1 package org.apache.archiva.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import java.util.List;
23
24 import org.apache.archiva.redback.rbac.RbacManagerException;
25 import org.apache.archiva.redback.system.check.EnvironmentCheck;
26 import org.apache.archiva.security.common.ArchivaRoleConstants;
27 import org.apache.archiva.redback.rbac.RBACManager;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
30 import org.springframework.stereotype.Service;
31
32 import javax.inject.Inject;
33 import javax.inject.Named;
34
35
36
37
38 @Service("environmentCheck#archiva-required-roles")
39 public class ArchivaStandardRolesCheck
40 implements EnvironmentCheck
41 {
42 private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class );
43
44
45
46
47 @Inject
48 @Named(value = "rbacManager#cached")
49 private RBACManager rbacManager;
50
51
52
53
54 private boolean checked = false;
55
56 @Override
57 public void validateEnvironment( List<String> violations )
58 {
59 if ( !checked )
60 {
61 String expectedRoles[] = new String[]{ ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
62 ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
63 ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, ArchivaRoleConstants.GUEST_ROLE,
64 ArchivaRoleConstants.REGISTERED_USER_ROLE, ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
65
66 log.info( "Checking the existance of required roles." );
67
68 for ( String roleName : expectedRoles )
69 {
70 try
71 {
72 if ( !rbacManager.roleExists( roleName ) )
73 {
74 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
75 }
76 }
77 catch ( RbacManagerException e )
78 {
79 log.warn( "fail to verify existence of role '{}'", roleName );
80 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
81 }
82 }
83
84 String expectedOperations[] = new String[]{ ArchivaRoleConstants.OPERATION_MANAGE_USERS,
85 ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
86 ArchivaRoleConstants.OPERATION_RUN_INDEXER, ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
87 ArchivaRoleConstants.OPERATION_ADD_REPOSITORY, ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
88 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
89 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
90 "archiva-guest" };
91
92 log.info( "Checking the existance of required operations." );
93
94 for ( String operation : expectedOperations )
95 {
96 if ( !rbacManager.operationExists( operation ) )
97 {
98 violations.add( "Unable to validate the existances of the '" + operation + "' operation." );
99 }
100 }
101
102 checked = true;
103 }
104
105 }
106
107 }