From 42a05d50a55b597734c597749020e7896ea9df89 Mon Sep 17 00:00:00 2001 From: Olivier Lamy Date: Thu, 13 Dec 2012 10:25:44 +0000 Subject: [PATCH] add our own LockedAdminEnvironmentCheck as we have to iterate on all possible userManagerImpls git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1421196 13f79535-47bb-0310-9956-ffa450edef68 --- .../ArchivaLockedAdminEnvironmentCheck.java | 146 ++++++++++++++++++ .../webapp/WEB-INF/applicationContext.xml | 3 +- 2 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaLockedAdminEnvironmentCheck.java diff --git a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaLockedAdminEnvironmentCheck.java b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaLockedAdminEnvironmentCheck.java new file mode 100644 index 000000000..8f6137b87 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaLockedAdminEnvironmentCheck.java @@ -0,0 +1,146 @@ +package org.apache.archiva.web.security; +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.archiva.admin.model.RepositoryAdminException; +import org.apache.archiva.admin.model.runtime.ArchivaRuntimeConfigurationAdmin; +import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants; +import org.apache.archiva.redback.rbac.RBACManager; +import org.apache.archiva.redback.rbac.RbacManagerException; +import org.apache.archiva.redback.rbac.UserAssignment; +import org.apache.archiva.redback.system.check.EnvironmentCheck; +import org.apache.archiva.redback.users.User; +import org.apache.archiva.redback.users.UserManager; +import org.apache.archiva.redback.users.UserManagerException; +import org.apache.archiva.redback.users.UserNotFoundException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Service; + +import javax.annotation.PostConstruct; +import javax.inject.Inject; +import javax.inject.Named; +import java.util.ArrayList; +import java.util.List; + +/** + * @author Olivier Lamy + */ +@Service( "environmentCheck#archiva-locked-admin-check" ) +public class ArchivaLockedAdminEnvironmentCheck + implements EnvironmentCheck +{ + + protected Logger log = LoggerFactory.getLogger( getClass() ); + + + @Inject + @Named( value = "rBACManager#cached" ) + private RBACManager rbacManager; + + /** + * boolean detailing if this environment check has been executed + */ + private boolean checked = false; + + @Inject + private ApplicationContext applicationContext; + + @Inject + private ArchivaRuntimeConfigurationAdmin archivaRuntimeConfigurationAdmin; + + private List userManagers; + + @PostConstruct + protected void initialize() + throws RepositoryAdminException + { + List userManagerImpls = + archivaRuntimeConfigurationAdmin.getArchivaRuntimeConfiguration().getUserManagerImpls(); + + userManagers = new ArrayList( userManagerImpls.size() ); + + for ( String beanId : userManagerImpls ) + { + userManagers.add( applicationContext.getBean( "userManager#" + beanId, UserManager.class ) ); + } + } + + /** + * This environment check will unlock system administrator accounts that are locked on the restart of the + * application when the environment checks are processed. + * + * @param violations + */ + public void validateEnvironment( List violations ) + { + if ( !checked ) + { + + for ( UserManager userManager : userManagers ) + { + if ( userManager.isReadOnly() ) + { + continue; + } + List roles = new ArrayList(); + roles.add( RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE ); + + List systemAdminstrators; + try + { + systemAdminstrators = rbacManager.getUserAssignmentsForRoles( roles ); + + for ( UserAssignment userAssignment : systemAdminstrators ) + { + try + { + User admin = userManager.findUser( userAssignment.getPrincipal() ); + + if ( admin.isLocked() ) + { + log.info( "Unlocking system administrator: {}", admin.getUsername() ); + admin.setLocked( false ); + userManager.updateUser( admin ); + } + } + catch ( UserNotFoundException ne ) + { + log.warn( "Dangling UserAssignment -> {}", userAssignment.getPrincipal() ); + } + catch ( UserManagerException e ) + { + log.warn( "fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(), + e.getMessage() ); + } + } + } + catch ( RbacManagerException e ) + { + log.warn( "Exception when checking for locked admin user: " + e.getMessage(), e ); + } + + checked = true; + } + + } + + } +} diff --git a/archiva-modules/archiva-web/archiva-webapp-js/src/main/webapp/WEB-INF/applicationContext.xml b/archiva-modules/archiva-web/archiva-webapp-js/src/main/webapp/WEB-INF/applicationContext.xml index dd4780e0d..8ea55ac88 100644 --- a/archiva-modules/archiva-web/archiva-webapp-js/src/main/webapp/WEB-INF/applicationContext.xml +++ b/archiva-modules/archiva-web/archiva-webapp-js/src/main/webapp/WEB-INF/applicationContext.xml @@ -136,7 +136,8 @@ - + +