[MRM-1736] map roles to ldap groups

make authorizer impls dynamic

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1430611 13f79535-47bb-0310-9956-ffa450edef68

archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo

@@ -1495,6 +1495,15 @@
             <multiplicity>*</multiplicity>
           </association>
         </field>
+        <field>
+          <name>authorizerImpls</name>
+          <description>The authorizer impls to use.</description>
+          <version>1.4.0+</version>
+          <association>
+            <type>String</type>
+            <multiplicity>*</multiplicity>
+          </association>
+        </field>
         <field>
           <name>ldapConfiguration</name>
           <description>the ldap configuration</description>

archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java

@@ -39,6 +39,11 @@ public class RedbackRuntimeConfiguration
      */
     private List<String> userManagerImpls = new ArrayList<String>();
 
+    /**
+     * Field authorizerImpls.
+     */
+    private java.util.List<String> authorizerImpls;
+
     private LdapConfiguration ldapConfiguration;
 
     /**
@@ -153,12 +158,23 @@ public class RedbackRuntimeConfiguration
         this.usersCacheConfiguration = usersCacheConfiguration;
     }
 
+    public List<String> getAuthorizerImpls()
+    {
+        return authorizerImpls;
+    }
+
+    public void setAuthorizerImpls( List<String> authorizerImpls )
+    {
+        this.authorizerImpls = authorizerImpls;
+    }
+
     @Override
     public String toString()
     {
         final StringBuilder sb = new StringBuilder();
         sb.append( "RedbackRuntimeConfiguration" );
         sb.append( "{userManagerImpls=" ).append( userManagerImpls );
+        sb.append( ", authorizerImpls=" ).append( authorizerImpls );
         sb.append( ", ldapConfiguration=" ).append( ldapConfiguration );
         sb.append( ", migratedFromRedbackConfiguration=" ).append( migratedFromRedbackConfiguration );
         sb.append( ", configurationProperties=" ).append( configurationProperties );

archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java

@@ -40,7 +40,10 @@ import org.springframework.stereotype.Service;
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
 import javax.inject.Named;
+import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 /**
  * @author Olivier Lamy
@@ -75,7 +78,8 @@ public class DefaultRedbackRuntimeConfigurationAdmin
             if ( !redbackRuntimeConfiguration.isMigratedFromRedbackConfiguration() )
             {
                 // so migrate if available
-                String userManagerImpl = userConfiguration.getString( UserConfigurationKeys.USER_MANAGER_IMPL );
+                String userManagerImpl =
+                    userConfiguration.getConcatenatedList( UserConfigurationKeys.USER_MANAGER_IMPL, "jdo" );
                 if ( StringUtils.isNotEmpty( userManagerImpl ) )
                 {
                     if ( StringUtils.contains( userManagerImpl, ',' ) )
@@ -92,6 +96,25 @@ public class DefaultRedbackRuntimeConfigurationAdmin
                     }
                 }
 
+                String authorizerImpls =
+                    userConfiguration.getConcatenatedList( UserConfigurationKeys.AUTHORIZER_IMPL, "rbac" );
+
+                if ( StringUtils.isNotEmpty( authorizerImpls ) )
+                {
+                    if ( StringUtils.contains( authorizerImpls, ',' ) )
+                    {
+                        String[] impls = StringUtils.split( authorizerImpls, ',' );
+                        for ( String impl : impls )
+                        {
+                            redbackRuntimeConfiguration.getAuthorizerImpls().add( impl );
+                        }
+                    }
+                    else
+                    {
+                        redbackRuntimeConfiguration.getAuthorizerImpls().add( userManagerImpl );
+                    }
+                }
+
                 // now ldap
 
                 LdapConfiguration ldapConfiguration = redbackRuntimeConfiguration.getLdapConfiguration();
@@ -130,6 +153,15 @@ public class DefaultRedbackRuntimeConfigurationAdmin
                 updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration );
             }
 
+            // we ensure authorizerImpls is not empty if so put
+            if ( redbackRuntimeConfiguration.getAuthorizerImpls().isEmpty() )
+            {
+                log.info(
+                    "redbackRuntimeConfiguration with empty authorizerImpls so force at least rbac implementation !" );
+                redbackRuntimeConfiguration.getAuthorizerImpls().add( "rbac" );
+                updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration );
+            }
+
             boolean save = false;
 
             // NPE free
@@ -502,4 +534,15 @@ public class DefaultRedbackRuntimeConfigurationAdmin
         }
         return userConfiguration.getConcatenatedList( key, defaultValue );
     }
+
+    public Collection<String> getKeys()
+    {
+        Collection<String> keys = userConfiguration.getKeys();
+
+        Set<String> keysSet = new HashSet<String>( keys );
+
+        keysSet.addAll( getRedbackRuntimeConfiguration().getConfigurationProperties().keySet() );
+
+        return keysSet;
+    }
 }

archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java

@@ -18,12 +18,16 @@ package org.apache.archiva.web.security;
  * under the License.
  */
 
+import org.apache.archiva.admin.model.RepositoryAdminException;
+import org.apache.archiva.admin.model.beans.RedbackRuntimeConfiguration;
+import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
 import org.apache.archiva.redback.authorization.AuthorizationDataSource;
 import org.apache.archiva.redback.authorization.AuthorizationException;
 import org.apache.archiva.redback.authorization.AuthorizationResult;
 import org.apache.archiva.redback.authorization.Authorizer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
 import javax.inject.Inject;
@@ -40,13 +44,10 @@ public class ArchivaAuthorizer
     private Logger log = LoggerFactory.getLogger( getClass() );
 
     @Inject
-    @Named( value = "authorizer#rbac" )
+    private ApplicationContext applicationContext;
-    private Authorizer rbacAuthorizer;
-
 
     @Inject
-    @Named( value = "authorizer#ldap" )
+    private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
-    private Authorizer ldapAuthorizer;
 
     public String getId()
     {
@@ -58,11 +59,54 @@ public class ArchivaAuthorizer
     {
         log.debug( "isAuthorized source: {}", source );
 
-        AuthorizationResult result = ldapAuthorizer.isAuthorized( source );
+        try
+        {
+            RedbackRuntimeConfiguration redbackRuntimeConfiguration =
+                redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration();
 
+            AuthorizationException authorizationException = null;
 
+            AuthorizationResult lastResult = null;
 
-        return rbacAuthorizer.isAuthorized( source );
+            for ( String id : redbackRuntimeConfiguration.getAuthorizerImpls() )
+            {
+                Authorizer authorizer = getAuthorizer( id );
+
+                AuthorizationResult result = null;
+                try
+                {
+                    result = authorizer.isAuthorized( source );
+                    log.debug( "AuthorizationResult {} with id '{}", result, id );
+                }
+                catch ( AuthorizationException e )
+                {
+                    log.debug( "AuthorizationException {} with id '{}", e.getMessage(), id );
+                    authorizationException = e;
+                }
+
+                if ( result.isAuthorized() )
+                {
+                    return result;
+                }
+
+                lastResult = result;
+            }
+            if ( authorizationException != null )
+            {
+                throw authorizationException;
+            }
+            return lastResult;
+        }
+        catch ( RepositoryAdminException e )
+        {
+            throw new AuthorizationException( e.getMessage(), e );
+        }
+
+    }
+
+    private Authorizer getAuthorizer( String id )
+    {
+        return applicationContext.getBean( "authorizer#" + id, Authorizer.class );
     }
 
     public boolean isFinalImplementation()