add role profiles

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@450822 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Brett Porter 2006-09-28 12:06:45 +00:00
parent 1e99374aee
commit 46926538b8
20 changed files with 253 additions and 540 deletions

View File

@ -18,14 +18,42 @@ package org.apache.maven.archiva.security;
public class ArchivaRoleConstants
{
public static final String DELIMITER = " - ";
// globalish roles
public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
public static final String REGISTERED_USER_ROLE = "Registered User";
public static final String GUEST_ROLE = "Guest";
// dynamic role prefixes
public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
public static final String REPOSITORY_OBSERVER_ROLE_PREFIX = "Repository Observer";
// operations
public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
public static final String OPERATION_RUN_INDEXER = "archiva-run-indexer";
public static final String OPERATION_REGENERATE_INDEX = "archiva-regenerate-index";
public static final String OPERATION_ACCESS_REPORT = "archiva-access-reports";
public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
public static final String OPERATION_REPOSITORY_ACCESS = "archiva-read-repository";
public static final String OPERATION_DELETE_REPOSITORY = "archiva-delete-repository";
public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
}

View File

@ -39,6 +39,12 @@ public class ArchivaSystemAdministratorRoleProfile
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );
operations.add( ArchivaRoleConstants.OPERATION_ACCESS_REPORT ); // TODO: does this need to be templated?
operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
return operations;
}

View File

@ -0,0 +1,61 @@
package org.apache.maven.archiva.security;
/*
* Copyright 2005-2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
/**
* @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
* role-hint="archiva-repository-manager"
*/
public class RepsitoryManagerDynamicRoleProfile
extends AbstractDynamicRoleProfile
{
public String getRoleName( String string )
{
return ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
}
public List getOperations()
{
List operations = new ArrayList();
// I'm not sure these are appropriate roles.
operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
return operations;
}
public List getDynamicChildRoles( String string )
{
return Collections.singletonList(
ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string );
}
public boolean isAssignable()
{
return true;
}
}

View File

@ -0,0 +1,47 @@
package org.apache.maven.archiva.security;
/*
* Copyright 2005-2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
import java.util.List;
import java.util.ArrayList;
/**
* @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
* role-hint="archiva-repository-observer"
*/
public class RepsitoryObserverDynamicRoleProfile
extends AbstractDynamicRoleProfile
{
public String getRoleName( String string )
{
return ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
}
public List getOperations()
{
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
return operations;
}
public boolean isAssignable()
{
return true;
}
}

View File

@ -63,5 +63,25 @@
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
<role-hint>archiva-repository-manager</role-hint>
<implementation>org.apache.maven.archiva.security.RepositoryManagerDynamicRoleProfile</implementation>
<requirements>
<requirement>
<role>org.codehaus.plexus.security.rbac.RBACManager</role>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
<role-hint>archiva-repository-observer</role-hint>
<implementation>org.apache.maven.archiva.security.RepositoryObserverDynamicRoleProfile</implementation>
<requirements>
<requirement>
<role>org.codehaus.plexus.security.rbac.RBACManager</role>
</requirement>
</requirements>
</component>
</components>
</component-set>

View File

@ -207,6 +207,11 @@
<artifactId>plexus-utils</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-mail-sender-javamail</artifactId>
<version>1.0-alpha-3</version>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>

View File

@ -1,97 +0,0 @@
package org.apache.maven.archiva.web;
/*
* Copyright 2001-2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import org.codehaus.plexus.security.user.User;
import org.codehaus.plexus.security.rbac.RbacManagerException;
/**
* ArchivaSecurityDefaults
*
* NOTE: this is targeted for removal with the forth coming rbac role templating
*
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @version $Id$
*/
public interface ArchivaSecurityDefaults
{
public static final String ROLE = ArchivaSecurityDefaults.class.getName();
public static final String GUEST_USERNAME = "guest";
public static final String INDEX_REGENERATE_OPERATION = "regenerate-index";
public static final String INDEX_REGENERATE_PERMISSION = "Regenerate Index";
public static final String INDEX_RUN_OPERATION = "run-indexer";
public static final String INDEX_RUN_PERMISSION = "Run Indexer";
public static final String REPORTS_ACCESS_OPERATION = "access-reports";
public static final String REPORTS_ACCESS_PERMISSION = "Access Reports";
public static final String REPORTS_GENERATE_OPERATION = "generate-reports";
public static final String REPORTS_GENERATE_PERMISSION = "Generate Reports";
public static final String REPOSITORY_ACCESS = "Access Repository";
public static final String REPOSITORY_ACCESS_OPERATION = "read-repository";
public static final String REPOSITORY_ADD_OPERATION = "add-repository";
public static final String REPOSITORY_ADD_PERMISSION = "Add Repository";
public static final String REPOSITORY_DELETE = "Delete Repository";
public static final String REPOSITORY_DELETE_OPERATION = "delete-repository";
public static final String REPOSITORY_EDIT = "Edit Repository";
public static final String REPOSITORY_EDIT_OPERATION = "edit-repository";
public static final String REPOSITORY_MANAGER = "Repository Manager";
public static final String REPOSITORY_OBSERVER = "Repository Observer";
public static final String REPOSITORY_UPLOAD = "Repository Upload";
public static final String REPOSITORY_UPLOAD_OPERATION = "upload-repository";
public static final String ROLES_GRANT_OPERATION = "grant-roles";
public static final String ROLES_GRANT_PERMISSION = "Grant Roles";
public static final String ROLES_REMOVE_OPERATION = "remove-roles";
public static final String ROLES_REMOVE_PERMISSION = "Remove Roles";
public static final String SYSTEM_ADMINISTRATOR = "System Administrator";
public static final String USER_ADMINISTRATOR = "User Administrator";
public static final String USER_EDIT_OPERATION = "edit-user";
public static final String USERS_EDIT_ALL_OPERATION = "edit-all-users";
public static final String USERS_EDIT_ALL_PERMISSION = "Edit All Users";
public void ensureDefaultsExist()
throws RbacManagerException;
}

View File

@ -1,147 +0,0 @@
package org.apache.maven.archiva.web;
/*
* Copyright 2001-2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
import org.codehaus.plexus.security.rbac.Operation;
import org.codehaus.plexus.security.rbac.Permission;
import org.codehaus.plexus.security.rbac.RBACManager;
import org.codehaus.plexus.security.rbac.RbacManagerException;
/**
* DefaultArchivaSecurityDefaults
*
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @version $Id$
* @plexus.component role="org.apache.maven.archiva.web.ArchivaSecurityDefaults"
*/
public class DefaultArchivaSecurityDefaults
extends AbstractLogEnabled
implements ArchivaSecurityDefaults, Initializable
{
/**
* @plexus.requirement
*/
private RBACManager rbacManager;
private boolean initialized = false;
public void ensureDefaultsExist()
throws RbacManagerException
{
if ( initialized )
{
return;
}
ensureOperationsExist();
ensurePermissionsExist();
ensureRolesExist();
initialized = true;
}
private void ensureOperationExists( String operationName )
throws RbacManagerException
{
if ( !rbacManager.operationExists( operationName ) )
{
Operation operation = rbacManager.createOperation( operationName );
rbacManager.saveOperation( operation );
}
}
private void ensureOperationsExist()
throws RbacManagerException
{
ensureOperationExists( REPOSITORY_ADD_OPERATION );
ensureOperationExists( REPOSITORY_EDIT_OPERATION );
ensureOperationExists( REPOSITORY_DELETE_OPERATION );
ensureOperationExists( INDEX_RUN_OPERATION );
ensureOperationExists( INDEX_REGENERATE_OPERATION );
ensureOperationExists( REPORTS_ACCESS_OPERATION );
ensureOperationExists( REPORTS_GENERATE_OPERATION );
ensureOperationExists( USER_EDIT_OPERATION );
ensureOperationExists( USERS_EDIT_ALL_OPERATION );
ensureOperationExists( ROLES_GRANT_OPERATION );
ensureOperationExists( ROLES_REMOVE_OPERATION );
ensureOperationExists( REPOSITORY_ACCESS_OPERATION );
ensureOperationExists( REPOSITORY_UPLOAD_OPERATION );
}
private void ensurePermissionExists( String permissionName, String operationName, String resourceIdentifier )
throws RbacManagerException
{
if ( !rbacManager.permissionExists( permissionName ) )
{
Permission editConfiguration =
rbacManager.createPermission( permissionName, operationName, resourceIdentifier );
rbacManager.savePermission( editConfiguration );
}
}
private void ensurePermissionsExist()
throws RbacManagerException
{
String globalResource = rbacManager.getGlobalResource().getIdentifier();
ensurePermissionExists( REPORTS_ACCESS_PERMISSION, REPORTS_ACCESS_OPERATION, globalResource );
ensurePermissionExists( REPORTS_GENERATE_PERMISSION, REPORTS_GENERATE_OPERATION, globalResource );
ensurePermissionExists( INDEX_RUN_PERMISSION, INDEX_RUN_OPERATION, globalResource );
ensurePermissionExists( INDEX_REGENERATE_PERMISSION, INDEX_REGENERATE_OPERATION, globalResource );
ensurePermissionExists( REPOSITORY_ADD_PERMISSION, REPOSITORY_ADD_OPERATION, globalResource );
ensurePermissionExists( REPOSITORY_ACCESS, "access-repository", globalResource );
ensurePermissionExists( REPOSITORY_UPLOAD, REPOSITORY_UPLOAD_OPERATION, globalResource );
}
private void ensureRolesExist()
throws RbacManagerException
{
/* TODO!
if ( !rbacManager.roleExists( SYSTEM_ADMINISTRATOR ) )
{
Role admin = rbacManager.createRole( SYSTEM_ADMINISTRATOR );
admin.addChildRoleName( rbacManager.getRole( USER_ADMINISTRATOR ).getName() );
admin.addPermission( rbacManager.getPermission( CONFIGURATION_EDIT_PERMISSION ) );
admin.addPermission( rbacManager.getPermission( INDEX_RUN_PERMISSION ) );
admin.addPermission( rbacManager.getPermission( REPOSITORY_ADD_PERMISSION ) );
admin.addPermission( rbacManager.getPermission( REPORTS_ACCESS_PERMISSION ) );
admin.addPermission( rbacManager.getPermission( REPORTS_GENERATE_PERMISSION ) );
admin.addPermission( rbacManager.getPermission( INDEX_REGENERATE_PERMISSION ) );
admin.setAssignable( true );
rbacManager.saveRole( admin );
}
*/
}
public void initialize()
throws InitializationException
{
try
{
ensureDefaultsExist();
}
catch ( RbacManagerException e )
{
throw new InitializationException( e.getMessage(), e );
}
}
}

View File

@ -16,7 +16,6 @@ package org.apache.maven.archiva.web.action;
* limitations under the License.
*/
import com.opensymphony.xwork.ActionSupport;
import com.opensymphony.xwork.Preparable;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ConfigurationStore;
@ -29,8 +28,13 @@ import org.apache.maven.archiva.reporting.ReportExecutor;
import org.apache.maven.archiva.reporting.ReportGroup;
import org.apache.maven.archiva.reporting.ReportingDatabase;
import org.apache.maven.archiva.reporting.ReportingStoreException;
import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.maven.artifact.repository.ArtifactRepository;
import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
import org.codehaus.plexus.security.rbac.Resource;
import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import java.util.ArrayList;
@ -42,10 +46,11 @@ import java.util.Map;
* Repository reporting.
*
* @plexus.component role="com.opensymphony.xwork.Action" role-hint="reportsAction"
* @todo split report access and report generation
*/
public class ReportsAction
extends PlexusActionSupport
implements Preparable
implements Preparable, SecureAction
{
/**
* @plexus.requirement
@ -223,4 +228,15 @@ public class ReportsAction
{
this.filter = filter;
}
public SecureActionBundle getSecureActionBundle()
throws SecureActionException
{
SecureActionBundle bundle = new SecureActionBundle();
bundle.setRequiresAuthentication( true );
bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_ACCESS_REPORT, Resource.GLOBAL );
return bundle;
}
}

View File

@ -24,9 +24,14 @@ import org.apache.maven.archiva.configuration.ConfigurationChangeException;
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
import org.apache.maven.archiva.configuration.InvalidConfigurationException;
import org.apache.maven.archiva.web.util.RoleManager;
import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import org.codehaus.plexus.security.rbac.RbacManagerException;
import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
import org.codehaus.plexus.rbac.profile.RoleProfileException;
import org.codehaus.plexus.rbac.profile.RoleProfileManager;
import java.io.IOException;
@ -37,7 +42,7 @@ import java.io.IOException;
*/
public abstract class AbstractConfigureRepositoryAction
extends PlexusActionSupport
implements ModelDriven, Preparable
implements ModelDriven, Preparable, SecureAction
{
/**
* @plexus.requirement
@ -45,9 +50,9 @@ public abstract class AbstractConfigureRepositoryAction
private ConfigurationStore configurationStore;
/**
* @plexus.requirement
* @plexus.requirement role-hint="archiva"
*/
protected RoleManager roleManager;
protected RoleProfileManager roleProfileManager;
/**
* The repository.
@ -66,7 +71,7 @@ public abstract class AbstractConfigureRepositoryAction
public String add()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
RbacManagerException
RbacManagerException, RoleProfileException
{
// TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
@ -82,7 +87,7 @@ public abstract class AbstractConfigureRepositoryAction
public String edit()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
RbacManagerException
RbacManagerException, RoleProfileException
{
// TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
@ -98,12 +103,10 @@ public abstract class AbstractConfigureRepositoryAction
private String saveConfiguration()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
RbacManagerException
RbacManagerException, RoleProfileException
{
addRepository();
roleManager.addRepository( repository.getId() );
configurationStore.storeConfiguration( configuration );
// TODO: do we need to check if indexing is needed?
@ -114,7 +117,7 @@ public abstract class AbstractConfigureRepositoryAction
}
protected abstract void addRepository()
throws IOException;
throws IOException, RoleProfileException;
public String input()
{
@ -162,4 +165,19 @@ public abstract class AbstractConfigureRepositoryAction
{
return configuration;
}
public SecureActionBundle getSecureActionBundle()
throws SecureActionException
{
SecureActionBundle bundle = new SecureActionBundle();
if ( getRepoId() != null )
{
bundle.setRequiresAuthentication( true );
// TODO: this is not right. It needs to change based on method
bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
}
return bundle;
}
}

View File

@ -18,6 +18,11 @@ package org.apache.maven.archiva.web.action.admin;
import org.apache.maven.archiva.configuration.AbstractRepositoryConfiguration;
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.rbac.profile.RoleProfileException;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
import org.codehaus.plexus.security.rbac.Resource;
import java.io.File;
import java.io.IOException;
@ -41,7 +46,7 @@ public class ConfigureRepositoryAction
}
protected void addRepository()
throws IOException
throws IOException, RoleProfileException
{
RepositoryConfiguration repository = (RepositoryConfiguration) getRepository();
@ -55,6 +60,11 @@ public class ConfigureRepositoryAction
}
configuration.addRepository( repository );
// TODO: double check these are configured on start up
roleProfileManager.getDynamicRole( "archiva-repository-manager", repository.getId() );
roleProfileManager.getDynamicRole( "archiva-repository-observer", repository.getId() );
}
protected AbstractRepositoryConfiguration createRepository()

View File

@ -18,21 +18,9 @@ package org.apache.maven.archiva.web.interceptor;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
import org.apache.maven.archiva.web.util.RoleManager;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.security.rbac.RBACManager;
import org.codehaus.plexus.security.rbac.RbacManagerException;
import org.codehaus.plexus.security.user.User;
import org.codehaus.plexus.security.user.UserManager;
import org.codehaus.plexus.security.user.UserNotFoundException;
import java.util.Iterator;
import java.util.Map;
/**
* An interceptor that makes the application configuration available
@ -50,28 +38,6 @@ public class ConfigurationInterceptor
*/
private ConfigurationStore configurationStore;
/**
* @plexus.requirement
*/
private RoleManager roleManager;
/**
* @plexus.requirement
*/
private RBACManager rbacManager;
/**
* @plexus.requirement
*/
private UserManager userManager;
/**
* @plexus.requirement
*/
private ArchivaSecurityDefaults archivaDefaults;
private boolean adminInitialized = false;
/**
*
* @param actionInvocation
@ -81,30 +47,6 @@ public class ConfigurationInterceptor
public String intercept( ActionInvocation actionInvocation )
throws Exception
{
archivaDefaults.ensureDefaultsExist();
ensureRepoRolesExist();
if ( !adminInitialized )
{
adminInitialized = true;
try
{
User user = userManager.findUser( "admin" );
if ( user == null )
{
getLogger().info( "No admin user configured - forwarding to admin user creation page." );
return "admin-user-needed";
}
getLogger().info( "Admin user found. No need to configure admin user." );
}
catch ( UserNotFoundException e )
{
getLogger().info( "No admin user found - forwarding to admin user creation page." );
return "admin-user-needed";
}
}
Configuration configuration = configurationStore.getConfigurationFromStore();
if ( !configuration.isValid() )
@ -126,39 +68,6 @@ public class ConfigurationInterceptor
}
}
public void ensureRepoRolesExist()
throws RbacManagerException
{
try
{
if ( configurationStore.getConfigurationFromStore().isValid() )
{
Map repositories = configurationStore.getConfigurationFromStore().getRepositoriesMap();
for ( Iterator i = repositories.keySet().iterator(); i.hasNext(); )
{
String id = (String) i.next();
if ( !rbacManager.roleExists( "Repository Observer - " + id ) )
{
getLogger().info( "recovering Repository Observer - " + id );
roleManager.addRepository( id );
}
if ( !rbacManager.roleExists( "Repository Manager - " + id ) )
{
getLogger().info( "recovering Repository Manager - " + id );
roleManager.addRepository( id );
}
}
}
}
catch ( ConfigurationStoreException e )
{
throw new RuntimeException( "error with configurationStore()" );
}
}
public void destroy()
{
// This space left intentionally blank

View File

@ -22,16 +22,16 @@ import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.servlet.AbstractPlexusServlet;
import org.codehaus.plexus.security.authentication.AuthenticationException;
import org.codehaus.plexus.security.authentication.AuthenticationResult;
import org.codehaus.plexus.security.authorization.AuthorizationException;
import org.codehaus.plexus.security.policy.AccountLockedException;
import org.codehaus.plexus.security.policy.MustChangePasswordException;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.ui.web.filter.authentication.HttpAuthenticator;
import org.codehaus.plexus.security.policy.AccountLockedException;
import org.codehaus.plexus.security.policy.MustChangePasswordException;
import org.codehaus.plexus.util.FileUtils;
import org.codehaus.plexus.util.StringUtils;
@ -47,11 +47,10 @@ import java.util.Map;
/**
* RepositoryAccess - access read/write to the repository.
*
* @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
* role-hint="repositoryAccess"
*
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @version $Id$
* @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
* role-hint="repositoryAccess"
* @todo CACHE REPOSITORY LIST
*/
public class RepositoryAccess
@ -72,11 +71,6 @@ public class RepositoryAccess
*/
private HttpAuthenticator httpAuth;
/**
* @plexus.requirement
*/
private ArchivaSecurityDefaults archivaSecurity;
/**
* List of request methods that fall into the category of 'access' or 'read' of a repository.
* All other method requests are to be considered 'write' or 'upload' requests.
@ -165,8 +159,8 @@ public class RepositoryAccess
}
catch ( MustChangePasswordException e )
{
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
new AuthenticationException("You must change your password before you can attempt this again.") );
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), new AuthenticationException(
"You must change your password before you can attempt this again." ) );
}
// Authorization Tests.
@ -176,11 +170,11 @@ public class RepositoryAccess
SecuritySession securitySession = httpAuth.getSecuritySession();
try
{
String permission = ArchivaSecurityDefaults.REPOSITORY_ACCESS;
String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
if ( isWriteRequest )
{
permission = ArchivaSecurityDefaults.REPOSITORY_UPLOAD;
permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
}
permission += " - " + repoconfig.getId();
@ -204,8 +198,8 @@ public class RepositoryAccess
RepositoryMapping repo = getRepositoryMapping( repoconfig );
response.setHeader( "Server", getServletContext().getServerInfo() + " Archiva : "
+ DAVUtilities.SERVLET_SIGNATURE );
response.setHeader( "Server",
getServletContext().getServerInfo() + " Archiva : " + DAVUtilities.SERVLET_SIGNATURE );
DAVTransaction transaction = new DAVTransaction( request, response );
try

View File

@ -1,97 +0,0 @@
package org.apache.maven.archiva.web.util;
/*
* Copyright 2001-2006 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.security.rbac.Permission;
import org.codehaus.plexus.security.rbac.RBACManager;
import org.codehaus.plexus.security.rbac.RbacManagerException;
import org.codehaus.plexus.security.rbac.Resource;
import org.codehaus.plexus.security.rbac.Role;
import org.codehaus.plexus.security.user.User;
import org.codehaus.plexus.security.user.UserManager;
/**
* DefaultRoleManager:
* @todo remove!
*
* @author Jesse McConnell <jmcconnell@apache.org>
* @version $Id:$
* @plexus.component role="org.apache.maven.archiva.web.util.RoleManager"
* role-hint="default"
*/
public class DefaultRoleManager
extends AbstractLogEnabled
implements RoleManager
{
/**
* @plexus.requirement
*/
private RBACManager manager;
public void addRepository( String repositoryName )
throws RbacManagerException
{
// make the resource
Resource repoResource = manager.createResource( repositoryName );
repoResource = manager.saveResource( repoResource );
// make the permissions
Permission editRepo =
manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName );
editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) );
editRepo.setResource( repoResource );
editRepo = manager.savePermission( editRepo );
Permission deleteRepo =
manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName );
deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) );
deleteRepo.setResource( repoResource );
deleteRepo = manager.savePermission( deleteRepo );
Permission accessRepo =
manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName );
accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) );
accessRepo.setResource( repoResource );
accessRepo = manager.savePermission( accessRepo );
Permission uploadRepo =
manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName );
uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) );
uploadRepo.setResource( repoResource );
uploadRepo = manager.savePermission( uploadRepo );
// make the roles
Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) );
repositoryObserver.setAssignable( true );
repositoryObserver = manager.saveRole( repositoryObserver );
Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName );
repositoryManager.addPermission( editRepo );
repositoryManager.addPermission( deleteRepo );
repositoryManager.addPermission( accessRepo );
repositoryManager.addPermission( uploadRepo );
repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) );
repositoryManager.addChildRoleName( repositoryObserver.getName() );
repositoryManager.setAssignable( true );
manager.saveRole( repositoryManager );
}
}

View File

@ -1,34 +0,0 @@
package org.apache.maven.archiva.web.util;
/*
* Copyright 2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import org.codehaus.plexus.security.rbac.RbacManagerException;
/**
* RoleManager:
*
* @author Jesse McConnell <jmcconnell@apache.org>
* @version $Id:$
*/
public interface RoleManager
{
public static final String ROLE = RoleManager.class.getName();
public void addRepository( String repositoryName )
throws RbacManagerException;
}

View File

@ -441,8 +441,5 @@
<component>
<role>org.apache.maven.archiva.scheduler.RepositoryTaskScheduler</role>
</component>
<component>
<role>org.apache.maven.archiva.web.ArchivaSecurityDefaults</role>
</component>
</load-on-start>
</plexus>

View File

@ -1,24 +0,0 @@
#
# properties that might be used in plexus-security initialization
#
#
# operations
#
addRepositoryOperation=add-repository
editRepositoryOperation=edit-repository
deleteRepositoryOperation=delete-repository
editConfiguration=edit-configuration
runIndexer=run-indexer
regenerateIndex=regenerate-index
accessReports=access-reports
generateReports=generate-reports
editAllUsers=edit-all-users
editUser=edit-user
grantRoles=grant-roles
removeRoles=remove-roles

View File

@ -52,7 +52,7 @@
</td>
<%-- TODO: a "delete index and run now" operation should be here too (really clean, remove deletions that didn't get picked up) --%>
<td>
<pss:ifAuthorized permission="run-indexer">
<pss:ifAuthorized permission="archiva-run-indexer">
<a href="<ww:url action="runIndexer" />">Run Now</a>
</pss:ifAuthorized>
</td>
@ -82,7 +82,7 @@
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
<pss:ifAuthorized permission="add-repository">
<pss:ifAuthorized permission="archiva-add-repository">
<ww:url id="addRepositoryUrl" action="addRepository" method="input"/>
<ww:a href="%{addRepositoryUrl}">Add Repository</ww:a>
</pss:ifAuthorized>
@ -104,7 +104,8 @@
<ww:param name="repoId" value="%{'${repository.id}'}" />
</ww:url>
<%-- TODO replace with icons --%>
<pss:ifAuthorized permission="edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized><pss:ifAuthorized permission="delete-repository" resource="${repository.id}"> <ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
<pss:ifAuthorized permission="archiva-edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized>
<pss:ifAuthorized permission="archiva-delete-repository" resource="${repository.id}"><ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
</div>
<h3>${repository.name}</h3>
<table class="infoTable">

View File

@ -92,10 +92,10 @@
<my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl>
</li>
</ul>
<pss:ifAnyAuthorized permissions="archiva-manage-users,access-reports,archiva-manage-configuration">
<pss:ifAnyAuthorized permissions="archiva-manage-users,archiva-access-reports,archiva-manage-configuration">
<h5>Manage</h5>
<ul>
<pss:ifAuthorized permission="access-reports">
<pss:ifAuthorized permission="archiva-access-reports">
<li class="none">
<my:currentWWUrl action="reports" namespace="/admin">Reports</my:currentWWUrl>
</li>

View File

@ -34,7 +34,7 @@
<div id="contentArea">
<pss:ifAnyAuthorized permissions="generate-reports">
<pss:ifAnyAuthorized permissions="archiva-generate-reports">
<ww:form action="reports" namespace="/admin">
<ww:select list="reports" label="Report" name="reportGroup" onchange="document.reports.submit();"/>
<ww:select list="configuration.repositories" listKey="id" listValue="name" label="Repository" headerKey="-"
@ -55,7 +55,7 @@
--%>
<c:choose>
<c:when test="${!database.inProgress}">
<pss:ifAuthorized permission="generate-reports">
<pss:ifAuthorized permission="archiva-generate-reports">
<ww:url id="regenerateReportUrl" action="runReport" namespace="/admin">
<ww:param name="repositoryId">${database.repository.id}</ww:param>
<ww:param name="reportGroup" value="reportGroup"/>