mirror of https://github.com/apache/archiva.git
[MRM-137] rename security defaults, and make default construction a load-on-start component instead of waiting for requests
git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@448028 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
7d0e395769
commit
70618a63a9
|
@ -19,16 +19,16 @@ package org.apache.maven.archiva.web;
|
|||
import org.codehaus.plexus.security.user.User;
|
||||
|
||||
/**
|
||||
* ArchivaDefaults
|
||||
* ArchivaSecurityDefaults
|
||||
*
|
||||
* NOTE: this is targeted for removal with the forth coming rbac role templating
|
||||
*
|
||||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
|
||||
* @version $Id$
|
||||
*/
|
||||
public interface ArchivaDefaults
|
||||
public interface ArchivaSecurityDefaults
|
||||
{
|
||||
public static final String ROLE = ArchivaDefaults.class.getName();
|
||||
public static final String ROLE = ArchivaSecurityDefaults.class.getName();
|
||||
|
||||
public static final String GUEST_USERNAME = "guest";
|
||||
|
|
@ -30,15 +30,15 @@ import org.codehaus.plexus.security.user.UserNotFoundException;
|
|||
import org.codehaus.plexus.security.policy.UserSecurityPolicy;
|
||||
|
||||
/**
|
||||
* DefaultArchivaDefaults
|
||||
* DefaultArchivaSecurityDefaults
|
||||
*
|
||||
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
|
||||
* @version $Id$
|
||||
* @plexus.component role="org.apache.maven.archiva.web.ArchivaDefaults"
|
||||
* @plexus.component role="org.apache.maven.archiva.web.ArchivaSecurityDefaults"
|
||||
*/
|
||||
public class DefaultArchivaDefaults
|
||||
public class DefaultArchivaSecurityDefaults
|
||||
extends AbstractLogEnabled
|
||||
implements ArchivaDefaults, Initializable
|
||||
implements ArchivaSecurityDefaults, Initializable
|
||||
{
|
||||
/**
|
||||
* @plexus.requirement
|
|
@ -22,7 +22,6 @@ import org.apache.maven.archiva.configuration.Configuration;
|
|||
import org.apache.maven.archiva.configuration.ConfigurationStore;
|
||||
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
|
||||
import org.apache.maven.archiva.web.util.RoleManager;
|
||||
import org.apache.maven.archiva.web.ArchivaDefaults;
|
||||
import org.codehaus.plexus.logging.AbstractLogEnabled;
|
||||
import org.codehaus.plexus.security.rbac.RBACManager;
|
||||
|
||||
|
@ -54,11 +53,6 @@ public class ConfigurationInterceptor
|
|||
*/
|
||||
private RBACManager rbacManager;
|
||||
|
||||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private ArchivaDefaults archivaDefaults;
|
||||
|
||||
/**
|
||||
*
|
||||
* @param actionInvocation
|
||||
|
@ -68,7 +62,6 @@ public class ConfigurationInterceptor
|
|||
public String intercept( ActionInvocation actionInvocation )
|
||||
throws Exception
|
||||
{
|
||||
archivaDefaults.ensureDefaultsExist();
|
||||
ensureRepoRolesExist();
|
||||
|
||||
// determine if we need an admin account made
|
||||
|
|
|
@ -22,7 +22,7 @@ import org.apache.maven.archiva.configuration.Configuration;
|
|||
import org.apache.maven.archiva.configuration.ConfigurationStore;
|
||||
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
|
||||
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
|
||||
import org.apache.maven.archiva.web.ArchivaDefaults;
|
||||
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
|
||||
import org.apache.maven.archiva.web.servlet.AbstractPlexusServlet;
|
||||
import org.codehaus.plexus.security.authentication.AuthenticationException;
|
||||
import org.codehaus.plexus.security.authentication.AuthenticationResult;
|
||||
|
@ -75,7 +75,7 @@ public class RepositoryAccess
|
|||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private ArchivaDefaults archiva;
|
||||
private ArchivaSecurityDefaults archivaSecurity;
|
||||
|
||||
/**
|
||||
* List of request methods that fall into the category of 'access' or 'read' of a repository.
|
||||
|
@ -143,7 +143,7 @@ public class RepositoryAccess
|
|||
AuthenticationResult result;
|
||||
try
|
||||
{
|
||||
result = httpAuth.getAuthenticationResult( request, response, archiva.getGuestUser().getPrincipal()
|
||||
result = httpAuth.getAuthenticationResult( request, response, archivaSecurity.getGuestUser().getPrincipal()
|
||||
.toString() );
|
||||
|
||||
if ( !result.isAuthenticated() )
|
||||
|
@ -177,11 +177,11 @@ public class RepositoryAccess
|
|||
SecuritySession securitySession = httpAuth.getSecuritySession();
|
||||
try
|
||||
{
|
||||
String permission = ArchivaDefaults.REPOSITORY_ACCESS;
|
||||
String permission = ArchivaSecurityDefaults.REPOSITORY_ACCESS;
|
||||
|
||||
if ( isWriteRequest )
|
||||
{
|
||||
permission = ArchivaDefaults.REPOSITORY_UPLOAD;
|
||||
permission = ArchivaSecurityDefaults.REPOSITORY_UPLOAD;
|
||||
}
|
||||
|
||||
permission += " - " + repoconfig.getId();
|
||||
|
|
|
@ -16,7 +16,7 @@ package org.apache.maven.archiva.web.util;
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import org.apache.maven.archiva.web.ArchivaDefaults;
|
||||
import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
|
||||
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
|
||||
import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
|
||||
import org.codehaus.plexus.security.rbac.Permission;
|
||||
|
@ -47,14 +47,14 @@ public class DefaultRoleManager
|
|||
/**
|
||||
* @plexus.requirement
|
||||
*/
|
||||
private ArchivaDefaults archivaDefaults;
|
||||
private ArchivaSecurityDefaults archivaSecurity;
|
||||
|
||||
private boolean initialized;
|
||||
|
||||
public void initialize()
|
||||
throws InitializationException
|
||||
{
|
||||
archivaDefaults.ensureDefaultsExist();
|
||||
archivaSecurity.ensureDefaultsExist();
|
||||
initialized = true;
|
||||
}
|
||||
|
||||
|
@ -91,7 +91,7 @@ public class DefaultRoleManager
|
|||
throws RbacStoreException
|
||||
{
|
||||
UserAssignment assignment = manager.createUserAssignment( principal );
|
||||
assignment.addRoleName( ArchivaDefaults.SYSTEM_ADMINISTRATOR );
|
||||
assignment.addRoleName( ArchivaSecurityDefaults.SYSTEM_ADMINISTRATOR );
|
||||
manager.saveUserAssignment( assignment );
|
||||
}
|
||||
|
||||
|
@ -105,29 +105,29 @@ public class DefaultRoleManager
|
|||
repoResource = manager.saveResource( repoResource );
|
||||
|
||||
// make the permissions
|
||||
Permission editRepo = manager.createPermission( ArchivaDefaults.REPOSITORY_EDIT + " - " + repositoryName );
|
||||
editRepo.setOperation( manager.getOperation( ArchivaDefaults.REPOSITORY_EDIT_OPERATION ) );
|
||||
Permission editRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName );
|
||||
editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) );
|
||||
editRepo.setResource( repoResource );
|
||||
editRepo = manager.savePermission( editRepo );
|
||||
|
||||
Permission deleteRepo = manager.createPermission( ArchivaDefaults.REPOSITORY_DELETE + " - " + repositoryName );
|
||||
deleteRepo.setOperation( manager.getOperation( ArchivaDefaults.REPOSITORY_DELETE_OPERATION ) );
|
||||
Permission deleteRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName );
|
||||
deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) );
|
||||
deleteRepo.setResource( repoResource );
|
||||
deleteRepo = manager.savePermission( deleteRepo );
|
||||
|
||||
Permission accessRepo = manager.createPermission( ArchivaDefaults.REPOSITORY_ACCESS + " - " + repositoryName );
|
||||
accessRepo.setOperation( manager.getOperation( ArchivaDefaults.REPOSITORY_ACCESS_OPERATION ) );
|
||||
Permission accessRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName );
|
||||
accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) );
|
||||
accessRepo.setResource( repoResource );
|
||||
accessRepo = manager.savePermission( accessRepo );
|
||||
|
||||
Permission uploadRepo = manager.createPermission( ArchivaDefaults.REPOSITORY_UPLOAD + " - " + repositoryName );
|
||||
uploadRepo.setOperation( manager.getOperation( ArchivaDefaults.REPOSITORY_UPLOAD_OPERATION ) );
|
||||
Permission uploadRepo = manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName );
|
||||
uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) );
|
||||
uploadRepo.setResource( repoResource );
|
||||
uploadRepo = manager.savePermission( uploadRepo );
|
||||
|
||||
// make the roles
|
||||
Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
|
||||
repositoryObserver.addPermission( manager.getPermission( ArchivaDefaults.REPORTS_ACCESS_PERMISSION ) );
|
||||
repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) );
|
||||
repositoryObserver.setAssignable( true );
|
||||
repositoryObserver = manager.saveRole( repositoryObserver );
|
||||
|
||||
|
@ -136,7 +136,7 @@ public class DefaultRoleManager
|
|||
repositoryManager.addPermission( deleteRepo );
|
||||
repositoryManager.addPermission( accessRepo );
|
||||
repositoryManager.addPermission( uploadRepo );
|
||||
repositoryManager.addPermission( manager.getPermission( ArchivaDefaults.REPORTS_GENERATE_PERMISSION ) );
|
||||
repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) );
|
||||
repositoryManager.addChildRoleName( repositoryObserver.getName() );
|
||||
repositoryManager.setAssignable( true );
|
||||
manager.saveRole( repositoryManager );
|
||||
|
|
|
@ -227,5 +227,8 @@
|
|||
<component>
|
||||
<role>org.apache.maven.archiva.scheduler.RepositoryTaskScheduler</role>
|
||||
</component>
|
||||
<component>
|
||||
<role>org.apache.maven.archiva.web.ArchivaSecurityDefaults</role>
|
||||
</component>
|
||||
</load-on-start>
|
||||
</plexus>
|
||||
|
|
Loading…
Reference in New Issue