFoundException e )
{
getLogger().warn( e.getMessage(), e );
}
catch ( AccessDeniedException e )
{
getLogger().warn( e.getMessage(), e );
// TODO: pass this onto the screen.
}
catch ( ArchivaSecurityException e )
{
getLogger().warn( e.getMessage(), e );
}
return Collections.emptyList();
}

public String getGroupId()
{

+ 49
- 6
archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java View File

@@ -26,8 +26,14 @@ import org.apache.maven.archiva.database.ArchivaDatabaseException;
import org.apache.maven.archiva.database.ObjectNotFoundException;
import org.apache.maven.archiva.database.browsing.RepositoryBrowsing;
import org.apache.maven.archiva.model.ArchivaProjectModel;
import org.apache.maven.archiva.security.AccessDeniedException;
import org.apache.maven.archiva.security.ArchivaSecurityException;
import org.apache.maven.archiva.security.ArchivaUser;
import org.apache.maven.archiva.security.PrincipalNotFoundException;
import org.apache.maven.archiva.security.UserRepositories;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;

import java.util.Collections;
import java.util.List;

/**
@@ -46,6 +52,16 @@ public class ShowArtifactAction
* @plexus.requirement role-hint="default"
*/
private RepositoryBrowsing repoBrowsing;
/**
* @plexus.requirement
*/
private UserRepositories userRepositories;
/**
* @plexus.requirement role-hint="xwork"
*/
private ArchivaUser archivaUser;

/* .\ Input Parameters \.________________________________________ */

@@ -86,7 +102,7 @@ public class ShowArtifactAction
{
try
{
this.model = repoBrowsing.selectVersion( groupId, artifactId, version );
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version );
}
catch ( ObjectNotFoundException oe )
{
@@ -104,7 +120,7 @@ public class ShowArtifactAction
public String dependencies()
throws ObjectNotFoundException, ArchivaDatabaseException
{
this.model = repoBrowsing.selectVersion( groupId, artifactId, version );
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version );

this.dependencies = model.getDependencies();

@@ -117,7 +133,7 @@ public class ShowArtifactAction
public String mailingLists()
throws ObjectNotFoundException, ArchivaDatabaseException
{
this.model = repoBrowsing.selectVersion( groupId, artifactId, version );
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version );
this.mailingLists = model.getMailingLists();

return SUCCESS;
@@ -142,9 +158,9 @@ public class ShowArtifactAction
public String dependees()
throws ObjectNotFoundException, ArchivaDatabaseException
{
this.model = repoBrowsing.selectVersion( groupId, artifactId, version );
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version );

this.dependees = repoBrowsing.getUsedBy( groupId, artifactId, version );
this.dependees = repoBrowsing.getUsedBy( getPrincipal(), getObservableRepos(), groupId, artifactId, version );

return SUCCESS;
}
@@ -155,10 +171,37 @@ public class ShowArtifactAction
public String dependencyTree()
throws ObjectNotFoundException, ArchivaDatabaseException
{
this.model = repoBrowsing.selectVersion( groupId, artifactId, version );
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version );

return SUCCESS;
}
private String getPrincipal()
{
return archivaUser.getActivePrincipal();
}
private List<String> getObservableRepos()
{
try
{
return userRepositories.getObservableRepositoryIds( getPrincipal() );
}
catch ( PrincipalNotFoundException e )
{
getLogger().warn( e.getMessage(), e );
}
catch ( AccessDeniedException e )
{
getLogger().warn( e.getMessage(), e );
// TODO: pass this onto the screen.
}
catch ( ArchivaSecurityException e )
{
getLogger().warn( e.getMessage(), e );
}
return Collections.emptyList();
}

public void validate()
{

+ 3
- 4
archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java View File

@@ -193,14 +193,13 @@ public class SecuritySynchronization
ua = rbacManager.createUserAssignment( principal );
}

ua.addRoleName( ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId );
ua.addRoleName( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) );
rbacManager.saveUserAssignment( ua );
}
catch ( RbacManagerException e )
{
getLogger().warn(
"Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - "
+ repoId + "] to " + principal + " user.", e );
getLogger().warn( "Unable to add role [" + ArchivaRoleConstants.toRepositoryObserverRoleName( repoId )
+ "] to " + principal + " user.", e );
}
}
}

+ 77
- 0
archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java View File

@@ -0,0 +1,77 @@
package org.apache.maven.archiva.web.util;

/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

import com.opensymphony.xwork.ActionContext;

import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.security.ArchivaUser;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.users.User;

import java.util.HashMap;
import java.util.Map;

/**
* ArchivaXworkUser
*
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @version $Id$
*
* @plexus.component role="org.apache.maven.archiva.security.ArchivaUser"
* role-hint="xwork"
*/
public class ArchivaXworkUser
implements ArchivaUser
{
private Map<String, Object> getContextSession()
{
ActionContext context = ActionContext.getContext();
Map<String, Object> sessionMap = context.getSession();
if ( sessionMap == null )
{
sessionMap = new HashMap<String, Object>();
}

return sessionMap;
}

private SecuritySession getSecuritySession()
{
return (SecuritySession) getContextSession().get( SecuritySession.ROLE );
}

public String getActivePrincipal()
{
SecuritySession securitySession = getSecuritySession();
if ( securitySession == null )
{
return ArchivaRoleConstants.PRINCIPAL_GUEST;
}

User user = securitySession.getUser();
if ( user == null )
{
return ArchivaRoleConstants.PRINCIPAL_GUEST;
}

return (String) user.getPrincipal();
}
}

Write Preview
Loading…
Cancel
Save