This project has retired. For details please refer to its Attic page.
ArchivaLockedAdminEnvironmentCheck xref
View Javadoc
1   package org.apache.archiva.web.security;
2   /*
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   * http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   */
20  
21  import org.apache.archiva.admin.model.RepositoryAdminException;
22  import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
23  import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
24  import org.apache.archiva.redback.rbac.RBACManager;
25  import org.apache.archiva.redback.rbac.RbacManagerException;
26  import org.apache.archiva.redback.rbac.UserAssignment;
27  import org.apache.archiva.redback.system.check.EnvironmentCheck;
28  import org.apache.archiva.redback.users.User;
29  import org.apache.archiva.redback.users.UserManager;
30  import org.apache.archiva.redback.users.UserManagerException;
31  import org.apache.archiva.redback.users.UserNotFoundException;
32  import org.slf4j.Logger;
33  import org.slf4j.LoggerFactory;
34  import org.springframework.context.ApplicationContext;
35  import org.springframework.stereotype.Service;
36  
37  import javax.annotation.PostConstruct;
38  import javax.inject.Inject;
39  import javax.inject.Named;
40  import java.util.ArrayList;
41  import java.util.List;
42  
43  /**
44   * @author Olivier Lamy
45   */
46  @Service( "environmentCheck#archiva-locked-admin-check" )
47  public class ArchivaLockedAdminEnvironmentCheck
48      implements EnvironmentCheck
49  {
50  
51      protected Logger log = LoggerFactory.getLogger( getClass() );
52  
53  
54      @Inject
55      @Named( value = "rbacManager#cached" )
56      private RBACManager rbacManager;
57  
58      /**
59       * boolean detailing if this environment check has been executed
60       */
61      private boolean checked = false;
62  
63      @Inject
64      private ApplicationContext applicationContext;
65  
66      @Inject
67      private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
68  
69      private List<UserManager> userManagers;
70  
71      @PostConstruct
72      protected void initialize()
73          throws RepositoryAdminException
74      {
75          List<String> userManagerImpls =
76              redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
77  
78          userManagers = new ArrayList<>( userManagerImpls.size() );
79  
80          for ( String beanId : userManagerImpls )
81          {
82              userManagers.add( applicationContext.getBean( "userManager#" + beanId, UserManager.class ) );
83          }
84      }
85  
86      /**
87       * This environment check will unlock system administrator accounts that are locked on the restart of the
88       * application when the environment checks are processed.
89       *
90       * @param violations
91       */
92      @Override
93      public void validateEnvironment( List<String> violations )
94      {
95          if ( !checked )
96          {
97  
98              for ( UserManager userManager : userManagers )
99              {
100                 if ( userManager.isReadOnly() )
101                 {
102                     continue;
103                 }
104                 List<String> roles = new ArrayList<>();
105                 roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
106 
107                 List<UserAssignment> systemAdminstrators;
108                 try
109                 {
110                     systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles );
111 
112                     for ( UserAssignment userAssignment : systemAdminstrators )
113                     {
114                         try
115                         {
116                             User admin = userManager.findUser( userAssignment.getPrincipal() );
117 
118                             if ( admin.isLocked() )
119                             {
120                                 log.info( "Unlocking system administrator: {}", admin.getUsername() );
121                                 admin.setLocked( false );
122                                 userManager.updateUser( admin );
123                             }
124                         }
125                         catch ( UserNotFoundException ne )
126                         {
127                             log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() );
128                         }
129                         catch ( UserManagerException e )
130                         {
131                             log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(),
132                                       e.getMessage() );
133                         }
134                     }
135                 }
136                 catch ( RbacManagerException e )
137                 {
138                     log.warn( "Exception when checking for locked admin user: {}", e.getMessage(), e );
139                 }
140 
141                 checked = true;
142             }
143 
144         }
145 
146     }
147 }