1 | |
package org.apache.maven.archiva.security; |
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
|
20 | |
|
21 | |
|
22 | |
import java.util.ArrayList; |
23 | |
import java.util.List; |
24 | |
|
25 | |
import org.apache.maven.archiva.configuration.ArchivaConfiguration; |
26 | |
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; |
27 | |
import org.codehaus.plexus.redback.authentication.AuthenticationResult; |
28 | |
import org.codehaus.plexus.redback.authorization.AuthorizationException; |
29 | |
import org.codehaus.plexus.redback.role.RoleManager; |
30 | |
import org.codehaus.plexus.redback.role.RoleManagerException; |
31 | |
import org.codehaus.plexus.redback.system.DefaultSecuritySession; |
32 | |
import org.codehaus.plexus.redback.system.SecuritySession; |
33 | |
import org.codehaus.plexus.redback.system.SecuritySystem; |
34 | |
import org.codehaus.plexus.redback.users.User; |
35 | |
import org.codehaus.plexus.redback.users.UserNotFoundException; |
36 | |
import org.slf4j.Logger; |
37 | |
import org.slf4j.LoggerFactory; |
38 | |
|
39 | |
|
40 | |
|
41 | |
|
42 | |
|
43 | |
|
44 | |
|
45 | 0 | public class DefaultUserRepositories |
46 | |
implements UserRepositories |
47 | |
{ |
48 | |
|
49 | |
|
50 | |
|
51 | |
private SecuritySystem securitySystem; |
52 | |
|
53 | |
|
54 | |
|
55 | |
|
56 | |
private RoleManager roleManager; |
57 | |
|
58 | |
|
59 | |
|
60 | |
|
61 | |
private ArchivaConfiguration archivaConfiguration; |
62 | |
|
63 | 0 | private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class ); |
64 | |
|
65 | |
public List<String> getObservableRepositoryIds( String principal ) |
66 | |
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException |
67 | |
{ |
68 | 0 | String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS; |
69 | |
|
70 | 0 | return getAccessibleRepositoryIds( principal, operation ); |
71 | |
} |
72 | |
|
73 | |
public List<String> getManagableRepositoryIds( String principal ) |
74 | |
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException |
75 | |
{ |
76 | 0 | String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD; |
77 | |
|
78 | 0 | return getAccessibleRepositoryIds( principal, operation ); |
79 | |
} |
80 | |
|
81 | |
private List<String> getAccessibleRepositoryIds( String principal, String operation ) |
82 | |
throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException |
83 | |
{ |
84 | 0 | SecuritySession securitySession = createSession( principal ); |
85 | |
|
86 | 0 | List<String> repoIds = new ArrayList<String>(); |
87 | |
|
88 | 0 | List<ManagedRepositoryConfiguration> repos = |
89 | |
archivaConfiguration.getConfiguration().getManagedRepositories(); |
90 | |
|
91 | 0 | for ( ManagedRepositoryConfiguration repo : repos ) |
92 | |
{ |
93 | |
try |
94 | |
{ |
95 | 0 | String repoId = repo.getId(); |
96 | 0 | if ( securitySystem.isAuthorized( securitySession, operation, repoId ) ) |
97 | |
{ |
98 | 0 | repoIds.add( repoId ); |
99 | |
} |
100 | |
} |
101 | 0 | catch ( AuthorizationException e ) |
102 | |
{ |
103 | |
|
104 | 0 | log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': " |
105 | |
+ e.getMessage() ); |
106 | 0 | } |
107 | |
} |
108 | |
|
109 | 0 | return repoIds; |
110 | |
} |
111 | |
|
112 | |
private SecuritySession createSession( String principal ) |
113 | |
throws ArchivaSecurityException, AccessDeniedException |
114 | |
{ |
115 | |
User user; |
116 | |
try |
117 | |
{ |
118 | 0 | user = securitySystem.getUserManager().findUser( principal ); |
119 | 0 | if ( user == null ) |
120 | |
{ |
121 | 0 | throw new ArchivaSecurityException( |
122 | |
"The security system had an internal error - please check your system logs" ); |
123 | |
} |
124 | |
} |
125 | 0 | catch ( UserNotFoundException e ) |
126 | |
{ |
127 | 0 | throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" ); |
128 | 0 | } |
129 | |
|
130 | 0 | if ( user.isLocked() ) |
131 | |
{ |
132 | 0 | throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." ); |
133 | |
} |
134 | |
|
135 | 0 | AuthenticationResult authn = new AuthenticationResult( true, principal, null ); |
136 | 0 | return new DefaultSecuritySession( authn, user ); |
137 | |
} |
138 | |
|
139 | |
public void createMissingRepositoryRoles( String repoId ) |
140 | |
throws ArchivaSecurityException |
141 | |
{ |
142 | |
try |
143 | |
{ |
144 | 0 | if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) ) |
145 | |
{ |
146 | 0 | roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ); |
147 | |
} |
148 | |
|
149 | 0 | if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) ) |
150 | |
{ |
151 | 0 | roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ); |
152 | |
} |
153 | |
} |
154 | 0 | catch ( RoleManagerException e ) |
155 | |
{ |
156 | 0 | throw new ArchivaSecurityException( |
157 | |
"Unable to create roles for configured repositories: " + e.getMessage(), |
158 | |
e ); |
159 | 0 | } |
160 | 0 | } |
161 | |
|
162 | |
public boolean isAuthorizedToUploadArtifacts( String principal, String repoId ) |
163 | |
throws PrincipalNotFoundException, ArchivaSecurityException |
164 | |
{ |
165 | |
try |
166 | |
{ |
167 | 0 | SecuritySession securitySession = createSession( principal ); |
168 | |
|
169 | 0 | return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, |
170 | |
repoId ); |
171 | |
|
172 | |
} |
173 | 0 | catch ( AuthorizationException e ) |
174 | |
{ |
175 | 0 | throw new ArchivaSecurityException( e.getMessage() ); |
176 | |
} |
177 | |
} |
178 | |
|
179 | |
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId ) |
180 | |
throws AccessDeniedException, ArchivaSecurityException |
181 | |
{ |
182 | |
try |
183 | |
{ |
184 | 0 | SecuritySession securitySession = createSession( principal ); |
185 | |
|
186 | 0 | return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE, |
187 | |
repoId ); |
188 | |
|
189 | |
} |
190 | 0 | catch ( AuthorizationException e ) |
191 | |
{ |
192 | 0 | throw new ArchivaSecurityException( e.getMessage() ); |
193 | |
} |
194 | |
} |
195 | |
} |