001package org.apache.archiva.redback.integration.checks.security; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants; 023import org.apache.archiva.redback.rbac.RBACManager; 024import org.apache.archiva.redback.rbac.RbacManagerException; 025import org.apache.archiva.redback.rbac.UserAssignment; 026import org.apache.archiva.redback.system.check.EnvironmentCheck; 027import org.apache.archiva.redback.users.User; 028import org.apache.archiva.redback.users.UserManager; 029import org.apache.archiva.redback.users.UserManagerException; 030import org.apache.archiva.redback.users.UserNotFoundException; 031import org.slf4j.Logger; 032import org.slf4j.LoggerFactory; 033import org.springframework.stereotype.Service; 034 035import javax.inject.Inject; 036import javax.inject.Named; 037import java.util.ArrayList; 038import java.util.List; 039 040/** 041 * LockedAdminEnvironmentCheck: checks if accounts marked as system administrator are locked 042 * and unlocks them on startup. 043 * 044 * @author: Jesse McConnell 045 */ 046@Service( "environmentCheck#locked-admin-check" ) 047public class LockedAdminEnvironmentCheck 048 implements EnvironmentCheck 049{ 050 051 protected Logger log = LoggerFactory.getLogger( getClass() ); 052 053 @Inject 054 @Named( value = "userManager#default" ) 055 private UserManager userManager; 056 057 @Inject 058 @Named( value = "rbacManager#default" ) 059 private RBACManager rbacManager; 060 061 /** 062 * boolean detailing if this environment check has been executed 063 */ 064 private boolean checked = false; 065 066 /** 067 * This environment check will unlock system administrator accounts that are locked on the restart of the 068 * application when the environment checks are processed. 069 * 070 * @param violations 071 */ 072 public void validateEnvironment( List<String> violations ) 073 { 074 if ( !checked && !userManager.isReadOnly() ) 075 { 076 List<String> roles = new ArrayList<String>(); 077 roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE_ID ); 078 079 List<? extends UserAssignment> systemAdminstrators; 080 try 081 { 082 systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles ); 083 084 for ( UserAssignment userAssignment : systemAdminstrators ) 085 { 086 try 087 { 088 User admin = userManager.findUser( userAssignment.getPrincipal() ); 089 090 if ( admin.isLocked() ) 091 { 092 log.info( "Unlocking system administrator: {}", admin.getUsername() ); 093 admin.setLocked( false ); 094 userManager.updateUser( admin ); 095 } 096 } 097 catch ( UserNotFoundException ne ) 098 { 099 log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() ); 100 } 101 catch ( UserManagerException e ) 102 { 103 log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(), 104 e.getMessage() ); 105 } 106 } 107 } 108 catch ( RbacManagerException e ) 109 { 110 log.warn( "Exception when checking for locked admin user: {}", e.getMessage(), e ); 111 } 112 113 checked = true; 114 } 115 } 116}