1 | package org.apache.maven.continuum.web.action; |
2 | |
3 | /* |
4 | * Licensed to the Apache Software Foundation (ASF) under one |
5 | * or more contributor license agreements. See the NOTICE file |
6 | * distributed with this work for additional information |
7 | * regarding copyright ownership. The ASF licenses this file |
8 | * to you under the Apache License, Version 2.0 (the |
9 | * "License"); you may not use this file except in compliance |
10 | * with the License. You may obtain a copy of the License at |
11 | * |
12 | * http://www.apache.org/licenses/LICENSE-2.0 |
13 | * |
14 | * Unless required by applicable law or agreed to in writing, |
15 | * software distributed under the License is distributed on an |
16 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
17 | * KIND, either express or implied. See the License for the |
18 | * specific language governing permissions and limitations |
19 | * under the License. |
20 | */ |
21 | |
22 | import com.opensymphony.xwork2.ActionContext; |
23 | import com.opensymphony.xwork2.Preparable; |
24 | |
25 | import java.text.SimpleDateFormat; |
26 | import java.util.ResourceBundle; |
27 | |
28 | import org.apache.maven.continuum.Continuum; |
29 | import org.apache.maven.continuum.security.ContinuumRoleConstants; |
30 | import org.apache.maven.continuum.web.exception.AuthenticationRequiredException; |
31 | import org.apache.maven.continuum.web.exception.AuthorizationRequiredException; |
32 | import org.codehaus.plexus.redback.authorization.AuthorizationException; |
33 | import org.codehaus.plexus.redback.system.SecuritySession; |
34 | import org.codehaus.plexus.redback.system.SecuritySystem; |
35 | import org.codehaus.plexus.redback.system.SecuritySystemConstants; |
36 | import org.codehaus.plexus.util.StringUtils; |
37 | |
38 | /** |
39 | * ContinuumActionSupport |
40 | * |
41 | * @author Jesse McConnell <jesse@codehaus.org> |
42 | * @version $Id: ContinuumActionSupport.java 767474 2009-04-22 11:48:15Z jzurbano $ |
43 | */ |
44 | public class ContinuumActionSupport |
45 | extends PlexusActionSupport |
46 | implements Preparable |
47 | { |
48 | private SecuritySession securitySession; |
49 | |
50 | /** |
51 | * @plexus.requirement |
52 | */ |
53 | private SecuritySystem securitySystem; |
54 | |
55 | protected static final String REQUIRES_AUTHENTICATION = "requires-authentication"; |
56 | |
57 | protected static final String REQUIRES_AUTHORIZATION = "requires-authorization"; |
58 | |
59 | protected static final String ERROR_MSG_AUTHORIZATION_REQUIRED = "You are not authorized to access this page. " + |
60 | "Please contact your administrator to be granted the appropriate permissions."; |
61 | |
62 | protected static final String ERROR_MSG_PROCESSING_AUTHORIZATION = |
63 | "An error occurred while performing authorization."; |
64 | |
65 | /** |
66 | * @plexus.requirement |
67 | */ |
68 | private Continuum continuum; |
69 | |
70 | protected final SimpleDateFormat dateFormatter = new SimpleDateFormat( "MMM dd, yyyy hh:mm:ss aaa z" ); |
71 | |
72 | public void prepare() |
73 | throws Exception |
74 | { |
75 | if ( securitySession == null ) |
76 | { |
77 | securitySession = |
78 | (SecuritySession) getContext().getSession().get( SecuritySystemConstants.SECURITY_SESSION_KEY ); |
79 | } |
80 | } |
81 | |
82 | public Continuum getContinuum() |
83 | { |
84 | return continuum; |
85 | } |
86 | |
87 | public void setContinuum( Continuum continuum ) |
88 | { |
89 | this.continuum = continuum; |
90 | } |
91 | |
92 | public String doDefault() |
93 | throws Exception |
94 | { |
95 | return REQUIRES_AUTHORIZATION; |
96 | } |
97 | |
98 | public String input() |
99 | throws Exception |
100 | { |
101 | return REQUIRES_AUTHORIZATION; |
102 | } |
103 | |
104 | public String execute() |
105 | throws Exception |
106 | { |
107 | return REQUIRES_AUTHORIZATION; |
108 | } |
109 | |
110 | /** |
111 | * Check if the current user is authorized to do the action |
112 | * |
113 | * @param role the role |
114 | * @throws AuthorizationRequiredException if the user isn't authorized |
115 | */ |
116 | protected void checkAuthorization( String role ) |
117 | throws AuthorizationRequiredException |
118 | { |
119 | checkAuthorization( role, null, false ); |
120 | } |
121 | |
122 | /** |
123 | * Check if the current user is authorized to do the action |
124 | * |
125 | * @param role the role |
126 | * @param resource the operation resource |
127 | * @throws AuthorizationRequiredException if the user isn't authorized |
128 | */ |
129 | protected void checkAuthorization( String role, String resource ) |
130 | throws AuthorizationRequiredException |
131 | { |
132 | checkAuthorization( role, resource, true ); |
133 | } |
134 | |
135 | /** |
136 | * Check if the current user is authorized to do the action |
137 | * |
138 | * @param role the role |
139 | * @param resource the operation resource |
140 | * @param requiredResource true if resource can't be null |
141 | * @throws AuthorizationRequiredException if the user isn't authorized |
142 | */ |
143 | protected void checkAuthorization( String role, String resource, boolean requiredResource ) |
144 | throws AuthorizationRequiredException |
145 | { |
146 | try |
147 | { |
148 | if ( resource != null && StringUtils.isNotEmpty( resource.trim() ) ) |
149 | { |
150 | if ( !getSecuritySystem().isAuthorized( getSecuritySession(), role, resource ) ) |
151 | { |
152 | throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED ); |
153 | } |
154 | } |
155 | else |
156 | { |
157 | if ( requiredResource || !getSecuritySystem().isAuthorized( getSecuritySession(), role ) ) |
158 | { |
159 | throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED ); |
160 | } |
161 | } |
162 | } |
163 | catch ( AuthorizationException ae ) |
164 | { |
165 | throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION ); |
166 | } |
167 | } |
168 | |
169 | /** |
170 | * Check if the current user is authorized to view the specified project group |
171 | * |
172 | * @param resource the operation resource |
173 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
174 | */ |
175 | protected void checkViewProjectGroupAuthorization( String resource ) |
176 | throws AuthorizationRequiredException |
177 | { |
178 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource ); |
179 | } |
180 | |
181 | /** |
182 | * Check if the current user is authorized to add a project group |
183 | * |
184 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
185 | */ |
186 | protected void checkAddProjectGroupAuthorization() |
187 | throws AuthorizationRequiredException |
188 | { |
189 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION ); |
190 | } |
191 | |
192 | /** |
193 | * Check if the current user is authorized to delete the specified project group |
194 | * |
195 | * @param resource the operation resource |
196 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
197 | */ |
198 | protected void checkRemoveProjectGroupAuthorization( String resource ) |
199 | throws AuthorizationRequiredException |
200 | { |
201 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource ); |
202 | } |
203 | |
204 | /** |
205 | * Check if the current user is authorized to build the specified project group |
206 | * |
207 | * @param resource the operation resource |
208 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
209 | */ |
210 | protected void checkBuildProjectGroupAuthorization( String resource ) |
211 | throws AuthorizationRequiredException |
212 | { |
213 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource ); |
214 | } |
215 | |
216 | /** |
217 | * Check if the current user is authorized to modify the specified project group |
218 | * |
219 | * @param resource the operation resource |
220 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
221 | */ |
222 | protected void checkModifyProjectGroupAuthorization( String resource ) |
223 | throws AuthorizationRequiredException |
224 | { |
225 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource ); |
226 | } |
227 | |
228 | /** |
229 | * Check if the current user is authorized to add a project to a specific project group |
230 | * |
231 | * @param resource the operation resource |
232 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
233 | */ |
234 | protected void checkAddProjectToGroupAuthorization( String resource ) |
235 | throws AuthorizationRequiredException |
236 | { |
237 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource ); |
238 | } |
239 | |
240 | /** |
241 | * Check if the current user is authorized to delete a project from a specified group |
242 | * |
243 | * @param resource the operation resource |
244 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
245 | */ |
246 | protected void checkRemoveProjectFromGroupAuthorization( String resource ) |
247 | throws AuthorizationRequiredException |
248 | { |
249 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION, resource ); |
250 | } |
251 | |
252 | /** |
253 | * Check if the current user is authorized to modify a project in the specified group |
254 | * |
255 | * @param resource the operation resource |
256 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
257 | */ |
258 | protected void checkModifyProjectInGroupAuthorization( String resource ) |
259 | throws AuthorizationRequiredException |
260 | { |
261 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION, resource ); |
262 | } |
263 | |
264 | /** |
265 | * Check if the current user is authorized to build a project in the specified group |
266 | * |
267 | * @param resource the operation resource |
268 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
269 | */ |
270 | protected void checkBuildProjectInGroupAuthorization( String resource ) |
271 | throws AuthorizationRequiredException |
272 | { |
273 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION, resource ); |
274 | } |
275 | |
276 | /** |
277 | * Check if the current user is authorized to add a build definition for the specified |
278 | * project group |
279 | * |
280 | * @param resource the operation resource |
281 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
282 | */ |
283 | protected void checkAddGroupBuildDefinitionAuthorization( String resource ) |
284 | throws AuthorizationRequiredException |
285 | { |
286 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION, resource ); |
287 | } |
288 | |
289 | /** |
290 | * Check if the current user is authorized to delete a build definition in the specified |
291 | * project group |
292 | * |
293 | * @param resource the operation resource |
294 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
295 | */ |
296 | protected void checkRemoveGroupBuildDefinitionAuthorization( String resource ) |
297 | throws AuthorizationRequiredException |
298 | { |
299 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION, resource ); |
300 | } |
301 | |
302 | /** |
303 | * Check if the current user is authorized to modify a build definition in the specified |
304 | * project group |
305 | * |
306 | * @param resource the operation resource |
307 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
308 | */ |
309 | protected void checkModifyGroupBuildDefinitionAuthorization( String resource ) |
310 | throws AuthorizationRequiredException |
311 | { |
312 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION, resource ); |
313 | } |
314 | |
315 | /** |
316 | * Check if the current user is authorized to add a group build definition to a specific |
317 | * project |
318 | * |
319 | * @param resource the operation resource |
320 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
321 | */ |
322 | protected void checkAddProjectBuildDefinitionAuthorization( String resource ) |
323 | throws AuthorizationRequiredException |
324 | { |
325 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION, resource ); |
326 | } |
327 | |
328 | /** |
329 | * Check if the current user is authorized to modify a build definition of a specific project |
330 | * |
331 | * @param resource the operation resource |
332 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
333 | */ |
334 | protected void checkModifyProjectBuildDefinitionAuthorization( String resource ) |
335 | throws AuthorizationRequiredException |
336 | { |
337 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION, resource ); |
338 | } |
339 | |
340 | /** |
341 | * Check if the current user is authorized to delete a build definition of a specific |
342 | * project |
343 | * |
344 | * @param resource the operation resource |
345 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
346 | */ |
347 | protected void checkRemoveProjectBuildDefinitionAuthorization( String resource ) |
348 | throws AuthorizationRequiredException |
349 | { |
350 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION, resource ); |
351 | } |
352 | |
353 | /** |
354 | * Check if the current user is authorized to add a notifier to the specified |
355 | * project group |
356 | * |
357 | * @param resource the operation resource |
358 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
359 | */ |
360 | protected void checkAddProjectGroupNotifierAuthorization( String resource ) |
361 | throws AuthorizationRequiredException |
362 | { |
363 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION, resource ); |
364 | } |
365 | |
366 | /** |
367 | * Check if the current user is authorized to delete a notifier in the specified |
368 | * project group |
369 | * |
370 | * @param resource the operation resource |
371 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
372 | */ |
373 | protected void checkRemoveProjectGroupNotifierAuthorization( String resource ) |
374 | throws AuthorizationRequiredException |
375 | { |
376 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION, resource ); |
377 | } |
378 | |
379 | /** |
380 | * Check if the current user is authorized to modify a notifier in the specified |
381 | * project group |
382 | * |
383 | * @param resource the operartion resource |
384 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
385 | */ |
386 | protected void checkModifyProjectGroupNotifierAuthorization( String resource ) |
387 | throws AuthorizationRequiredException |
388 | { |
389 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION, resource ); |
390 | } |
391 | |
392 | /** |
393 | * Check if the current user is authorized to add a notifier to a specific project |
394 | * |
395 | * @param resource the operation resource |
396 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
397 | */ |
398 | protected void checkAddProjectNotifierAuthorization( String resource ) |
399 | throws AuthorizationRequiredException |
400 | { |
401 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION, resource ); |
402 | } |
403 | |
404 | /** |
405 | * Check if the current user is authorized to delete a notifier in a specific project |
406 | * |
407 | * @param resource the operation resource |
408 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
409 | */ |
410 | protected void checkRemoveProjectNotifierAuthorization( String resource ) |
411 | throws AuthorizationRequiredException |
412 | { |
413 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION, resource ); |
414 | } |
415 | |
416 | /** |
417 | * Check if the current user is authorized to modify a notifier in a specific project |
418 | * |
419 | * @param resource the operation resource |
420 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
421 | */ |
422 | protected void checkModifyProjectNotifierAuthorization( String resource ) |
423 | throws AuthorizationRequiredException |
424 | { |
425 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION, resource ); |
426 | } |
427 | |
428 | /** |
429 | * Check if the current user is authorized to manage the application's configuration |
430 | * |
431 | * @throws AuthenticationRequiredException |
432 | * if the user isn't authorized if the user isn't authenticated |
433 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
434 | */ |
435 | protected void checkManageConfigurationAuthorization() |
436 | throws AuthenticationRequiredException, AuthorizationRequiredException |
437 | { |
438 | if ( !isAuthenticated() ) |
439 | { |
440 | throw new AuthenticationRequiredException( "Authentication required." ); |
441 | } |
442 | |
443 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION ); |
444 | } |
445 | |
446 | /** |
447 | * Check if the current user is authorized to manage the project build schedules |
448 | * |
449 | * @throws AuthenticationRequiredException |
450 | * if the user isn't authorized if the user isn't authenticated |
451 | * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized |
452 | */ |
453 | protected void checkManageSchedulesAuthorization() |
454 | throws AuthenticationRequiredException, AuthorizationRequiredException |
455 | { |
456 | if ( !isAuthenticated() ) |
457 | { |
458 | throw new AuthenticationRequiredException( "Authentication required." ); |
459 | } |
460 | |
461 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES ); |
462 | } |
463 | |
464 | /** |
465 | * Check if the current user is authorized to manage queues |
466 | * |
467 | * @throws AuthenticationRequiredException |
468 | * if the user isn't authenticated |
469 | * @throws AuthorizationRequiredException if the user isn't authorized |
470 | */ |
471 | protected void checkManageQueuesAuthorization() |
472 | throws AuthenticationRequiredException, AuthorizationRequiredException |
473 | { |
474 | if ( !isAuthenticated() ) |
475 | { |
476 | throw new AuthenticationRequiredException( "Authentication required" ); |
477 | } |
478 | |
479 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_QUEUES ); |
480 | } |
481 | |
482 | protected void checkManageLocalRepositoriesAuthorization() |
483 | throws AuthorizationRequiredException |
484 | { |
485 | checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_REPOSITORIES ); |
486 | } |
487 | |
488 | /** |
489 | * Get the security session |
490 | * |
491 | * @return current SecuritySession |
492 | */ |
493 | private SecuritySession getSecuritySession() |
494 | { |
495 | |
496 | return securitySession; |
497 | } |
498 | |
499 | /** |
500 | * Get the action context |
501 | * |
502 | * @return action context |
503 | */ |
504 | private ActionContext getContext() |
505 | { |
506 | |
507 | return ActionContext.getContext(); |
508 | } |
509 | |
510 | /** |
511 | * Get the security system |
512 | * |
513 | * @return the security system |
514 | */ |
515 | protected SecuritySystem getSecuritySystem() |
516 | { |
517 | return securitySystem; |
518 | } |
519 | |
520 | protected boolean requiresAuthentication() |
521 | { |
522 | return true; |
523 | } |
524 | |
525 | /** |
526 | * Check if the current user is already authenticated |
527 | * |
528 | * @return true if the user is authenticated |
529 | */ |
530 | public boolean isAuthenticated() |
531 | { |
532 | if ( requiresAuthentication() ) |
533 | { |
534 | if ( getSecuritySession() == null || !getSecuritySession().isAuthenticated() ) |
535 | { |
536 | return false; |
537 | } |
538 | } |
539 | |
540 | return true; |
541 | } |
542 | |
543 | protected ResourceBundle getResourceBundle() |
544 | { |
545 | return getTexts( "localization/Continuum" ); |
546 | } |
547 | |
548 | protected String getPrincipal() |
549 | { |
550 | String principal = "guest"; |
551 | |
552 | if ( getSecuritySession() != null ) |
553 | { |
554 | if ( getSecuritySession().getUser() != null ) |
555 | { |
556 | principal = (String) getSecuritySession().getUser().getPrincipal(); |
557 | } |
558 | } |
559 | else |
560 | { |
561 | principal = "unknown-user"; |
562 | } |
563 | return principal; |
564 | } |
565 | } |