Coverage Report

Coverage Report - org.apache.maven.archiva.security.DefaultUserRepositories

Classes in this File

0/43

0/12

 package org.apache.maven.archiva.security;
 
 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *  http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 
 import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
 import org.codehaus.plexus.redback.authorization.AuthorizationException;
 import org.codehaus.plexus.redback.role.RoleManager;
 import org.codehaus.plexus.redback.role.RoleManagerException;
 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
 import org.codehaus.plexus.redback.system.SecuritySession;
 import org.codehaus.plexus.redback.system.SecuritySystem;
 import org.codehaus.plexus.redback.users.User;
 import org.codehaus.plexus.redback.users.UserNotFoundException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
  * DefaultUserRepositories
  * 
  * @version $Id: DefaultUserRepositories.java 755726 2009-03-18 20:47:20Z brett $
  * @plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
  */
 public class DefaultUserRepositories
     implements UserRepositories
 {
     /**
      * @plexus.requirement
      */
     private SecuritySystem securitySystem;
 
     /**
      * @plexus.requirement role-hint="default"
      */
     private RoleManager roleManager;
 
     /**
      * @plexus.requirement
      */
     private ArchivaConfiguration archivaConfiguration;
     
     private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
 
     public List<String> getObservableRepositoryIds( String principal )
         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
     {
         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
 
         return getAccessibleRepositoryIds( principal, operation );
     }
 
     public List<String> getManagableRepositoryIds( String principal )
         throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
     {
         String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
 
         return getAccessibleRepositoryIds( principal, operation );
     }
 
     private List<String> getAccessibleRepositoryIds( String principal, String operation )
         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
     {
         SecuritySession securitySession = createSession( principal );
 
         List<String> repoIds = new ArrayList<String>();
 
         List<ManagedRepositoryConfiguration> repos =
             archivaConfiguration.getConfiguration().getManagedRepositories();
 
         for ( ManagedRepositoryConfiguration repo : repos )
         {
             try
             {
                 String repoId = repo.getId();
                 if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
                 {
                     repoIds.add( repoId );
                 }
             }
             catch ( AuthorizationException e )
             {
                 // swallow.
                 log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': "
                     + e.getMessage() );
             }
         }
 
         return repoIds;
     }
 
     private SecuritySession createSession( String principal )
         throws ArchivaSecurityException, AccessDeniedException
     {
         User user;
         try
         {
             user = securitySystem.getUserManager().findUser( principal );
             if ( user == null )
             {
                 throw new ArchivaSecurityException(
                     "The security system had an internal error - please check your system logs" );
             }
         }
         catch ( UserNotFoundException e )
         {
             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
         }
 
         if ( user.isLocked() )
         {
             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
         }
 
         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
         return new DefaultSecuritySession( authn, user );
     }
 
     public void createMissingRepositoryRoles( String repoId )
         throws ArchivaSecurityException
     {
         try
         {
             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
             {
                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
             }
 
             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
             {
                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
             }
         }
         catch ( RoleManagerException e )
         {
             throw new ArchivaSecurityException(
                                                 "Unable to create roles for configured repositories: " + e.getMessage(),
                                                 e );
         }
     }
 
     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
         throws PrincipalNotFoundException, ArchivaSecurityException
     {
         try
         {
             SecuritySession securitySession = createSession( principal );
 
             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
                                                 repoId );
 
         }
         catch ( AuthorizationException e )
         {
             throw new ArchivaSecurityException( e.getMessage() );
         }
     }
     
     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
         throws AccessDeniedException, ArchivaSecurityException
     {
         try
         {
             SecuritySession securitySession = createSession( principal );
 
             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
                                                 repoId );
 
         }
         catch ( AuthorizationException e )
         {
             throw new ArchivaSecurityException( e.getMessage() );
         }
     }
 }

1		package org.apache.maven.archiva.security;
2
3		/*
4		* Licensed to the Apache Software Foundation (ASF) under one
5		* or more contributor license agreements. See the NOTICE file
6		* distributed with this work for additional information
7		* regarding copyright ownership. The ASF licenses this file
8		* to you under the Apache License, Version 2.0 (the
9		* "License"); you may not use this file except in compliance
10		* with the License. You may obtain a copy of the License at
11		*
12		* http://www.apache.org/licenses/LICENSE-2.0
13		*
14		* Unless required by applicable law or agreed to in writing,
15		* software distributed under the License is distributed on an
16		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17		* KIND, either express or implied. See the License for the
18		* specific language governing permissions and limitations
19		* under the License.
20		*/
21
22		import java.util.ArrayList;
23		import java.util.List;
24
25		import org.apache.maven.archiva.configuration.ArchivaConfiguration;
26		import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
27		import org.codehaus.plexus.redback.authentication.AuthenticationResult;
28		import org.codehaus.plexus.redback.authorization.AuthorizationException;
29		import org.codehaus.plexus.redback.role.RoleManager;
30		import org.codehaus.plexus.redback.role.RoleManagerException;
31		import org.codehaus.plexus.redback.system.DefaultSecuritySession;
32		import org.codehaus.plexus.redback.system.SecuritySession;
33		import org.codehaus.plexus.redback.system.SecuritySystem;
34		import org.codehaus.plexus.redback.users.User;
35		import org.codehaus.plexus.redback.users.UserNotFoundException;
36		import org.slf4j.Logger;
37		import org.slf4j.LoggerFactory;
38
39		/**
40		* DefaultUserRepositories
41		*
42		* @version $Id: DefaultUserRepositories.java 755726 2009-03-18 20:47:20Z brett $
43		* @plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
44		*/
45	0	public class DefaultUserRepositories
46		implements UserRepositories
47		{
48		/**
49		* @plexus.requirement
50		*/
51		private SecuritySystem securitySystem;
52
53		/**
54		* @plexus.requirement role-hint="default"
55		*/
56		private RoleManager roleManager;
57
58		/**
59		* @plexus.requirement
60		*/
61		private ArchivaConfiguration archivaConfiguration;
62
63	0	private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
64
65		public List<String> getObservableRepositoryIds( String principal )
66		throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
67		{
68	0	String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
69
70	0	return getAccessibleRepositoryIds( principal, operation );
71		}
72
73		public List<String> getManagableRepositoryIds( String principal )
74		throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
75		{
76	0	String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
77
78	0	return getAccessibleRepositoryIds( principal, operation );
79		}
80
81		private List<String> getAccessibleRepositoryIds( String principal, String operation )
82		throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
83		{
84	0	SecuritySession securitySession = createSession( principal );
85
86	0	List<String> repoIds = new ArrayList<String>();
87
88	0	List<ManagedRepositoryConfiguration> repos =
89		archivaConfiguration.getConfiguration().getManagedRepositories();
90
91	0	for ( ManagedRepositoryConfiguration repo : repos )
92		{
93		try
94		{
95	0	String repoId = repo.getId();
96	0	if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
97		{
98	0	repoIds.add( repoId );
99		}
100		}
101	0	catch ( AuthorizationException e )
102		{
103		// swallow.
104	0	log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': "
105		+ e.getMessage() );
106	0	}
107		}
108
109	0	return repoIds;
110		}
111
112		private SecuritySession createSession( String principal )
113		throws ArchivaSecurityException, AccessDeniedException
114		{
115		User user;
116		try
117		{
118	0	user = securitySystem.getUserManager().findUser( principal );
119	0	if ( user == null )
120		{
121	0	throw new ArchivaSecurityException(
122		"The security system had an internal error - please check your system logs" );
123		}
124		}
125	0	catch ( UserNotFoundException e )
126		{
127	0	throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
128	0	}
129
130	0	if ( user.isLocked() )
131		{
132	0	throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
133		}
134
135	0	AuthenticationResult authn = new AuthenticationResult( true, principal, null );
136	0	return new DefaultSecuritySession( authn, user );
137		}
138
139		public void createMissingRepositoryRoles( String repoId )
140		throws ArchivaSecurityException
141		{
142		try
143		{
144	0	if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
145		{
146	0	roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
147		}
148
149	0	if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
150		{
151	0	roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
152		}
153		}
154	0	catch ( RoleManagerException e )
155		{
156	0	throw new ArchivaSecurityException(
157		"Unable to create roles for configured repositories: " + e.getMessage(),
158		e );
159	0	}
160	0	}
161
162		public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
163		throws PrincipalNotFoundException, ArchivaSecurityException
164		{
165		try
166		{
167	0	SecuritySession securitySession = createSession( principal );
168
169	0	return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
170		repoId );
171
172		}
173	0	catch ( AuthorizationException e )
174		{
175	0	throw new ArchivaSecurityException( e.getMessage() );
176		}
177		}
178
179		public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
180		throws AccessDeniedException, ArchivaSecurityException
181		{
182		try
183		{
184	0	SecuritySession securitySession = createSession( principal );
185
186	0	return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
187		repoId );
188
189		}
190	0	catch ( AuthorizationException e )
191		{
192	0	throw new ArchivaSecurityException( e.getMessage() );
193		}
194		}
195		}