This project has retired. For details please refer to its
Attic page.
RbacAuthorizer xref
1 package org.apache.archiva.redback.authorization.rbac;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.archiva.redback.authorization.AuthorizationDataSource;
23 import org.apache.archiva.redback.authorization.AuthorizationException;
24 import org.apache.archiva.redback.authorization.AuthorizationResult;
25 import org.apache.archiva.redback.authorization.Authorizer;
26 import org.apache.archiva.redback.authorization.NotAuthorizedException;
27 import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluationException;
28 import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluator;
29 import org.apache.archiva.redback.rbac.Permission;
30 import org.apache.archiva.redback.rbac.RBACManager;
31 import org.apache.archiva.redback.rbac.RbacManagerException;
32 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
33 import org.apache.archiva.redback.users.User;
34 import org.apache.archiva.redback.users.UserManager;
35 import org.apache.archiva.redback.users.UserManagerException;
36 import org.apache.archiva.redback.users.UserNotFoundException;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39 import org.springframework.stereotype.Service;
40
41 import javax.inject.Inject;
42 import javax.inject.Named;
43 import java.util.List;
44 import java.util.Map;
45
46
47
48
49
50
51 @Service("authorizer#rbac")
52 public class RbacAuthorizer
53 implements Authorizer
54 {
55 private Logger log = LoggerFactory.getLogger( getClass() );
56
57 @Inject
58 @Named(value = "rbacManager#default")
59 private RBACManager manager;
60
61 @Inject
62 @Named(value = "userManager#default")
63 private UserManager userManager;
64
65 @Inject
66 private PermissionEvaluator evaluator;
67
68 public String getId()
69 {
70 return "rbac";
71 }
72
73
74
75
76
77
78 public AuthorizationResult isAuthorized( AuthorizationDataSource source )
79 throws AuthorizationException
80 {
81 String principal = source.getPrincipal();
82 String operation = source.getPermission();
83 String resource = source.getResource();
84
85 try
86 {
87 if ( principal != null )
88 {
89
90 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( principal );
91
92 if ( permissionMap.keySet().contains( operation ) )
93 {
94 for ( Permission permission : permissionMap.get( operation ) )
95 {
96
97 log.debug( "checking permission {} for operation {} resource {}",
98 ( permission != null ? permission.getName() : "null" ), operation, resource );
99
100 if ( evaluator.evaluate( permission, operation, resource, principal ) )
101 {
102 return new AuthorizationResult( true, permission, null );
103 }
104 }
105
106 log.debug( "no permission found for operation {} resource {}", operation, resource );
107 }
108 else
109 {
110 log.debug( "permission map does not contain operation: {}", operation );
111 }
112 }
113
114 User guest = userManager.getGuestUser();
115
116 if ( !guest.isLocked() )
117 {
118
119 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( guest.getUsername() );
120
121 if ( permissionMap.keySet().contains( operation ) )
122 {
123 for ( Permission permission : permissionMap.get( operation ) )
124 {
125 log.debug( "checking permission {}", permission.getName() );
126
127 if ( evaluator.evaluate( permission, operation, resource, guest.getUsername() ) )
128 {
129 return new AuthorizationResult( true, permission, null );
130 }
131 }
132 }
133 }
134
135 return new AuthorizationResult( false, null, new NotAuthorizedException( "no matching permissions" ) );
136 }
137 catch ( PermissionEvaluationException pe )
138 {
139 return new AuthorizationResult( false, null, pe );
140 }
141 catch ( RbacObjectNotFoundException nfe )
142 {
143 return new AuthorizationResult( false, null, nfe );
144 }
145 catch ( UserNotFoundException ne )
146 {
147 return new AuthorizationResult( false, null,
148 new NotAuthorizedException( "no matching permissions, guest not found" ) );
149 }
150 catch ( RbacManagerException rme )
151 {
152 return new AuthorizationResult( false, null, rme );
153 }
154 catch ( UserManagerException e )
155 {
156 return new AuthorizationResult( false, null, e );
157 }
158 }
159
160 public RBACManager getManager()
161 {
162 return manager;
163 }
164
165 public void setManager( RBACManager manager )
166 {
167 this.manager = manager;
168 }
169
170 public UserManager getUserManager()
171 {
172 return userManager;
173 }
174
175 public void setUserManager( UserManager userManager )
176 {
177 this.userManager = userManager;
178 }
179
180 public PermissionEvaluator getEvaluator()
181 {
182 return evaluator;
183 }
184
185 public void setEvaluator( PermissionEvaluator evaluator )
186 {
187 this.evaluator = evaluator;
188 }
189
190 public boolean isFinalImplementation()
191 {
192 return true;
193 }
194
195 public String getDescriptionKey()
196 {
197 return "archiva.redback.authorizer.rbac";
198 }
199 }