Apache
/
archiva
mirror of https://github.com/apache/archiva.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[MRM-913] bring delete artifact security into line with uploading an artifact 

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@755726 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Brett Porter 2009-03-18 20:47:20 +00:00
parent f8051daf10
commit 20b3d982cf
5 changed files with 74 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
View File

@ -64,6 +64,8 @@ public class ArchivaRoleConstants
public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
public static final String OPERATION_REPOSITORY_DELETE = "archiva-delete-artifact";
// Role templates
public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager";

146
archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
View File

@ -20,17 +20,12 @@ package org.apache.maven.archiva.security;
*/
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
import org.codehaus.plexus.redback.rbac.Role;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
@ -38,6 +33,8 @@ import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* DefaultUserRepositories
@ -53,11 +50,6 @@ public class DefaultUserRepositories
*/
private SecuritySystem securitySystem;
/**
* @plexus.requirement role-hint="cached"
*/
private RBACManager rbacManager;
/**
* @plexus.requirement role-hint="default"
*/
@ -67,6 +59,8 @@ public class DefaultUserRepositories
* @plexus.requirement
*/
private ArchivaConfiguration archivaConfiguration;
private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
public List<String> getObservableRepositoryIds( String principal )
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
@ -87,49 +81,59 @@ public class DefaultUserRepositories
private List<String> getAccessibleRepositoryIds( String principal, String operation )
throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
{
SecuritySession securitySession = createSession( principal );
List<String> repoIds = new ArrayList<String>();
List<ManagedRepositoryConfiguration> repos =
archivaConfiguration.getConfiguration().getManagedRepositories();
for ( ManagedRepositoryConfiguration repo : repos )
{
try
{
String repoId = repo.getId();
if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
{
repoIds.add( repoId );
}
}
catch ( AuthorizationException e )
{
// swallow.
log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': "
+ e.getMessage() );
}
}
return repoIds;
}
private SecuritySession createSession( String principal )
throws ArchivaSecurityException, AccessDeniedException
{
User user;
try
{
User user = securitySystem.getUserManager().findUser( principal );
user = securitySystem.getUserManager().findUser( principal );
if ( user == null )
{
throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
throw new ArchivaSecurityException(
"The security system had an internal error - please check your system logs" );
}
if ( user.isLocked() )
{
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
}
AuthenticationResult authn = new AuthenticationResult( true, principal, null );
SecuritySession securitySession = new DefaultSecuritySession( authn, user );
List<String> repoIds = new ArrayList<String>();
List<ManagedRepositoryConfiguration> repos =
archivaConfiguration.getConfiguration().getManagedRepositories();
for ( ManagedRepositoryConfiguration repo : repos )
{
try
{
String repoId = repo.getId();
if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
{
repoIds.add( repoId );
}
}
catch ( AuthorizationException e )
{
// swallow.
}
}
return repoIds;
}
catch ( UserNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
}
if ( user.isLocked() )
{
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
}
AuthenticationResult authn = new AuthenticationResult( true, principal, null );
return new DefaultSecuritySession( authn, user );
}
public void createMissingRepositoryRoles( String repoId )
@ -160,28 +164,12 @@ public class DefaultUserRepositories
{
try
{
User user = securitySystem.getUserManager().findUser( principal );
if ( user == null )
{
throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
}
if ( user.isLocked() )
{
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
}
AuthenticationResult authn = new AuthenticationResult( true, principal, null );
SecuritySession securitySession = new DefaultSecuritySession( authn, user );
SecuritySession securitySession = createSession( principal );
return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
repoId );
}
catch ( UserNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
}
catch ( AuthorizationException e )
{
throw new ArchivaSecurityException( e.getMessage() );
@ -189,41 +177,19 @@ public class DefaultUserRepositories
}
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
throws RbacManagerException, RbacObjectNotFoundException
throws AccessDeniedException, ArchivaSecurityException
{
boolean isAuthorized = false;
String delimiter = " - ";
try
{
Collection<Role> roleList = rbacManager.getEffectivelyAssignedRoles( principal );
for ( Role role : roleList )
{
String roleName = role.getName();
if ( roleName.startsWith( ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX ) )
{
int delimiterIndex = roleName.indexOf( delimiter );
String resourceName = roleName.substring( delimiterIndex + delimiter.length() );
if ( resourceName.equals( repoId ) )
{
isAuthorized = true;
break;
}
}
}
SecuritySession securitySession = createSession( principal );
return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
repoId );
}
catch ( RbacObjectNotFoundException e )
catch ( AuthorizationException e )
{
throw new RbacObjectNotFoundException( "Unable to find user " + principal + "" );
throw new ArchivaSecurityException( e.getMessage() );
}
catch ( RbacManagerException e )
{
throw new RbacManagerException( "Unable to get roles for user " + principal + "" );
}
return isAuthorized;
}
}

9
archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
View File

@ -19,9 +19,6 @@ package org.apache.maven.archiva.security;
* under the License.
*/
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import java.util.List;
/**
@ -82,10 +79,10 @@ public interface UserRepositories
* @param principal
* @param repoId
* @return
* @throws RbacManagerException
* @throws RbacObjectNotFoundException
* @throws ArchivaSecurityException
* @throws AccessDeniedException
*/
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
throws RbacManagerException, RbacObjectNotFoundException;
throws AccessDeniedException, ArchivaSecurityException;
}

23
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java
View File

@ -35,33 +35,32 @@ import org.apache.maven.archiva.common.utils.VersionComparator;
import org.apache.maven.archiva.common.utils.VersionUtil;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.apache.maven.archiva.database.updater.DatabaseConsumers;
import org.apache.maven.archiva.database.ArchivaDatabaseException;
import org.apache.maven.archiva.database.ArtifactDAO;
import org.apache.maven.archiva.database.constraints.ArtifactVersionsConstraint;
import org.apache.maven.archiva.database.updater.DatabaseConsumers;
import org.apache.maven.archiva.model.ArchivaArtifact;
import org.apache.maven.archiva.model.ArchivaRepositoryMetadata;
import org.apache.maven.archiva.model.VersionedReference;
import org.apache.maven.archiva.repository.audit.Auditable;
import org.apache.maven.archiva.repository.ContentNotFoundException;
import org.apache.maven.archiva.repository.ManagedRepositoryContent;
import org.apache.maven.archiva.repository.RepositoryContentFactory;
import org.apache.maven.archiva.repository.RepositoryException;
import org.apache.maven.archiva.repository.RepositoryNotFoundException;
import org.apache.maven.archiva.repository.audit.AuditEvent;
import org.apache.maven.archiva.repository.audit.AuditListener;
import org.apache.maven.archiva.repository.audit.Auditable;
import org.apache.maven.archiva.repository.metadata.MetadataTools;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataException;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
import org.apache.maven.archiva.repository.ContentNotFoundException;
import org.apache.maven.archiva.repository.RepositoryException;
import org.apache.maven.archiva.repository.RepositoryNotFoundException;
import org.apache.maven.archiva.repository.ManagedRepositoryContent;
import org.apache.maven.archiva.repository.RepositoryContentFactory;
import org.apache.maven.archiva.security.AccessDeniedException;
import org.apache.maven.archiva.security.ArchivaSecurityException;
import org.apache.maven.archiva.security.ArchivaXworkUser;
import org.apache.maven.archiva.security.PrincipalNotFoundException;
import org.apache.maven.archiva.security.UserRepositories;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.apache.struts2.ServletActionContext;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.Preparable;
import com.opensymphony.xwork2.Validateable;
@ -394,7 +393,11 @@ public class DeleteArtifactAction
addActionError( "Invalid version." );
}
}
catch ( RbacManagerException e )
catch ( AccessDeniedException e )
{
addActionError( e.getMessage() );
}
catch ( ArchivaSecurityException e )
{
addActionError( e.getMessage() );
}

8
archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java
View File

@ -22,13 +22,6 @@ package org.apache.maven.archiva.security;
import java.util.ArrayList;
import java.util.List;
import org.apache.maven.archiva.security.AccessDeniedException;
import org.apache.maven.archiva.security.ArchivaSecurityException;
import org.apache.maven.archiva.security.PrincipalNotFoundException;
import org.apache.maven.archiva.security.UserRepositories;
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
/**
* UserRepositories stub used for testing.
*
@ -62,7 +55,6 @@ public class UserRepositoriesStub
}
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
throws RbacManagerException, RbacObjectNotFoundException
{
return false;
}