001package org.apache.archiva.redback.system; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import org.apache.archiva.redback.authentication.AuthenticationDataSource; 023import org.apache.archiva.redback.authentication.AuthenticationException; 024import org.apache.archiva.redback.authentication.AuthenticationManager; 025import org.apache.archiva.redback.authentication.AuthenticationResult; 026import org.apache.archiva.redback.authentication.TokenManager; 027import org.apache.archiva.redback.authorization.AuthorizationDataSource; 028import org.apache.archiva.redback.authorization.AuthorizationException; 029import org.apache.archiva.redback.authorization.AuthorizationResult; 030import org.apache.archiva.redback.authorization.Authorizer; 031import org.apache.archiva.redback.keys.KeyManager; 032import org.apache.archiva.redback.policy.AccountLockedException; 033import org.apache.archiva.redback.policy.MustChangePasswordException; 034import org.apache.archiva.redback.policy.UserSecurityPolicy; 035import org.apache.archiva.redback.users.User; 036import org.apache.archiva.redback.users.UserManager; 037import org.apache.archiva.redback.users.UserManagerException; 038import org.apache.archiva.redback.users.UserNotFoundException; 039import org.slf4j.Logger; 040import org.slf4j.LoggerFactory; 041import org.springframework.stereotype.Service; 042 043import javax.inject.Inject; 044import javax.inject.Named; 045 046/** 047 * DefaultSecuritySystem: 048 * 049 * @author: Jesse McConnell 050 */ 051@Service( "securitySystem" ) 052public class DefaultSecuritySystem 053 implements SecuritySystem 054{ 055 private Logger log = LoggerFactory.getLogger( DefaultSecuritySystem.class ); 056 057 @Inject 058 private AuthenticationManager authnManager; 059 060 @Inject 061 @Named( value = "authorizer#default" ) 062 private Authorizer authorizer; 063 064 @Inject 065 @Named( value = "userManager#default" ) 066 private UserManager userManager; 067 068 @Inject 069 @Named( value = "keyManager#cached" ) 070 private KeyManager keyManager; 071 072 @Inject 073 @Named( value = "tokenManager#default") 074 private TokenManager tokenManager; 075 076 @Inject 077 private UserSecurityPolicy policy; 078 079 // ---------------------------------------------------------------------------- 080 // Authentication: delegate to the authnManager 081 // ---------------------------------------------------------------------------- 082 083 /** 084 * delegate to the authentication system for boolean authentication checks, 085 * if the result is authentic then pull the user object from the user 086 * manager and add it to the session. If the result is false return the result in 087 * an authenticated session and a null user object. 088 * 089 * in the event of a successful authentication and a lack of corresponding user in the 090 * usermanager return a null user as well 091 * 092 * //todo should this last case create a user in the usermanager? 093 * 094 * @param source 095 * @return 096 * @throws AuthenticationException 097 * @throws UserNotFoundException 098 * @throws MustChangePasswordException 099 * @throws org.apache.archiva.redback.policy.AccountLockedException 100 * @throws MustChangePasswordException 101 */ 102 public SecuritySession authenticate( AuthenticationDataSource source ) 103 throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException, 104 UserManagerException 105 { 106 // Perform Authentication. 107 AuthenticationResult result = authnManager.authenticate( source ); 108 109 log.debug( "authnManager.authenticate() result: {}", result ); 110 111 // Process Results. 112 if ( result.isAuthenticated() ) 113 { 114 log.debug( "User '{}' authenticated.", result.getPrincipal() ); 115 User user = userManager.findUser( result.getPrincipal() ); 116 if ( user != null ) 117 { 118 log.debug( "User '{}' exists.", result.getPrincipal() ); 119 log.debug( "User: {}", user ); 120 return new DefaultSecuritySession( result, user ); 121 } 122 else 123 { 124 log.debug( "User '{}' DOES NOT exist.", result.getPrincipal() ); 125 return new DefaultSecuritySession( result ); 126 } 127 } 128 else 129 { 130 log.debug( "User '{}' IS NOT authenticated.", result.getPrincipal() ); 131 return new DefaultSecuritySession( result ); 132 } 133 } 134 135 public boolean isAuthenticated( AuthenticationDataSource source ) 136 throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException, 137 UserManagerException 138 { 139 return authenticate( source ).getAuthenticationResult().isAuthenticated(); 140 } 141 142 public String getAuthenticatorId() 143 { 144 if ( authnManager == null ) 145 { 146 return "<null>"; 147 } 148 return authnManager.getId(); 149 } 150 151 // ---------------------------------------------------------------------------- 152 // Authorization: delegate to the authorizer 153 // ---------------------------------------------------------------------------- 154 155 public AuthorizationResult authorize( SecuritySession session, String permission ) 156 throws AuthorizationException 157 { 158 return authorize( session, permission, null ); 159 } 160 161 public AuthorizationResult authorize( SecuritySession session, String permission, String resource ) 162 throws AuthorizationException 163 { 164 AuthorizationDataSource source = null; 165 166 if ( session != null ) 167 { 168 User user = session.getUser(); 169 if ( user != null ) 170 { 171 source = new AuthorizationDataSource( user.getUsername(), user, permission, resource ); 172 } 173 } 174 175 if ( source == null ) 176 { 177 source = new AuthorizationDataSource( null, null, permission, resource ); 178 } 179 180 return authorizer.isAuthorized( source ); 181 } 182 183 public AuthorizationResult authorize( User user, String permission, String resource ) 184 throws AuthorizationException 185 { 186 AuthorizationDataSource source = null; 187 188 if ( user != null ) 189 { 190 source = new AuthorizationDataSource( user.getUsername(), user, permission, resource ); 191 } 192 193 if ( source == null ) 194 { 195 source = new AuthorizationDataSource( null, null, permission, resource ); 196 } 197 198 return authorizer.isAuthorized( source ); 199 } 200 201 public boolean isAuthorized( SecuritySession session, String permission ) 202 throws AuthorizationException 203 { 204 return isAuthorized( session, permission, null ); 205 } 206 207 public boolean isAuthorized( SecuritySession session, String permission, String resource ) 208 throws AuthorizationException 209 { 210 return authorize( session, permission, resource ).isAuthorized(); 211 } 212 213 public String getAuthorizerId() 214 { 215 if ( authorizer == null ) 216 { 217 return "<null>"; 218 } 219 return authorizer.getId(); 220 } 221 222 // ---------------------------------------------------------------------------- 223 // User Management: delegate to the user manager 224 // ---------------------------------------------------------------------------- 225 226 public UserManager getUserManager() 227 { 228 return userManager; 229 } 230 231 public String getUserManagementId() 232 { 233 if ( userManager == null ) 234 { 235 return "<null>"; 236 } 237 return userManager.getId(); 238 } 239 240 public KeyManager getKeyManager() 241 { 242 return keyManager; 243 } 244 245 public String getKeyManagementId() 246 { 247 if ( keyManager == null ) 248 { 249 return "<null>"; 250 } 251 return keyManager.getId(); 252 } 253 254 public UserSecurityPolicy getPolicy() 255 { 256 return policy; 257 } 258 259 public String getPolicyId() 260 { 261 if ( policy == null ) 262 { 263 return "<null>"; 264 } 265 return policy.getId(); 266 } 267 268 public AuthenticationManager getAuthenticationManager() 269 { 270 return authnManager; 271 } 272 273 public Authorizer getAuthorizer() 274 { 275 return authorizer; 276 } 277 278 public AuthenticationManager getAuthnManager() 279 { 280 return authnManager; 281 } 282 283 public void setAuthnManager( AuthenticationManager authnManager ) 284 { 285 this.authnManager = authnManager; 286 } 287 288 public void setAuthorizer( Authorizer authorizer ) 289 { 290 this.authorizer = authorizer; 291 } 292 293 public void setUserManager( UserManager userManager ) 294 { 295 this.userManager = userManager; 296 } 297 298 public void setKeyManager( KeyManager keyManager ) 299 { 300 this.keyManager = keyManager; 301 } 302 303 public void setPolicy( UserSecurityPolicy policy ) 304 { 305 this.policy = policy; 306 } 307 308 public boolean userManagerReadOnly() 309 { 310 return userManager.isReadOnly(); 311 } 312 313 @Override 314 public TokenManager getTokenManager() { 315 return tokenManager; 316 } 317 318 public void setTokenManager(TokenManager tokenManager) { 319 this.tokenManager = tokenManager; 320 } 321 322}