mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7363 Commits
73 Branches
Tree: d9de8dc7af
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd9de8dc7af'
${ noResults }
archiva/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/DefaultUserRepositories.java

DefaultUserRepositories.java 8.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245 
  1. package org.apache.archiva.security;

  2. 

  3. /*

  4.  * Licensed to the Apache Software Foundation (ASF) under one

  5.  * or more contributor license agreements.  See the NOTICE file

  6.  * distributed with this work for additional information

  7.  * regarding copyright ownership.  The ASF licenses this file

  8.  * to you under the Apache License, Version 2.0 (the

  9.  * "License"); you may not use this file except in compliance

  10.  * with the License.  You may obtain a copy of the License at

  11.  *

  12.  *  http://www.apache.org/licenses/LICENSE-2.0

  13.  *

  14.  * Unless required by applicable law or agreed to in writing,

  15.  * software distributed under the License is distributed on an

  16.  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

  17.  * KIND, either express or implied.  See the License for the

  18.  * specific language governing permissions and limitations

  19.  * under the License.

  20.  */

  21. 

  22. import org.apache.archiva.admin.model.RepositoryAdminException;

  23. import org.apache.archiva.admin.model.beans.ManagedRepository;

  24. import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;

  25. import org.apache.archiva.redback.authentication.AuthenticationResult;

  26. import org.apache.archiva.redback.authorization.AuthorizationException;

  27. import org.apache.archiva.redback.role.RoleManager;

  28. import org.apache.archiva.redback.role.RoleManagerException;

  29. import org.apache.archiva.redback.system.DefaultSecuritySession;

  30. import org.apache.archiva.redback.system.SecuritySession;

  31. import org.apache.archiva.redback.system.SecuritySystem;

  32. import org.apache.archiva.redback.users.User;

  33. import org.apache.archiva.redback.users.UserManagerException;

  34. import org.apache.archiva.redback.users.UserNotFoundException;

  35. import org.apache.archiva.security.common.ArchivaRoleConstants;

  36. import org.slf4j.Logger;

  37. import org.slf4j.LoggerFactory;

  38. import org.springframework.stereotype.Service;

  39. 

  40. import javax.inject.Inject;

  41. import java.util.ArrayList;

  42. import java.util.List;

  43. 

  44. /**

  45.  * DefaultUserRepositories

  46.  */

  47. @Service( "userRepositories" )

  48. public class DefaultUserRepositories

  49.     implements UserRepositories

  50. {

  51. 

  52.     @Inject

  53.     private SecuritySystem securitySystem;

  54. 

  55.     @Inject

  56.     private RoleManager roleManager;

  57. 

  58.     @Inject

  59.     private ManagedRepositoryAdmin managedRepositoryAdmin;

  60. 

  61.     private Logger log = LoggerFactory.getLogger( getClass() );

  62. 

  63.     public List<String> getObservableRepositoryIds( String principal )

  64.         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException

  65.     {

  66.         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;

  67. 

  68.         return getAccessibleRepositoryIds( principal, operation );

  69.     }

  70. 

  71.     public List<String> getManagableRepositoryIds( String principal )

  72.         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException

  73.     {

  74.         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;

  75. 

  76.         return getAccessibleRepositoryIds( principal, operation );

  77.     }

  78. 

  79.     private List<String> getAccessibleRepositoryIds( String principal, String operation )

  80.         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException

  81.     {

  82. 

  83.         List<ManagedRepository> managedRepositories = getAccessibleRepositories( principal, operation );

  84.         List<String> repoIds = new ArrayList<>( managedRepositories.size() );

  85.         for ( ManagedRepository managedRepository : managedRepositories )

  86.         {

  87.             repoIds.add( managedRepository.getId() );

  88.         }

  89. 

  90.         return repoIds;

  91.     }

  92. 

  93.     public List<ManagedRepository> getAccessibleRepositories( String principal )

  94.         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException

  95.     {

  96.         return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );

  97.     }

  98. 

  99.     private List<ManagedRepository> getAccessibleRepositories( String principal, String operation )

  100.         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException

  101.     {

  102.         SecuritySession securitySession = createSession( principal );

  103. 

  104.         List<ManagedRepository> managedRepositories = new ArrayList<>();

  105. 

  106.         try

  107.         {

  108.             List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();

  109. 

  110.             for ( ManagedRepository repo : repos )

  111.             {

  112.                 try

  113.                 {

  114.                     String repoId = repo.getId();

  115.                     if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )

  116.                     {

  117.                         managedRepositories.add( repo );

  118.                     }

  119.                 }

  120.                 catch ( AuthorizationException e )

  121.                 {

  122.                     // swallow.

  123. 

  124.                     log.debug( "Not authorizing '{}' for repository '{}': {}", principal, repo.getId(),

  125.                                e.getMessage() );

  126. 

  127.                 }

  128.             }

  129. 

  130.             return managedRepositories;

  131.         }

  132.         catch ( RepositoryAdminException e )

  133.         {

  134.             throw new ArchivaSecurityException( e.getMessage(), e );

  135.         }

  136.     }

  137. 

  138.     private SecuritySession createSession( String principal )

  139.         throws ArchivaSecurityException, AccessDeniedException

  140.     {

  141.         User user;

  142.         try

  143.         {

  144.             user = securitySystem.getUserManager().findUser( principal );

  145.             if ( user == null )

  146.             {

  147.                 throw new ArchivaSecurityException(

  148.                     "The security system had an internal error - please check your system logs" );

  149.             }

  150.         }

  151.         catch ( UserNotFoundException e )

  152.         {

  153.             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "", e );

  154.         }

  155.         catch ( UserManagerException e )

  156.         {

  157.             throw new ArchivaSecurityException( e.getMessage(), e );

  158.         }

  159. 

  160.         if ( user.isLocked() )

  161.         {

  162.             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );

  163.         }

  164. 

  165.         AuthenticationResult authn = new AuthenticationResult( true, principal, null );

  166.         authn.setUser( user );

  167.         return new DefaultSecuritySession( authn, user );

  168.     }

  169. 

  170.     public void createMissingRepositoryRoles( String repoId )

  171.         throws ArchivaSecurityException

  172.     {

  173.         try

  174.         {

  175.             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )

  176.             {

  177.                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );

  178.             }

  179. 

  180.             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )

  181.             {

  182.                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );

  183.             }

  184.         }

  185.         catch ( RoleManagerException e )

  186.         {

  187.             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),

  188.                                                 e );

  189.         }

  190.     }

  191. 

  192.     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )

  193.         throws PrincipalNotFoundException, ArchivaSecurityException

  194.     {

  195.         try

  196.         {

  197.             SecuritySession securitySession = createSession( principal );

  198. 

  199.             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,

  200.                                                 repoId );

  201. 

  202.         }

  203.         catch ( AuthorizationException e )

  204.         {

  205.             throw new ArchivaSecurityException( e.getMessage(), e);

  206.         }

  207.     }

  208. 

  209.     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )

  210.         throws ArchivaSecurityException

  211.     {

  212.         try

  213.         {

  214.             SecuritySession securitySession = createSession( principal );

  215. 

  216.             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,

  217.                                                 repoId );

  218. 

  219.         }

  220.         catch ( AuthorizationException e )

  221.         {

  222.             throw new ArchivaSecurityException( e.getMessage(), e);

  223.         }

  224.     }

  225. 

  226.     public SecuritySystem getSecuritySystem()

  227.     {

  228.         return securitySystem;

  229.     }

  230. 

  231.     public void setSecuritySystem( SecuritySystem securitySystem )

  232.     {

  233.         this.securitySystem = securitySystem;

  234.     }

  235. 

  236.     public RoleManager getRoleManager()

  237.     {

  238.         return roleManager;

  239.     }

  240. 

  241.     public void setRoleManager( RoleManager roleManager )

  242.     {

  243.         this.roleManager = roleManager;

  244.     }

  245. }