1package org.apache.archiva.security;
23/*4 * Licensed to the Apache Software Foundation (ASF) under one5 * or more contributor license agreements. See the NOTICE file6 * distributed with this work for additional information7 * regarding copyright ownership. The ASF licenses this file8 * to you under the Apache License, Version 2.0 (the9 * "License"); you may not use this file except in compliance10 * with the License. You may obtain a copy of the License at11 *12 * http://www.apache.org/licenses/LICENSE-2.013 *14 * Unless required by applicable law or agreed to in writing,15 * software distributed under the License is distributed on an16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY17 * KIND, either express or implied. See the License for the18 * specific language governing permissions and limitations19 * under the License.20 */2122import java.util.List;
2324import org.apache.archiva.redback.rbac.RbacManagerException;
25import org.apache.archiva.redback.system.check.EnvironmentCheck;
26import org.apache.archiva.security.common.ArchivaRoleConstants;
27import org.apache.archiva.redback.rbac.RBACManager;
28import org.slf4j.Logger;
29import org.slf4j.LoggerFactory;
30import org.springframework.stereotype.Service;
3132import javax.inject.Inject;
33import javax.inject.Named;
3435/**36 * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.37 */38 @Service("environmentCheck#archiva-required-roles")
39publicclassArchivaStandardRolesCheck40implements EnvironmentCheck
41 {
42private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class );
4344/**45 *46 */47 @Inject
48 @Named(value = "rbacManager#cached")
49private RBACManager rbacManager;
5051/**52 * boolean detailing if this environment check has been executed53 */54privateboolean checked = false;
5556 @Override
57publicvoid validateEnvironment( List<String> violations )
58 {
59if ( !checked )
60 {
61 String expectedRoles[] = new String[]{ ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
62 ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
63 ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, ArchivaRoleConstants.GUEST_ROLE,
64 ArchivaRoleConstants.REGISTERED_USER_ROLE, ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
6566 log.info( "Checking the existance of required roles." );
6768for ( String roleName : expectedRoles )
69 {
70try71 {
72if ( !rbacManager.roleExists( roleName ) )
73 {
74 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
75 }
76 }
77catch ( RbacManagerException e )
78 {
79 log.warn( "fail to verify existence of role '{}'", roleName );
80 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
81 }
82 }
8384 String expectedOperations[] = new String[]{ ArchivaRoleConstants.OPERATION_MANAGE_USERS,
85 ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
86 ArchivaRoleConstants.OPERATION_RUN_INDEXER, ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
87 ArchivaRoleConstants.OPERATION_ADD_REPOSITORY, ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
88 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
89 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
90"archiva-guest" };
9192 log.info( "Checking the existance of required operations." );
9394for ( String operation : expectedOperations )
95 {
96if ( !rbacManager.operationExists( operation ) )
97 {
98 violations.add( "Unable to validate the existances of the '" + operation + "' operation." );
99 }
100 }
101102 checked = true;
103 }
104105 }
106107 }