This project has retired. For details please refer to its Attic page.
LockedAdminEnvironmentCheck xref
View Javadoc

1   package org.apache.archiva.redback.integration.checks.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
23  import org.apache.archiva.redback.rbac.RBACManager;
24  import org.apache.archiva.redback.rbac.RbacManagerException;
25  import org.apache.archiva.redback.rbac.UserAssignment;
26  import org.apache.archiva.redback.system.check.EnvironmentCheck;
27  import org.apache.archiva.redback.users.User;
28  import org.apache.archiva.redback.users.UserManager;
29  import org.apache.archiva.redback.users.UserManagerException;
30  import org.apache.archiva.redback.users.UserNotFoundException;
31  import org.slf4j.Logger;
32  import org.slf4j.LoggerFactory;
33  import org.springframework.stereotype.Service;
34  
35  import javax.inject.Inject;
36  import javax.inject.Named;
37  import java.util.ArrayList;
38  import java.util.List;
39  
40  /**
41   * LockedAdminEnvironmentCheck: checks if accounts marked as system administrator are locked
42   * and unlocks them on startup.
43   *
44   * @author: Jesse McConnell <jesse@codehaus.org>
45   */
46  @Service( "environmentCheck#locked-admin-check" )
47  public class LockedAdminEnvironmentCheck
48      implements EnvironmentCheck
49  {
50  
51      protected Logger log = LoggerFactory.getLogger( getClass() );
52  
53      @Inject
54      @Named( value = "userManager#default" )
55      private UserManager userManager;
56  
57      @Inject
58      @Named( value = "rbacManager#default" )
59      private RBACManager rbacManager;
60  
61      /**
62       * boolean detailing if this environment check has been executed
63       */
64      private boolean checked = false;
65  
66      /**
67       * This environment check will unlock system administrator accounts that are locked on the restart of the
68       * application when the environment checks are processed.
69       *
70       * @param violations
71       */
72      public void validateEnvironment( List<String> violations )
73      {
74          if ( !checked && !userManager.isReadOnly() )
75          {
76              List<String> roles = new ArrayList<String>();
77              roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
78  
79              List<UserAssignment> systemAdminstrators;
80              try
81              {
82                  systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
83  
84                  for ( UserAssignment userAssignment : systemAdminstrators )
85                  {
86                      try
87                      {
88                          User admin = userManager.findUser( userAssignment.getPrincipal() );
89  
90                          if ( admin.isLocked() )
91                          {
92                              log.info( "Unlocking system administrator: {}", admin.getUsername() );
93                              admin.setLocked( false );
94                              userManager.updateUser( admin );
95                          }
96                      }
97                      catch ( UserNotFoundException ne )
98                      {
99                          log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
100                     }
101                     catch ( UserManagerException e )
102                     {
103                         log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
104                                   e.getMessage() );
105                     }
106                 }
107             }
108             catch ( RbacManagerException e )
109             {
110                 log.warn( "Exception when checking for locked admin user: " + e.getMessage(), e );
111             }
112 
113             checked = true;
114         }
115     }
116 }