001 package org.apache.archiva.web.security;
002 /*
003 * Licensed to the Apache Software Foundation (ASF) under one
004 * or more contributor license agreements. See the NOTICE file
005 * distributed with this work for additional information
006 * regarding copyright ownership. The ASF licenses this file
007 * to you under the Apache License, Version 2.0 (the
008 * "License"); you may not use this file except in compliance
009 * with the License. You may obtain a copy of the License at
010 *
011 * http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing,
014 * software distributed under the License is distributed on an
015 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
016 * KIND, either express or implied. See the License for the
017 * specific language governing permissions and limitations
018 * under the License.
019 */
020
021 import org.apache.archiva.admin.model.RepositoryAdminException;
022 import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
023 import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
024 import org.apache.archiva.redback.rbac.RBACManager;
025 import org.apache.archiva.redback.rbac.RbacManagerException;
026 import org.apache.archiva.redback.rbac.UserAssignment;
027 import org.apache.archiva.redback.system.check.EnvironmentCheck;
028 import org.apache.archiva.redback.users.User;
029 import org.apache.archiva.redback.users.UserManager;
030 import org.apache.archiva.redback.users.UserManagerException;
031 import org.apache.archiva.redback.users.UserNotFoundException;
032 import org.slf4j.Logger;
033 import org.slf4j.LoggerFactory;
034 import org.springframework.context.ApplicationContext;
035 import org.springframework.stereotype.Service;
036
037 import javax.annotation.PostConstruct;
038 import javax.inject.Inject;
039 import javax.inject.Named;
040 import java.util.ArrayList;
041 import java.util.List;
042
043 /**
044 * @author Olivier Lamy
045 */
046 @Service( "environmentCheck#archiva-locked-admin-check" )
047 public class ArchivaLockedAdminEnvironmentCheck
048 implements EnvironmentCheck
049 {
050
051 protected Logger log = LoggerFactory.getLogger( getClass() );
052
053
054 @Inject
055 @Named( value = "rbacManager#cached" )
056 private RBACManager rbacManager;
057
058 /**
059 * boolean detailing if this environment check has been executed
060 */
061 private boolean checked = false;
062
063 @Inject
064 private ApplicationContext applicationContext;
065
066 @Inject
067 private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
068
069 private List<UserManager> userManagers;
070
071 @PostConstruct
072 protected void initialize()
073 throws RepositoryAdminException
074 {
075 List<String> userManagerImpls =
076 redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
077
078 userManagers = new ArrayList<UserManager>( userManagerImpls.size() );
079
080 for ( String beanId : userManagerImpls )
081 {
082 userManagers.add( applicationContext.getBean( "userManager#" + beanId, UserManager.class ) );
083 }
084 }
085
086 /**
087 * This environment check will unlock system administrator accounts that are locked on the restart of the
088 * application when the environment checks are processed.
089 *
090 * @param violations
091 */
092 public void validateEnvironment( List<String> violations )
093 {
094 if ( !checked )
095 {
096
097 for ( UserManager userManager : userManagers )
098 {
099 if ( userManager.isReadOnly() )
100 {
101 continue;
102 }
103 List<String> roles = new ArrayList<String>();
104 roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
105
106 List<UserAssignment> systemAdminstrators;
107 try
108 {
109 systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
110
111 for ( UserAssignment userAssignment : systemAdminstrators )
112 {
113 try
114 {
115 User admin = userManager.findUser( userAssignment.getPrincipal() );
116
117 if ( admin.isLocked() )
118 {
119 log.info( "Unlocking system administrator: {}", admin.getUsername() );
120 admin.setLocked( false );
121 userManager.updateUser( admin );
122 }
123 }
124 catch ( UserNotFoundException ne )
125 {
126 log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
127 }
128 catch ( UserManagerException e )
129 {
130 log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
131 e.getMessage() );
132 }
133 }
134 }
135 catch ( RbacManagerException e )
136 {
137 log.warn( "Exception when checking for locked admin user: " + e.getMessage(), e );
138 }
139
140 checked = true;
141 }
142
143 }
144
145 }
146 }