1package org.apache.archiva.redback.integration.checks.security;
23/*4 * Licensed to the Apache Software Foundation (ASF) under one5 * or more contributor license agreements. See the NOTICE file6 * distributed with this work for additional information7 * regarding copyright ownership. The ASF licenses this file8 * to you under the Apache License, Version 2.0 (the9 * "License"); you may not use this file except in compliance10 * with the License. You may obtain a copy of the License at11 *12 * http://www.apache.org/licenses/LICENSE-2.013 *14 * Unless required by applicable law or agreed to in writing,15 * software distributed under the License is distributed on an16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY17 * KIND, either express or implied. See the License for the18 * specific language governing permissions and limitations19 * under the License.20 */2122import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
23import org.apache.archiva.redback.rbac.RBACManager;
24import org.apache.archiva.redback.rbac.RbacManagerException;
25import org.apache.archiva.redback.rbac.UserAssignment;
26import org.apache.archiva.redback.system.check.EnvironmentCheck;
27import org.apache.archiva.redback.users.User;
28import org.apache.archiva.redback.users.UserManager;
29import org.apache.archiva.redback.users.UserManagerException;
30import org.apache.archiva.redback.users.UserNotFoundException;
31import org.slf4j.Logger;
32import org.slf4j.LoggerFactory;
33import org.springframework.stereotype.Service;
3435import javax.inject.Inject;
36import javax.inject.Named;
37import java.util.ArrayList;
38import java.util.List;
3940/**41 * LockedAdminEnvironmentCheck: checks if accounts marked as system administrator are locked42 * and unlocks them on startup.43 *44 * @author: Jesse McConnell <jesse@codehaus.org>45 */46 @Service( "environmentCheck#locked-admin-check" )
47publicclassLockedAdminEnvironmentCheck48implementsEnvironmentCheck49 {
5051protected Logger log = LoggerFactory.getLogger( getClass() );
5253 @Inject
54 @Named( value = "userManager#default" )
55privateUserManager userManager;
5657 @Inject
58 @Named( value = "rbacManager#default" )
59privateRBACManager rbacManager;
6061/**62 * boolean detailing if this environment check has been executed63 */64privateboolean checked = false;
6566/**67 * This environment check will unlock system administrator accounts that are locked on the restart of the68 * application when the environment checks are processed.69 *70 * @param violations71 */72publicvoid validateEnvironment( List<String> violations )
73 {
74if ( !checked && !userManager.isReadOnly() )
75 {
76 List<String> roles = new ArrayList<String>();
77 roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
7879 List<UserAssignment> systemAdminstrators;
80try81 {
82 systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
8384for ( UserAssignment userAssignment : systemAdminstrators )
85 {
86try87 {
88User admin = userManager.findUser( userAssignment.getPrincipal() );
8990if ( admin.isLocked() )
91 {
92 log.info( "Unlocking system administrator: {}", admin.getUsername() );
93 admin.setLocked( false );
94 userManager.updateUser( admin );
95 }
96 }
97catch ( UserNotFoundException ne )
98 {
99 log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
100 }
101catch ( UserManagerException e )
102 {
103 log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
104 e.getMessage() );
105 }
106 }
107 }
108catch ( RbacManagerException e )
109 {
110 log.warn( "Exception when checking for locked admin user: " + e.getMessage(), e );
111 }
112113 checked = true;
114 }
115 }
116 }