1package org.apache.archiva.security;
23/*4 * Licensed to the Apache Software Foundation (ASF) under one5 * or more contributor license agreements. See the NOTICE file6 * distributed with this work for additional information7 * regarding copyright ownership. The ASF licenses this file8 * to you under the Apache License, Version 2.0 (the9 * "License"); you may not use this file except in compliance10 * with the License. You may obtain a copy of the License at11 *12 * http://www.apache.org/licenses/LICENSE-2.013 *14 * Unless required by applicable law or agreed to in writing,15 * software distributed under the License is distributed on an16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY17 * KIND, either express or implied. See the License for the18 * specific language governing permissions and limitations19 * under the License.20 */2122import org.apache.archiva.redback.rbac.RBACManager;
23import org.apache.archiva.redback.rbac.RbacManagerException;
24import org.apache.archiva.redback.system.check.EnvironmentCheck;
25import org.apache.archiva.security.common.ArchivaRoleConstants;
26import org.slf4j.Logger;
27import org.slf4j.LoggerFactory;
28import org.springframework.stereotype.Service;
2930import javax.inject.Inject;
31import javax.inject.Named;
32import java.util.List;
3334/**35 * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.36 */37 @Service("environmentCheck#archiva-required-roles")
38publicclassArchivaStandardRolesCheck39implements EnvironmentCheck
40 {
41private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class );
4243/**44 *45 */46 @Inject
47 @Named(value = "rbacManager#cached")
48private RBACManager rbacManager;
4950/**51 * boolean detailing if this environment check has been executed52 */53privateboolean checked = false;
5455 @Override
56publicvoid validateEnvironment( List<String> violations )
57 {
58if ( !checked )
59 {
60 String expectedRoles[] = new String[]{ ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
61 ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
62 ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, ArchivaRoleConstants.GUEST_ROLE,
63 ArchivaRoleConstants.REGISTERED_USER_ROLE, ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
6465 log.info( "Checking the existance of required roles." );
6667for ( String roleName : expectedRoles )
68 {
69try70 {
71if ( !rbacManager.roleExists( roleName ) )
72 {
73 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
74 }
75 }
76catch ( RbacManagerException e )
77 {
78 log.warn( "fail to verify existence of role '{}'", roleName );
79 violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
80 }
81 }
8283 String expectedOperations[] = new String[]{ ArchivaRoleConstants.OPERATION_MANAGE_USERS,
84 ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
85 ArchivaRoleConstants.OPERATION_RUN_INDEXER, ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
86 ArchivaRoleConstants.OPERATION_ADD_REPOSITORY, ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
87 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
88 ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
89"archiva-guest" };
9091 log.info( "Checking the existance of required operations." );
9293for ( String operation : expectedOperations )
94 {
95if ( !rbacManager.operationExists( operation ) )
96 {
97 violations.add( "Unable to validate the existances of the '" + operation + "' operation." );
98 }
99 }
100101 checked = true;
102 }
103104 }
105106 }