diff --git a/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo b/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo
index 4f13ef806..a9a393b7c 100644
--- a/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo
+++ b/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo
@@ -1495,6 +1495,15 @@
*
+
+ authorizerImpls
+ The authorizer impls to use.
+ 1.4.0+
+
+ String
+ *
+
+
ldapConfiguration
the ldap configuration
diff --git a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java
index 295380252..ac47544c9 100644
--- a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java
+++ b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java
@@ -39,6 +39,11 @@ public class RedbackRuntimeConfiguration
*/
private List userManagerImpls = new ArrayList();
+ /**
+ * Field authorizerImpls.
+ */
+ private java.util.List authorizerImpls;
+
private LdapConfiguration ldapConfiguration;
/**
@@ -153,12 +158,23 @@ public class RedbackRuntimeConfiguration
this.usersCacheConfiguration = usersCacheConfiguration;
}
+ public List getAuthorizerImpls()
+ {
+ return authorizerImpls;
+ }
+
+ public void setAuthorizerImpls( List authorizerImpls )
+ {
+ this.authorizerImpls = authorizerImpls;
+ }
+
@Override
public String toString()
{
final StringBuilder sb = new StringBuilder();
sb.append( "RedbackRuntimeConfiguration" );
sb.append( "{userManagerImpls=" ).append( userManagerImpls );
+ sb.append( ", authorizerImpls=" ).append( authorizerImpls );
sb.append( ", ldapConfiguration=" ).append( ldapConfiguration );
sb.append( ", migratedFromRedbackConfiguration=" ).append( migratedFromRedbackConfiguration );
sb.append( ", configurationProperties=" ).append( configurationProperties );
diff --git a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java
index a4fea1b36..73f04ac0f 100644
--- a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java
+++ b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java
@@ -40,7 +40,10 @@ import org.springframework.stereotype.Service;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Named;
+import java.util.Collection;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
/**
* @author Olivier Lamy
@@ -75,7 +78,8 @@ public class DefaultRedbackRuntimeConfigurationAdmin
if ( !redbackRuntimeConfiguration.isMigratedFromRedbackConfiguration() )
{
// so migrate if available
- String userManagerImpl = userConfiguration.getString( UserConfigurationKeys.USER_MANAGER_IMPL );
+ String userManagerImpl =
+ userConfiguration.getConcatenatedList( UserConfigurationKeys.USER_MANAGER_IMPL, "jdo" );
if ( StringUtils.isNotEmpty( userManagerImpl ) )
{
if ( StringUtils.contains( userManagerImpl, ',' ) )
@@ -92,6 +96,25 @@ public class DefaultRedbackRuntimeConfigurationAdmin
}
}
+ String authorizerImpls =
+ userConfiguration.getConcatenatedList( UserConfigurationKeys.AUTHORIZER_IMPL, "rbac" );
+
+ if ( StringUtils.isNotEmpty( authorizerImpls ) )
+ {
+ if ( StringUtils.contains( authorizerImpls, ',' ) )
+ {
+ String[] impls = StringUtils.split( authorizerImpls, ',' );
+ for ( String impl : impls )
+ {
+ redbackRuntimeConfiguration.getAuthorizerImpls().add( impl );
+ }
+ }
+ else
+ {
+ redbackRuntimeConfiguration.getAuthorizerImpls().add( userManagerImpl );
+ }
+ }
+
// now ldap
LdapConfiguration ldapConfiguration = redbackRuntimeConfiguration.getLdapConfiguration();
@@ -130,6 +153,15 @@ public class DefaultRedbackRuntimeConfigurationAdmin
updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration );
}
+ // we ensure authorizerImpls is not empty if so put
+ if ( redbackRuntimeConfiguration.getAuthorizerImpls().isEmpty() )
+ {
+ log.info(
+ "redbackRuntimeConfiguration with empty authorizerImpls so force at least rbac implementation !" );
+ redbackRuntimeConfiguration.getAuthorizerImpls().add( "rbac" );
+ updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration );
+ }
+
boolean save = false;
// NPE free
@@ -502,4 +534,15 @@ public class DefaultRedbackRuntimeConfigurationAdmin
}
return userConfiguration.getConcatenatedList( key, defaultValue );
}
+
+ public Collection getKeys()
+ {
+ Collection keys = userConfiguration.getKeys();
+
+ Set keysSet = new HashSet( keys );
+
+ keysSet.addAll( getRedbackRuntimeConfiguration().getConfigurationProperties().keySet() );
+
+ return keysSet;
+ }
}
diff --git a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java
index d5f6c9eed..cd599fa51 100644
--- a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java
+++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java
@@ -18,12 +18,16 @@ package org.apache.archiva.web.security;
* under the License.
*/
+import org.apache.archiva.admin.model.RepositoryAdminException;
+import org.apache.archiva.admin.model.beans.RedbackRuntimeConfiguration;
+import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
import org.apache.archiva.redback.authorization.AuthorizationDataSource;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.Authorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import javax.inject.Inject;
@@ -40,13 +44,10 @@ public class ArchivaAuthorizer
private Logger log = LoggerFactory.getLogger( getClass() );
@Inject
- @Named( value = "authorizer#rbac" )
- private Authorizer rbacAuthorizer;
-
+ private ApplicationContext applicationContext;
@Inject
- @Named( value = "authorizer#ldap" )
- private Authorizer ldapAuthorizer;
+ private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
public String getId()
{
@@ -58,11 +59,54 @@ public class ArchivaAuthorizer
{
log.debug( "isAuthorized source: {}", source );
- AuthorizationResult result = ldapAuthorizer.isAuthorized( source );
+ try
+ {
+ RedbackRuntimeConfiguration redbackRuntimeConfiguration =
+ redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration();
+ AuthorizationException authorizationException = null;
+ AuthorizationResult lastResult = null;
- return rbacAuthorizer.isAuthorized( source );
+ for ( String id : redbackRuntimeConfiguration.getAuthorizerImpls() )
+ {
+ Authorizer authorizer = getAuthorizer( id );
+
+ AuthorizationResult result = null;
+ try
+ {
+ result = authorizer.isAuthorized( source );
+ log.debug( "AuthorizationResult {} with id '{}", result, id );
+ }
+ catch ( AuthorizationException e )
+ {
+ log.debug( "AuthorizationException {} with id '{}", e.getMessage(), id );
+ authorizationException = e;
+ }
+
+ if ( result.isAuthorized() )
+ {
+ return result;
+ }
+
+ lastResult = result;
+ }
+ if ( authorizationException != null )
+ {
+ throw authorizationException;
+ }
+ return lastResult;
+ }
+ catch ( RepositoryAdminException e )
+ {
+ throw new AuthorizationException( e.getMessage(), e );
+ }
+
+ }
+
+ private Authorizer getAuthorizer( String id )
+ {
+ return applicationContext.getBean( "authorizer#" + id, Authorizer.class );
}
public boolean isFinalImplementation()