This project has retired. For details please refer to its Attic page.
DefaultSecuritySystem xref
View Javadoc

1   package org.apache.archiva.redback.system;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.keys.KeyManager;
23  import org.apache.archiva.redback.policy.AccountLockedException;
24  import org.apache.archiva.redback.policy.UserSecurityPolicy;
25  import org.apache.archiva.redback.users.User;
26  import org.apache.archiva.redback.users.UserManager;
27  import org.apache.archiva.redback.users.UserManagerException;
28  import org.apache.archiva.redback.users.UserNotFoundException;
29  import org.apache.archiva.redback.authentication.AuthenticationDataSource;
30  import org.apache.archiva.redback.authentication.AuthenticationException;
31  import org.apache.archiva.redback.authentication.AuthenticationManager;
32  import org.apache.archiva.redback.authentication.AuthenticationResult;
33  import org.apache.archiva.redback.authorization.AuthorizationDataSource;
34  import org.apache.archiva.redback.authorization.AuthorizationException;
35  import org.apache.archiva.redback.authorization.AuthorizationResult;
36  import org.apache.archiva.redback.authorization.Authorizer;
37  import org.apache.archiva.redback.policy.MustChangePasswordException;
38  import org.slf4j.Logger;
39  import org.slf4j.LoggerFactory;
40  import org.springframework.stereotype.Service;
41  
42  import javax.inject.Inject;
43  import javax.inject.Named;
44  
45  /**
46   * DefaultSecuritySystem:
47   *
48   * @author: Jesse McConnell <jesse@codehaus.org>
49   */
50  @Service("securitySystem")
51  public class DefaultSecuritySystem
52      implements SecuritySystem
53  {
54      private Logger log = LoggerFactory.getLogger( DefaultSecuritySystem.class );
55  
56      @Inject
57      private AuthenticationManager authnManager;
58  
59      @Inject
60      @Named(value = "authorizer#default")
61      private Authorizer authorizer;
62  
63      @Inject
64      @Named(value = "userManager#default")
65      private UserManager userManager;
66  
67      @Inject
68      @Named(value = "keyManager#cached")
69      private KeyManager keyManager;
70  
71      @Inject
72      private UserSecurityPolicy policy;
73  
74      // ----------------------------------------------------------------------------
75      // Authentication: delegate to the authnManager
76      // ----------------------------------------------------------------------------
77  
78      /**
79       * delegate to the authentication system for boolean authentication checks,
80       * if the result is authentic then pull the user object from the user
81       * manager and add it to the session.  If the result is false return the result in
82       * an authenticated session and a null user object.
83       * <p/>
84       * in the event of a successful authentication and a lack of corresponding user in the
85       * usermanager return a null user as well
86       * <p/>
87       * //todo should this last case create a user in the usermanager?
88       *
89       * @param source
90       * @return
91       * @throws AuthenticationException
92       * @throws UserNotFoundException
93       * @throws MustChangePasswordException
94       * @throws org.apache.archiva.redback.policy.AccountLockedException
95       *
96       * @throws MustChangePasswordException
97       */
98      public SecuritySession authenticate( AuthenticationDataSource source )
99          throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException,
100         UserManagerException
101     {
102         // Perform Authentication.
103         AuthenticationResult result = authnManager.authenticate( source );
104 
105         log.debug( "authnManager.authenticate() result: {}", result );
106 
107         // Process Results.
108         if ( result.isAuthenticated() )
109         {
110             log.debug( "User '{}' authenticated.", result.getPrincipal() );
111             User user = userManager.findUser( result.getPrincipal() );
112             if ( user != null )
113             {
114                 log.debug( "User '{}' exists.", result.getPrincipal() );
115                 log.debug( "User: {}", user );
116                 return new DefaultSecuritySession( result, user );
117             }
118             else
119             {
120                 log.debug( "User '{}' DOES NOT exist.", result.getPrincipal() );
121                 return new DefaultSecuritySession( result );
122             }
123         }
124         else
125         {
126             log.debug( "User '{}' IS NOT authenticated.", result.getPrincipal() );
127             return new DefaultSecuritySession( result );
128         }
129     }
130 
131     public boolean isAuthenticated( AuthenticationDataSource source )
132         throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException,
133         UserManagerException
134     {
135         return authenticate( source ).getAuthenticationResult().isAuthenticated();
136     }
137 
138     public String getAuthenticatorId()
139     {
140         if ( authnManager == null )
141         {
142             return "<null>";
143         }
144         return authnManager.getId();
145     }
146 
147     // ----------------------------------------------------------------------------
148     // Authorization: delegate to the authorizer
149     // ----------------------------------------------------------------------------
150 
151     public AuthorizationResult authorize( SecuritySession session, String permission )
152         throws AuthorizationException
153     {
154         return authorize( session, permission, null );
155     }
156 
157     public AuthorizationResult authorize( SecuritySession session, String permission, String resource )
158         throws AuthorizationException
159     {
160         AuthorizationDataSource source = null;
161 
162         if ( session != null )
163         {
164             User user = session.getUser();
165             if ( user != null )
166             {
167                 source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
168             }
169         }
170 
171         if ( source == null )
172         {
173             source = new AuthorizationDataSource( null, null, permission, resource );
174         }
175 
176         return authorizer.isAuthorized( source );
177     }
178 
179     public boolean isAuthorized( SecuritySession session, String permission )
180         throws AuthorizationException
181     {
182         return isAuthorized( session, permission, null );
183     }
184 
185     public boolean isAuthorized( SecuritySession session, String permission, String resource )
186         throws AuthorizationException
187     {
188         return authorize( session, permission, resource ).isAuthorized();
189     }
190 
191     public String getAuthorizerId()
192     {
193         if ( authorizer == null )
194         {
195             return "<null>";
196         }
197         return authorizer.getId();
198     }
199 
200     // ----------------------------------------------------------------------------
201     // User Management: delegate to the user manager
202     // ----------------------------------------------------------------------------
203 
204     public UserManager getUserManager()
205     {
206         return userManager;
207     }
208 
209     public String getUserManagementId()
210     {
211         if ( userManager == null )
212         {
213             return "<null>";
214         }
215         return userManager.getId();
216     }
217 
218     public KeyManager getKeyManager()
219     {
220         return keyManager;
221     }
222 
223     public String getKeyManagementId()
224     {
225         if ( keyManager == null )
226         {
227             return "<null>";
228         }
229         return keyManager.getId();
230     }
231 
232     public UserSecurityPolicy getPolicy()
233     {
234         return policy;
235     }
236 
237     public String getPolicyId()
238     {
239         if ( policy == null )
240         {
241             return "<null>";
242         }
243         return policy.getId();
244     }
245 
246     public AuthenticationManager getAuthenticationManager()
247     {
248         return authnManager;
249     }
250 
251     public Authorizer getAuthorizer()
252     {
253         return authorizer;
254     }
255 
256     public AuthenticationManager getAuthnManager()
257     {
258         return authnManager;
259     }
260 
261     public void setAuthnManager( AuthenticationManager authnManager )
262     {
263         this.authnManager = authnManager;
264     }
265 
266     public void setAuthorizer( Authorizer authorizer )
267     {
268         this.authorizer = authorizer;
269     }
270 
271     public void setUserManager( UserManager userManager )
272     {
273         this.userManager = userManager;
274     }
275 
276     public void setKeyManager( KeyManager keyManager )
277     {
278         this.keyManager = keyManager;
279     }
280 
281     public void setPolicy( UserSecurityPolicy policy )
282     {
283         this.policy = policy;
284     }
285 
286     public boolean userManagerReadOnly()
287     {
288         return userManager.isReadOnly();
289     }
290 }