This project has retired. For details please refer to its Attic page.
DefaultUserRepositories xref
View Javadoc
1   package org.apache.archiva.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.admin.model.RepositoryAdminException;
23  import org.apache.archiva.admin.model.beans.ManagedRepository;
24  import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
25  import org.apache.archiva.redback.authentication.AuthenticationResult;
26  import org.apache.archiva.redback.authorization.AuthorizationException;
27  import org.apache.archiva.redback.role.RoleManager;
28  import org.apache.archiva.redback.role.RoleManagerException;
29  import org.apache.archiva.redback.system.DefaultSecuritySession;
30  import org.apache.archiva.redback.system.SecuritySession;
31  import org.apache.archiva.redback.system.SecuritySystem;
32  import org.apache.archiva.redback.users.User;
33  import org.apache.archiva.redback.users.UserManagerException;
34  import org.apache.archiva.redback.users.UserNotFoundException;
35  import org.apache.archiva.security.common.ArchivaRoleConstants;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  import org.springframework.stereotype.Service;
39  
40  import javax.inject.Inject;
41  import java.util.ArrayList;
42  import java.util.List;
43  
44  /**
45   * DefaultUserRepositories
46   */
47  @Service( "userRepositories" )
48  public class DefaultUserRepositories
49      implements UserRepositories
50  {
51  
52      @Inject
53      private SecuritySystem securitySystem;
54  
55      @Inject
56      private RoleManager roleManager;
57  
58      @Inject
59      private ManagedRepositoryAdmin managedRepositoryAdmin;
60  
61      private Logger log = LoggerFactory.getLogger( getClass() );
62  
63      @Override
64      public List<String> getObservableRepositoryIds( String principal )
65          throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
66      {
67          String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
68  
69          return getAccessibleRepositoryIds( principal, operation );
70      }
71  
72      @Override
73      public List<String> getManagableRepositoryIds( String principal )
74          throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
75      {
76          String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
77  
78          return getAccessibleRepositoryIds( principal, operation );
79      }
80  
81      private List<String> getAccessibleRepositoryIds( String principal, String operation )
82          throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
83      {
84  
85          List<ManagedRepository> managedRepositories = getAccessibleRepositories( principal, operation );
86          List<String> repoIds = new ArrayList<>( managedRepositories.size() );
87          for ( ManagedRepository managedRepository : managedRepositories )
88          {
89              repoIds.add( managedRepository.getId() );
90          }
91  
92          return repoIds;
93      }
94  
95      @Override
96      public List<ManagedRepository> getAccessibleRepositories( String principal )
97          throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
98      {
99          return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
100     }
101 
102     @Override
103     public List<ManagedRepository> getManagableRepositories(String principal) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException {
104         return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
105     }
106 
107     private List<ManagedRepository> getAccessibleRepositories( String principal, String operation )
108         throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
109     {
110         SecuritySession securitySession = createSession( principal );
111 
112         List<ManagedRepository> managedRepositories = new ArrayList<>();
113 
114         try
115         {
116             List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();
117 
118             for ( ManagedRepository repo : repos )
119             {
120                 try
121                 {
122                     String repoId = repo.getId();
123                     if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
124                     {
125                         managedRepositories.add( repo );
126                     }
127                 }
128                 catch ( AuthorizationException e )
129                 {
130                     // swallow.
131 
132                     log.debug( "Not authorizing '{}' for repository '{}': {}", principal, repo.getId(),
133                                e.getMessage() );
134 
135                 }
136             }
137 
138             return managedRepositories;
139         }
140         catch ( RepositoryAdminException e )
141         {
142             throw new ArchivaSecurityException( e.getMessage(), e );
143         }
144     }
145 
146     private SecuritySession createSession( String principal )
147         throws ArchivaSecurityException, AccessDeniedException
148     {
149         User user;
150         try
151         {
152             user = securitySystem.getUserManager().findUser( principal );
153             if ( user == null )
154             {
155                 throw new ArchivaSecurityException(
156                     "The security system had an internal error - please check your system logs" );
157             }
158         }
159         catch ( UserNotFoundException e )
160         {
161             throw new PrincipalNotFoundException( "Unable to find principal " + principal + "", e );
162         }
163         catch ( UserManagerException e )
164         {
165             throw new ArchivaSecurityException( e.getMessage(), e );
166         }
167 
168         if ( user.isLocked() )
169         {
170             throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
171         }
172 
173         AuthenticationResult authn = new AuthenticationResult( true, principal, null );
174         authn.setUser( user );
175         return new DefaultSecuritySession( authn, user );
176     }
177 
178     @Override
179     public void createMissingRepositoryRoles( String repoId )
180         throws ArchivaSecurityException
181     {
182         try
183         {
184             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
185             {
186                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
187             }
188 
189             if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
190             {
191                 roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
192             }
193         }
194         catch ( RoleManagerException e )
195         {
196             throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
197                                                 e );
198         }
199     }
200 
201     @Override
202     public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
203         throws PrincipalNotFoundException, ArchivaSecurityException
204     {
205         try
206         {
207             SecuritySession securitySession = createSession( principal );
208 
209             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
210                                                 repoId );
211 
212         }
213         catch ( AuthorizationException e )
214         {
215             throw new ArchivaSecurityException( e.getMessage(), e);
216         }
217     }
218 
219     @Override
220     public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
221         throws ArchivaSecurityException
222     {
223         try
224         {
225             SecuritySession securitySession = createSession( principal );
226 
227             return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
228                                                 repoId );
229 
230         }
231         catch ( AuthorizationException e )
232         {
233             throw new ArchivaSecurityException( e.getMessage(), e);
234         }
235     }
236 
237     public SecuritySystem getSecuritySystem()
238     {
239         return securitySystem;
240     }
241 
242     public void setSecuritySystem( SecuritySystem securitySystem )
243     {
244         this.securitySystem = securitySystem;
245     }
246 
247     public RoleManager getRoleManager()
248     {
249         return roleManager;
250     }
251 
252     public void setRoleManager( RoleManager roleManager )
253     {
254         this.roleManager = roleManager;
255     }
256 }