mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7363 Commits
73 Branches
Tree: d9de8dc7af
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd9de8dc7af'
${ noResults }
archiva/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/startup/SecuritySynchronization.java

SecuritySynchronization.java 8.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254 
  1. package org.apache.archiva.web.startup;

  2. 

  3. /*

  4.  * Licensed to the Apache Software Foundation (ASF) under one

  5.  * or more contributor license agreements.  See the NOTICE file

  6.  * distributed with this work for additional information

  7.  * regarding copyright ownership.  The ASF licenses this file

  8.  * to you under the Apache License, Version 2.0 (the

  9.  * "License"); you may not use this file except in compliance

  10.  * with the License.  You may obtain a copy of the License at

  11.  *

  12.  *  http://www.apache.org/licenses/LICENSE-2.0

  13.  *

  14.  * Unless required by applicable law or agreed to in writing,

  15.  * software distributed under the License is distributed on an

  16.  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

  17.  * KIND, either express or implied.  See the License for the

  18.  * specific language governing permissions and limitations

  19.  * under the License.

  20.  */

  21. 

  22. import org.apache.archiva.common.ArchivaException;

  23. import org.apache.archiva.configuration.ArchivaConfiguration;

  24. import org.apache.archiva.configuration.ConfigurationNames;

  25. import org.apache.archiva.configuration.ManagedRepositoryConfiguration;

  26. import org.apache.archiva.redback.rbac.RBACManager;

  27. import org.apache.archiva.redback.role.RoleManagerException;

  28. import org.apache.archiva.redback.system.check.EnvironmentCheck;

  29. import org.apache.archiva.security.common.ArchivaRoleConstants;

  30. import org.apache.commons.collections.CollectionUtils;

  31. import org.apache.commons.lang.StringUtils;

  32. import org.apache.archiva.redback.rbac.RbacManagerException;

  33. import org.apache.archiva.redback.rbac.UserAssignment;

  34. import org.apache.archiva.redback.role.RoleManager;

  35. import org.apache.archiva.redback.users.UserManager;

  36. import org.apache.archiva.redback.components.registry.RegistryListener;

  37. import org.apache.commons.lang.time.StopWatch;

  38. import org.slf4j.Logger;

  39. import org.slf4j.LoggerFactory;

  40. import org.springframework.context.ApplicationContext;

  41. import org.springframework.stereotype.Service;

  42. 

  43. import javax.annotation.PostConstruct;

  44. import javax.inject.Inject;

  45. import javax.inject.Named;

  46. import java.util.ArrayList;

  47. import java.util.HashMap;

  48. import java.util.List;

  49. import java.util.Map;

  50. import java.util.Map.Entry;

  51. 

  52. /**

  53.  * ConfigurationSynchronization

  54.  */

  55. @Service

  56. public class SecuritySynchronization

  57.     implements RegistryListener

  58. {

  59.     private Logger log = LoggerFactory.getLogger( SecuritySynchronization.class );

  60. 

  61.     @Inject

  62.     private RoleManager roleManager;

  63. 

  64.     @Inject

  65.     @Named(value = "rbacManager#cached")

  66.     private RBACManager rbacManager;

  67. 

  68.     private Map<String, EnvironmentCheck> checkers;

  69. 

  70.     @Inject

  71.     private ArchivaConfiguration archivaConfiguration;

  72. 

  73.     @Inject

  74.     private ApplicationContext applicationContext;

  75. 

  76.     @PostConstruct

  77.     public void initialize()

  78.     {

  79.         checkers = getBeansOfType( EnvironmentCheck.class );

  80.     }

  81. 

  82.     protected <T> Map<String, T> getBeansOfType( Class<T> clazz )

  83.     {

  84.         //TODO do some caching here !!!

  85.         // olamy : with plexus we get only roleHint

  86.         // as per convention we named spring bean role#hint remove role# if exists

  87.         Map<String, T> springBeans = applicationContext.getBeansOfType( clazz );

  88. 

  89.         Map<String, T> beans = new HashMap<String, T>( springBeans.size() );

  90. 

  91.         for ( Entry<String, T> entry : springBeans.entrySet() )

  92.         {

  93.             String key = StringUtils.substringAfterLast( entry.getKey(), "#" );

  94.             beans.put( key, entry.getValue() );

  95.         }

  96.         return beans;

  97.     }

  98. 

  99.     public void afterConfigurationChange( org.apache.archiva.redback.components.registry.Registry registry,

  100.                                           String propertyName, Object propertyValue )

  101.     {

  102.         if ( ConfigurationNames.isManagedRepositories( propertyName ) && propertyName.endsWith( ".id" ) )

  103.         {

  104.             if ( propertyValue != null )

  105.             {

  106.                 syncRepoConfiguration( (String) propertyValue );

  107.             }

  108.         }

  109.     }

  110. 

  111.     public void beforeConfigurationChange( org.apache.archiva.redback.components.registry.Registry registry,

  112.                                            String propertyName, Object propertyValue )

  113.     {

  114.         /* do nothing */

  115.     }

  116. 

  117.     private void synchConfiguration( List<ManagedRepositoryConfiguration> repos )

  118.     {

  119.         // NOTE: Remote Repositories do not have roles or security placed around them.

  120. 

  121.         for ( ManagedRepositoryConfiguration repoConfig : repos )

  122.         {

  123.             syncRepoConfiguration( repoConfig.getId() );

  124.         }

  125.     }

  126. 

  127.     private void syncRepoConfiguration( String id )

  128.     {

  129.         // manage roles for repositories

  130.         try

  131.         {

  132.             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, id ) )

  133.             {

  134.                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, id );

  135.             }

  136.             else

  137.             {

  138.                 roleManager.verifyTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, id );

  139.             }

  140. 

  141.             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, id ) )

  142.             {

  143.                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, id );

  144.             }

  145.             else

  146.             {

  147.                 roleManager.verifyTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, id );

  148.             }

  149.         }

  150.         catch ( RoleManagerException e )

  151.         {

  152.             // Log error.

  153.             log.error( "Unable to create roles for configured repositories: " + e.getMessage(), e );

  154.         }

  155.     }

  156. 

  157.     public void startup()

  158.         throws ArchivaException

  159.     {

  160.         executeEnvironmentChecks();

  161. 

  162.         synchConfiguration( archivaConfiguration.getConfiguration().getManagedRepositories() );

  163.         archivaConfiguration.addChangeListener( this );

  164. 

  165.         if ( archivaConfiguration.isDefaulted() )

  166.         {

  167.             assignRepositoryObserverToGuestUser( archivaConfiguration.getConfiguration().getManagedRepositories() );

  168.         }

  169.     }

  170. 

  171.     private void executeEnvironmentChecks()

  172.         throws ArchivaException

  173.     {

  174.         if ( ( checkers == null ) || CollectionUtils.isEmpty( checkers.values() ) )

  175.         {

  176.             throw new ArchivaException(

  177.                 "Unable to initialize the Redback Security Environment, " + "no Environment Check components found." );

  178.         }

  179. 

  180.         StopWatch stopWatch = new StopWatch();

  181.         stopWatch.reset();

  182.         stopWatch.start();

  183. 

  184.         List<String> violations = new ArrayList<>();

  185. 

  186.         for ( Entry<String, EnvironmentCheck> entry : checkers.entrySet() )

  187.         {

  188.             EnvironmentCheck check = entry.getValue();

  189.             List<String> v = new ArrayList<>();

  190.             check.validateEnvironment( v );

  191.             log.info( "Environment Check: {} -> {} violation(s)", entry.getKey(), v.size() );

  192.             for ( String s : v )

  193.             {

  194.                 violations.add( "[" + entry.getKey() + "] " + s );

  195.             }

  196.         }

  197. 

  198.         if ( CollectionUtils.isNotEmpty( violations ) )

  199.         {

  200.             StringBuilder msg = new StringBuilder();

  201.             msg.append( "EnvironmentCheck Failure.\n" );

  202.             msg.append( "======================================================================\n" );

  203.             msg.append( " ENVIRONMENT FAILURE !! \n" );

  204.             msg.append( "\n" );

  205. 

  206.             for ( String violation : violations )

  207.             {

  208.                 msg.append( violation ).append( "\n" );

  209.             }

  210. 

  211.             msg.append( "\n" );

  212.             msg.append( "======================================================================" );

  213.             log.error( msg.toString() );

  214. 

  215.             throw new ArchivaException( "Unable to initialize Redback Security Environment, [" + violations.size()

  216.                                             + "] violation(s) encountered, See log for details." );

  217.         }

  218. 

  219.         stopWatch.stop();

  220.         log.info( "time to execute all EnvironmentCheck: {} ms", stopWatch.getTime() );

  221.     }

  222. 

  223. 

  224.     private void assignRepositoryObserverToGuestUser( List<ManagedRepositoryConfiguration> repos )

  225.     {

  226.         for ( ManagedRepositoryConfiguration repoConfig : repos )

  227.         {

  228.             String repoId = repoConfig.getId();

  229. 

  230.             String principal = UserManager.GUEST_USERNAME;

  231. 

  232.             try

  233.             {

  234.                 UserAssignment ua;

  235. 

  236.                 if ( rbacManager.userAssignmentExists( principal ) )

  237.                 {

  238.                     ua = rbacManager.getUserAssignment( principal );

  239.                 }

  240.                 else

  241.                 {

  242.                     ua = rbacManager.createUserAssignment( principal );

  243.                 }

  244. 

  245.                 ua.addRoleName( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) );

  246.                 rbacManager.saveUserAssignment( ua );

  247.             }

  248.             catch ( RbacManagerException e )

  249.             {

  250.                 log.warn( "Unable to add role [{}] to {} user.", ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ), principal, e );

  251.             }

  252.         }

  253.     }

  254. }