This project has retired. For details please refer to its
Attic page.
1 package org.apache.archiva.web.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 import org.apache.archiva.admin.model.RepositoryAdminException;
22 import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
23 import org.apache.archiva.redback.components.cache.Cache;
24 import org.apache.archiva.redback.rbac.AbstractRBACManager;
25 import org.apache.archiva.redback.rbac.Operation;
26 import org.apache.archiva.redback.rbac.Permission;
27 import org.apache.archiva.redback.rbac.RBACManager;
28 import org.apache.archiva.redback.rbac.RbacManagerException;
29 import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
30 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
31 import org.apache.archiva.redback.rbac.Resource;
32 import org.apache.archiva.redback.rbac.Role;
33 import org.apache.archiva.redback.rbac.UserAssignment;
34 import org.springframework.context.ApplicationContext;
35 import org.springframework.stereotype.Service;
36
37 import javax.inject.Inject;
38 import javax.inject.Named;
39 import java.util.ArrayList;
40 import java.util.Collection;
41 import java.util.HashMap;
42 import java.util.LinkedHashMap;
43 import java.util.List;
44 import java.util.Map;
45 import java.util.Set;
46
47
48
49
50
51 @Service( "rbacManager#archiva" )
52 public class ArchivaRbacManager
53 extends AbstractRBACManager
54 implements RBACManager
55 {
56
57 private Map<String, RBACManager> rbacManagersPerId;
58
59 @Inject
60 private ApplicationContext applicationContext;
61
62 @Inject
63 private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
64
65 @Inject
66 @Named( value = "cache#operations" )
67 private Cache<String, Operation> operationsCache;
68
69 @Inject
70 @Named( value = "cache#permissions" )
71 private Cache<String, Permission> permissionsCache;
72
73 @Inject
74 @Named( value = "cache#resources" )
75 private Cache<String, Resource> resourcesCache;
76
77 @Inject
78 @Named( value = "cache#roles" )
79 private Cache<String, Role> rolesCache;
80
81 @Inject
82 @Named( value = "cache#userAssignments" )
83 private Cache<String, UserAssignment> userAssignmentsCache;
84
85 @Inject
86 @Named( value = "cache#userPermissions" )
87 private Cache<String, Map<String, List<Permission>>> userPermissionsCache;
88
89 @Inject
90 @Named( value = "cache#effectiveRoleSet" )
91 private Cache<String, Set<Role>> effectiveRoleSetCache;
92
93 @Override
94 public void initialize()
95 {
96 try
97 {
98 List<String> rbacManagerIds =
99 redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getRbacManagerImpls();
100
101 if ( rbacManagerIds.isEmpty() )
102 {
103 rbacManagerIds.add( RedbackRuntimeConfigurationAdmin.DEFAULT_RBAC_MANAGER_IMPL );
104 }
105
106 log.info( "use rbacManagerIds: '{}'", rbacManagerIds );
107
108 this.rbacManagersPerId = new LinkedHashMap<>( rbacManagerIds.size() );
109
110 for ( String id : rbacManagerIds )
111 {
112 RBACManager rbacManager = applicationContext.getBean( "rbacManager#" + id, RBACManager.class );
113
114 rbacManagersPerId.put( id, rbacManager );
115 }
116 }
117 catch ( RepositoryAdminException e )
118 {
119
120 log.error( e.getMessage(), e );
121 throw new RuntimeException( e.getMessage(), e );
122 }
123 }
124
125 protected RBACManager getRbacManagerForWrite()
126 {
127 for ( RBACManager rbacManager : this.rbacManagersPerId.values() )
128 {
129 if ( !rbacManager.isReadOnly() )
130 {
131 return rbacManager;
132 }
133 }
134 return this.rbacManagersPerId.isEmpty() ? applicationContext.getBean(
135 "rbacManager#" + RedbackRuntimeConfigurationAdmin.DEFAULT_RBAC_MANAGER_IMPL, RBACManager.class )
136 : this.rbacManagersPerId.values().iterator().next();
137 }
138
139 @Override
140 public Role createRole( String name )
141 {
142 return getRbacManagerForWrite().createRole( name );
143 }
144
145 @Override
146 public Role saveRole( Role role )
147 throws RbacObjectInvalidException, RbacManagerException
148 {
149 Exception lastException = null;
150 boolean allFailed = true;
151 for ( RBACManager rbacManager : rbacManagersPerId.values() )
152 {
153 try
154 {
155 if ( !rbacManager.isReadOnly() )
156 {
157 role = rbacManager.saveRole( role );
158 allFailed = false;
159 }
160 }
161 catch ( Exception e )
162 {
163 lastException = e;
164 }
165 }
166 if ( lastException != null && allFailed )
167 {
168 throw new RbacManagerException( lastException.getMessage(), lastException );
169 }
170 return role;
171 }
172
173 @Override
174 public void saveRoles( Collection<Role> roles )
175 throws RbacObjectInvalidException, RbacManagerException
176 {
177 Exception lastException = null;
178 boolean allFailed = true;
179 for ( RBACManager rbacManager : rbacManagersPerId.values() )
180 {
181 try
182 {
183 if ( !rbacManager.isReadOnly() )
184 {
185 rbacManager.saveRoles( roles );
186 allFailed = false;
187 }
188 }
189 catch ( Exception e )
190 {
191 lastException = e;
192 }
193 }
194 if ( lastException != null && allFailed )
195 {
196 throw new RbacManagerException( lastException.getMessage(), lastException );
197 }
198 }
199
200 @Override
201 public Role getRole( String roleName )
202 throws RbacObjectNotFoundException, RbacManagerException
203 {
204
205 Role el = rolesCache.get( roleName );
206 if ( el != null )
207 {
208 return el;
209 }
210
211 Exception lastException = null;
212 for ( RBACManager rbacManager : rbacManagersPerId.values() )
213 {
214 try
215 {
216 Role role = rbacManager.getRole( roleName );
217 if ( role != null )
218 {
219 rolesCache.put( role.getName(), role );
220 return role;
221 }
222 }
223 catch ( Exception e )
224 {
225 lastException = e;
226 }
227 }
228 log.debug( "cannot find role for name: ‘{}", roleName );
229 if ( lastException != null )
230 {
231 throw new RbacManagerException( lastException.getMessage(), lastException );
232 }
233 return null;
234 }
235
236 @Override
237 public List<Role> getAllRoles()
238 throws RbacManagerException
239 {
240 Map<String, Role> allRoles = new HashMap<>();
241 boolean allFailed = true;
242 Exception lastException = null;
243 for ( RBACManager rbacManager : rbacManagersPerId.values() )
244 {
245 try
246 {
247 List<Role> roles = rbacManager.getAllRoles();
248 for ( Role role : roles )
249 {
250 allRoles.put( role.getName(), role );
251 }
252 allFailed = false;
253 }
254 catch ( Exception e )
255 {
256 lastException = e;
257 }
258 }
259
260 if ( lastException != null && allFailed )
261 {
262 throw new RbacManagerException( lastException.getMessage(), lastException );
263 }
264
265 return new ArrayList<>( allRoles.values() );
266 }
267
268 @Override
269 public void removeRole( Role role )
270 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
271 {
272 boolean allFailed = true;
273 Exception lastException = null;
274 for ( RBACManager rbacManager : rbacManagersPerId.values() )
275 {
276 try
277 {
278 rbacManager.removeRole( role );
279 rolesCache.remove( role.getName() );
280 allFailed = false;
281 }
282 catch ( Exception e )
283 {
284 lastException = e;
285 }
286 }
287
288 if ( lastException != null && allFailed )
289 {
290 throw new RbacManagerException( lastException.getMessage(), lastException );
291 }
292 }
293
294 @Override
295 public Permission createPermission( String name )
296 throws RbacManagerException
297 {
298 return getRbacManagerForWrite().createPermission( name );
299 }
300
301 @Override
302 public Permission createPermission( String name, String operationName, String resourceIdentifier )
303 throws RbacManagerException
304 {
305 return getRbacManagerForWrite().createPermission( name, operationName, resourceIdentifier );
306 }
307
308 @Override
309 public Permission savePermission( Permission permission )
310 throws RbacObjectInvalidException, RbacManagerException
311 {
312 boolean allFailed = true;
313 Exception lastException = null;
314 for ( RBACManager rbacManager : rbacManagersPerId.values() )
315 {
316 try
317 {
318 if ( rbacManager.isReadOnly() )
319 {
320 permission = rbacManager.savePermission( permission );
321 allFailed = false;
322 }
323 }
324 catch ( Exception e )
325 {
326 lastException = e;
327 }
328 }
329
330 if ( lastException != null && allFailed )
331 {
332 throw new RbacManagerException( lastException.getMessage(), lastException );
333 }
334
335 return permission;
336 }
337
338 @Override
339 public Permission getPermission( String permissionName )
340 throws RbacObjectNotFoundException, RbacManagerException
341 {
342
343 Permission el = permissionsCache.get( permissionName );
344 if ( el != null )
345 {
346 return el;
347 }
348
349 Exception lastException = null;
350 for ( RBACManager rbacManager : rbacManagersPerId.values() )
351 {
352 try
353 {
354 Permission p = rbacManager.getPermission( permissionName );
355 if ( p != null )
356 {
357 permissionsCache.put( permissionName, p );
358 return p;
359 }
360 }
361 catch ( Exception e )
362 {
363 lastException = e;
364 }
365 }
366
367 if ( lastException != null )
368 {
369 throw new RbacManagerException( lastException.getMessage(), lastException );
370 }
371 return null;
372 }
373
374 @Override
375 public List<Permission> getAllPermissions()
376 throws RbacManagerException
377 {
378 Map<String, Permission> allPermissions = new HashMap<>();
379 boolean allFailed = true;
380 Exception lastException = null;
381 for ( RBACManager rbacManager : rbacManagersPerId.values() )
382 {
383 try
384 {
385 List<Permission> permissions = rbacManager.getAllPermissions();
386 for ( Permission p : permissions )
387 {
388 allPermissions.put( p.getName(), p );
389 }
390 allFailed = false;
391 }
392 catch ( Exception e )
393 {
394 lastException = e;
395 }
396 }
397
398 if ( lastException != null && allFailed )
399 {
400 throw new RbacManagerException( lastException.getMessage(), lastException );
401 }
402 return new ArrayList<>( allPermissions.values() );
403 }
404
405 @Override
406 public void removePermission( Permission permission )
407 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
408 {
409 boolean allFailed = true;
410 Exception lastException = null;
411 for ( RBACManager rbacManager : rbacManagersPerId.values() )
412 {
413 try
414 {
415 rbacManager.removePermission( permission );
416 permissionsCache.remove( permission.getName() );
417 allFailed = false;
418 }
419 catch ( Exception e )
420 {
421 lastException = e;
422 }
423 }
424
425 if ( lastException != null && allFailed )
426 {
427 throw new RbacManagerException( lastException.getMessage(), lastException );
428 }
429 }
430
431 @Override
432 public Operation createOperation( String name )
433 throws RbacManagerException
434 {
435 return getRbacManagerForWrite().createOperation( name );
436 }
437
438 @Override
439 public Operation saveOperation( Operation operation )
440 throws RbacObjectInvalidException, RbacManagerException
441 {
442 boolean allFailed = true;
443 Exception lastException = null;
444 for ( RBACManager rbacManager : rbacManagersPerId.values() )
445 {
446 try
447 {
448 if ( !rbacManager.isReadOnly() )
449 {
450 operation = rbacManager.saveOperation( operation );
451 allFailed = false;
452 }
453 }
454 catch ( Exception e )
455 {
456 lastException = e;
457 }
458 }
459
460 if ( lastException != null && allFailed )
461 {
462 throw new RbacManagerException( lastException.getMessage(), lastException );
463 }
464 return operation;
465 }
466
467 @Override
468 public Operation getOperation( String operationName )
469 throws RbacObjectNotFoundException, RbacManagerException
470 {
471
472 Operation el = operationsCache.get( operationName );
473 if ( el != null )
474 {
475 return el;
476 }
477
478 Exception lastException = null;
479 for ( RBACManager rbacManager : rbacManagersPerId.values() )
480 {
481 try
482 {
483 Operation o = rbacManager.getOperation( operationName );
484 if ( o != null )
485 {
486 operationsCache.put( operationName, o );
487 return o;
488 }
489 }
490 catch ( Exception e )
491 {
492 lastException = e;
493 }
494 }
495
496 if ( lastException != null )
497 {
498 throw new RbacManagerException( lastException.getMessage(), lastException );
499 }
500 return null;
501 }
502
503 @Override
504 public List<Operation> getAllOperations()
505 throws RbacManagerException
506 {
507 Map<String, Operation> allOperations = new HashMap<>();
508 boolean allFailed = true;
509 Exception lastException = null;
510 for ( RBACManager rbacManager : rbacManagersPerId.values() )
511 {
512 try
513 {
514 List<Operation> operations = rbacManager.getAllOperations();
515 for ( Operation o : operations )
516 {
517 allOperations.put( o.getName(), o );
518 }
519 allFailed = false;
520 }
521 catch ( Exception e )
522 {
523 lastException = e;
524 }
525 }
526
527 if ( lastException != null && allFailed )
528 {
529 throw new RbacManagerException( lastException.getMessage(), lastException );
530 }
531 return new ArrayList<>( allOperations.values() );
532 }
533
534 @Override
535 public void removeOperation( Operation operation )
536 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
537 {
538 boolean allFailed = true;
539 Exception lastException = null;
540 for ( RBACManager rbacManager : rbacManagersPerId.values() )
541 {
542 try
543 {
544 rbacManager.removeOperation( operation );
545 operationsCache.remove( operation.getName() );
546 allFailed = false;
547 }
548 catch ( Exception e )
549 {
550 lastException = e;
551 }
552 }
553
554 if ( lastException != null && allFailed )
555 {
556 throw new RbacManagerException( lastException.getMessage(), lastException );
557 }
558 }
559
560 @Override
561 public Resource createResource( String identifier )
562 throws RbacManagerException
563 {
564 return getRbacManagerForWrite().createResource( identifier );
565 }
566
567 @Override
568 public Resource saveResource( Resource resource )
569 throws RbacObjectInvalidException, RbacManagerException
570 {
571 boolean allFailed = true;
572 Exception lastException = null;
573 for ( RBACManager rbacManager : rbacManagersPerId.values() )
574 {
575 try
576 {
577 if ( !rbacManager.isReadOnly() )
578 {
579 resource = rbacManager.saveResource( resource );
580 allFailed = false;
581 }
582 }
583 catch ( Exception e )
584 {
585 lastException = e;
586 }
587 }
588
589 if ( lastException != null && allFailed )
590 {
591 throw new RbacManagerException( lastException.getMessage(), lastException );
592 }
593 return resource;
594 }
595
596 @Override
597 public Resource getResource( String resourceIdentifier )
598 throws RbacObjectNotFoundException, RbacManagerException
599 {
600
601 Resource el = resourcesCache.get( resourceIdentifier );
602 if ( el != null )
603 {
604 return el;
605 }
606
607 Exception lastException = null;
608 for ( RBACManager rbacManager : rbacManagersPerId.values() )
609 {
610 try
611 {
612 Resource r = rbacManager.getResource( resourceIdentifier );
613 if ( r != null )
614 {
615 resourcesCache.put( resourceIdentifier, r );
616 return r;
617 }
618 }
619 catch ( Exception e )
620 {
621 lastException = e;
622 }
623 }
624
625 if ( lastException != null )
626 {
627 throw new RbacManagerException( lastException.getMessage(), lastException );
628 }
629 return null;
630 }
631
632 @Override
633 public List<Resource> getAllResources()
634 throws RbacManagerException
635 {
636 Map<String, Resource> allResources = new HashMap<>();
637 boolean allFailed = true;
638 Exception lastException = null;
639 for ( RBACManager rbacManager : rbacManagersPerId.values() )
640 {
641 try
642 {
643 List<Resource> resources = rbacManager.getAllResources();
644 for ( Resource r : resources )
645 {
646 allResources.put( r.getIdentifier(), r );
647 }
648 allFailed = false;
649 }
650 catch ( Exception e )
651 {
652 lastException = e;
653 }
654 }
655
656 if ( lastException != null && allFailed )
657 {
658 throw new RbacManagerException( lastException.getMessage(), lastException );
659 }
660 return new ArrayList<>( allResources.values() );
661 }
662
663 @Override
664 public void removeResource( Resource resource )
665 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
666 {
667 boolean allFailed = true;
668 Exception lastException = null;
669 for ( RBACManager rbacManager : rbacManagersPerId.values() )
670 {
671 try
672 {
673 rbacManager.removeResource( resource );
674 resourcesCache.remove( resource.getIdentifier() );
675 allFailed = false;
676 }
677 catch ( Exception e )
678 {
679 lastException = e;
680 }
681 }
682
683 if ( lastException != null && allFailed )
684 {
685 throw new RbacManagerException( lastException.getMessage(), lastException );
686 }
687 }
688
689 @Override
690 public UserAssignment createUserAssignment( String principal )
691 throws RbacManagerException
692 {
693 return getRbacManagerForWrite().createUserAssignment( principal );
694 }
695
696 @Override
697 public UserAssignment saveUserAssignment( UserAssignment userAssignment )
698 throws RbacObjectInvalidException, RbacManagerException
699 {
700 boolean allFailed = true;
701 Exception lastException = null;
702 for ( RBACManager rbacManager : rbacManagersPerId.values() )
703 {
704 try
705 {
706 if ( !rbacManager.isReadOnly() )
707 {
708 userAssignment = rbacManager.saveUserAssignment( userAssignment );
709 allFailed = false;
710 }
711 }
712 catch ( Exception e )
713 {
714 lastException = e;
715 }
716 }
717
718 if ( lastException != null && allFailed )
719 {
720 throw new RbacManagerException( lastException.getMessage(), lastException );
721 }
722 return userAssignment;
723 }
724
725 @Override
726 public UserAssignment getUserAssignment( String principal )
727 throws RbacObjectNotFoundException, RbacManagerException
728 {
729 UserAssignment el = userAssignmentsCache.get( principal );
730 if ( el != null )
731 {
732 return el;
733 }
734 UserAssignment ua = null;
735 Exception lastException = null;
736 for ( RBACManager rbacManager : rbacManagersPerId.values() )
737 {
738 try
739 {
740 if ( ua == null )
741 {
742 ua = rbacManager.getUserAssignment( principal );
743 }
744 else
745 {
746 UserAssignment userAssignment = rbacManager.getUserAssignment( principal );
747 if ( userAssignment != null )
748 {
749 for ( String roleName : userAssignment.getRoleNames() )
750 {
751 ua.addRoleName( roleName );
752 }
753 }
754 }
755 }
756 catch ( Exception e )
757 {
758 lastException = e;
759 }
760 }
761
762 if ( ua != null )
763 {
764 userAssignmentsCache.put( principal, ua );
765 return ua;
766 }
767
768 if ( lastException != null )
769 {
770 throw new RbacManagerException( lastException.getMessage(), lastException );
771 }
772 return null;
773 }
774
775 @Override
776 public boolean userAssignmentExists( String principal )
777 {
778
779 for ( RBACManager rbacManager : rbacManagersPerId.values() )
780 {
781 try
782 {
783 boolean exists = rbacManager.userAssignmentExists( principal );
784 if ( exists )
785 {
786 return true;
787 }
788 }
789 catch ( Exception e )
790 {
791
792 }
793 }
794
795 return false;
796 }
797
798 @Override
799 public boolean userAssignmentExists( UserAssignment assignment )
800 {
801 for ( RBACManager rbacManager : rbacManagersPerId.values() )
802 {
803 try
804 {
805 boolean exists = rbacManager.userAssignmentExists( assignment );
806 if ( exists )
807 {
808 return true;
809 }
810 }
811 catch ( Exception e )
812 {
813
814 }
815 }
816
817 return false;
818 }
819
820 @Override
821 public List<UserAssignment> getAllUserAssignments()
822 throws RbacManagerException
823 {
824 Map<String, UserAssignment> allUserAssignments = new HashMap<>();
825 boolean allFailed = true;
826 Exception lastException = null;
827 for ( RBACManager rbacManager : rbacManagersPerId.values() )
828 {
829 try
830 {
831 List<UserAssignment> userAssignments = rbacManager.getAllUserAssignments();
832 for ( UserAssignment ua : userAssignments )
833 {
834 UserAssignment userAssignment = allUserAssignments.get( ua.getPrincipal() );
835 if ( userAssignment != null )
836 {
837 for ( String roleName : ua.getRoleNames() )
838 {
839 userAssignment.addRoleName( roleName );
840 }
841 }
842 allUserAssignments.put( ua.getPrincipal(), ua );
843 }
844 allFailed = false;
845 }
846 catch ( Exception e )
847 {
848 lastException = e;
849 }
850 }
851
852 if ( lastException != null && allFailed )
853 {
854 throw new RbacManagerException( lastException.getMessage(), lastException );
855 }
856 return new ArrayList<>( allUserAssignments.values() );
857 }
858
859 @Override
860 public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
861 throws RbacManagerException
862 {
863 List<UserAssignment> allUserAssignments = new ArrayList<>();
864 boolean allFailed = true;
865 Exception lastException = null;
866 for ( RBACManager rbacManager : rbacManagersPerId.values() )
867 {
868 try
869 {
870 List<UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles( roleNames );
871
872 allUserAssignments.addAll( userAssignments );
873
874 allFailed = false;
875 }
876 catch ( Exception e )
877 {
878 lastException = e;
879 }
880 }
881
882 if ( lastException != null && allFailed )
883 {
884 throw new RbacManagerException( lastException.getMessage(), lastException );
885 }
886 return allUserAssignments;
887 }
888
889 @Override
890 public void removeUserAssignment( UserAssignment userAssignment )
891 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
892 {
893 boolean allFailed = true;
894 Exception lastException = null;
895 for ( RBACManager rbacManager : rbacManagersPerId.values() )
896 {
897 try
898 {
899 rbacManager.removeUserAssignment( userAssignment );
900 userAssignmentsCache.remove( userAssignment.getPrincipal() );
901 allFailed = false;
902 }
903 catch ( Exception e )
904 {
905 lastException = e;
906 }
907 }
908
909 if ( lastException != null && allFailed )
910 {
911 throw new RbacManagerException( lastException.getMessage(), lastException );
912 }
913 }
914
915 @Override
916 public boolean roleExists( String name )
917 throws RbacManagerException
918 {
919 Role r = rolesCache.get( name );
920 if ( r != null )
921 {
922 return true;
923 }
924
925 boolean allFailed = true;
926 Exception lastException = null;
927 for ( RBACManager rbacManager : rbacManagersPerId.values() )
928 {
929 try
930 {
931 boolean exists = rbacManager.roleExists( name );
932 if ( exists )
933 {
934 return true;
935 }
936 }
937 catch ( Exception e )
938 {
939 lastException = e;
940 }
941 }
942
943 if ( lastException != null && allFailed )
944 {
945 throw new RbacManagerException( lastException.getMessage(), lastException );
946 }
947 return false;
948 }
949
950 @Override
951 public boolean roleExists( Role role )
952 throws RbacManagerException
953 {
954 return roleExists( role.getName() );
955 }
956
957 @Override
958 public void eraseDatabase()
959 {
960 log.warn( "eraseDatabase not implemented" );
961 }
962
963 @Override
964 public boolean isFinalImplementation()
965 {
966 return false;
967 }
968
969 @Override
970 public String getDescriptionKey()
971 {
972 return "archiva.redback.rbacmanager.archiva";
973 }
974
975 @Override
976 public boolean isReadOnly()
977 {
978 return false;
979 }
980 }