Added ArchivaUser interface to obtain the active principal. Added ArchivaXworkUser implementation to obtain principal from redback-xwork-integration layer. Updated (Default)UserRepositories to utilize redback SecuritySystem.isAuthorized() properly. Updated BrowseAction and ShowArtifactAction to show the limited view provided. git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/branches/archiva-backend-security@591410 13f79535-47bb-0310-9956-ffa450edef68remotes/archiva-backend-security@642424
public ArchivaProjectModel getProjectModel( String groupId, String artifactId, String version ) | public ArchivaProjectModel getProjectModel( String groupId, String artifactId, String version ) | ||||
throws ObjectNotFoundException, ArchivaDatabaseException; | throws ObjectNotFoundException, ArchivaDatabaseException; | ||||
public List /*<ArchivaProjectModel>*/queryProjectModels( Constraint constraint ) | |||||
public List<ArchivaProjectModel> queryProjectModels( Constraint constraint ) | |||||
throws ObjectNotFoundException, ArchivaDatabaseException; | throws ObjectNotFoundException, ArchivaDatabaseException; | ||||
public ArchivaProjectModel saveProjectModel( ArchivaProjectModel model ) | public ArchivaProjectModel saveProjectModel( ArchivaProjectModel model ) |
return (ArchivaProjectModel) jdo.getObjectById( ArchivaProjectModel.class, key, null ); | return (ArchivaProjectModel) jdo.getObjectById( ArchivaProjectModel.class, key, null ); | ||||
} | } | ||||
public List queryProjectModels( Constraint constraint ) | |||||
public List<ArchivaProjectModel> queryProjectModels( Constraint constraint ) | |||||
throws ObjectNotFoundException, ArchivaDatabaseException | throws ObjectNotFoundException, ArchivaDatabaseException | ||||
{ | { | ||||
return jdo.queryObjects( ArchivaProjectModel.class, constraint ); | return jdo.queryObjects( ArchivaProjectModel.class, constraint ); |
public static final String REGISTERED_USER_ROLE = "Registered User"; | public static final String REGISTERED_USER_ROLE = "Registered User"; | ||||
public static final String GUEST_ROLE = "Guest"; | public static final String GUEST_ROLE = "Guest"; | ||||
// principals | |||||
public static final String PRINCIPAL_GUEST = "guest"; | |||||
// dynamic role prefixes | // dynamic role prefixes | ||||
public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager"; | public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager"; | ||||
public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer"; | public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer"; | ||||
public static final String TEMPLATE_GLOBAL_REPOSITORY_OBSERVER = "archiva-global-repository-observer"; | |||||
public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator"; | public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator"; | ||||
public static final String TEMPLATE_GUEST = "archiva-guest"; | public static final String TEMPLATE_GUEST = "archiva-guest"; | ||||
public static String toRepositoryObserverRoleId( String repoId ) | |||||
{ | |||||
return TEMPLATE_REPOSITORY_OBSERVER + "-" + repoId; | |||||
} | |||||
public static String toRepositoryObserverRoleName( String repoId ) | public static String toRepositoryObserverRoleName( String repoId ) | ||||
{ | { | ||||
return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId; | return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId; |
package org.apache.maven.archiva.security; | |||||
/* | |||||
* Licensed to the Apache Software Foundation (ASF) under one | |||||
* or more contributor license agreements. See the NOTICE file | |||||
* distributed with this work for additional information | |||||
* regarding copyright ownership. The ASF licenses this file | |||||
* to you under the Apache License, Version 2.0 (the | |||||
* "License"); you may not use this file except in compliance | |||||
* with the License. You may obtain a copy of the License at | |||||
* | |||||
* http://www.apache.org/licenses/LICENSE-2.0 | |||||
* | |||||
* Unless required by applicable law or agreed to in writing, | |||||
* software distributed under the License is distributed on an | |||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||||
* KIND, either express or implied. See the License for the | |||||
* specific language governing permissions and limitations | |||||
* under the License. | |||||
*/ | |||||
/** | |||||
* ArchivaUser- interface to access the active principal. | |||||
* | |||||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a> | |||||
* @version $Id$ | |||||
*/ | |||||
public interface ArchivaUser | |||||
{ | |||||
/** | |||||
* Get the active principal from the security system. | |||||
* | |||||
* @return the active principal. (if not authenticated, the guest principal is returned) | |||||
*/ | |||||
public String getActivePrincipal(); | |||||
} |
* under the License. | * under the License. | ||||
*/ | */ | ||||
import org.codehaus.plexus.redback.rbac.Permission; | |||||
import java.util.ArrayList; | |||||
import java.util.List; | |||||
import org.apache.maven.archiva.configuration.ArchivaConfiguration; | |||||
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; | |||||
import org.codehaus.plexus.redback.authentication.AuthenticationResult; | |||||
import org.codehaus.plexus.redback.authorization.AuthorizationException; | |||||
import org.codehaus.plexus.redback.rbac.RBACManager; | import org.codehaus.plexus.redback.rbac.RBACManager; | ||||
import org.codehaus.plexus.redback.rbac.RbacManagerException; | |||||
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException; | |||||
import org.codehaus.plexus.redback.role.RoleManager; | import org.codehaus.plexus.redback.role.RoleManager; | ||||
import org.codehaus.plexus.redback.role.RoleManagerException; | import org.codehaus.plexus.redback.role.RoleManagerException; | ||||
import org.codehaus.plexus.redback.system.DefaultSecuritySession; | |||||
import org.codehaus.plexus.redback.system.SecuritySession; | |||||
import org.codehaus.plexus.redback.system.SecuritySystem; | import org.codehaus.plexus.redback.system.SecuritySystem; | ||||
import org.codehaus.plexus.redback.users.User; | import org.codehaus.plexus.redback.users.User; | ||||
import org.codehaus.plexus.redback.users.UserNotFoundException; | import org.codehaus.plexus.redback.users.UserNotFoundException; | ||||
import java.util.ArrayList; | |||||
import java.util.List; | |||||
import java.util.Map; | |||||
import java.util.Map.Entry; | |||||
/** | /** | ||||
* DefaultUserRepositories | * DefaultUserRepositories | ||||
* | * | ||||
*/ | */ | ||||
private RoleManager roleManager; | private RoleManager roleManager; | ||||
/** | |||||
* @plexus.requirement | |||||
*/ | |||||
private ArchivaConfiguration archivaConfiguration; | |||||
public List<String> getObservableRepositoryIds( String principal ) | public List<String> getObservableRepositoryIds( String principal ) | ||||
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException | throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException | ||||
{ | { | ||||
{ | { | ||||
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." ); | throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." ); | ||||
} | } | ||||
Map<String, List<Permission>> permissionMap = rbacManager.getAssignedPermissionMap( principal ); | |||||
AuthenticationResult authn = new AuthenticationResult( true, principal, null ); | |||||
SecuritySession securitySession = new DefaultSecuritySession( authn, user ); | |||||
List<String> repoIds = new ArrayList<String>(); | List<String> repoIds = new ArrayList<String>(); | ||||
List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories(); | |||||
for( Entry<String,List<Permission>> entry: permissionMap.entrySet() ) | |||||
for ( ManagedRepositoryConfiguration repo : repos ) | |||||
{ | { | ||||
List<Permission> perms = entry.getValue(); | |||||
for( Permission perm: perms ) | |||||
try | |||||
{ | { | ||||
System.out.println( "Principal[" + principal + "] : Permission[" + entry.getKey() + "]:" + perm.getName() + " - Operation:" | |||||
+ perm.getOperation().getName() + " - Resource:" + perm.getResource().getIdentifier() ); | |||||
String repoId = repo.getId(); | |||||
if ( securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) ) | |||||
{ | |||||
repoIds.add( repoId ); | |||||
} | |||||
} | |||||
catch ( AuthorizationException e ) | |||||
{ | |||||
// swallow. | |||||
} | } | ||||
} | } | ||||
System.out.println("-"); | |||||
return repoIds; | return repoIds; | ||||
} | } | ||||
catch ( UserNotFoundException e ) | catch ( UserNotFoundException e ) | ||||
{ | { | ||||
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" ); | throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" ); | ||||
} | } | ||||
catch ( RbacObjectNotFoundException e ) | |||||
{ | |||||
throw new PrincipalNotFoundException( "Unable to find user role assignments for user " + principal, e ); | |||||
} | |||||
catch ( RbacManagerException e ) | |||||
{ | |||||
throw new ArchivaSecurityException( "Unable to initialize underlying security framework: " + e.getMessage(), | |||||
e ); | |||||
} | |||||
} | } | ||||
public void createMissingRepositoryRoles( String repoId ) | public void createMissingRepositoryRoles( String repoId ) |
* under the License. | * under the License. | ||||
*/ | */ | ||||
import java.io.File; | |||||
import java.util.List; | |||||
import org.apache.commons.io.FileUtils; | |||||
import org.apache.commons.lang.StringUtils; | import org.apache.commons.lang.StringUtils; | ||||
import org.apache.maven.archiva.configuration.ArchivaConfiguration; | |||||
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; | |||||
import org.codehaus.plexus.PlexusTestCase; | import org.codehaus.plexus.PlexusTestCase; | ||||
import org.codehaus.plexus.redback.rbac.Operation; | |||||
import org.codehaus.plexus.redback.rbac.Permission; | |||||
import org.codehaus.plexus.redback.rbac.RBACManager; | import org.codehaus.plexus.redback.rbac.RBACManager; | ||||
import org.codehaus.plexus.redback.rbac.Resource; | |||||
import org.codehaus.plexus.redback.rbac.Role; | |||||
import org.codehaus.plexus.redback.rbac.UserAssignment; | |||||
import org.codehaus.plexus.redback.role.RoleManager; | import org.codehaus.plexus.redback.role.RoleManager; | ||||
import org.codehaus.plexus.redback.role.RoleManagerException; | |||||
import org.codehaus.plexus.redback.system.SecuritySystem; | import org.codehaus.plexus.redback.system.SecuritySystem; | ||||
import org.codehaus.plexus.redback.users.User; | import org.codehaus.plexus.redback.users.User; | ||||
import org.codehaus.plexus.redback.users.UserManager; | import org.codehaus.plexus.redback.users.UserManager; | ||||
import java.util.List; | |||||
/** | /** | ||||
* DefaultUserRepositoriesTest | * DefaultUserRepositoriesTest | ||||
* | * | ||||
public class DefaultUserRepositoriesTest | public class DefaultUserRepositoriesTest | ||||
extends PlexusTestCase | extends PlexusTestCase | ||||
{ | { | ||||
private static final String PERMISSION_READ_REPOSITORY = "Archiva Read Repository"; | |||||
private static final String USER_GUEST = "guest"; | private static final String USER_GUEST = "guest"; | ||||
private static final String USER_ADMIN = "admin"; | private static final String USER_ADMIN = "admin"; | ||||
private RoleManager roleManager; | private RoleManager roleManager; | ||||
private ArchivaConfiguration archivaConfiguration; | |||||
private UserRepositories userRepos; | |||||
public void testGetObservableRepositoryIds() | public void testGetObservableRepositoryIds() | ||||
throws Exception | throws Exception | ||||
{ | { | ||||
UserRepositories userRepos = (UserRepositories) lookup( UserRepositories.class, "default" ); | |||||
assertNotNull( userRepos ); | |||||
// create some users. | // create some users. | ||||
createUser( USER_ALPACA, "Al 'Archiva' Paca" ); | createUser( USER_ALPACA, "Al 'Archiva' Paca" ); | ||||
assertEquals( "Expected users", 3, securitySystem.getUserManager().getUsers().size() ); | assertEquals( "Expected users", 3, securitySystem.getUserManager().getUsers().size() ); | ||||
// some unassigned repo observer roles. | // some unassigned repo observer roles. | ||||
userRepos.createMissingRepositoryRoles( "central" ); | |||||
userRepos.createMissingRepositoryRoles( "coporate" ); | |||||
userRepos.createMissingRepositoryRoles( "internal" ); | |||||
userRepos.createMissingRepositoryRoles( "snapshots" ); | |||||
userRepos.createMissingRepositoryRoles( "secret" ); | |||||
setupRepository( "central" ); | |||||
setupRepository( "corporate" ); | |||||
setupRepository( "internal" ); | |||||
setupRepository( "snapshots" ); | |||||
setupRepository( "secret" ); | |||||
// some assigned repo observer roles. | // some assigned repo observer roles. | ||||
assignRepositoryObserverRole( USER_ALPACA, "central" ); | |||||
assignRepositoryObserverRole( USER_ALPACA, "corporate" ); | assignRepositoryObserverRole( USER_ALPACA, "corporate" ); | ||||
assignRepositoryObserverRole( USER_ALPACA, "central" ); | |||||
assignRepositoryObserverRole( USER_GUEST, "corporate" ); | assignRepositoryObserverRole( USER_GUEST, "corporate" ); | ||||
// the global repo observer role. | // the global repo observer role. | ||||
assignGlobalRepositoryObserverRole( USER_ADMIN ); | assignGlobalRepositoryObserverRole( USER_ADMIN ); | ||||
} | } | ||||
} | } | ||||
private void assignGlobalRepositoryObserverRole( String principal ) | |||||
throws Exception | |||||
{ | |||||
Role role = createRepositoryObserverRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, | |||||
PERMISSION_READ_REPOSITORY, Resource.GLOBAL ); | |||||
assignRole( principal, role ); | |||||
} | |||||
private void assignRepositoryObserverRole( String principal, String repoId ) | |||||
throws Exception | |||||
{ | |||||
// String roleId = ArchivaRoleConstants.toRepositoryObserverRoleId( repoId ); | |||||
String roleId = ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ); | |||||
roleManager.assignRole( roleId, principal ); | |||||
// Role role = createRepositoryObserverRole( roleName, PERMISSION_READ_REPOSITORY, repoId ); | |||||
// assertEquals( roleName, role.getName() ); | |||||
// assignRole( principal, role ); | |||||
} | |||||
private void assignRole( String principal, Role role ) | |||||
private void setupRepository( String repoId ) | |||||
throws Exception | throws Exception | ||||
{ | { | ||||
UserAssignment ua; | |||||
if ( rbacManager.userAssignmentExists( principal ) ) | |||||
{ | |||||
ua = rbacManager.getUserAssignment( principal ); | |||||
} | |||||
else | |||||
{ | |||||
ua = rbacManager.createUserAssignment( principal ); | |||||
} | |||||
ua.addRoleName( role ); | |||||
rbacManager.saveUserAssignment( ua ); | |||||
// Add repo to configuration. | |||||
ManagedRepositoryConfiguration repoConfig = new ManagedRepositoryConfiguration(); | |||||
repoConfig.setId( repoId ); | |||||
repoConfig.setName( "Testable repo <" + repoId + ">" ); | |||||
repoConfig.setLocation( getTestPath( "target/test-repo/" + repoId ) ); | |||||
archivaConfiguration.getConfiguration().addManagedRepository( repoConfig ); | |||||
// Add repo roles to security. | |||||
userRepos.createMissingRepositoryRoles( repoId ); | |||||
} | } | ||||
private void createRepositoryObserverRole( String repoId ) | |||||
private void assignGlobalRepositoryObserverRole( String principal ) | |||||
throws Exception | throws Exception | ||||
{ | { | ||||
createRepositoryObserverRole( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ), | |||||
PERMISSION_READ_REPOSITORY + "-" + repoId, repoId ); | |||||
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GLOBAL_REPOSITORY_OBSERVER, principal ); | |||||
} | } | ||||
private Role createRepositoryObserverRole( String roleName, String permissionName, String resourceId ) | |||||
private void assignRepositoryObserverRole( String principal, String repoId ) | |||||
throws Exception | throws Exception | ||||
{ | { | ||||
if ( rbacManager.roleExists( roleName ) ) | |||||
{ | |||||
return rbacManager.getRole( roleName ); | |||||
} | |||||
Permission perm; | |||||
Operation operationRepoAccess; | |||||
Resource resource; | |||||
// if ( rbacManager.resourceExists( resourceId ) ) | |||||
// { | |||||
// resource = rbacManager.getResource( resourceId ); | |||||
// } | |||||
// else | |||||
// { | |||||
// resource = rbacManager.createResource( resourceId ); | |||||
// } | |||||
resource = rbacManager.createResource( resourceId ); | |||||
// if ( rbacManager.operationExists( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) | |||||
// { | |||||
// operationRepoAccess = rbacManager.getOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||||
// } | |||||
// else | |||||
// { | |||||
// operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||||
// } | |||||
operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||||
// if ( rbacManager.permissionExists( permissionName ) ) | |||||
// { | |||||
// perm = rbacManager.getPermission( permissionName ); | |||||
// } | |||||
// else | |||||
// { | |||||
// perm = rbacManager.createPermission( permissionName ); | |||||
// } | |||||
perm = rbacManager.createPermission( permissionName ); | |||||
perm.setOperation( operationRepoAccess ); | |||||
perm.setResource( resource ); | |||||
Role role = rbacManager.createRole( roleName ); | |||||
role.addPermission( perm ); | |||||
rbacManager.saveOperation( operationRepoAccess ); | |||||
rbacManager.savePermission( perm ); | |||||
rbacManager.saveRole( role ); | |||||
return role; | |||||
roleManager.assignTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId, principal ); | |||||
} | } | ||||
private User createUser( String principal, String fullname ) | private User createUser( String principal, String fullname ) | ||||
{ | { | ||||
super.setUp(); | super.setUp(); | ||||
File srcConfig = getTestFile( "src/test/resources/repository-archiva.xml" ); | |||||
File destConfig = getTestFile( "target/test-conf/archiva.xml" ); | |||||
destConfig.getParentFile().mkdirs(); | |||||
destConfig.delete(); | |||||
FileUtils.copyFile( srcConfig, destConfig ); | |||||
securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" ); | securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" ); | ||||
rbacManager = (RBACManager) lookup( RBACManager.class, "memory" ); | rbacManager = (RBACManager) lookup( RBACManager.class, "memory" ); | ||||
roleManager = (RoleManager) lookup( RoleManager.class, "default" ); | roleManager = (RoleManager) lookup( RoleManager.class, "default" ); | ||||
userRepos = (UserRepositories) lookup( UserRepositories.class, "default" ); | |||||
archivaConfiguration = (ArchivaConfiguration) lookup( ArchivaConfiguration.class ); | |||||
// Some basic asserts. | |||||
assertNotNull( securitySystem ); | |||||
assertNotNull( rbacManager ); | |||||
assertNotNull( roleManager ); | |||||
assertNotNull( userRepos ); | |||||
assertNotNull( archivaConfiguration ); | |||||
// Setup Admin User. | // Setup Admin User. | ||||
User adminUser = createUser( USER_ADMIN, "Admin User" ); | User adminUser = createUser( USER_ADMIN, "Admin User" ); | ||||
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() ); | roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() ); | ||||
// Setup Guest User. | // Setup Guest User. | ||||
User guestUser = createUser( USER_GUEST, "Guest User" ); | User guestUser = createUser( USER_GUEST, "Guest User" ); | ||||
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() ); | roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() ); | ||||
} | } | ||||
} | } |
<role-hint>default</role-hint> | <role-hint>default</role-hint> | ||||
<field-name>roleManager</field-name> | <field-name>roleManager</field-name> | ||||
</requirement> | </requirement> | ||||
<requirement> | |||||
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role> | |||||
<field-name>archivaConfiguration</field-name> | |||||
</requirement> | |||||
</requirements> | </requirements> | ||||
</component> | </component> | ||||
</requirements> | </requirements> | ||||
</component> | </component> | ||||
<component> | |||||
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role> | |||||
<implementation>org.apache.maven.archiva.configuration.DefaultArchivaConfiguration</implementation> | |||||
<requirements> | |||||
<requirement> | |||||
<role>org.codehaus.plexus.registry.Registry</role> | |||||
<role-hint>configured</role-hint> | |||||
</requirement> | |||||
</requirements> | |||||
</component> | |||||
<component> | |||||
<role>org.codehaus.plexus.registry.Registry</role> | |||||
<role-hint>configured</role-hint> | |||||
<implementation>org.codehaus.plexus.registry.commons.CommonsConfigurationRegistry</implementation> | |||||
<configuration> | |||||
<properties> | |||||
<system/> | |||||
<xml fileName="${basedir}/target/test-conf/archiva.xml" | |||||
config-name="org.apache.maven.archiva.base" config-at="org.apache.maven.archiva"/> | |||||
</properties> | |||||
</configuration> | |||||
</component> | |||||
</components> | </components> | ||||
</component-set> | </component-set> |
<?xml version="1.0" encoding="ISO-8859-1"?> | |||||
<!-- | |||||
~ Licensed to the Apache Software Foundation (ASF) under one | |||||
~ or more contributor license agreements. See the NOTICE file | |||||
~ distributed with this work for additional information | |||||
~ regarding copyright ownership. The ASF licenses this file | |||||
~ to you under the Apache License, Version 2.0 (the | |||||
~ "License"); you may not use this file except in compliance | |||||
~ with the License. You may obtain a copy of the License at | |||||
~ | |||||
~ http://www.apache.org/licenses/LICENSE-2.0 | |||||
~ | |||||
~ Unless required by applicable law or agreed to in writing, | |||||
~ software distributed under the License is distributed on an | |||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||||
~ KIND, either express or implied. See the License for the | |||||
~ specific language governing permissions and limitations | |||||
~ under the License. | |||||
--> | |||||
<configuration> | |||||
<version>2</version> | |||||
<repositoryScanning> | |||||
<fileTypes> | |||||
<fileType> | |||||
<id>artifacts</id> | |||||
<patterns> | |||||
<pattern>**/*.pom</pattern> | |||||
<pattern>**/*.jar</pattern> | |||||
<pattern>**/*.ear</pattern> | |||||
<pattern>**/*.war</pattern> | |||||
<pattern>**/*.car</pattern> | |||||
<pattern>**/*.sar</pattern> | |||||
<pattern>**/*.mar</pattern> | |||||
<pattern>**/*.rar</pattern> | |||||
<pattern>**/*.dtd</pattern> | |||||
<pattern>**/*.tld</pattern> | |||||
<pattern>**/*.tar.gz</pattern> | |||||
<pattern>**/*.tar.bz2</pattern> | |||||
<pattern>**/*.zip</pattern> | |||||
</patterns> | |||||
</fileType> | |||||
<fileType> | |||||
<id>indexable-content</id> | |||||
<patterns> | |||||
<pattern>**/*.txt</pattern> | |||||
<pattern>**/*.TXT</pattern> | |||||
<pattern>**/*.block</pattern> | |||||
<pattern>**/*.config</pattern> | |||||
<pattern>**/*.pom</pattern> | |||||
<pattern>**/*.xml</pattern> | |||||
<pattern>**/*.xsd</pattern> | |||||
<pattern>**/*.dtd</pattern> | |||||
<pattern>**/*.tld</pattern> | |||||
</patterns> | |||||
</fileType> | |||||
<fileType> | |||||
<id>auto-remove</id> | |||||
<patterns> | |||||
<pattern>**/*.bak</pattern> | |||||
<pattern>**/*~</pattern> | |||||
<pattern>**/*-</pattern> | |||||
</patterns> | |||||
</fileType> | |||||
<fileType> | |||||
<id>ignored</id> | |||||
<patterns> | |||||
<pattern>**/.htaccess</pattern> | |||||
<pattern>**/KEYS</pattern> | |||||
<pattern>**/*.rb</pattern> | |||||
<pattern>**/*.sh</pattern> | |||||
<pattern>**/.svn/**</pattern> | |||||
<pattern>**/.DAV/**</pattern> | |||||
</patterns> | |||||
</fileType> | |||||
</fileTypes> | |||||
<knownContentConsumers> | |||||
<knownContentConsumer>update-db-artifact</knownContentConsumer> | |||||
<knownContentConsumer>create-missing-checksums</knownContentConsumer> | |||||
<knownContentConsumer>update-db-repository-metadata</knownContentConsumer> | |||||
<knownContentConsumer>validate-checksum</knownContentConsumer> | |||||
<knownContentConsumer>validate-signature</knownContentConsumer> | |||||
<knownContentConsumer>index-content</knownContentConsumer> | |||||
<knownContentConsumer>auto-remove</knownContentConsumer> | |||||
<knownContentConsumer>auto-rename</knownContentConsumer> | |||||
</knownContentConsumers> | |||||
<invalidContentConsumers> | |||||
<invalidContentConsumer>update-db-bad-content</invalidContentConsumer> | |||||
</invalidContentConsumers> | |||||
</repositoryScanning> | |||||
<databaseScanning> | |||||
<cronExpression>0 0 * * ?</cronExpression> | |||||
<unprocessedConsumers> | |||||
<unprocessedConsumer>index-artifact</unprocessedConsumer> | |||||
<unprocessedConsumer>update-db-project</unprocessedConsumer> | |||||
<unprocessedConsumer>validate-repository-metadata</unprocessedConsumer> | |||||
<unprocessedConsumer>index-archive-toc</unprocessedConsumer> | |||||
<unprocessedConsumer>update-db-bytecode-stats</unprocessedConsumer> | |||||
<unprocessedConsumer>index-public-methods</unprocessedConsumer> | |||||
</unprocessedConsumers> | |||||
<cleanupConsumers> | |||||
<cleanupConsumer>not-present-remove-db-artifact</cleanupConsumer> | |||||
<cleanupConsumer>not-present-remove-db-project</cleanupConsumer> | |||||
<cleanupConsumer>not-present-remove-indexed</cleanupConsumer> | |||||
</cleanupConsumers> | |||||
</databaseScanning> | |||||
</configuration> |
import org.apache.commons.lang.StringUtils; | import org.apache.commons.lang.StringUtils; | ||||
import org.apache.maven.archiva.database.browsing.BrowsingResults; | import org.apache.maven.archiva.database.browsing.BrowsingResults; | ||||
import org.apache.maven.archiva.database.browsing.RepositoryBrowsing; | import org.apache.maven.archiva.database.browsing.RepositoryBrowsing; | ||||
import org.apache.maven.archiva.security.AccessDeniedException; | |||||
import org.apache.maven.archiva.security.ArchivaSecurityException; | |||||
import org.apache.maven.archiva.security.ArchivaUser; | |||||
import org.apache.maven.archiva.security.PrincipalNotFoundException; | |||||
import org.apache.maven.archiva.security.UserRepositories; | |||||
import org.codehaus.plexus.xwork.action.PlexusActionSupport; | import org.codehaus.plexus.xwork.action.PlexusActionSupport; | ||||
import java.util.Collections; | |||||
import java.util.List; | |||||
/** | /** | ||||
* Browse the repository. | * Browse the repository. | ||||
* | * | ||||
* @plexus.requirement role-hint="default" | * @plexus.requirement role-hint="default" | ||||
*/ | */ | ||||
private RepositoryBrowsing repoBrowsing; | private RepositoryBrowsing repoBrowsing; | ||||
/** | |||||
* @plexus.requirement | |||||
*/ | |||||
private UserRepositories userRepositories; | |||||
/** | |||||
* @plexus.requirement role-hint="xwork" | |||||
*/ | |||||
private ArchivaUser archivaUser; | |||||
private BrowsingResults results; | private BrowsingResults results; | ||||
public String browse() | public String browse() | ||||
{ | { | ||||
this.results = repoBrowsing.getRoot(); | |||||
this.results = repoBrowsing.getRoot( getPrincipal(), getObservableRepos() ); | |||||
return SUCCESS; | return SUCCESS; | ||||
} | } | ||||
return ERROR; | return ERROR; | ||||
} | } | ||||
this.results = repoBrowsing.selectGroupId( groupId ); | |||||
this.results = repoBrowsing.selectGroupId( getPrincipal(), getObservableRepos(), groupId ); | |||||
return SUCCESS; | return SUCCESS; | ||||
} | } | ||||
return ERROR; | return ERROR; | ||||
} | } | ||||
this.results = repoBrowsing.selectArtifactId( groupId, artifactId ); | |||||
this.results = repoBrowsing.selectArtifactId( getPrincipal(), getObservableRepos(), groupId, artifactId ); | |||||
return SUCCESS; | return SUCCESS; | ||||
} | } | ||||
private String getPrincipal() | |||||
{ | |||||
return archivaUser.getActivePrincipal(); | |||||
} | |||||
private List<String> getObservableRepos() | |||||
{ | |||||
try | |||||
{ | |||||
return userRepositories.getObservableRepositoryIds( getPrincipal() ); | |||||
} | |||||
catch ( PrincipalNotFoundException e ) | |||||
{ | |||||
getLogger().warn( e.getMessage(), e ); | |||||
} | |||||
catch ( AccessDeniedException e ) | |||||
{ | |||||
getLogger().warn( e.getMessage(), e ); | |||||
// TODO: pass this onto the screen. | |||||
} | |||||
catch ( ArchivaSecurityException e ) | |||||
{ | |||||
getLogger().warn( e.getMessage(), e ); | |||||
} | |||||
return Collections.emptyList(); | |||||
} | |||||
public String getGroupId() | public String getGroupId() | ||||
{ | { |
import org.apache.maven.archiva.database.ObjectNotFoundException; | import org.apache.maven.archiva.database.ObjectNotFoundException; | ||||
import org.apache.maven.archiva.database.browsing.RepositoryBrowsing; | import org.apache.maven.archiva.database.browsing.RepositoryBrowsing; | ||||
import org.apache.maven.archiva.model.ArchivaProjectModel; | import org.apache.maven.archiva.model.ArchivaProjectModel; | ||||
import org.apache.maven.archiva.security.AccessDeniedException; | |||||
import org.apache.maven.archiva.security.ArchivaSecurityException; | |||||
import org.apache.maven.archiva.security.ArchivaUser; | |||||
import org.apache.maven.archiva.security.PrincipalNotFoundException; | |||||
import org.apache.maven.archiva.security.UserRepositories; | |||||
import org.codehaus.plexus.xwork.action.PlexusActionSupport; | import org.codehaus.plexus.xwork.action.PlexusActionSupport; | ||||
import java.util.Collections; | |||||
import java.util.List; | import java.util.List; | ||||
/** | /** | ||||
* @plexus.requirement role-hint="default" | * @plexus.requirement role-hint="default" | ||||
*/ | */ | ||||
private RepositoryBrowsing repoBrowsing; | private RepositoryBrowsing repoBrowsing; | ||||
/** | |||||
* @plexus.requirement | |||||
*/ | |||||
private UserRepositories userRepositories; | |||||
/** | |||||
* @plexus.requirement role-hint="xwork" | |||||
*/ | |||||
private ArchivaUser archivaUser; | |||||
/* .\ Input Parameters \.________________________________________ */ | /* .\ Input Parameters \.________________________________________ */ | ||||
{ | { | ||||
try | try | ||||
{ | { | ||||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||||
} | } | ||||
catch ( ObjectNotFoundException oe ) | catch ( ObjectNotFoundException oe ) | ||||
{ | { | ||||
public String dependencies() | public String dependencies() | ||||
throws ObjectNotFoundException, ArchivaDatabaseException | throws ObjectNotFoundException, ArchivaDatabaseException | ||||
{ | { | ||||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||||
this.dependencies = model.getDependencies(); | this.dependencies = model.getDependencies(); | ||||
public String mailingLists() | public String mailingLists() | ||||
throws ObjectNotFoundException, ArchivaDatabaseException | throws ObjectNotFoundException, ArchivaDatabaseException | ||||
{ | { | ||||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||||
this.mailingLists = model.getMailingLists(); | this.mailingLists = model.getMailingLists(); | ||||
return SUCCESS; | return SUCCESS; | ||||
public String dependees() | public String dependees() | ||||
throws ObjectNotFoundException, ArchivaDatabaseException | throws ObjectNotFoundException, ArchivaDatabaseException | ||||
{ | { | ||||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||||
this.dependees = repoBrowsing.getUsedBy( groupId, artifactId, version ); | |||||
this.dependees = repoBrowsing.getUsedBy( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||||
return SUCCESS; | return SUCCESS; | ||||
} | } | ||||
public String dependencyTree() | public String dependencyTree() | ||||
throws ObjectNotFoundException, ArchivaDatabaseException | throws ObjectNotFoundException, ArchivaDatabaseException | ||||
{ | { | ||||
this.model = repoBrowsing.selectVersion( groupId, artifactId, version ); | |||||
this.model = repoBrowsing.selectVersion( getPrincipal(), getObservableRepos(), groupId, artifactId, version ); | |||||
return SUCCESS; | return SUCCESS; | ||||
} | } | ||||
private String getPrincipal() | |||||
{ | |||||
return archivaUser.getActivePrincipal(); | |||||
} | |||||
private List<String> getObservableRepos() | |||||
{ | |||||
try | |||||
{ | |||||
return userRepositories.getObservableRepositoryIds( getPrincipal() ); | |||||
} | |||||
catch ( PrincipalNotFoundException e ) | |||||
{ | |||||
getLogger().warn( e.getMessage(), e ); | |||||
} | |||||
catch ( AccessDeniedException e ) | |||||
{ | |||||
getLogger().warn( e.getMessage(), e ); | |||||
// TODO: pass this onto the screen. | |||||
} | |||||
catch ( ArchivaSecurityException e ) | |||||
{ | |||||
getLogger().warn( e.getMessage(), e ); | |||||
} | |||||
return Collections.emptyList(); | |||||
} | |||||
public void validate() | public void validate() | ||||
{ | { |
ua = rbacManager.createUserAssignment( principal ); | ua = rbacManager.createUserAssignment( principal ); | ||||
} | } | ||||
ua.addRoleName( ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId ); | |||||
ua.addRoleName( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) ); | |||||
rbacManager.saveUserAssignment( ua ); | rbacManager.saveUserAssignment( ua ); | ||||
} | } | ||||
catch ( RbacManagerException e ) | catch ( RbacManagerException e ) | ||||
{ | { | ||||
getLogger().warn( | |||||
"Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " | |||||
+ repoId + "] to " + principal + " user.", e ); | |||||
getLogger().warn( "Unable to add role [" + ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) | |||||
+ "] to " + principal + " user.", e ); | |||||
} | } | ||||
} | } | ||||
} | } |
package org.apache.maven.archiva.web.util; | |||||
/* | |||||
* Licensed to the Apache Software Foundation (ASF) under one | |||||
* or more contributor license agreements. See the NOTICE file | |||||
* distributed with this work for additional information | |||||
* regarding copyright ownership. The ASF licenses this file | |||||
* to you under the Apache License, Version 2.0 (the | |||||
* "License"); you may not use this file except in compliance | |||||
* with the License. You may obtain a copy of the License at | |||||
* | |||||
* http://www.apache.org/licenses/LICENSE-2.0 | |||||
* | |||||
* Unless required by applicable law or agreed to in writing, | |||||
* software distributed under the License is distributed on an | |||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||||
* KIND, either express or implied. See the License for the | |||||
* specific language governing permissions and limitations | |||||
* under the License. | |||||
*/ | |||||
import com.opensymphony.xwork.ActionContext; | |||||
import org.apache.maven.archiva.security.ArchivaRoleConstants; | |||||
import org.apache.maven.archiva.security.ArchivaUser; | |||||
import org.codehaus.plexus.redback.system.SecuritySession; | |||||
import org.codehaus.plexus.redback.users.User; | |||||
import java.util.HashMap; | |||||
import java.util.Map; | |||||
/** | |||||
* ArchivaXworkUser | |||||
* | |||||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a> | |||||
* @version $Id$ | |||||
* | |||||
* @plexus.component role="org.apache.maven.archiva.security.ArchivaUser" | |||||
* role-hint="xwork" | |||||
*/ | |||||
public class ArchivaXworkUser | |||||
implements ArchivaUser | |||||
{ | |||||
private Map<String, Object> getContextSession() | |||||
{ | |||||
ActionContext context = ActionContext.getContext(); | |||||
Map<String, Object> sessionMap = context.getSession(); | |||||
if ( sessionMap == null ) | |||||
{ | |||||
sessionMap = new HashMap<String, Object>(); | |||||
} | |||||
return sessionMap; | |||||
} | |||||
private SecuritySession getSecuritySession() | |||||
{ | |||||
return (SecuritySession) getContextSession().get( SecuritySession.ROLE ); | |||||
} | |||||
public String getActivePrincipal() | |||||
{ | |||||
SecuritySession securitySession = getSecuritySession(); | |||||
if ( securitySession == null ) | |||||
{ | |||||
return ArchivaRoleConstants.PRINCIPAL_GUEST; | |||||
} | |||||
User user = securitySession.getUser(); | |||||
if ( user == null ) | |||||
{ | |||||
return ArchivaRoleConstants.PRINCIPAL_GUEST; | |||||
} | |||||
return (String) user.getPrincipal(); | |||||
} | |||||
} |