git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1163025 13f79535-47bb-0310-9956-ffa450edef68tags/archiva-1.4-M1
@@ -31,11 +31,19 @@ | |||
<dependency> | |||
<groupId>org.apache.archiva</groupId> | |||
<artifactId>archiva-configuration</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.archiva</groupId> | |||
<artifactId>archiva-security</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.archiva</groupId> | |||
<artifactId>archiva-scheduler-repository</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.archiva</groupId> | |||
<artifactId>audit</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>javax.inject</groupId> | |||
<artifactId>javax.inject</artifactId> | |||
@@ -79,6 +87,26 @@ | |||
<groupId>org.codehaus.redback.components</groupId> | |||
<artifactId>spring-quartz</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-rbac-role-manager</artifactId> | |||
<exclusions> | |||
<exclusion> | |||
<groupId>commons-logging</groupId> | |||
<artifactId>commons-logging</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-authentication-api</artifactId> | |||
<exclusions> | |||
<exclusion> | |||
<groupId>commons-logging</groupId> | |||
<artifactId>commons-logging</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<dependency> | |||
<groupId>junit</groupId> | |||
<artifactId>junit</artifactId> | |||
@@ -90,6 +118,33 @@ | |||
<scope>test</scope> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-users-memory</artifactId> | |||
<scope>test</scope> | |||
<version>${redback.version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-keys-memory</artifactId> | |||
<scope>test</scope> | |||
<version>${redback.version}</version> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.redback</groupId> | |||
<artifactId>redback-rbac-cached</artifactId> | |||
<version>${redback.version}</version> | |||
<scope>test</scope> | |||
<exclusions> | |||
<exclusion> | |||
<groupId>commons-logging</groupId> | |||
<artifactId>commons-logging</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.derby</groupId> | |||
<artifactId>derby</artifactId> | |||
@@ -118,6 +173,7 @@ | |||
<configuration> | |||
<systemPropertyVariables> | |||
<appserver.base>${project.build.outputDirectory}</appserver.base> | |||
<plexus.home>${project.build.outputDirectory}</plexus.home> | |||
</systemPropertyVariables> | |||
</configuration> | |||
@@ -19,6 +19,8 @@ package org.apache.archiva.admin.repository.managed; | |||
*/ | |||
import org.apache.archiva.admin.repository.RepositoryAdminException; | |||
import org.apache.archiva.audit.AuditEvent; | |||
import org.apache.archiva.audit.AuditListener; | |||
import org.apache.archiva.metadata.repository.MetadataRepository; | |||
import org.apache.archiva.metadata.repository.MetadataRepositoryException; | |||
import org.apache.archiva.metadata.repository.RepositorySession; | |||
@@ -34,6 +36,10 @@ import org.apache.maven.archiva.configuration.Configuration; | |||
import org.apache.maven.archiva.configuration.IndeterminateConfigurationException; | |||
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; | |||
import org.apache.maven.archiva.configuration.ProxyConnectorConfiguration; | |||
import org.apache.maven.archiva.security.ArchivaRoleConstants; | |||
import org.codehaus.plexus.redback.role.RoleManager; | |||
import org.codehaus.plexus.redback.role.RoleManagerException; | |||
import org.codehaus.plexus.redback.users.User; | |||
import org.codehaus.plexus.registry.Registry; | |||
import org.codehaus.plexus.registry.RegistryException; | |||
import org.codehaus.plexus.taskqueue.TaskQueueException; | |||
@@ -82,10 +88,15 @@ public class DefaultManagedRepositoryAdmin | |||
@Inject | |||
private RepositorySessionFactory repositorySessionFactory; | |||
@Inject | |||
private RepositoryStatisticsManager repositoryStatisticsManager; | |||
@Inject | |||
private List<AuditListener> auditListeners = new ArrayList<AuditListener>(); | |||
@Inject | |||
protected RoleManager roleManager; | |||
public List<ManagedRepository> getManagedRepositories() | |||
throws RepositoryAdminException | |||
{ | |||
@@ -122,7 +133,7 @@ public class DefaultManagedRepositoryAdmin | |||
return null; | |||
} | |||
public Boolean addManagedRepository( ManagedRepository managedRepository, boolean needStageRepo ) | |||
public Boolean addManagedRepository( ManagedRepository managedRepository, boolean needStageRepo, User user ) | |||
throws RepositoryAdminException | |||
{ | |||
return | |||
@@ -241,7 +252,7 @@ public class DefaultManagedRepositoryAdmin | |||
} | |||
public Boolean deleteManagedRepository( String repositoryId ) | |||
public Boolean deleteManagedRepository( String repositoryId, User user ) | |||
throws RepositoryAdminException | |||
{ | |||
Configuration config = archivaConfiguration.getConfiguration(); | |||
@@ -314,16 +325,118 @@ public class DefaultManagedRepositoryAdmin | |||
} | |||
public Boolean updateManagedRepository( ManagedRepository managedRepository, boolean needStageRepo ) | |||
public Boolean updateManagedRepository( ManagedRepository managedRepository, boolean needStageRepo, User user ) | |||
throws RepositoryAdminException | |||
{ | |||
return null; //To change body of implemented methods use File | Settings | File Templates. | |||
// Ensure that the fields are valid. | |||
Configuration configuration = archivaConfiguration.getConfiguration(); | |||
ManagedRepositoryConfiguration toremove = configuration.findManagedRepositoryById( managedRepository.getId() ); | |||
if ( toremove != null ) | |||
{ | |||
configuration.removeManagedRepository( toremove ); | |||
} | |||
// FIXME the case of the attached staging repository | |||
/* | |||
if ( stagingRepository != null ) | |||
{ | |||
removeRepository( stagingRepository.getId(), configuration ); | |||
}*/ | |||
// Save the repository configuration. | |||
String result; | |||
RepositorySession repositorySession = repositorySessionFactory.createSession(); | |||
ManagedRepositoryConfiguration managedRepositoryConfiguration = | |||
addManagedRepository( managedRepository.getId(), managedRepository.getLayout(), managedRepository.getName(), | |||
managedRepository.getLocation(), managedRepository.isBlockRedeployments(), | |||
managedRepository.isReleases(), managedRepository.isSnapshots(), needStageRepo, | |||
managedRepository.getCronExpression() ); | |||
// FIXME only location has changed from previous | |||
boolean resetStats = true; | |||
try | |||
{ | |||
triggerAuditEvent( managedRepository.getId(), null, AuditEvent.MODIFY_MANAGED_REPO, user ); | |||
addRepositoryRoles( managedRepositoryConfiguration ); | |||
// FIXME this staging part !! | |||
//update changes of the staging repo | |||
/*if ( stageNeeded ) | |||
{ | |||
stagingRepository = getStageRepoConfig( configuration ); | |||
addRepository( stagingRepository, configuration ); | |||
addRepositoryRoles( stagingRepository ); | |||
}*/ | |||
//delete staging repo when we dont need it | |||
/* | |||
if ( !stageNeeded ) | |||
{ | |||
stagingRepository = getStageRepoConfig( configuration ); | |||
removeRepository( stagingRepository.getId(), configuration ); | |||
removeContents( stagingRepository ); | |||
removeRepositoryRoles( stagingRepository ); | |||
}*/ | |||
saveConfiguration( this.archivaConfiguration.getConfiguration() ); | |||
if ( resetStats ) | |||
{ | |||
repositoryStatisticsManager.deleteStatistics( repositorySession.getRepository(), | |||
managedRepository.getId() ); | |||
repositorySession.save(); | |||
} | |||
//MRM-1342 Repository statistics report doesn't appear to be working correctly | |||
//scan repository when modification of repository is successful | |||
// olamy : IMHO we are fine to ignore issue with scheduling scanning | |||
// as here the repo has been updated | |||
scanRepository( managedRepository.getId(), true ); | |||
// FIXME staging !! | |||
/* | |||
if ( stageNeeded ) | |||
{ | |||
executeRepositoryScanner( stagingRepository.getId() ); | |||
}*/ | |||
} | |||
catch ( RoleManagerException e ) | |||
{ | |||
throw new RepositoryAdminException( e.getMessage(), e ); | |||
} | |||
catch ( MetadataRepositoryException e ) | |||
{ | |||
throw new RepositoryAdminException( e.getMessage(), e ); | |||
} | |||
finally | |||
{ | |||
repositorySession.close(); | |||
} | |||
return true; | |||
} | |||
//-------------------------- | |||
// utils methods | |||
//-------------------------- | |||
protected void triggerAuditEvent( String repositoryId, String resource, String action, User user ) | |||
{ | |||
log.warn( "no user found in triggerAuditEvent" ); | |||
AuditEvent event = new AuditEvent( repositoryId, user == null ? "null" : user.getUsername(), resource, action ); | |||
// FIXME use a thread local through cxf interceptors to store this | |||
//event.setRemoteIP( getRemoteAddr() ); | |||
for ( AuditListener listener : auditListeners ) | |||
{ | |||
listener.auditEvent( event ); | |||
} | |||
} | |||
private String removeExpressions( String directory ) | |||
{ | |||
String value = StringUtils.replace( directory, "${appserver.base}", | |||
@@ -410,4 +523,23 @@ public class DefaultManagedRepositoryAdmin | |||
} | |||
return true; | |||
} | |||
protected void addRepositoryRoles( ManagedRepositoryConfiguration newRepository ) | |||
throws RoleManagerException | |||
{ | |||
String repoId = newRepository.getId(); | |||
// TODO: double check these are configured on start up | |||
// TODO: belongs in the business logic | |||
if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) ) | |||
{ | |||
roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ); | |||
} | |||
if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) ) | |||
{ | |||
roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ); | |||
} | |||
} | |||
} |
@@ -20,6 +20,7 @@ package org.apache.archiva.admin.repository.managed; | |||
import org.apache.archiva.admin.repository.RepositoryAdminException; | |||
import org.codehaus.plexus.redback.users.User; | |||
import java.util.List; | |||
@@ -35,14 +36,14 @@ public interface ManagedRepositoryAdmin | |||
ManagedRepository getManagedRepository( String repositoryId ) | |||
throws RepositoryAdminException; | |||
Boolean deleteManagedRepository( String repositoryId ) | |||
Boolean deleteManagedRepository( String repositoryId, User user ) | |||
throws RepositoryAdminException; | |||
Boolean addManagedRepository( ManagedRepository managedRepository, boolean needStageRepo ) | |||
Boolean addManagedRepository( ManagedRepository managedRepository, boolean needStageRepo, User user ) | |||
throws RepositoryAdminException; | |||
Boolean updateManagedRepository( ManagedRepository managedRepository, boolean needStageRepo ) | |||
Boolean updateManagedRepository( ManagedRepository managedRepository, boolean needStageRepo, User user ) | |||
throws RepositoryAdminException; | |||
@@ -19,9 +19,12 @@ package org.apache.archiva.admin.repository.managed; | |||
*/ | |||
import org.apache.commons.lang.StringUtils; | |||
import org.codehaus.plexus.redback.users.User; | |||
import org.codehaus.plexus.redback.users.memory.SimpleUser; | |||
import org.junit.Test; | |||
import javax.inject.Inject; | |||
import java.io.File; | |||
import java.util.List; | |||
/** | |||
@@ -71,20 +74,53 @@ public class ManagedRepositoryAdminTest | |||
repo.setId( "test-new-one" ); | |||
repo.setName( "test repo" ); | |||
repo.setLocation( APPSERVER_BASE_PATH + repo.getId() ); | |||
managedRepositoryAdmin.addManagedRepository( repo, false ); | |||
managedRepositoryAdmin.addManagedRepository( repo, false, getFakeUser() ); | |||
repos = managedRepositoryAdmin.getManagedRepositories(); | |||
assertNotNull( repos ); | |||
assertEquals( initialSize + 1, repos.size() ); | |||
assertNotNull( managedRepositoryAdmin.getManagedRepository( "test-new-one" ) ); | |||
managedRepositoryAdmin.deleteManagedRepository( "test-new-one" ); | |||
managedRepositoryAdmin.deleteManagedRepository( "test-new-one", getFakeUser() ); | |||
repos = managedRepositoryAdmin.getManagedRepositories(); | |||
assertNotNull( repos ); | |||
assertEquals( initialSize, repos.size() ); | |||
} | |||
@Test | |||
public void updateDeleteManagedRepo() | |||
throws Exception | |||
{ | |||
List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories(); | |||
assertNotNull( repos ); | |||
int initialSize = repos.size(); | |||
assertTrue( initialSize > 0 ); | |||
ManagedRepository repo = new ManagedRepository(); | |||
repo.setId( "test-new-one" ); | |||
repo.setName( "test repo" ); | |||
repo.setLocation( APPSERVER_BASE_PATH + repo.getId() ); | |||
managedRepositoryAdmin.addManagedRepository( repo, false, getFakeUser() ); | |||
repos = managedRepositoryAdmin.getManagedRepositories(); | |||
assertNotNull( repos ); | |||
assertEquals( initialSize + 1, repos.size() ); | |||
String newName = "test repo update"; | |||
repo.setName( newName ); | |||
repo.setLocation( APPSERVER_BASE_PATH + "new-path" ); | |||
managedRepositoryAdmin.updateManagedRepository( repo, false, getFakeUser() ); | |||
repo = managedRepositoryAdmin.getManagedRepository( "test-new-one" ); | |||
assertNotNull( repo ); | |||
assertEquals( newName, repo.getName() ); | |||
assertEquals( APPSERVER_BASE_PATH + "new-path", repo.getLocation() ); | |||
assertTrue( new File( APPSERVER_BASE_PATH + "new-path" ).exists() ); | |||
} | |||
private ManagedRepository findManagedRepoById( List<ManagedRepository> repos, String id ) | |||
{ | |||
@@ -98,4 +134,12 @@ public class ManagedRepositoryAdminTest | |||
return null; | |||
} | |||
User getFakeUser() | |||
{ | |||
SimpleUser user = new SimpleUser(); | |||
user.setUsername( "root" ); | |||
user.setFullName( "The top user" ); | |||
return user; | |||
} | |||
} |
@@ -0,0 +1,213 @@ | |||
<redback-role-model> | |||
<modelVersion>1.0.0</modelVersion> | |||
<applications> | |||
<application> | |||
<id>System</id> | |||
<description>Roles that apply system-wide, across all of the applications</description> | |||
<version>1.0.0</version> | |||
<resources> | |||
<resource> | |||
<id>global</id> | |||
<name>*</name> | |||
<permanent>true</permanent> | |||
<description>global resource implies full access for authorization</description> | |||
</resource> | |||
<resource> | |||
<id>username</id> | |||
<name>${username}</name> | |||
<permanent>true</permanent> | |||
<description>replaced with the username of the principal at authorization check time</description> | |||
</resource> | |||
</resources> | |||
<operations> | |||
<operation> | |||
<id>configuration-edit</id> | |||
<name>configuration-edit</name> | |||
<description>edit configuration</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-create</id> | |||
<name>user-management-user-create</name> | |||
<description>create user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-edit</id> | |||
<name>user-management-user-edit</name> | |||
<description>edit user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-role</id> | |||
<name>user-management-user-role</name> | |||
<description>user roles</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-delete</id> | |||
<name>user-management-user-delete</name> | |||
<description>delete user</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-user-list</id> | |||
<name>user-management-user-list</name> | |||
<description>list users</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-grant</id> | |||
<name>user-management-role-grant</name> | |||
<description>grant role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-role-drop</id> | |||
<name>user-management-role-drop</name> | |||
<description>drop role</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-rbac-admin</id> | |||
<name>user-management-rbac-admin</name> | |||
<description>administer rbac</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>guest-access</id> | |||
<name>guest-access</name> | |||
<description>access guest</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
<operation> | |||
<id>user-management-manage-data</id> | |||
<name>user-management-manage-data</name> | |||
<description>manage data</description> | |||
<permanent>true</permanent> | |||
</operation> | |||
</operations> | |||
<roles> | |||
<role> | |||
<id>system-administrator</id> | |||
<name>System Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-redback-configuration</id> | |||
<name>Edit Redback Configuration</name> | |||
<operation>configuration-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-setup</id> | |||
<name>User RBAC Management</name> | |||
<operation>user-management-rbac-admin</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>manage-rbac-data</id> | |||
<name>RBAC Manage Data</name> | |||
<operation>user-management-manage-data</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
<childRoles> | |||
<childRole>user-administrator</childRole> | |||
</childRoles> | |||
</role> | |||
<role> | |||
<id>user-administrator</id> | |||
<name>User Administrator</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>drop-roles-for-anyone</id> | |||
<name>Drop Roles for Anyone</name> | |||
<operation>user-management-role-drop</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>grant-roles-for-anyone</id> | |||
<name>Grant Roles for Anyone</name> | |||
<operation>user-management-role-grant</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-create</id> | |||
<name>Create Users</name> | |||
<operation>user-management-user-create</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-delete</id> | |||
<name>Delete Users</name> | |||
<operation>user-management-user-delete</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>user-edit</id> | |||
<name>Edit Users</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-users-roles</id> | |||
<name>Access Users Roles</name> | |||
<operation>user-management-user-role</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
<permission> | |||
<id>access-user-list</id> | |||
<name>Access User List</name> | |||
<operation>user-management-user-list</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>registered-user</id> | |||
<name>Registered User</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>edit-user-by-username</id> | |||
<name>Edit User Data by Username</name> | |||
<operation>user-management-user-edit</operation> | |||
<resource>username</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
<role> | |||
<id>guest</id> | |||
<name>Guest</name> | |||
<permanent>true</permanent> | |||
<assignable>true</assignable> | |||
<permissions> | |||
<permission> | |||
<id>guest-permission</id> | |||
<name>Guest Permission</name> | |||
<operation>guest-access</operation> | |||
<resource>global</resource> | |||
<permanent>true</permanent> | |||
</permission> | |||
</permissions> | |||
</role> | |||
</roles> | |||
</application> | |||
</applications> | |||
</redback-role-model> |