This project has retired. For details please refer to its Attic page.
RbacAuthorizer xref
View Javadoc

1   package org.apache.archiva.redback.authorization.rbac;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.authorization.AuthorizationDataSource;
23  import org.apache.archiva.redback.authorization.AuthorizationException;
24  import org.apache.archiva.redback.authorization.AuthorizationResult;
25  import org.apache.archiva.redback.authorization.Authorizer;
26  import org.apache.archiva.redback.authorization.NotAuthorizedException;
27  import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluationException;
28  import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluator;
29  import org.apache.archiva.redback.rbac.Permission;
30  import org.apache.archiva.redback.rbac.RBACManager;
31  import org.apache.archiva.redback.rbac.RbacManagerException;
32  import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
33  import org.apache.archiva.redback.users.User;
34  import org.apache.archiva.redback.users.UserManager;
35  import org.apache.archiva.redback.users.UserManagerException;
36  import org.apache.archiva.redback.users.UserNotFoundException;
37  import org.slf4j.Logger;
38  import org.slf4j.LoggerFactory;
39  import org.springframework.stereotype.Service;
40  
41  import javax.inject.Inject;
42  import javax.inject.Named;
43  import java.util.List;
44  import java.util.Map;
45  
46  /**
47   * RbacAuthorizer:
48   *
49   * @author Jesse McConnell <jmcconnell@apache.org>
50   */
51  @Service("authorizer#rbac")
52  public class RbacAuthorizer
53      implements Authorizer
54  {
55      private Logger log = LoggerFactory.getLogger( getClass() );
56  
57      @Inject
58      @Named(value = "rbacManager#default")
59      private RBACManager manager;
60  
61      @Inject
62      @Named(value = "userManager#default")
63      private UserManager userManager;
64  
65      @Inject
66      private PermissionEvaluator evaluator;
67  
68      public String getId()
69      {
70          return "rbac";
71      }
72  
73      /**
74       * @param source
75       * @return
76       * @throws AuthorizationException
77       */
78      public AuthorizationResult isAuthorized( AuthorizationDataSource source )
79          throws AuthorizationException
80      {
81          String principal = source.getPrincipal();
82          String operation = source.getPermission();
83          String resource = source.getResource();
84  
85          try
86          {
87              if ( principal != null )
88              {
89                  // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
90                  Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( principal );
91  
92                  if ( permissionMap.keySet().contains( operation ) )
93                  {
94                      for ( Permission permission : permissionMap.get( operation ) )
95                      {
96  
97                          log.debug( "checking permission {} for operation {} resource {}",
98                                     ( permission != null ? permission.getName() : "null" ), operation, resource );
99  
100                         if ( evaluator.evaluate( permission, operation, resource, principal ) )
101                         {
102                             return new AuthorizationResult( true, permission, null );
103                         }
104                     }
105 
106                     log.debug( "no permission found for operation {} resource {}", operation, resource );
107                 }
108                 else
109                 {
110                     log.debug( "permission map does not contain operation: {}", operation );
111                 }
112             }
113             // check if guest user is enabled, if so check the global permissions
114             User guest = userManager.getGuestUser();
115 
116             if ( !guest.isLocked() )
117             {
118                 // Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
119                 Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( guest.getUsername() );
120 
121                 if ( permissionMap.keySet().contains( operation ) )
122                 {
123                     for ( Permission permission : permissionMap.get( operation ) )
124                     {
125                         log.debug( "checking permission {}", permission.getName() );
126 
127                         if ( evaluator.evaluate( permission, operation, resource, guest.getUsername() ) )
128                         {
129                             return new AuthorizationResult( true, permission, null );
130                         }
131                     }
132                 }
133             }
134 
135             return new AuthorizationResult( false, null, new NotAuthorizedException( "no matching permissions" ) );
136         }
137         catch ( PermissionEvaluationException pe )
138         {
139             return new AuthorizationResult( false, null, pe );
140         }
141         catch ( RbacObjectNotFoundException nfe )
142         {
143             return new AuthorizationResult( false, null, nfe );
144         }
145         catch ( UserNotFoundException ne )
146         {
147             return new AuthorizationResult( false, null,
148                                             new NotAuthorizedException( "no matching permissions, guest not found" ) );
149         }
150         catch ( RbacManagerException rme )
151         {
152             return new AuthorizationResult( false, null, rme );
153         }
154         catch ( UserManagerException e )
155         {
156             return new AuthorizationResult( false, null, e );
157         }
158     }
159 
160     public RBACManager getManager()
161     {
162         return manager;
163     }
164 
165     public void setManager( RBACManager manager )
166     {
167         this.manager = manager;
168     }
169 
170     public UserManager getUserManager()
171     {
172         return userManager;
173     }
174 
175     public void setUserManager( UserManager userManager )
176     {
177         this.userManager = userManager;
178     }
179 
180     public PermissionEvaluator getEvaluator()
181     {
182         return evaluator;
183     }
184 
185     public void setEvaluator( PermissionEvaluator evaluator )
186     {
187         this.evaluator = evaluator;
188     }
189 
190     public boolean isFinalImplementation()
191     {
192         return true;
193     }
194 
195     public String getDescriptionKey()
196     {
197         return "archiva.redback.authorizer.rbac";
198     }
199 }