Created SecurityStartup to bring startup mechanism back into archiva-security from archiva-webapp. Created a few generic security exceptions to help pass along security problems. Removed xwork-integration requirement from pom. git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/branches/archiva-backend-security@590766 13f79535-47bb-0310-9956-ffa450edef68remotes/archiva-backend-security@642424
@@ -28,23 +28,41 @@ | |||
<artifactId>archiva-security</artifactId> | |||
<name>Archiva Web :: Security Configuration</name> | |||
<dependencies> | |||
<dependency> | |||
<groupId>org.apache.maven.archiva</groupId> | |||
<artifactId>archiva-configuration</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-system</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-rbac-model</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-rbac-role-manager</artifactId> | |||
</dependency> | |||
<!-- Test Scoped --> | |||
<dependency> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-rbac-memory</artifactId> | |||
<artifactId>redback-authorization-rbac</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-xwork-integration</artifactId> | |||
<artifactId>redback-keys-memory</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.derby</groupId> | |||
<artifactId>derby</artifactId> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-users-memory</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-rbac-memory</artifactId> | |||
<scope>test</scope> | |||
</dependency> | |||
</dependencies> |
@@ -0,0 +1,40 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
/** | |||
* AccessDeniedException | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
*/ | |||
public class AccessDeniedException | |||
extends ArchivaSecurityException | |||
{ | |||
public AccessDeniedException( String message, Throwable cause ) | |||
{ | |||
super( message, cause ); | |||
} | |||
public AccessDeniedException( String message ) | |||
{ | |||
super( message ); | |||
} | |||
} |
@@ -68,4 +68,18 @@ public class ArchivaRoleConstants | |||
public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager"; | |||
public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer"; | |||
public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator"; | |||
public static final String TEMPLATE_GUEST = "archiva-guest"; | |||
public static String toRepositoryObserverRoleId( String repoId ) | |||
{ | |||
return TEMPLATE_REPOSITORY_OBSERVER + "-" + repoId; | |||
} | |||
public static String toRepositoryObserverRoleName( String repoId ) | |||
{ | |||
return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId; | |||
} | |||
} |
@@ -0,0 +1,42 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
import org.apache.maven.archiva.common.ArchivaException; | |||
/** | |||
* ArchivaSecurityException | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
*/ | |||
public class ArchivaSecurityException | |||
extends ArchivaException | |||
{ | |||
public ArchivaSecurityException( String message, Throwable cause ) | |||
{ | |||
super( message, cause ); | |||
} | |||
public ArchivaSecurityException( String message ) | |||
{ | |||
super( message ); | |||
} | |||
} |
@@ -0,0 +1,103 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
import org.codehaus.plexus.logging.AbstractLogEnabled; | |||
import org.codehaus.plexus.redback.rbac.RBACManager; | |||
import org.codehaus.plexus.redback.system.check.EnvironmentCheck; | |||
import java.util.List; | |||
/** | |||
* ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions. | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
* | |||
* @plexus.component role="org.codehaus.plexus.redback.system.check.EnvironmentCheck" | |||
* role-hint="required-roles" | |||
*/ | |||
public class ArchivaStandardRolesCheck | |||
extends AbstractLogEnabled | |||
implements EnvironmentCheck | |||
{ | |||
/** | |||
* @plexus.requirement role-hint="cached" | |||
*/ | |||
private RBACManager rbacManager; | |||
/** | |||
* boolean detailing if this environment check has been executed | |||
*/ | |||
private boolean checked = false; | |||
@SuppressWarnings("unchecked") | |||
public void validateEnvironment( List violations ) | |||
{ | |||
if ( !checked ) | |||
{ | |||
String expectedRoles[] = new String[] { | |||
ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE, | |||
ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, | |||
ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, | |||
ArchivaRoleConstants.GUEST_ROLE, | |||
ArchivaRoleConstants.REGISTERED_USER_ROLE, | |||
ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE }; | |||
getLogger().info( "Checking the existance of required roles." ); | |||
for ( String roleName : expectedRoles ) | |||
{ | |||
if ( !rbacManager.roleExists( roleName ) ) | |||
{ | |||
violations.add( "Unable to validate the existances of the '" + roleName + "' role." ); | |||
} | |||
} | |||
String expectedOperations[] = new String[] { | |||
ArchivaRoleConstants.OPERATION_MANAGE_USERS, | |||
ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, | |||
ArchivaRoleConstants.OPERATION_REGENERATE_INDEX, | |||
ArchivaRoleConstants.OPERATION_RUN_INDEXER, | |||
ArchivaRoleConstants.OPERATION_ACCESS_REPORT, | |||
ArchivaRoleConstants.OPERATION_ADD_REPOSITORY, | |||
ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY, | |||
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, | |||
ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, | |||
ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, | |||
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, | |||
"archiva-guest" }; | |||
getLogger().info( "Checking the existance of required operations." ); | |||
for ( String operation : expectedOperations ) | |||
{ | |||
if ( !rbacManager.operationExists( operation ) ) | |||
{ | |||
violations.add( "Unable to validate the existances of the '" + operation + "' operation." ); | |||
} | |||
} | |||
checked = true; | |||
} | |||
} | |||
} |
@@ -0,0 +1,132 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
import org.codehaus.plexus.redback.rbac.Permission; | |||
import org.codehaus.plexus.redback.rbac.RBACManager; | |||
import org.codehaus.plexus.redback.rbac.RbacManagerException; | |||
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException; | |||
import org.codehaus.plexus.redback.role.RoleManager; | |||
import org.codehaus.plexus.redback.role.RoleManagerException; | |||
import org.codehaus.plexus.redback.system.SecuritySystem; | |||
import org.codehaus.plexus.redback.users.User; | |||
import org.codehaus.plexus.redback.users.UserNotFoundException; | |||
import java.util.ArrayList; | |||
import java.util.List; | |||
import java.util.Map; | |||
import java.util.Map.Entry; | |||
/** | |||
* DefaultUserRepositories | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
* | |||
* @plexus.component role="org.apache.maven.archiva.security.UserRepositories" | |||
* role-hint="default" | |||
*/ | |||
public class DefaultUserRepositories | |||
implements UserRepositories | |||
{ | |||
/** | |||
* @plexus.requirement | |||
*/ | |||
private SecuritySystem securitySystem; | |||
/** | |||
* @plexus.requirement role-hint="cached" | |||
*/ | |||
private RBACManager rbacManager; | |||
/** | |||
* @plexus.requirement role-hint="default" | |||
*/ | |||
private RoleManager roleManager; | |||
public List<String> getObservableRepositoryIds( String principal ) | |||
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException | |||
{ | |||
try | |||
{ | |||
User user = securitySystem.getUserManager().findUser( principal ); | |||
if ( user.isLocked() ) | |||
{ | |||
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." ); | |||
} | |||
Map<String, List<Permission>> permissionMap = rbacManager.getAssignedPermissionMap( principal ); | |||
List<String> repoIds = new ArrayList<String>(); | |||
for( Entry<String,List<Permission>> entry: permissionMap.entrySet() ) | |||
{ | |||
List<Permission> perms = entry.getValue(); | |||
for( Permission perm: perms ) | |||
{ | |||
System.out.println( "Principal[" + principal + "] : Permission[" + entry.getKey() + "]:" + perm.getName() + " - Operation:" | |||
+ perm.getOperation().getName() + " - Resource:" + perm.getResource().getIdentifier() ); | |||
} | |||
} | |||
System.out.println("-"); | |||
return repoIds; | |||
} | |||
catch ( UserNotFoundException e ) | |||
{ | |||
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" ); | |||
} | |||
catch ( RbacObjectNotFoundException e ) | |||
{ | |||
throw new PrincipalNotFoundException( "Unable to find user role assignments for user " + principal, e ); | |||
} | |||
catch ( RbacManagerException e ) | |||
{ | |||
throw new ArchivaSecurityException( "Unable to initialize underlying security framework: " + e.getMessage(), | |||
e ); | |||
} | |||
} | |||
public void createMissingRepositoryRoles( String repoId ) | |||
throws ArchivaSecurityException | |||
{ | |||
try | |||
{ | |||
if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) ) | |||
{ | |||
roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ); | |||
} | |||
if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) ) | |||
{ | |||
roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ); | |||
} | |||
} | |||
catch ( RoleManagerException e ) | |||
{ | |||
throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(), | |||
e ); | |||
} | |||
} | |||
} |
@@ -0,0 +1,40 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
/** | |||
* PrincipalNotFoundException | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
*/ | |||
public class PrincipalNotFoundException | |||
extends ArchivaSecurityException | |||
{ | |||
public PrincipalNotFoundException( String message, Throwable cause ) | |||
{ | |||
super( message, cause ); | |||
} | |||
public PrincipalNotFoundException( String message ) | |||
{ | |||
super( message ); | |||
} | |||
} |
@@ -0,0 +1,206 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
import org.apache.commons.collections.CollectionUtils; | |||
import org.apache.maven.archiva.common.ArchivaException; | |||
import org.apache.maven.archiva.configuration.ArchivaConfiguration; | |||
import org.apache.maven.archiva.configuration.ConfigurationNames; | |||
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; | |||
import org.codehaus.plexus.logging.AbstractLogEnabled; | |||
import org.codehaus.plexus.redback.rbac.RBACManager; | |||
import org.codehaus.plexus.redback.rbac.RbacManagerException; | |||
import org.codehaus.plexus.redback.rbac.UserAssignment; | |||
import org.codehaus.plexus.redback.system.check.EnvironmentCheck; | |||
import org.codehaus.plexus.registry.Registry; | |||
import org.codehaus.plexus.registry.RegistryListener; | |||
import java.util.ArrayList; | |||
import java.util.List; | |||
import java.util.Map; | |||
import java.util.Map.Entry; | |||
/** | |||
* SecurityStartup | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
* | |||
* @plexus.component role="org.apache.maven.archiva.security.SecurityStartup" | |||
*/ | |||
public class SecurityStartup | |||
extends AbstractLogEnabled | |||
implements RegistryListener | |||
{ | |||
/** | |||
* @plexus.requirement | |||
*/ | |||
private UserRepositories userRepos; | |||
/** | |||
* @plexus.requirement role-hint="cached" | |||
*/ | |||
private RBACManager rbacManager; | |||
/** | |||
* @plexus.requirement role="org.codehaus.plexus.redback.system.check.EnvironmentCheck" | |||
*/ | |||
private Map<String, EnvironmentCheck> checkers; | |||
/** | |||
* @plexus.requirement | |||
*/ | |||
private ArchivaConfiguration archivaConfiguration; | |||
public void afterConfigurationChange( Registry registry, String propertyName, Object propertyValue ) | |||
{ | |||
if ( ConfigurationNames.isManagedRepositories( propertyName ) ) | |||
{ | |||
createMissingManagedRepositoryRoles( archivaConfiguration.getConfiguration().getManagedRepositories() ); | |||
} | |||
} | |||
public void assignRepositoryObserverToGuestUser( List<ManagedRepositoryConfiguration> repos ) | |||
{ | |||
for ( ManagedRepositoryConfiguration repoConfig : repos ) | |||
{ | |||
String repoId = repoConfig.getId(); | |||
// TODO: Use the Redback / UserConfiguration..getString( "redback.default.guest" ) to get the right name. | |||
String principal = "guest"; | |||
try | |||
{ | |||
UserAssignment ua; | |||
if ( rbacManager.userAssignmentExists( principal ) ) | |||
{ | |||
ua = rbacManager.getUserAssignment( principal ); | |||
} | |||
else | |||
{ | |||
ua = rbacManager.createUserAssignment( principal ); | |||
} | |||
ua.addRoleName( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) ); | |||
rbacManager.saveUserAssignment( ua ); | |||
} | |||
catch ( RbacManagerException e ) | |||
{ | |||
getLogger().warn( | |||
"Unable to add role [" + ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) | |||
+ "] to " + principal + " user.", e ); | |||
} | |||
} | |||
} | |||
public void beforeConfigurationChange( Registry registry, String propertyName, Object propertyValue ) | |||
{ | |||
/* do nothing */ | |||
} | |||
public void createMissingManagedRepositoryRoles( List<ManagedRepositoryConfiguration> repos ) | |||
{ | |||
// NOTE: Remote Repositories do not have roles or security placed around them. | |||
for ( ManagedRepositoryConfiguration repoConfig : repos ) | |||
{ | |||
// manage roles for repositories | |||
try | |||
{ | |||
userRepos.createMissingRepositoryRoles( repoConfig.getId() ); | |||
} | |||
catch ( ArchivaSecurityException e ) | |||
{ | |||
getLogger().warn( e.getMessage(), e ); | |||
} | |||
} | |||
} | |||
public void createMissingRepositoryRoles( List<String> repoIds ) | |||
{ | |||
for ( String repoId : repoIds ) | |||
{ | |||
// manage roles for repositories | |||
try | |||
{ | |||
userRepos.createMissingRepositoryRoles( repoId ); | |||
} | |||
catch ( ArchivaSecurityException e ) | |||
{ | |||
getLogger().warn( e.getMessage(), e ); | |||
} | |||
} | |||
} | |||
public void executeEnvironmentChecks() | |||
throws ArchivaException | |||
{ | |||
if ( ( checkers == null ) || CollectionUtils.isEmpty( checkers.values() ) ) | |||
{ | |||
throw new ArchivaException( "Unable to initialize the Redback Security Environment, " | |||
+ "no Environment Check components found." ); | |||
} | |||
List<String> violations = new ArrayList<String>(); | |||
for ( Entry<String, EnvironmentCheck> entry : checkers.entrySet() ) | |||
{ | |||
EnvironmentCheck check = entry.getValue(); | |||
getLogger().info( "Running Environment Check: " + entry.getKey() ); | |||
check.validateEnvironment( violations ); | |||
} | |||
if ( CollectionUtils.isNotEmpty( violations ) ) | |||
{ | |||
StringBuffer msg = new StringBuffer(); | |||
msg.append( "EnvironmentCheck Failure.\n" ); | |||
msg.append( "======================================================================\n" ); | |||
msg.append( " ENVIRONMENT FAILURE !! \n" ); | |||
msg.append( "\n" ); | |||
for ( String violation : violations ) | |||
{ | |||
msg.append( violation ).append( "\n" ); | |||
} | |||
msg.append( "\n" ); | |||
msg.append( "======================================================================" ); | |||
getLogger().fatalError( msg.toString() ); | |||
throw new ArchivaException( "Unable to initialize Redback Security Environment, [" + violations.size() | |||
+ "] violation(s) encountered, See log for details." ); | |||
} | |||
} | |||
public void startup() | |||
throws ArchivaException | |||
{ | |||
executeEnvironmentChecks(); | |||
createMissingManagedRepositoryRoles( archivaConfiguration.getConfiguration().getManagedRepositories() ); | |||
archivaConfiguration.addChangeListener( this ); | |||
if ( archivaConfiguration.isDefaulted() ) | |||
{ | |||
assignRepositoryObserverToGuestUser( archivaConfiguration.getConfiguration().getManagedRepositories() ); | |||
} | |||
} | |||
} |
@@ -0,0 +1,52 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
import java.util.List; | |||
/** | |||
* UserRepositories | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
*/ | |||
public interface UserRepositories | |||
{ | |||
/** | |||
* Get the list of observable repository ids for the user specified. | |||
* | |||
* @param principal the principle to obtain the observable repository ids from. | |||
* @return the list of observable repository ids. | |||
* @throws PrincipalNotFoundException | |||
* @throws AccessDeniedException | |||
* @throws ArchivaSecurityException | |||
*/ | |||
public List<String> getObservableRepositoryIds( String principal ) | |||
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException; | |||
/** | |||
* Create any missing repository roles for the provided repository id. | |||
* | |||
* @param repoId the repository id to work off of. | |||
* @throws ArchivaSecurityException if there was a problem creating the repository roles. | |||
*/ | |||
public void createMissingRepositoryRoles( String repoId ) | |||
throws ArchivaSecurityException; | |||
} |
@@ -0,0 +1,234 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
import org.apache.commons.lang.StringUtils; | |||
import org.codehaus.plexus.PlexusTestCase; | |||
import org.codehaus.plexus.redback.rbac.Operation; | |||
import org.codehaus.plexus.redback.rbac.Permission; | |||
import org.codehaus.plexus.redback.rbac.RBACManager; | |||
import org.codehaus.plexus.redback.rbac.Resource; | |||
import org.codehaus.plexus.redback.rbac.Role; | |||
import org.codehaus.plexus.redback.rbac.UserAssignment; | |||
import org.codehaus.plexus.redback.role.RoleManager; | |||
import org.codehaus.plexus.redback.role.RoleManagerException; | |||
import org.codehaus.plexus.redback.system.SecuritySystem; | |||
import org.codehaus.plexus.redback.users.User; | |||
import org.codehaus.plexus.redback.users.UserManager; | |||
import java.util.List; | |||
/** | |||
* DefaultUserRepositoriesTest | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
*/ | |||
public class DefaultUserRepositoriesTest | |||
extends PlexusTestCase | |||
{ | |||
private static final String PERMISSION_READ_REPOSITORY = "Archiva Read Repository"; | |||
private static final String USER_GUEST = "guest"; | |||
private static final String USER_ADMIN = "admin"; | |||
private static final String USER_ALPACA = "alpaca"; | |||
private SecuritySystem securitySystem; | |||
private RBACManager rbacManager; | |||
private RoleManager roleManager; | |||
public void testGetObservableRepositoryIds() | |||
throws Exception | |||
{ | |||
UserRepositories userRepos = (UserRepositories) lookup( UserRepositories.class, "default" ); | |||
assertNotNull( userRepos ); | |||
// create some users. | |||
createUser( USER_ALPACA, "Al 'Archiva' Paca" ); | |||
assertEquals( "Expected users", 3, securitySystem.getUserManager().getUsers().size() ); | |||
// some unassigned repo observer roles. | |||
userRepos.createMissingRepositoryRoles( "central" ); | |||
userRepos.createMissingRepositoryRoles( "coporate" ); | |||
userRepos.createMissingRepositoryRoles( "internal" ); | |||
userRepos.createMissingRepositoryRoles( "snapshots" ); | |||
userRepos.createMissingRepositoryRoles( "secret" ); | |||
// some assigned repo observer roles. | |||
assignRepositoryObserverRole( USER_ALPACA, "central" ); | |||
assignRepositoryObserverRole( USER_ALPACA, "corporate" ); | |||
assignRepositoryObserverRole( USER_GUEST, "corporate" ); | |||
// the global repo observer role. | |||
assignGlobalRepositoryObserverRole( USER_ADMIN ); | |||
assertRepoIds( new String[] { "central", "corporate" }, userRepos.getObservableRepositoryIds( USER_ALPACA ) ); | |||
assertRepoIds( new String[] { "coporate" }, userRepos.getObservableRepositoryIds( USER_GUEST ) ); | |||
assertRepoIds( new String[] { "central", "internal", "corporate", "snapshots", "secret" }, userRepos | |||
.getObservableRepositoryIds( USER_ADMIN ) ); | |||
} | |||
private void assertRepoIds( String[] expectedRepoIds, List<String> observableRepositoryIds ) | |||
{ | |||
assertNotNull( "Observable Repository Ids cannot be null.", observableRepositoryIds ); | |||
if ( expectedRepoIds.length != observableRepositoryIds.size() ) | |||
{ | |||
fail( "Size of Observable Repository Ids wrong, expected <" + expectedRepoIds.length + "> but got <" | |||
+ observableRepositoryIds.size() + "> instead. \nExpected: [" + StringUtils.join( expectedRepoIds, "," ) | |||
+ "]\nActual: [" + StringUtils.join( observableRepositoryIds.iterator(), "," ) + "]" ); | |||
} | |||
} | |||
private void assignGlobalRepositoryObserverRole( String principal ) | |||
throws Exception | |||
{ | |||
Role role = createRepositoryObserverRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, | |||
PERMISSION_READ_REPOSITORY, Resource.GLOBAL ); | |||
assignRole( principal, role ); | |||
} | |||
private void assignRepositoryObserverRole( String principal, String repoId ) | |||
throws Exception | |||
{ | |||
// String roleId = ArchivaRoleConstants.toRepositoryObserverRoleId( repoId ); | |||
String roleId = ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ); | |||
roleManager.assignRole( roleId, principal ); | |||
// Role role = createRepositoryObserverRole( roleName, PERMISSION_READ_REPOSITORY, repoId ); | |||
// assertEquals( roleName, role.getName() ); | |||
// assignRole( principal, role ); | |||
} | |||
private void assignRole( String principal, Role role ) | |||
throws Exception | |||
{ | |||
UserAssignment ua; | |||
if ( rbacManager.userAssignmentExists( principal ) ) | |||
{ | |||
ua = rbacManager.getUserAssignment( principal ); | |||
} | |||
else | |||
{ | |||
ua = rbacManager.createUserAssignment( principal ); | |||
} | |||
ua.addRoleName( role ); | |||
rbacManager.saveUserAssignment( ua ); | |||
} | |||
private void createRepositoryObserverRole( String repoId ) | |||
throws Exception | |||
{ | |||
createRepositoryObserverRole( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ), | |||
PERMISSION_READ_REPOSITORY + "-" + repoId, repoId ); | |||
} | |||
private Role createRepositoryObserverRole( String roleName, String permissionName, String resourceId ) | |||
throws Exception | |||
{ | |||
if ( rbacManager.roleExists( roleName ) ) | |||
{ | |||
return rbacManager.getRole( roleName ); | |||
} | |||
Permission perm; | |||
Operation operationRepoAccess; | |||
Resource resource; | |||
// if ( rbacManager.resourceExists( resourceId ) ) | |||
// { | |||
// resource = rbacManager.getResource( resourceId ); | |||
// } | |||
// else | |||
// { | |||
// resource = rbacManager.createResource( resourceId ); | |||
// } | |||
resource = rbacManager.createResource( resourceId ); | |||
// if ( rbacManager.operationExists( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) | |||
// { | |||
// operationRepoAccess = rbacManager.getOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||
// } | |||
// else | |||
// { | |||
// operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||
// } | |||
operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ); | |||
// if ( rbacManager.permissionExists( permissionName ) ) | |||
// { | |||
// perm = rbacManager.getPermission( permissionName ); | |||
// } | |||
// else | |||
// { | |||
// perm = rbacManager.createPermission( permissionName ); | |||
// } | |||
perm = rbacManager.createPermission( permissionName ); | |||
perm.setOperation( operationRepoAccess ); | |||
perm.setResource( resource ); | |||
Role role = rbacManager.createRole( roleName ); | |||
role.addPermission( perm ); | |||
rbacManager.saveOperation( operationRepoAccess ); | |||
rbacManager.savePermission( perm ); | |||
rbacManager.saveRole( role ); | |||
return role; | |||
} | |||
private User createUser( String principal, String fullname ) | |||
{ | |||
UserManager userManager = securitySystem.getUserManager(); | |||
User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" ); | |||
securitySystem.getPolicy().setEnabled( false ); | |||
userManager.addUser( user ); | |||
securitySystem.getPolicy().setEnabled( true ); | |||
return user; | |||
} | |||
@Override | |||
protected void setUp() | |||
throws Exception | |||
{ | |||
super.setUp(); | |||
securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" ); | |||
rbacManager = (RBACManager) lookup( RBACManager.class, "memory" ); | |||
roleManager = (RoleManager) lookup( RoleManager.class, "default" ); | |||
// Setup Admin User. | |||
User adminUser = createUser( USER_ADMIN, "Admin User" ); | |||
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() ); | |||
// Setup Guest User. | |||
User guestUser = createUser( USER_GUEST, "Guest User" ); | |||
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() ); | |||
} | |||
} |
@@ -0,0 +1,49 @@ | |||
package org.apache.maven.archiva.security; | |||
/* | |||
* Licensed to the Apache Software Foundation (ASF) under one | |||
* or more contributor license agreements. See the NOTICE file | |||
* distributed with this work for additional information | |||
* regarding copyright ownership. The ASF licenses this file | |||
* to you under the Apache License, Version 2.0 (the | |||
* "License"); you may not use this file except in compliance | |||
* with the License. You may obtain a copy of the License at | |||
* | |||
* http://www.apache.org/licenses/LICENSE-2.0 | |||
* | |||
* Unless required by applicable law or agreed to in writing, | |||
* software distributed under the License is distributed on an | |||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |||
* KIND, either express or implied. See the License for the | |||
* specific language governing permissions and limitations | |||
* under the License. | |||
*/ | |||
import org.codehaus.plexus.PlexusTestCase; | |||
/** | |||
* SecurityStartupTest | |||
* | |||
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a> | |||
* @version $Id$ | |||
*/ | |||
public class SecurityStartupTest | |||
extends PlexusTestCase | |||
{ | |||
private SecurityStartup secStart; | |||
@Override | |||
protected void setUp() | |||
throws Exception | |||
{ | |||
super.setUp(); | |||
secStart = (SecurityStartup) lookup( SecurityStartup.class ); | |||
} | |||
public void testEnvironmentChecks() | |||
throws Exception | |||
{ | |||
secStart.executeEnvironmentChecks(); | |||
} | |||
} |
@@ -0,0 +1,195 @@ | |||
<?xml version="1.0" ?> | |||
<redback-role-model> | |||
<version>1.0.0</version> | |||
<application>Redback XWork Integration Security Core</application> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description>global resource implies full access for authorization</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description>replaced with the username of the principal at authorization check time</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</redback-role-model> |
@@ -0,0 +1,166 @@ | |||
<?xml version="1.0" ?> | |||
<component-set> | |||
<components> | |||
<component> | |||
<role>org.apache.maven.archiva.security.UserRepositories</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.apache.maven.archiva.security.DefaultUserRepositories</implementation> | |||
<description>DefaultUserRepositories</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.system.SecuritySystem</role> | |||
<role-hint>testable</role-hint> | |||
<field-name>securitySystem</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.RoleManager</role> | |||
<role-hint>default</role-hint> | |||
<field-name>roleManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.system.SecuritySystem</role> | |||
<role-hint>testable</role-hint> | |||
<implementation>org.codehaus.plexus.redback.system.DefaultSecuritySystem</implementation> | |||
<description>DefaultSecuritySystem:</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.authentication.AuthenticationManager</role> | |||
<field-name>authnManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.authorization.Authorizer</role> | |||
<role-hint>rbac</role-hint> | |||
<field-name>authorizer</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.users.UserManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>userManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.keys.KeyManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>keyManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role> | |||
<field-name>policy</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.authorization.Authorizer</role> | |||
<role-hint>rbac</role-hint> | |||
<implementation>org.codehaus.plexus.redback.authorization.rbac.RbacAuthorizer</implementation> | |||
<description>RbacAuthorizer:</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>manager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.users.UserManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>userManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role> | |||
<role-hint>default</role-hint> | |||
<field-name>evaluator</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.configuration.UserConfiguration</role> | |||
<role-hint>default</role-hint> | |||
<field-name>config</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.authorization.rbac.evaluator.DefaultPermissionEvaluator</implementation> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.users.UserManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>userManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.role.RoleManager</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.role.DefaultRoleManager</implementation> | |||
<description>RoleProfileManager:</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.merger.RoleModelMerger</role> | |||
<role-hint>default</role-hint> | |||
<field-name>modelMerger</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.validator.RoleModelValidator</role> | |||
<role-hint>default</role-hint> | |||
<field-name>modelValidator</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role> | |||
<role-hint>default</role-hint> | |||
<field-name>modelProcessor</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role> | |||
<role-hint>default</role-hint> | |||
<field-name>templateProcessor</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor</implementation> | |||
<description>DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor</implementation> | |||
<description>DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
</components> | |||
</component-set> |
@@ -34,7 +34,7 @@ | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor</implementation> | |||
@@ -47,6 +47,7 @@ | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role> | |||
<role-hint>default</role-hint> | |||
@@ -60,5 +61,45 @@ | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.system.check.EnvironmentCheck</role> | |||
<role-hint>required-roles</role-hint> | |||
<implementation>org.apache.maven.archiva.security.ArchivaStandardRolesCheck</implementation> | |||
<description>ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.apache.maven.archiva.security.SecurityStartup</role> | |||
<implementation>org.apache.maven.archiva.security.SecurityStartup</implementation> | |||
<description>SecurityStartup</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.RoleManager</role> | |||
<role-hint>default</role-hint> | |||
<field-name>roleManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.system.check.EnvironmentCheck</role> | |||
<field-name>checkers</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role> | |||
<field-name>archivaConfiguration</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
</components> | |||
</component-set> |
@@ -0,0 +1,210 @@ | |||
<?xml version="1.0" ?> | |||
<component-set> | |||
<components> | |||
<component> | |||
<role>org.codehaus.plexus.redback.system.check.EnvironmentCheck</role> | |||
<role-hint>required-roles</role-hint> | |||
<implementation>org.apache.maven.archiva.security.ArchivaStandardRolesCheck</implementation> | |||
<description>ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.apache.maven.archiva.security.SecurityStartup</role> | |||
<implementation>org.apache.maven.archiva.security.SecurityStartup</implementation> | |||
<description>SecurityStartup</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.apache.maven.archiva.security.UserRepositories</role> | |||
<field-name>userRepos</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.system.check.EnvironmentCheck</role> | |||
<field-name>checkers</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role> | |||
<field-name>archivaConfiguration</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.apache.maven.archiva.security.UserRepositories</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.apache.maven.archiva.security.DefaultUserRepositories</implementation> | |||
<description>DefaultUserRepositories</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.system.SecuritySystem</role> | |||
<role-hint>testable</role-hint> | |||
<field-name>securitySystem</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.RoleManager</role> | |||
<role-hint>default</role-hint> | |||
<field-name>roleManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor</implementation> | |||
<description>DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor</implementation> | |||
<description>DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.role.RoleManager</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.role.DefaultRoleManager</implementation> | |||
<instantiation-strategy>singleton</instantiation-strategy> | |||
<description>RoleProfileManager:</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.merger.RoleModelMerger</role> | |||
<role-hint>default</role-hint> | |||
<field-name>modelMerger</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.validator.RoleModelValidator</role> | |||
<role-hint>default</role-hint> | |||
<field-name>modelValidator</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role> | |||
<role-hint>default</role-hint> | |||
<field-name>modelProcessor</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role> | |||
<role-hint>default</role-hint> | |||
<field-name>templateProcessor</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>rbacManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.PlexusContainer</role> | |||
<field-name>container</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.system.SecuritySystem</role> | |||
<role-hint>testable</role-hint> | |||
<implementation>org.codehaus.plexus.redback.system.DefaultSecuritySystem</implementation> | |||
<description>DefaultSecuritySystem:</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.authentication.AuthenticationManager</role> | |||
<field-name>authnManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.authorization.Authorizer</role> | |||
<role-hint>rbac</role-hint> | |||
<field-name>authorizer</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.users.UserManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>userManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.keys.KeyManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>keyManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role> | |||
<field-name>policy</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.authorization.Authorizer</role> | |||
<role-hint>rbac</role-hint> | |||
<implementation>org.codehaus.plexus.redback.authorization.rbac.RbacAuthorizer</implementation> | |||
<description>RbacAuthorizer:</description> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.rbac.RBACManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>manager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.users.UserManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>userManager</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role> | |||
<role-hint>default</role-hint> | |||
<field-name>evaluator</field-name> | |||
</requirement> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.configuration.UserConfiguration</role> | |||
<role-hint>default</role-hint> | |||
<field-name>config</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
<component> | |||
<role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role> | |||
<role-hint>default</role-hint> | |||
<implementation>org.codehaus.plexus.redback.authorization.rbac.evaluator.DefaultPermissionEvaluator</implementation> | |||
<requirements> | |||
<requirement> | |||
<role>org.codehaus.plexus.redback.users.UserManager</role> | |||
<role-hint>memory</role-hint> | |||
<field-name>userManager</field-name> | |||
</requirement> | |||
</requirements> | |||
</component> | |||
</components> | |||
</component-set> |