This project has retired. For details please refer to its Attic page.
Source code 
001package org.apache.archiva.web.security;
002/*
003 * Licensed to the Apache Software Foundation (ASF) under one
004 * or more contributor license agreements.  See the NOTICE file
005 * distributed with this work for additional information
006 * regarding copyright ownership.  The ASF licenses this file
007 * to you under the Apache License, Version 2.0 (the
008 * "License"); you may not use this file except in compliance
009 * with the License.  You may obtain a copy of the License at
010 *
011 * http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing,
014 * software distributed under the License is distributed on an
015 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
016 * KIND, either express or implied.  See the License for the
017 * specific language governing permissions and limitations
018 * under the License.
019 */
020
021import org.apache.archiva.admin.model.RepositoryAdminException;
022import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
023import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
024import org.apache.archiva.redback.rbac.RBACManager;
025import org.apache.archiva.redback.rbac.RbacManagerException;
026import org.apache.archiva.redback.rbac.UserAssignment;
027import org.apache.archiva.redback.system.check.EnvironmentCheck;
028import org.apache.archiva.redback.users.User;
029import org.apache.archiva.redback.users.UserManager;
030import org.apache.archiva.redback.users.UserManagerException;
031import org.apache.archiva.redback.users.UserNotFoundException;
032import org.slf4j.Logger;
033import org.slf4j.LoggerFactory;
034import org.springframework.context.ApplicationContext;
035import org.springframework.stereotype.Service;
036
037import javax.annotation.PostConstruct;
038import javax.inject.Inject;
039import javax.inject.Named;
040import java.util.ArrayList;
041import java.util.List;
042
043/**
044 * @author Olivier Lamy
045 */
046@Service( "environmentCheck#archiva-locked-admin-check" )
047public class ArchivaLockedAdminEnvironmentCheck
048    implements EnvironmentCheck
049{
050
051    protected Logger log = LoggerFactory.getLogger( getClass() );
052
053
054    @Inject
055    @Named( value = "rbacManager#cached" )
056    private RBACManager rbacManager;
057
058    /**
059     * boolean detailing if this environment check has been executed
060     */
061    private boolean checked = false;
062
063    @Inject
064    private ApplicationContext applicationContext;
065
066    @Inject
067    private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
068
069    private List<UserManager> userManagers;
070
071    @PostConstruct
072    protected void initialize()
073        throws RepositoryAdminException
074    {
075        List<String> userManagerImpls =
076            redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
077
078        userManagers = new ArrayList<>( userManagerImpls.size() );
079
080        for ( String beanId : userManagerImpls )
081        {
082            userManagers.add( applicationContext.getBean( "userManager#" + beanId, UserManager.class ) );
083        }
084    }
085
086    /**
087     * This environment check will unlock system administrator accounts that are locked on the restart of the
088     * application when the environment checks are processed.
089     *
090     * @param violations
091     */
092    @Override
093    public void validateEnvironment( List<String> violations )
094    {
095        if ( !checked )
096        {
097
098            for ( UserManager userManager : userManagers )
099            {
100                if ( userManager.isReadOnly() )
101                {
102                    continue;
103                }
104                List<String> roles = new ArrayList<>();
105                roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
106
107                List<UserAssignment> systemAdminstrators;
108                try
109                {
110                    systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
111
112                    for ( UserAssignment userAssignment : systemAdminstrators )
113                    {
114                        try
115                        {
116                            User admin = userManager.findUser( userAssignment.getPrincipal() );
117
118                            if ( admin.isLocked() )
119                            {
120                                log.info( "Unlocking system administrator: {}", admin.getUsername() );
121                                admin.setLocked( false );
122                                userManager.updateUser( admin );
123                            }
124                        }
125                        catch ( UserNotFoundException ne )
126                        {
127                            log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
128                        }
129                        catch ( UserManagerException e )
130                        {
131                            log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
132                                      e.getMessage() );
133                        }
134                    }
135                }
136                catch ( RbacManagerException e )
137                {
138                    log.warn( "Exception when checking for locked admin user: {}", e.getMessage(), e );
139                }
140
141                checked = true;
142            }
143
144        }
145
146    }
147}