001 package org.apache.archiva.security;
002
003 /*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements. See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership. The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License. You may obtain a copy of the License at
011 *
012 * http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied. See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022 import java.util.List;
023
024 import org.apache.archiva.redback.rbac.RbacManagerException;
025 import org.apache.archiva.redback.system.check.EnvironmentCheck;
026 import org.apache.archiva.security.common.ArchivaRoleConstants;
027 import org.apache.archiva.redback.rbac.RBACManager;
028 import org.slf4j.Logger;
029 import org.slf4j.LoggerFactory;
030 import org.springframework.stereotype.Service;
031
032 import javax.inject.Inject;
033 import javax.inject.Named;
034
035 /**
036 * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.
037 */
038 @Service("environmentCheck#archiva-required-roles")
039 public class ArchivaStandardRolesCheck
040 implements EnvironmentCheck
041 {
042 private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class );
043
044 /**
045 *
046 */
047 @Inject
048 @Named(value = "rbacManager#cached")
049 private RBACManager rbacManager;
050
051 /**
052 * boolean detailing if this environment check has been executed
053 */
054 private boolean checked = false;
055
056 public void validateEnvironment( List<String> violations )
057 {
058 if ( !checked )
059 {
060 String expectedRoles[] = new String[]{ ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
061 ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
062 ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, ArchivaRoleConstants.GUEST_ROLE,
063 ArchivaRoleConstants.REGISTERED_USER_ROLE, ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
064
065 log.info( "Checking the existance of required roles." );
066
067 for ( String roleName : expectedRoles )
068 {
069 try
070 {
071 if ( !rbacManager.roleExists( roleName ) )
072 {
073 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
074 }
075 }
076 catch ( RbacManagerException e )
077 {
078 log.warn( "fail to verify existence of role '{}'", roleName );
079 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
080 }
081 }
082
083 String expectedOperations[] = new String[]{ ArchivaRoleConstants.OPERATION_MANAGE_USERS,
084 ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
085 ArchivaRoleConstants.OPERATION_RUN_INDEXER, ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
086 ArchivaRoleConstants.OPERATION_ADD_REPOSITORY, ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
087 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
088 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
089 "archiva-guest" };
090
091 log.info( "Checking the existance of required operations." );
092
093 for ( String operation : expectedOperations )
094 {
095 if ( !rbacManager.operationExists( operation ) )
096 {
097 violations.add( "Unable to validate the existances of the '" + operation + "' operation." );
098 }
099 }
100
101 checked = true;
102 }
103
104 }
105
106 }