This project has retired. For details please refer to its Attic page.
DefaultUserService xref
View Javadoc

1   package org.apache.archiva.redback.rest.services;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import net.sf.ehcache.CacheManager;
23  import org.apache.archiva.redback.authentication.AuthenticationException;
24  import org.apache.archiva.redback.authentication.TokenBasedAuthenticationDataSource;
25  import org.apache.archiva.redback.components.cache.Cache;
26  import org.apache.archiva.redback.configuration.UserConfiguration;
27  import org.apache.archiva.redback.configuration.UserConfigurationKeys;
28  import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
29  import org.apache.archiva.redback.integration.mail.Mailer;
30  import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
31  import org.apache.archiva.redback.keys.AuthenticationKey;
32  import org.apache.archiva.redback.keys.KeyManager;
33  import org.apache.archiva.redback.keys.KeyManagerException;
34  import org.apache.archiva.redback.keys.KeyNotFoundException;
35  import org.apache.archiva.redback.policy.AccountLockedException;
36  import org.apache.archiva.redback.policy.MustChangePasswordException;
37  import org.apache.archiva.redback.policy.PasswordEncoder;
38  import org.apache.archiva.redback.policy.UserSecurityPolicy;
39  import org.apache.archiva.redback.rbac.RBACManager;
40  import org.apache.archiva.redback.rbac.RbacManagerException;
41  import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
42  import org.apache.archiva.redback.rbac.UserAssignment;
43  import org.apache.archiva.redback.rest.api.model.ErrorMessage;
44  import org.apache.archiva.redback.rest.api.model.Operation;
45  import org.apache.archiva.redback.rest.api.model.Permission;
46  import org.apache.archiva.redback.rest.api.model.RegistrationKey;
47  import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
48  import org.apache.archiva.redback.rest.api.model.Resource;
49  import org.apache.archiva.redback.rest.api.model.User;
50  import org.apache.archiva.redback.rest.api.model.UserRegistrationRequest;
51  import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
52  import org.apache.archiva.redback.rest.api.services.UserService;
53  import org.apache.archiva.redback.rest.services.utils.PasswordValidator;
54  import org.apache.archiva.redback.role.RoleManager;
55  import org.apache.archiva.redback.role.RoleManagerException;
56  import org.apache.archiva.redback.system.SecuritySystem;
57  import org.apache.archiva.redback.users.UserManager;
58  import org.apache.archiva.redback.users.UserManagerException;
59  import org.apache.archiva.redback.users.UserNotFoundException;
60  import org.apache.commons.lang.StringUtils;
61  import org.slf4j.Logger;
62  import org.slf4j.LoggerFactory;
63  import org.springframework.stereotype.Service;
64  
65  import javax.inject.Inject;
66  import javax.inject.Named;
67  import javax.mail.internet.AddressException;
68  import javax.mail.internet.InternetAddress;
69  import javax.servlet.http.HttpServletRequest;
70  import javax.ws.rs.core.Context;
71  import javax.ws.rs.core.Response;
72  import java.util.ArrayList;
73  import java.util.Arrays;
74  import java.util.Collection;
75  import java.util.List;
76  import java.util.Set;
77  
78  @Service("userService#rest")
79  public class DefaultUserService
80      implements UserService
81  {
82  
83      private Logger log = LoggerFactory.getLogger( getClass() );
84  
85      private static final String VALID_USERNAME_CHARS = "[a-zA-Z_0-9\\-.@]*";
86  
87      private UserManager userManager;
88  
89      private SecuritySystem securitySystem;
90  
91      @Inject
92      @Named(value = "userConfiguration#default")
93      private UserConfiguration config;
94  
95      @Inject
96      private RoleManager roleManager;
97  
98      /**
99       * cache used for user assignments
100      */
101     @Inject
102     @Named(value = "cache#userAssignments")
103     private Cache userAssignmentsCache;
104 
105     /**
106      * cache used for user permissions
107      */
108     @Inject
109     @Named(value = "cache#userPermissions")
110     private Cache userPermissionsCache;
111 
112     /**
113      * Cache used for users
114      */
115     @Inject
116     @Named(value = "cache#users")
117     private Cache usersCache;
118 
119     @Inject
120     private Mailer mailer;
121 
122     @Inject
123     @Named(value = "rbacManager#default")
124     private RBACManager rbacManager;
125 
126     private HttpAuthenticator httpAuthenticator;
127 
128     @Inject
129     private PasswordValidator passwordValidator;
130 
131     @Context
132     private HttpServletRequest httpServletRequest;
133 
134     @Inject
135     public DefaultUserService( @Named(value = "userManager#default") UserManager userManager,
136                                SecuritySystem securitySystem,
137                                @Named("httpAuthenticator#basic") HttpAuthenticator httpAuthenticator )
138     {
139         this.userManager = userManager;
140         this.securitySystem = securitySystem;
141         this.httpAuthenticator = httpAuthenticator;
142     }
143 
144 
145     public Boolean createUser( User user )
146         throws RedbackServiceException
147     {
148 
149         try
150         {
151             org.apache.archiva.redback.users.User u = userManager.findUser( user.getUsername() );
152             if ( u != null )
153             {
154                 throw new RedbackServiceException(
155                     new ErrorMessage( "user " + user.getUsername() + " already exists" ) );
156             }
157         }
158         catch ( UserNotFoundException e )
159         {
160             //ignore we just want to prevent non human readable error message from backend :-)
161             log.debug( "user {} not exists", user.getUsername() );
162         }
163         catch ( UserManagerException e )
164         {
165             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
166         }
167 
168         // data validation
169         if ( StringUtils.isEmpty( user.getUsername() ) )
170         {
171             throw new RedbackServiceException( new ErrorMessage( "username cannot be empty" ) );
172         }
173 
174         if ( StringUtils.isEmpty( user.getFullName() ) )
175         {
176             throw new RedbackServiceException( new ErrorMessage( "fullName cannot be empty" ) );
177         }
178 
179         if ( StringUtils.isEmpty( user.getEmail() ) )
180         {
181             throw new RedbackServiceException( new ErrorMessage( "email cannot be empty" ) );
182         }
183 
184         try
185         {
186 
187             org.apache.archiva.redback.users.User u =
188                 userManager.createUser( user.getUsername(), user.getFullName(), user.getEmail() );
189             u.setPassword( user.getPassword() );
190             u.setLocked( user.isLocked() );
191             u.setPasswordChangeRequired( user.isPasswordChangeRequired() );
192             u.setPermanent( user.isPermanent() );
193             u.setValidated( user.isValidated() );
194             u = userManager.addUser( u );
195             if ( !user.isPasswordChangeRequired() )
196             {
197                 u.setPasswordChangeRequired( false );
198                 try
199                 {
200                     u = userManager.updateUser( u );
201                     log.debug( "user {} created", u.getUsername() );
202                 }
203                 catch ( UserNotFoundException e )
204                 {
205                     throw new RedbackServiceException( e.getMessage() );
206                 }
207             }
208 
209             roleManager.assignRole( RedbackRoleConstants.REGISTERED_USER_ROLE_ID, u.getUsername() );
210         }
211         catch ( RoleManagerException rpe )
212         {
213             log.error( "RoleProfile Error: " + rpe.getMessage(), rpe );
214             throw new RedbackServiceException( new ErrorMessage( "assign.role.failure", null ) );
215         }
216         catch ( UserManagerException e )
217         {
218             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
219         }
220         return Boolean.TRUE;
221     }
222 
223     public Boolean deleteUser( String username )
224         throws RedbackServiceException
225     {
226 
227         try
228         {
229 
230             if ( rbacManager.userAssignmentExists( username ) )
231             {
232                 UserAssignment assignment = rbacManager.getUserAssignment( username );
233                 rbacManager.removeUserAssignment( assignment );
234             }
235 
236         }
237         catch ( RbacManagerException e )
238         {
239             log.error( e.getMessage(), e );
240             throw new RedbackServiceException( e.getMessage() );
241         }
242         try
243         {
244             userManager.deleteUser( username );
245             return Boolean.TRUE;
246         }
247         catch ( UserNotFoundException e )
248         {
249             log.error( e.getMessage(), e );
250             throw new RedbackServiceException( e.getMessage() );
251         }
252         catch ( UserManagerException e )
253         {
254             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
255         }
256         finally
257         {
258             removeFromCache( username );
259         }
260     }
261 
262 
263     public User getUser( String username )
264         throws RedbackServiceException
265     {
266         try
267         {
268             org.apache.archiva.redback.users.User user = userManager.findUser( username );
269             return getSimpleUser( user );
270         }
271         catch ( UserNotFoundException e )
272         {
273             return null;
274         }
275         catch ( UserManagerException e )
276         {
277             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
278         }
279     }
280 
281     public List<User> getUsers()
282         throws RedbackServiceException
283     {
284         try
285         {
286             List<org.apache.archiva.redback.users.User> users = userManager.getUsers();
287             List<User> simpleUsers = new ArrayList<User>( users.size() );
288 
289             for ( org.apache.archiva.redback.users.User user : users )
290             {
291                 simpleUsers.add( getSimpleUser( user ) );
292             }
293 
294             return simpleUsers;
295         }
296         catch ( UserManagerException e )
297         {
298             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
299         }
300     }
301 
302     public Boolean updateMe( User user )
303         throws RedbackServiceException
304     {
305         // check username == one in the session
306         RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
307         if ( redbackRequestInformation == null || redbackRequestInformation.getUser() == null )
308         {
309             throw new RedbackServiceException( new ErrorMessage( "you must be logged to update your profile" ),
310                                                Response.Status.FORBIDDEN.getStatusCode() );
311         }
312         if ( user == null )
313         {
314             throw new RedbackServiceException( new ErrorMessage( "user parameter is mandatory" ),
315                                                Response.Status.BAD_REQUEST.getStatusCode() );
316         }
317         if ( !StringUtils.equals( redbackRequestInformation.getUser().getUsername(), user.getUsername() ) )
318         {
319             throw new RedbackServiceException( new ErrorMessage( "you can update only your profile" ),
320                                                Response.Status.FORBIDDEN.getStatusCode() );
321         }
322 
323         if ( StringUtils.isEmpty( user.getPreviousPassword() ) )
324         {
325             throw new RedbackServiceException( new ErrorMessage( "previous password is empty" ),
326                                                Response.Status.BAD_REQUEST.getStatusCode() );
327         }
328 
329         User realUser = getUser( user.getUsername() );
330         try
331         {
332             String previousEncodedPassword =
333                 securitySystem.getUserManager().findUser( user.getUsername() ).getEncodedPassword();
334 
335             // check oldPassword with the current one
336 
337             PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();
338 
339             if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword() ) )
340             {
341 
342                 throw new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
343                                                    Response.Status.BAD_REQUEST.getStatusCode() );
344             }
345         }
346         catch ( UserNotFoundException e )
347         {
348             throw new RedbackServiceException( new ErrorMessage( "user not found" ),
349                                                Response.Status.BAD_REQUEST.getStatusCode() );
350         }
351         catch ( UserManagerException e )
352         {
353             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
354         }
355         // only 3 fields to update
356         realUser.setFullName( user.getFullName() );
357         realUser.setEmail( user.getEmail() );
358         // ui can limit to not update password
359         if ( StringUtils.isNotBlank( user.getPassword() ) )
360         {
361             passwordValidator.validatePassword( user.getPassword(), user.getUsername() );
362 
363             realUser.setPassword( user.getPassword() );
364         }
365 
366         updateUser( realUser );
367 
368         return Boolean.TRUE;
369     }
370 
371     public Boolean updateUser( User user )
372         throws RedbackServiceException
373     {
374         try
375         {
376             org.apache.archiva.redback.users.User rawUser = userManager.findUser( user.getUsername() );
377             rawUser.setFullName( user.getFullName() );
378             rawUser.setEmail( user.getEmail() );
379             rawUser.setValidated( user.isValidated() );
380             rawUser.setLocked( user.isLocked() );
381             rawUser.setPassword( user.getPassword() );
382             rawUser.setPasswordChangeRequired( user.isPasswordChangeRequired() );
383             rawUser.setPermanent( user.isPermanent() );
384 
385             userManager.updateUser( rawUser );
386             return Boolean.TRUE;
387         }
388         catch ( UserNotFoundException e )
389         {
390             throw new RedbackServiceException( e.getMessage() );
391         }
392         catch ( UserManagerException e )
393         {
394             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
395         }
396     }
397 
398     public int removeFromCache( String userName )
399         throws RedbackServiceException
400     {
401         if ( userAssignmentsCache != null )
402         {
403             userAssignmentsCache.remove( userName );
404         }
405         if ( userPermissionsCache != null )
406         {
407             userPermissionsCache.remove( userName );
408         }
409         if ( usersCache != null )
410         {
411             usersCache.remove( userName );
412         }
413 
414         CacheManager cacheManager = CacheManager.getInstance();
415         String[] caches = cacheManager.getCacheNames();
416         for ( String cacheName : caches )
417         {
418             if ( StringUtils.startsWith( cacheName, "org.apache.archiva.redback.rbac.jdo" ) )
419             {
420                 cacheManager.getCache( cacheName ).removeAll();
421             }
422         }
423 
424         return 0;
425     }
426 
427     public User getGuestUser()
428         throws RedbackServiceException
429     {
430         try
431         {
432             org.apache.archiva.redback.users.User user = userManager.getGuestUser();
433             return getSimpleUser( user );
434         }
435         catch ( Exception e )
436         {
437             return null;
438         }
439     }
440 
441     public User createGuestUser()
442         throws RedbackServiceException
443     {
444         User u = getGuestUser();
445         if ( u != null )
446         {
447             return u;
448         }
449         // temporary disable policy during guest creation as no password !
450         try
451         {
452             securitySystem.getPolicy().setEnabled( false );
453             org.apache.archiva.redback.users.User user = userManager.createGuestUser();
454             user.setPasswordChangeRequired( false );
455             user = userManager.updateUser( user, false );
456             roleManager.assignRole( config.getString( UserConfigurationKeys.DEFAULT_GUEST ), user.getUsername() );
457             return getSimpleUser( user );
458         }
459         catch ( RoleManagerException e )
460         {
461             log.error( e.getMessage(), e );
462             throw new RedbackServiceException( e.getMessage() );
463         }
464         catch ( UserNotFoundException e )
465         {
466             // olamy I wonder how this can happen :-)
467             log.error( e.getMessage(), e );
468             throw new RedbackServiceException( e.getMessage() );
469         }
470         catch ( UserManagerException e )
471         {
472             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
473         }
474         finally
475         {
476 
477             if ( !securitySystem.getPolicy().isEnabled() )
478             {
479                 securitySystem.getPolicy().setEnabled( true );
480             }
481         }
482     }
483 
484     public Boolean ping()
485         throws RedbackServiceException
486     {
487         return Boolean.TRUE;
488     }
489 
490     private User getSimpleUser( org.apache.archiva.redback.users.User user )
491     {
492         if ( user == null )
493         {
494             return null;
495         }
496         return new User( user );
497     }
498 
499     public Boolean createAdminUser( User adminUser )
500         throws RedbackServiceException
501     {
502         if ( isAdminUserExists() )
503         {
504             return Boolean.FALSE;
505         }
506 
507         try
508         {
509             org.apache.archiva.redback.users.User user =
510                 userManager.createUser( RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME, adminUser.getFullName(),
511                                         adminUser.getEmail() );
512             user.setPassword( adminUser.getPassword() );
513 
514             user.setLocked( false );
515             user.setPasswordChangeRequired( false );
516             user.setPermanent( true );
517             user.setValidated( true );
518 
519             userManager.addUser( user );
520             roleManager.assignRole( "system-administrator", user.getUsername() );
521         }
522         catch ( RoleManagerException e )
523         {
524             throw new RedbackServiceException( e.getMessage() );
525         }
526         catch ( UserManagerException e )
527         {
528             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
529         }
530         return Boolean.TRUE;
531     }
532 
533     public Boolean isAdminUserExists()
534         throws RedbackServiceException
535     {
536         try
537         {
538             userManager.findUser( config.getString( UserConfigurationKeys.DEFAULT_ADMIN ) );
539             return Boolean.TRUE;
540         }
541         catch ( UserNotFoundException e )
542         {
543             // ignore
544         }
545         catch ( UserManagerException e )
546         {
547             Throwable cause = e.getCause();
548 
549             if ( cause != null && cause instanceof UserNotFoundException )
550             {
551                 return Boolean.FALSE;
552             }
553             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
554         }
555         return Boolean.FALSE;
556     }
557 
558     public Boolean resetPassword( ResetPasswordRequest resetPasswordRequest )
559         throws RedbackServiceException
560     {
561         String username = resetPasswordRequest.getUsername();
562         if ( StringUtils.isEmpty( username ) )
563         {
564             throw new RedbackServiceException( new ErrorMessage( "username.cannot.be.empty" ) );
565         }
566 
567         UserManager userManager = securitySystem.getUserManager();
568         KeyManager keyManager = securitySystem.getKeyManager();
569         UserSecurityPolicy policy = securitySystem.getPolicy();
570 
571         try
572         {
573             org.apache.archiva.redback.users.User user = userManager.findUser( username );
574 
575             AuthenticationKey authkey = keyManager.createKey( username, "Password Reset Request",
576                                                               policy.getUserValidationSettings().getEmailValidationTimeout() );
577 
578             String applicationUrl = resetPasswordRequest.getApplicationUrl();
579             if ( StringUtils.isBlank( applicationUrl ) )
580             {
581                 applicationUrl = getBaseUrl();
582             }
583 
584             mailer.sendPasswordResetEmail( Arrays.asList( user.getEmail() ), authkey, applicationUrl );
585             log.info( "password reset request for username {}", username );
586         }
587         catch ( UserNotFoundException e )
588         {
589             log.info( "Password Reset on non-existant user [{}].", username );
590             throw new RedbackServiceException( new ErrorMessage( "password.reset.failure" ) );
591         }
592         catch ( KeyManagerException e )
593         {
594             log.info( "Unable to issue password reset.", e );
595             throw new RedbackServiceException( new ErrorMessage( "password.reset.email.generation.failure" ) );
596         }
597         catch ( UserManagerException e )
598         {
599             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
600         }
601 
602         return Boolean.TRUE;
603     }
604 
605     public RegistrationKey registerUser( UserRegistrationRequest userRegistrationRequest )
606         throws RedbackServiceException
607     {
608         User user = userRegistrationRequest.getUser();
609         if ( user == null )
610         {
611             throw new RedbackServiceException( new ErrorMessage( "invalid.user.credentials", null ) );
612 
613         }
614 
615         UserSecurityPolicy securityPolicy = securitySystem.getPolicy();
616 
617         boolean emailValidationRequired = securityPolicy.getUserValidationSettings().isEmailValidationRequired();
618 
619         if ( emailValidationRequired )
620         {
621             validateCredentialsLoose( user );
622         }
623         else
624         {
625             validateCredentialsStrict( user );
626         }
627 
628         org.apache.archiva.redback.users.User u = null;
629 
630         try
631         {
632 
633             // NOTE: Do not perform Password Rules Validation Here.
634 
635             if ( userManager.userExists( user.getUsername() ) )
636             {
637                 throw new RedbackServiceException(
638                     new ErrorMessage( "user.already.exists", new String[]{ user.getUsername() } ) );
639             }
640 
641             u = userManager.createUser( user.getUsername(), user.getFullName(), user.getEmail() );
642             u.setPassword( user.getPassword() );
643             u.setValidated( false );
644             u.setLocked( false );
645 
646             roleManager.assignRole( RedbackRoleConstants.REGISTERED_USER_ROLE_ID, u.getUsername() );
647         }
648         catch ( RoleManagerException rpe )
649         {
650             log.error( "RoleProfile Error: " + rpe.getMessage(), rpe );
651             throw new RedbackServiceException( new ErrorMessage( "assign.role.failure", null ) );
652         }
653         catch ( UserManagerException e )
654         {
655             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
656         }
657 
658         if ( emailValidationRequired )
659         {
660             u.setLocked( true );
661 
662             try
663             {
664                 AuthenticationKey authkey =
665                     securitySystem.getKeyManager().createKey( u.getUsername(), "New User Email Validation",
666                                                               securityPolicy.getUserValidationSettings().getEmailValidationTimeout() );
667 
668                 String baseUrl = userRegistrationRequest.getApplicationUrl();
669                 if ( StringUtils.isBlank( baseUrl ) )
670                 {
671                     baseUrl = getBaseUrl();
672                 }
673 
674                 log.debug( "register user {} with email {} and app url {}", u.getUsername(), u.getEmail(), baseUrl );
675 
676                 mailer.sendAccountValidationEmail( Arrays.asList( u.getEmail() ), authkey, baseUrl );
677 
678                 securityPolicy.setEnabled( false );
679                 userManager.addUser( u );
680                 return new RegistrationKey( authkey.getKey() );
681 
682             }
683             catch ( KeyManagerException e )
684             {
685                 log.error( "Unable to register a new user.", e );
686                 throw new RedbackServiceException( new ErrorMessage( "cannot.register.user", null ) );
687             }
688             catch ( UserManagerException e )
689             {
690                 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
691             }
692             finally
693             {
694                 securityPolicy.setEnabled( true );
695             }
696         }
697         else
698         {
699             try
700             {
701                 userManager.addUser( u );
702                 return new RegistrationKey( "-1" );
703             }
704             catch ( UserManagerException e )
705             {
706                 throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
707             }
708         }
709 
710         // FIXME log this event
711         /*
712         AuditEvent event = new AuditEvent( getText( "log.account.create" ) );
713         event.setAffectedUser( username );
714         event.log();
715         */
716 
717     }
718 
719     public Boolean validateUserFromKey( String key )
720         throws RedbackServiceException
721     {
722         String principal = null;
723         try
724         {
725             AuthenticationKey authkey = securitySystem.getKeyManager().findKey( key );
726 
727             org.apache.archiva.redback.users.User user =
728                 securitySystem.getUserManager().findUser( authkey.getForPrincipal() );
729 
730             user.setValidated( true );
731             user.setLocked( false );
732             user.setPasswordChangeRequired( true );
733             user.setEncodedPassword( "" );
734 
735             principal = user.getUsername();
736 
737             TokenBasedAuthenticationDataSource authsource = new TokenBasedAuthenticationDataSource();
738             authsource.setPrincipal( principal );
739             authsource.setToken( authkey.getKey() );
740             authsource.setEnforcePasswordChange( false );
741 
742             securitySystem.getUserManager().updateUser( user );
743 
744             httpAuthenticator.authenticate( authsource, httpServletRequest.getSession( true ) );
745 
746             log.info( "account validated for user {}", user.getUsername() );
747 
748             return Boolean.TRUE;
749         }
750         catch ( MustChangePasswordException e )
751         {
752             throw new RedbackServiceException( e.getMessage(), Response.Status.FORBIDDEN.getStatusCode() );
753         }
754         catch ( KeyNotFoundException e )
755         {
756             log.info( "Invalid key requested: {}", key );
757             throw new RedbackServiceException( new ErrorMessage( "cannot.find.key" ) );
758         }
759         catch ( KeyManagerException e )
760         {
761             throw new RedbackServiceException( new ErrorMessage( "cannot.find.key.at.the.momment" ) );
762 
763         }
764         catch ( UserNotFoundException e )
765         {
766             throw new RedbackServiceException( new ErrorMessage( "cannot.find.user", new String[]{ principal } ) );
767 
768         }
769         catch ( AccountLockedException e )
770         {
771             throw new RedbackServiceException( e.getMessage(), Response.Status.FORBIDDEN.getStatusCode() );
772         }
773         catch ( AuthenticationException e )
774         {
775             throw new RedbackServiceException( e.getMessage(), Response.Status.FORBIDDEN.getStatusCode() );
776         }
777         catch ( UserManagerException e )
778         {
779             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
780         }
781     }
782 
783     public Collection<Permission> getCurrentUserPermissions()
784         throws RedbackServiceException
785     {
786         RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
787         String userName = UserManager.GUEST_USERNAME;
788         if ( redbackRequestInformation != null && redbackRequestInformation.getUser() != null )
789         {
790             userName = redbackRequestInformation.getUser().getUsername();
791         }
792 
793         return getUserPermissions( userName );
794     }
795 
796     public Collection<Operation> getCurrentUserOperations()
797         throws RedbackServiceException
798     {
799         RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
800         String userName = UserManager.GUEST_USERNAME;
801         if ( redbackRequestInformation != null && redbackRequestInformation.getUser() != null )
802         {
803             userName = redbackRequestInformation.getUser().getUsername();
804         }
805 
806         return getUserOperations( userName );
807     }
808 
809     public Collection<Operation> getUserOperations( String userName )
810         throws RedbackServiceException
811     {
812         Collection<Permission> permissions = getUserPermissions( userName );
813         List<Operation> operations = new ArrayList<Operation>( permissions.size() );
814         for ( Permission permission : permissions )
815         {
816             if ( permission.getOperation() != null )
817             {
818                 Operation operation = new Operation();
819                 operation.setName( permission.getOperation().getName() );
820                 operations.add( operation );
821             }
822         }
823         return operations;
824     }
825 
826     public Collection<Permission> getUserPermissions( String userName )
827         throws RedbackServiceException
828     {
829         try
830         {
831             Set<org.apache.archiva.redback.rbac.Permission> permissions =
832                 rbacManager.getAssignedPermissions( userName );
833             // FIXME return guest permissions !!
834             List<Permission> userPermissions = new ArrayList<Permission>( permissions.size() );
835             for ( org.apache.archiva.redback.rbac.Permission p : permissions )
836             {
837                 Permission permission = new Permission();
838                 permission.setName( p.getName() );
839 
840                 if ( p.getOperation() != null )
841                 {
842                     Operation operation = new Operation();
843                     operation.setName( p.getOperation().getName() );
844                     permission.setOperation( operation );
845                 }
846 
847                 if ( p.getResource() != null )
848                 {
849                     Resource resource = new Resource();
850                     resource.setIdentifier( p.getResource().getIdentifier() );
851                     resource.setPattern( p.getResource().isPattern() );
852                     permission.setResource( resource );
853                 }
854 
855                 userPermissions.add( permission );
856             }
857             return userPermissions;
858         }
859         catch ( RbacObjectNotFoundException e )
860         {
861             log.error( e.getMessage(), e );
862             throw new RedbackServiceException( e.getMessage() );
863         }
864         catch ( RbacManagerException e )
865         {
866             log.error( e.getMessage(), e );
867             throw new RedbackServiceException( e.getMessage() );
868         }
869     }
870 
871     public void validateCredentialsLoose( User user )
872         throws RedbackServiceException
873     {
874         RedbackServiceException redbackServiceException =
875             new RedbackServiceException( "issues during validating user" );
876         if ( StringUtils.isEmpty( user.getUsername() ) )
877         {
878             redbackServiceException.addErrorMessage( new ErrorMessage( "username.required", null ) );
879         }
880         else
881         {
882             if ( !user.getUsername().matches( VALID_USERNAME_CHARS ) )
883             {
884                 redbackServiceException.addErrorMessage( new ErrorMessage( "username.invalid.characters", null ) );
885             }
886         }
887 
888         if ( StringUtils.isEmpty( user.getFullName() ) )
889         {
890             redbackServiceException.addErrorMessage( new ErrorMessage( "fullName.required", null ) );
891         }
892 
893         if ( StringUtils.isEmpty( user.getEmail() ) )
894         {
895             redbackServiceException.addErrorMessage( new ErrorMessage( "email.required", null ) );
896         }
897 
898         if ( !StringUtils.equals( user.getPassword(), user.getConfirmPassword() ) )
899         {
900             redbackServiceException.addErrorMessage( new ErrorMessage( "passwords.does.not.match", null ) );
901         }
902 
903         try
904         {
905             if ( !org.codehaus.plexus.util.StringUtils.isEmpty( user.getEmail() ) )
906             {
907                 new InternetAddress( user.getEmail(), true );
908             }
909         }
910         catch ( AddressException e )
911         {
912             redbackServiceException.addErrorMessage( new ErrorMessage( "email.invalid", null ) );
913         }
914         if ( !redbackServiceException.getErrorMessages().isEmpty() )
915         {
916             throw redbackServiceException;
917         }
918     }
919 
920     public void validateCredentialsStrict( User user )
921         throws RedbackServiceException
922     {
923         validateCredentialsLoose( user );
924         try
925         {
926             org.apache.archiva.redback.users.User tmpuser =
927                 userManager.createUser( user.getUsername(), user.getFullName(), user.getEmail() );
928 
929             user.setPassword( user.getPassword() );
930 
931             securitySystem.getPolicy().validatePassword( tmpuser );
932 
933             if ( ( org.codehaus.plexus.util.StringUtils.isEmpty( user.getPassword() ) ) )
934             {
935                 throw new RedbackServiceException( new ErrorMessage( "password.required", null ) );
936             }
937         }
938         catch ( UserManagerException e )
939         {
940             throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
941         }
942     }
943 
944     private String getBaseUrl()
945     {
946         if ( httpServletRequest != null )
947         {
948             if ( httpServletRequest != null )
949             {
950                 return httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + (
951                     httpServletRequest.getServerPort() == 80
952                         ? ""
953                         : ":" + httpServletRequest.getServerPort() ) + httpServletRequest.getContextPath();
954             }
955         }
956         return null;
957     }
958 
959     public Boolean unlockUser( String username )
960         throws RedbackServiceException
961     {
962         User user = getUser( username );
963         if ( user != null )
964         {
965             user.setLocked( false );
966             updateUser( user );
967             return Boolean.TRUE;
968         }
969         return Boolean.FALSE;
970     }
971 
972     public Boolean lockUser( String username )
973         throws RedbackServiceException
974     {
975         User user = getUser( username );
976         if ( user != null )
977         {
978             user.setLocked( true );
979             updateUser( user );
980             return Boolean.TRUE;
981         }
982         return Boolean.FALSE;
983     }
984 
985     public Boolean passwordChangeRequired( String username )
986         throws RedbackServiceException
987     {
988         User user = getUser( username );
989         if ( user == null )
990         {
991             user.setPasswordChangeRequired( true );
992             updateUser( user );
993             return Boolean.TRUE;
994         }
995         return Boolean.FALSE;
996     }
997 
998     public Boolean passwordChangeNotRequired( String username )
999         throws RedbackServiceException
1000     {
1001         User user = getUser( username );
1002         if ( user == null )
1003         {
1004             user.setPasswordChangeRequired( false );
1005             updateUser( user );
1006             return Boolean.TRUE;
1007         }
1008         return Boolean.FALSE;
1009     }
1010 }