Added ArchivaUser interface to obtain the active principal. Added ArchivaXworkUser implementation to obtain principal from redback-xwork-integration layer. Updated (Default)UserRepositories to utilize redback SecuritySystem.isAuthorized() properly. Updated BrowseAction and ShowArtifactAction to show the limited view provided. git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/branches/archiva-backend-security@591410 13f79535-47bb-0310-9956-ffa450edef68remotes/archiva-backend-security@642424
@@ -57,7 +57,7 @@ public interface ProjectModelDAO | |||
public ArchivaProjectModel getProjectModel( String groupId, String artifactId, String version ) | |||
throws ObjectNotFoundException, ArchivaDatabaseException; | |||
public List /*<ArchivaProjectModel>*/queryProjectModels( Constraint constraint ) | |||
public List<ArchivaProjectModel> queryProjectModels( Constraint constraint ) | |||
throws ObjectNotFoundException, ArchivaDatabaseException; | |||
public ArchivaProjectModel saveProjectModel( ArchivaProjectModel model ) |
@@ -74,7 +74,7 @@ public class JdoProjectModelDAO | |||
return (ArchivaProjectModel) jdo.getObjectById( ArchivaProjectModel.class, key, null ); | |||
} | |||
public List queryProjectModels( Constraint constraint ) | |||
public List<ArchivaProjectModel> queryProjectModels( Constraint constraint ) | |||
throws ObjectNotFoundException, ArchivaDatabaseException | |||
{ | |||
return jdo.queryObjects( ArchivaProjectModel.class, constraint ); |
@@ -35,6 +35,10 @@ public class ArchivaRoleConstants | |||
public static final String REGISTERED_USER_ROLE = "Registered User"; | |||
public static final String GUEST_ROLE = "Guest"; | |||
// principals | |||
public static final String PRINCIPAL_GUEST = "guest"; | |||
// dynamic role prefixes | |||
public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager"; | |||
@@ -69,15 +73,12 @@ public class ArchivaRoleConstants | |||
public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer"; | |||
public static final String TEMPLATE_GLOBAL_REPOSITORY_OBSERVER = "archiva-global-repository-observer"; | |||
public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator"; | |||
public static final String TEMPLATE_GUEST = "archiva-guest"; | |||
public static String toRepositoryObserverRoleId( String repoId ) | |||
{ | |||
return TEMPLATE_REPOSITORY_OBSERVER + "-" + repoId; | |||
} | |||
public static String toRepositoryObserverRoleName( String repoId ) | |||
{ | |||
return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId; |
@@ -0,0 +1,36 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
/** | |||
* ArchivaUser- interface to access the active principal. | |||
* | |||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
*/ | |||
public interface ArchivaUser | |||
{ | |||
/** | |||
* Get the active principal from the security system. | |||
* | |||
* @return the active principal. (if not authenticated, the guest principal is returned) | |||
*/ | |||
public String getActivePrincipal(); | |||
} |
@@ -19,21 +19,22 @@ package org.apache.maven.archiva.security; | |||
* under the License. | |||
*/ | |||
import org.codehaus.plexus.redback.rbac.Permission; | |||
import java.util.ArrayList; | |||
import java.util.List; | |||
import org.apache.maven.archiva.configuration.ArchivaConfiguration; | |||
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; | |||
import org.codehaus.plexus.redback.authentication.AuthenticationResult; | |||
import org.codehaus.plexus.redback.authorization.AuthorizationException; | |||
import org.codehaus.plexus.redback.rbac.RBACManager; | |||
import org.codehaus.plexus.redback.rbac.RbacManagerException; | |||
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException; | |||
import org.codehaus.plexus.redback.role.RoleManager; | |||
import org.codehaus.plexus.redback.role.RoleManagerException; | |||
import org.codehaus.plexus.redback.system.DefaultSecuritySession; | |||
import org.codehaus.plexus.redback.system.SecuritySession; | |||
import org.codehaus.plexus.redback.system.SecuritySystem; | |||
import org.codehaus.plexus.redback.users.User; | |||
import org.codehaus.plexus.redback.users.UserNotFoundException; | |||
import java.util.ArrayList; | |||
import java.util.List; | |||
import java.util.Map; | |||
import java.util.Map.Entry; | |||
/** | |||
* DefaultUserRepositories | |||
* | |||
@@ -61,6 +62,11 @@ public class DefaultUserRepositories | |||
*/ | |||
private RoleManager roleManager; | |||
/** | |||
* @plexus.requirement | |||
*/ | |||
private ArchivaConfiguration archivaConfiguration; | |||
public List<String> getObservableRepositoryIds( String principal ) | |||
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException | |||
{ | |||
@@ -73,39 +79,36 @@ public class DefaultUserRepositories | |||
{ | |||
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." ); | |||
} | |||
Map<String, List<Permission>> permissionMap = rbacManager.getAssignedPermissionMap( principal ); | |||
AuthenticationResult authn = new AuthenticationResult( true, principal, null ); | |||
SecuritySession securitySession = new DefaultSecuritySession( authn, user ); | |||
List<String> repoIds = new ArrayList<String>(); | |||
List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories(); | |||
for( Entry<String,List<Permission>> entry: permissionMap.entrySet() ) | |||
for ( ManagedRepositoryConfiguration repo : repos ) | |||
{ | |||
List<Permission> perms = entry.getValue(); | |||
for( Permission perm: perms ) | |||
try | |||
{ | |||
System.out.println( "Principal[" + principal + "] : Permission[" + entry.getKey() + "]:" + perm.getName() + " - Operation:" | |||
+ perm.getOperation().getName() + " - Resource:" + perm.getResource().getIdentifier() ); | |||
String repoId = repo.getId(); | |||
if ( securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) ) | |||
{ | |||
repoIds.add( repoId ); | |||
} | |||
} | |||
catch ( AuthorizationException e ) | |||
{ | |||
// swallow. | |||
} | |||
} | |||
System.out.println("-"); | |||
return repoIds; | |||
} | |||
catch ( UserNotFoundException e ) | |||
{ | |||
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" ); | |||
} | |||
catch ( RbacObjectNotFoundException e ) | |||
{ | |||
throw new PrincipalNotFoundException( "Unable to find user role assignments for user " + principal, e ); | |||
} | |||
catch ( RbacManagerException e ) | |||
{ | |||
throw new ArchivaSecurityException( "Unable to initialize underlying security framework: " + e.getMessage(), | |||
e ); | |||
} | |||
} | |||
public void createMissingRepositoryRoles( String repoId ) |
@@ -19,22 +19,20 @@ package org.apache.maven.archiva.security; | |||
* under the License. | |||
*/ | |||
import java.io.File; | |||
import java.util.List; | |||
import org.apache.commons.io.FileUtils; | |||
import org.apache.commons.lang.StringUtils; | |||
import org.apache.maven.archiva.configuration.ArchivaConfiguration; | |||
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; | |||
import org.codehaus.plexus.PlexusTestCase; | |||
import org.codehaus.plexus.redback.rbac.Operation; | |||
import org.codehaus.plexus.redback.rbac.Permission; | |||
import org.codehaus.plexus.redback.rbac.RBACManager; | |||
import org.codehaus.plexus.redback.rbac.Resource; | |||
import org.codehaus.plexus.redback.rbac.Role; | |||
import org.codehaus.plexus.redback.rbac.UserAssignment; | |||
import org.codehaus.plexus.redback.role.RoleManager; | |||
import org.codehaus.plexus.redback.role.RoleManagerException; | |||
import org.codehaus.plexus.redback.system.SecuritySystem; | |||
import org.codehaus.plexus.redback.users.User; | |||
import org.codehaus.plexus.redback.users.UserManager; | |||
import java.util.List; | |||
/** | |||
* DefaultUserRepositoriesTest | |||
* | |||
@@ -44,8 +42,6 @@ import java.util.List; | |||
public class DefaultUserRepositoriesTest | |||
extends PlexusTestCase | |||
{ | |||
private static final String PERMISSION_READ_REPOSITORY = "Archiva Read Repository"; | |||
private static final String USER_GUEST = "guest"; | |||
private static final String USER_ADMIN = "admin"; | |||
@@ -58,27 +54,28 @@ public class DefaultUserRepositoriesTest | |||
private RoleManager roleManager; | |||
private ArchivaConfiguration archivaConfiguration; | |||
private UserRepositories userRepos; | |||
public void testGetObservableRepositoryIds() | |||
throws Exception | |||
{ | |||
UserRepositories userRepos = (UserRepositories) lookup( UserRepositories.class, "default" ); | |||
assertNotNull( userRepos ); | |||
// create some users. | |||
createUser( USER_ALPACA, "Al 'Archiva' Paca" ); | |||
assertEquals( "Expected users", 3, securitySystem.getUserManager().getUsers().size() ); | |||
// some unassigned repo observer roles. | |||
userRepos.createMissingRepositoryRoles( "central" ); | |||
userRepos.createMissingRepositoryRoles( "coporate" ); | |||
userRepos.createMissingRepositoryRoles( "internal" ); | |||
userRepos.createMissingRepositoryRoles( "snapshots" ); | |||
userRepos.createMissingRepositoryRoles( "secret" ); | |||
setupRepository( "central" ); | |||
setupRepository( "corporate" ); | |||
setupRepository( "internal" ); | |||
setupRepository( "snapshots" ); | |||
setupRepository( "secret" ); | |||
// some assigned repo observer roles. | |||
assignRepositoryObserverRole( USER_ALPACA, "central" ); | |||
assignRepositoryObserverRole( USER_ALPACA, "corporate" ); | |||
assignRepositoryObserverRole( USER_ALPACA, "central" ); | |||
assignRepositoryObserverRole( USER_GUEST, "corporate" ); | |||
// the global repo observer role. | |||
assignGlobalRepositoryObserverRole( USER_ADMIN ); | |||
@@ -101,104 +98,30 @@ public class DefaultUserRepositoriesTest | |||
} | |||
} | |||
private void assignGlobalRepositoryObserverRole( String principal ) | |||
throws Exception | |||
{ | |||
Role role = createRepositoryObserverRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, | |||
PERMISSION_READ_REPOSITORY, Resource.GLOBAL ); | |||
assignRole( principal, role ); | |||
} | |||
private void assignRepositoryObserverRole( String principal, String repoId ) | |||
throws Exception | |||
{ | |||
// String roleId = ArchivaRoleConstants.toRepositoryObserverRoleId( repoId ); | |||
String roleId = ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ); | |||
roleManager.assignRole( roleId, principal ); | |||
// Role role = createRepositoryObserverRole( roleName, PERMISSION_READ_REPOSITORY, repoId ); | |||
// assertEquals( roleName, role.getName() ); | |||
// assignRole( principal, role ); | |||
} | |||
private void assignRole( String principal, Role role ) | |||
private void setupRepository( String repoId ) | |||
throws Exception | |||
{ | |||
UserAssignment ua; | |||
if ( rbacManager.userAssignmentExists( principal ) ) | |||
{ | |||
ua = rbacManager.getUserAssignment( principal ); | |||
} | |||
else | |||
{ | |||
ua = rbacManager.createUserAssignment( principal ); | |||
} | |||
ua.addRoleName( role ); | |||
rbacManager.saveUserAssignment( ua ); | |||
// Add repo to configuration. | |||
ManagedRepositoryConfiguration repoConfig = new ManagedRepositoryConfiguration(); | |||
repoConfig.setId( repoId ); | |||
repoConfig.setName( "Testable repo <" + repoId + ">" ); | |||
repoConfig.setLocation( getTestPath( "target/test-repo/" + repoId ) ); | |||
archivaConfiguration.getConfiguration().addManagedRepository( repoConfig ); | |||
// Add repo roles to security. | |||
userRepos.createMissingRepositoryRoles( repoId ); | |||
} | |||
private void createRepositoryObserverRole( String repoId ) | |||
private void assignGlobalRepositoryObserverRole( String principal ) | |||
throws Exception | |||
{ | |||
createRepositoryObserverRole( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ), | |||
PERMISSION_READ_REPOSITORY + "-" + repoId, repoId ); | |||
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GLOBAL_REPOSITORY_OBSERVER, principal ); | |||
} | |||
private Role createRepositoryObserverRole( String roleName, String permissionName, String resourceId ) | |||
private void assignRepositoryObserverRole( String principal, String repoId ) | |||
throws Exception | |||
{ | |||
if ( rbacManager.roleExists( roleName ) ) | |||
{ | |||
return rbacManager.getRole( roleName ); | |||
} | |||
Permission perm; | |||
Operation operationRepoAccess; | |||
Resource resource; | |||
// if ( rbacManager.resourceExists( resourceId ) ) | |||
// { | |||
// resource = rbacManager.getResource( resourceId ); | |||
// } | |||
// else | |||
// { | |||
// resource = rbacManager.createResource( resourceId ); | |||
// } | |||
resource = rbacManager.createResource( resourceId ); | |||
// if ( rbacManager.operationExists( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) | |||
// { | |||
// operationRepoAccess = rbacManager.getOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||
// } | |||
// else | |||
// { | |||
// operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||
// } | |||
operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||
// if ( rbacManager.permissionExists( permissionName ) ) | |||
// { | |||
// perm = rbacManager.getPermission( permissionName ); | |||
// } | |||
// else | |||
// { | |||
// perm = rbacManager.createPermission( permissionName ); | |||
// } | |||
perm = rbacManager.createPermission( permissionName ); | |||
perm.setOperation( operationRepoAccess ); | |||
perm.setResource( resource ); | |||
Role role = rbacManager.createRole( roleName ); | |||
role.addPermission( perm ); | |||
rbacManager.saveOperation( operationRepoAccess ); | |||
rbacManager.savePermission( perm ); | |||
rbacManager.saveRole( role ); | |||
return role; | |||
roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId, principal ); | |||
} | |||
private User createUser( String principal, String fullname ) | |||
@@ -219,10 +142,27 @@ public class DefaultUserRepositoriesTest | |||
{ | |||
super.setUp(); | |||
File srcConfig = getTestFile( "src/test/resources/repository-archiva.xml" ); | |||
File destConfig = getTestFile( "target/test-conf/archiva.xml" ); | |||
destConfig.getParentFile().mkdirs(); | |||
destConfig.delete(); | |||
FileUtils.copyFile( srcConfig, destConfig ); | |||
securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" ); | |||
rbacManager = (RBACManager) lookup( RBACManager.class, "memory" ); | |||
roleManager = (RoleManager) lookup( RoleManager.class, "default" ); | |||
userRepos = (UserRepositories) lookup( UserRepositories.class, "default" ); | |||
archivaConfiguration = (ArchivaConfiguration) lookup( ArchivaConfiguration.class ); | |||
// Some basic asserts. | |||
assertNotNull( securitySystem ); | |||
assertNotNull( rbacManager ); | |||
assertNotNull( roleManager ); | |||
assertNotNull( userRepos ); | |||
assertNotNull( archivaConfiguration ); | |||
// Setup Admin User. | |||
User adminUser = createUser( USER_ADMIN, "Admin User" ); | |||
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() ); | |||
@@ -230,5 +170,6 @@ public class DefaultUserRepositoriesTest | |||
// Setup Guest User. | |||
User guestUser = createUser( USER_GUEST, "Guest User" ); | |||
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() ); | |||
} | |||
} |
@@ -23,6 +23,10 @@ | |||
<role-hint>default</role-hint> | |||
<field-name>roleManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role> | |||
<field-name>archivaConfiguration</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
@@ -162,5 +166,28 @@ | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role> | |||
<implementation>org.apache.maven.archiva.configuration.DefaultArchivaConfiguration</implementation> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.registry.Registry</role> | |||
<role-hint>configured</role-hint> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.registry.Registry</role> | |||
<role-hint>configured</role-hint> | |||
<implementation>org.codehaus.plexus.registry.commons.CommonsConfigurationRegistry</implementation> | |||
<configuration> | |||
<properties> | |||
<system/> | |||
<xml fileName="${basedir}/target/test-conf/archiva.xml" | |||
config-name="org.apache.maven.archiva.base" config-at="org.apache.maven.archiva"/> | |||
</properties> | |||
</configuration> | |||
</component> | |||
</components> | |||
</component-set> |
@@ -0,0 +1,111 @@ | |||
<?xml version="1.0" encoding="ISO-8859-1"?> | |||
<!-- | |||
~ Licensed to the Apache Software Foundation (ASF) under one | |||
~ or more contributor license agreements. See the NOTICE file | |||
~ distributed with this work for additional information | |||
~ regarding copyright ownership. The ASF licenses this file | |||
~ to you under the Apache License, Version 2.0 (the | |||
~ "License"); you may not use this file except in compliance | |||
~ with the License. You may obtain a copy of the License at | |||
~ | |||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||
~ | |||
~ Unless required by applicable law or agreed to in writing, | |||
~ software distributed under the License is distributed on an | |||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
~ KIND, either express or implied. See the License for the | |||
~ specific language governing permissions and limitations | |||
~ under the License. | |||
--> | |||
<configuration> | |||
<version>2</version> | |||
<repositoryScanning> | |||
<fileTypes> | |||
<fileType> | |||
<id>artifacts</id> | |||
<patterns> | |||
<pattern>**/*.pom</pattern> | |||
<pattern>**/*.jar</pattern> | |||
<pattern>**/*.ear</pattern> | |||
<pattern>**/*.war</pattern> | |||
<pattern>**/*.car</pattern> | |||
<pattern>**/*.sar</pattern> | |||
<pattern>**/*.mar</pattern> | |||
<pattern>**/*.rar</pattern> | |||
<pattern>**/*.dtd</pattern> | |||
<pattern>**/*.tld</pattern> | |||
<pattern>**/*.tar.gz</pattern> | |||
<pattern>**/*.tar.bz2</pattern> | |||
<pattern>**/*.zip</pattern> | |||
</patterns> | |||
</fileType> | |||
<fileType> | |||
<id>indexable-content</id> | |||
<patterns> | |||
<pattern>**/*.txt</pattern> | |||
<pattern>**/*.TXT</pattern> | |||
<pattern>**/*.block</pattern> | |||
<pattern>**/*.config</pattern> | |||
<pattern>**/*.pom</pattern> | |||
<pattern>**/*.xml</pattern> | |||
<pattern>**/*.xsd</pattern> | |||
<pattern>**/*.dtd</pattern> | |||
<pattern>**/*.tld</pattern> | |||
</patterns> | |||
</fileType> | |||
<fileType> | |||
<id>auto-remove</id> | |||
<patterns> | |||
<pattern>**/*.bak</pattern> | |||
<pattern>**/*~</pattern> | |||
<pattern>**/*-</pattern> | |||
</patterns> | |||
</fileType> | |||
<fileType> | |||
<id>ignored</id> | |||
<patterns> | |||
<pattern>**/.htaccess</pattern> | |||
<pattern>**/KEYS</pattern> | |||
<pattern>**/*.rb</pattern> | |||
<pattern>**/*.sh</pattern> | |||
<pattern>**/.svn/**</pattern> | |||
<pattern>**/.DAV/**</pattern> | |||
</patterns> | |||
</fileType> | |||
</fileTypes> | |||
<knownContentConsumers> | |||
<knownContentConsumer>update-db-artifact</knownContentConsumer> | |||
<knownContentConsumer>create-missing-checksums</knownContentConsumer> | |||
<knownContentConsumer>update-db-repository-metadata</knownContentConsumer> | |||
<knownContentConsumer>validate-checksum</knownContentConsumer> | |||
<knownContentConsumer>validate-signature</knownContentConsumer> | |||
<knownContentConsumer>index-content</knownContentConsumer> | |||
<knownContentConsumer>auto-remove</knownContentConsumer> | |||
<knownContentConsumer>auto-rename</knownContentConsumer> | |||
</knownContentConsumers> | |||
<invalidContentConsumers> | |||
<invalidContentConsumer>update-db-bad-content</invalidContentConsumer> | |||
</invalidContentConsumers> | |||
</repositoryScanning> | |||
<databaseScanning> | |||
<cronExpression>0 0 * * ?</cronExpression> | |||
<unprocessedConsumers> | |||
<unprocessedConsumer>index-artifact</unprocessedConsumer> | |||
<unprocessedConsumer>update-db-project</unprocessedConsumer> | |||
<unprocessedConsumer>validate-repository-metadata</unprocessedConsumer> | |||
<unprocessedConsumer>index-archive-toc</unprocessedConsumer> | |||
<unprocessedConsumer>update-db-bytecode-stats</unprocessedConsumer> | |||
<unprocessedConsumer>index-public-methods</unprocessedConsumer> | |||
</unprocessedConsumers> | |||
<cleanupConsumers> | |||
<cleanupConsumer>not-present-remove-db-artifact</cleanupConsumer> | |||
<cleanupConsumer>not-present-remove-db-project</cleanupConsumer> | |||
<cleanupConsumer>not-present-remove-indexed</cleanupConsumer> | |||
</cleanupConsumers> | |||
</databaseScanning> | |||
</configuration> |
@@ -22,8 +22,16 @@ package org.apache.maven.archiva.web.action; | |||
import org.apache.commons.lang.StringUtils; | |||
import org.apache.maven.archiva.database.browsing.BrowsingResults; | |||
import org.apache.maven.archiva.database.browsing.RepositoryBrowsing; | |||
import org.apache.maven.archiva.security.AccessDeniedException; | |||
import org.apache.maven.archiva.security.ArchivaSecurityException; | |||
import org.apache.maven.archiva.security.ArchivaUser; | |||
import org.apache.maven.archiva.security.PrincipalNotFoundException; | |||
import org.apache.maven.archiva.security.UserRepositories; | |||
import org.codehaus.plexus.xwork.action.PlexusActionSupport; | |||
import java.util.Collections; | |||
import java.util.List; | |||
/** | |||
* Browse the repository. | |||
* | |||
@@ -39,6 +47,16 @@ public class BrowseAction | |||
* @plexus.requirement role-hint="default" | |||
*/ | |||
private RepositoryBrowsing repoBrowsing; | |||
/** | |||
* @plexus.requirement | |||
*/ | |||
private UserRepositories userRepositories; | |||
/** | |||
* @plexus.requirement role-hint="xwork" | |||
*/ | |||
private ArchivaUser archivaUser; | |||
private BrowsingResults results; | |||
@@ -48,7 +66,7 @@ public class BrowseAction | |||
public String browse() | |||
{ | |||
this.results = repoBrowsing.getRoot(); | |||
this.results = repoBrowsing.getRoot( getPrincipal(), getObservableRepos() ); | |||
return SUCCESS; | |||
} | |||
@@ -61,7 +79,7 @@ public class BrowseAction | |||
return ERROR; | |||
} | |||
this.results = repoBrowsing.selectGroupId( groupId ); | |||
this.results = repoBrowsing.selectGroupId( getPrincipal(), getObservableRepos(), groupId ); | |||
return SUCCESS; | |||
} | |||
@@ -81,9 +99,36 @@ public class BrowseAction | |||
return ERROR; | |||
} | |||
this.results = repoBrowsing.selectArtifactId( groupId, artifactId ); | |||
this.results = repoBrowsing.selectArtifactId( getPrincipal(), getObservableRepos(), groupId, artifactId ); | |||
return SUCCESS; | |||
} | |||
private String getPrincipal() | |||
{ | |||
return archivaUser.getActivePrincipal(); | |||
} | |||
private List<String> getObservableRepos() | |||
{ | |||
try | |||
{ | |||
return userRepositories.getObservableRepositoryIds( getPrincipal() ); | |||
} | |||
catch ( PrincipalNotFoundException e ) | |||
{ | |||
getLogger().warn( e.getMessage(), e ); | |||
} | |||
catch ( AccessDeniedException e ) | |||
{ | |||
getLogger().warn( e.getMessage(), e ); | |||
// TODO: pass this onto the screen. | |||
} | |||
catch ( ArchivaSecurityException e ) | |||
{ | |||
getLogger().warn( e.getMessage(), e ); | |||
} | |||
return Collections.emptyList(); | |||
} | |||
public String getGroupId() | |||
{ |
@@ -26,8 +26,14 @@ import org.apache.maven.archiva.database.ArchivaDatabaseException; | |||
import org.apache.maven.archiva.database.ObjectNotFoundException; | |||
import org.apache.maven.archiva.database.browsing.RepositoryBrowsing; | |||
import org.apache.maven.archiva.model.ArchivaProjectModel; | |||
import org.apache.maven.archiva.security.AccessDeniedException; | |||
import org.apache.maven.archiva.security.ArchivaSecurityException; | |||
import org.apache.maven.archiva.security.ArchivaUser; | |||
import org.apache.maven.archiva.security.PrincipalNotFoundException; | |||
import org.apache.maven.archiva.security.UserRepositories; | |||
import org.codehaus.plexus.xwork.action.PlexusActionSupport; | |||
import java.util.Collections; | |||
import java.util.List; | |||
/** | |||
@@ -46,6 +52,16 @@ public class ShowArtifactAction | |||
* @plexus.requirement role-hint="default" | |||
*/ | |||
private RepositoryBrowsing repoBrowsing; | |||
/** | |||
* @plexus.requirement | |||
*/ | |||
private UserRepositories userRepositories; | |||
/** | |||
* @plexus.requirement role-hint="xwork" | |||
*/ | |||
private ArchivaUser archivaUser; | |||
/* .\ Input Parameters \.________________________________________ */ | |||
@@ -86,7 +102,7 @@ public class ShowArtifactAction | |||
{ | |||
try | |||
{ | |||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||
} | |||
catch ( ObjectNotFoundException oe ) | |||
{ | |||
@@ -104,7 +120,7 @@ public class ShowArtifactAction | |||
public String dependencies() | |||
throws ObjectNotFoundException, ArchivaDatabaseException | |||
{ | |||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||
this.dependencies = model.getDependencies(); | |||
@@ -117,7 +133,7 @@ public class ShowArtifactAction | |||
public String mailingLists() | |||
throws ObjectNotFoundException, ArchivaDatabaseException | |||
{ | |||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||
this.mailingLists = model.getMailingLists(); | |||
return SUCCESS; | |||
@@ -142,9 +158,9 @@ public class ShowArtifactAction | |||
public String dependees() | |||
throws ObjectNotFoundException, ArchivaDatabaseException | |||
{ | |||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||
this.dependees = repoBrowsing.getUsedBy( groupId, artifactId, version ); | |||
this.dependees = repoBrowsing.getUsedBy( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||
return SUCCESS; | |||
} | |||
@@ -155,10 +171,37 @@ public class ShowArtifactAction | |||
public String dependencyTree() | |||
throws ObjectNotFoundException, ArchivaDatabaseException | |||
{ | |||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||
return SUCCESS; | |||
} | |||
private String getPrincipal() | |||
{ | |||
return archivaUser.getActivePrincipal(); | |||
} | |||
private List<String> getObservableRepos() | |||
{ | |||
try | |||
{ | |||
return userRepositories.getObservableRepositoryIds( getPrincipal() ); | |||
} | |||
catch ( PrincipalNotFoundException e ) | |||
{ | |||
getLogger().warn( e.getMessage(), e ); | |||
} | |||
catch ( AccessDeniedException e ) | |||
{ | |||
getLogger().warn( e.getMessage(), e ); | |||
// TODO: pass this onto the screen. | |||
} | |||
catch ( ArchivaSecurityException e ) | |||
{ | |||
getLogger().warn( e.getMessage(), e ); | |||
} | |||
return Collections.emptyList(); | |||
} | |||
public void validate() | |||
{ |
@@ -193,14 +193,13 @@ public class SecuritySynchronization | |||
ua = rbacManager.createUserAssignment( principal ); | |||
} | |||
ua.addRoleName( ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId ); | |||
ua.addRoleName( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) ); | |||
rbacManager.saveUserAssignment( ua ); | |||
} | |||
catch ( RbacManagerException e ) | |||
{ | |||
getLogger().warn( | |||
"Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " | |||
+ repoId + "] to " + principal + " user.", e ); | |||
getLogger().warn( "Unable to add role [" + ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) | |||
+ "] to " + principal + " user.", e ); | |||
} | |||
} | |||
} |
@@ -0,0 +1,77 @@ | |||
package org.apache.maven.archiva.web.util; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
import com.opensymphony.xwork.ActionContext; | |||
import org.apache.maven.archiva.security.ArchivaRoleConstants; | |||
import org.apache.maven.archiva.security.ArchivaUser; | |||
import org.codehaus.plexus.redback.system.SecuritySession; | |||
import org.codehaus.plexus.redback.users.User; | |||
import java.util.HashMap; | |||
import java.util.Map; | |||
/** | |||
* ArchivaXworkUser | |||
* | |||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
* | |||
* @plexus.component role="org.apache.maven.archiva.security.ArchivaUser" | |||
* role-hint="xwork" | |||
*/ | |||
public class ArchivaXworkUser | |||
implements ArchivaUser | |||
{ | |||
private Map<String, Object> getContextSession() | |||
{ | |||
ActionContext context = ActionContext.getContext(); | |||
Map<String, Object> sessionMap = context.getSession(); | |||
if ( sessionMap == null ) | |||
{ | |||
sessionMap = new HashMap<String, Object>(); | |||
} | |||
return sessionMap; | |||
} | |||
private SecuritySession getSecuritySession() | |||
{ | |||
return (SecuritySession) getContextSession().get( SecuritySession.ROLE ); | |||
} | |||
public String getActivePrincipal() | |||
{ | |||
SecuritySession securitySession = getSecuritySession(); | |||
if ( securitySession == null ) | |||
{ | |||
return ArchivaRoleConstants.PRINCIPAL_GUEST; | |||
} | |||
User user = securitySession.getUser(); | |||
if ( user == null ) | |||
{ | |||
return ArchivaRoleConstants.PRINCIPAL_GUEST; | |||
} | |||
return (String) user.getPrincipal(); | |||
} | |||
} |