This project has retired. For details please refer to its Attic page.
Source code 
001package org.apache.archiva.security;
002
003/*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements.  See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership.  The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License.  You may obtain a copy of the License at
011 *
012 *  http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied.  See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022import org.apache.archiva.admin.model.RepositoryAdminException;
023import org.apache.archiva.admin.model.beans.ManagedRepository;
024import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
025import org.apache.archiva.redback.authentication.AuthenticationResult;
026import org.apache.archiva.redback.authorization.AuthorizationException;
027import org.apache.archiva.redback.role.RoleManager;
028import org.apache.archiva.redback.role.RoleManagerException;
029import org.apache.archiva.redback.system.DefaultSecuritySession;
030import org.apache.archiva.redback.system.SecuritySession;
031import org.apache.archiva.redback.system.SecuritySystem;
032import org.apache.archiva.redback.users.User;
033import org.apache.archiva.redback.users.UserManagerException;
034import org.apache.archiva.redback.users.UserNotFoundException;
035import org.apache.archiva.security.common.ArchivaRoleConstants;
036import org.slf4j.Logger;
037import org.slf4j.LoggerFactory;
038import org.springframework.stereotype.Service;
039
040import javax.inject.Inject;
041import java.util.ArrayList;
042import java.util.List;
043
044/**
045 * DefaultUserRepositories
046 */
047@Service( "userRepositories" )
048public class DefaultUserRepositories
049    implements UserRepositories
050{
051
052    @Inject
053    private SecuritySystem securitySystem;
054
055    @Inject
056    private RoleManager roleManager;
057
058    @Inject
059    private ManagedRepositoryAdmin managedRepositoryAdmin;
060
061    private Logger log = LoggerFactory.getLogger( getClass() );
062
063    @Override
064    public List<String> getObservableRepositoryIds( String principal )
065        throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
066    {
067        String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
068
069        return getAccessibleRepositoryIds( principal, operation );
070    }
071
072    @Override
073    public List<String> getManagableRepositoryIds( String principal )
074        throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
075    {
076        String operation = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
077
078        return getAccessibleRepositoryIds( principal, operation );
079    }
080
081    private List<String> getAccessibleRepositoryIds( String principal, String operation )
082        throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
083    {
084
085        List<ManagedRepository> managedRepositories = getAccessibleRepositories( principal, operation );
086        List<String> repoIds = new ArrayList<>( managedRepositories.size() );
087        for ( ManagedRepository managedRepository : managedRepositories )
088        {
089            repoIds.add( managedRepository.getId() );
090        }
091
092        return repoIds;
093    }
094
095    @Override
096    public List<ManagedRepository> getAccessibleRepositories( String principal )
097        throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
098    {
099        return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
100    }
101
102    @Override
103    public List<ManagedRepository> getManagableRepositories(String principal) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException {
104        return getAccessibleRepositories( principal, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
105    }
106
107    private List<ManagedRepository> getAccessibleRepositories( String principal, String operation )
108        throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
109    {
110        SecuritySession securitySession = createSession( principal );
111
112        List<ManagedRepository> managedRepositories = new ArrayList<>();
113
114        try
115        {
116            List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();
117
118            for ( ManagedRepository repo : repos )
119            {
120                try
121                {
122                    String repoId = repo.getId();
123                    if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
124                    {
125                        managedRepositories.add( repo );
126                    }
127                }
128                catch ( AuthorizationException e )
129                {
130                    // swallow.
131
132                    log.debug( "Not authorizing '{}' for repository '{}': {}", principal, repo.getId(),
133                               e.getMessage() );
134
135                }
136            }
137
138            return managedRepositories;
139        }
140        catch ( RepositoryAdminException e )
141        {
142            throw new ArchivaSecurityException( e.getMessage(), e );
143        }
144    }
145
146    private SecuritySession createSession( String principal )
147        throws ArchivaSecurityException, AccessDeniedException
148    {
149        User user;
150        try
151        {
152            user = securitySystem.getUserManager().findUser( principal );
153            if ( user == null )
154            {
155                throw new ArchivaSecurityException(
156                    "The security system had an internal error - please check your system logs" );
157            }
158        }
159        catch ( UserNotFoundException e )
160        {
161            throw new PrincipalNotFoundException( "Unable to find principal " + principal + "", e );
162        }
163        catch ( UserManagerException e )
164        {
165            throw new ArchivaSecurityException( e.getMessage(), e );
166        }
167
168        if ( user.isLocked() )
169        {
170            throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
171        }
172
173        AuthenticationResult authn = new AuthenticationResult( true, principal, null );
174        authn.setUser( user );
175        return new DefaultSecuritySession( authn, user );
176    }
177
178    @Override
179    public void createMissingRepositoryRoles( String repoId )
180        throws ArchivaSecurityException
181    {
182        try
183        {
184            if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
185            {
186                roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
187            }
188
189            if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
190            {
191                roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
192            }
193        }
194        catch ( RoleManagerException e )
195        {
196            throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
197                                                e );
198        }
199    }
200
201    @Override
202    public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
203        throws PrincipalNotFoundException, ArchivaSecurityException
204    {
205        try
206        {
207            SecuritySession securitySession = createSession( principal );
208
209            return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
210                                                repoId );
211
212        }
213        catch ( AuthorizationException e )
214        {
215            throw new ArchivaSecurityException( e.getMessage(), e);
216        }
217    }
218
219    @Override
220    public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
221        throws ArchivaSecurityException
222    {
223        try
224        {
225            SecuritySession securitySession = createSession( principal );
226
227            return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
228                                                repoId );
229
230        }
231        catch ( AuthorizationException e )
232        {
233            throw new ArchivaSecurityException( e.getMessage(), e);
234        }
235    }
236
237    public SecuritySystem getSecuritySystem()
238    {
239        return securitySystem;
240    }
241
242    public void setSecuritySystem( SecuritySystem securitySystem )
243    {
244        this.securitySystem = securitySystem;
245    }
246
247    public RoleManager getRoleManager()
248    {
249        return roleManager;
250    }
251
252    public void setRoleManager( RoleManager roleManager )
253    {
254        this.roleManager = roleManager;
255    }
256}