[MRM-1736] map roles to ldap groups

make authorizer impls dynamic git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1430611 13f79535-47bb-0310-9956-ffa450edef68
2013-01-08 22:47:47 +00:00 · 2013-01-08 22:47:47 +00:00 · 7b7135cff7
parent 3b024df4b9
commit 7b7135cff7
4 changed files with 120 additions and 8 deletions
--- a/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo
+++ b/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo
@ -1495,6 +1495,15 @@
            <multiplicity>*</multiplicity>
          </association>
        </field>
+        <field>
+          <name>authorizerImpls</name>
+          <description>The authorizer impls to use.</description>
+          <version>1.4.0+</version>
+          <association>
+            <type>String</type>
+            <multiplicity>*</multiplicity>
+          </association>
+        </field>
        <field>
          <name>ldapConfiguration</name>
          <description>the ldap configuration</description>
--- a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java
+++ b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java
@ -39,6 +39,11 @@ public class RedbackRuntimeConfiguration
     */
    private List<String> userManagerImpls = new ArrayList<String>();

+    /**
+     * Field authorizerImpls.
+     */
+    private java.util.List<String> authorizerImpls;
+
    private LdapConfiguration ldapConfiguration;

    /**
@ -153,12 +158,23 @@ public class RedbackRuntimeConfiguration
        this.usersCacheConfiguration = usersCacheConfiguration;
    }

+    public List<String> getAuthorizerImpls()
+    {
+        return authorizerImpls;
+    }
+
+    public void setAuthorizerImpls( List<String> authorizerImpls )
+    {
+        this.authorizerImpls = authorizerImpls;
+    }
+
    @Override
    public String toString()
    {
        final StringBuilder sb = new StringBuilder();
        sb.append( "RedbackRuntimeConfiguration" );
        sb.append( "{userManagerImpls=" ).append( userManagerImpls );
+        sb.append( ", authorizerImpls=" ).append( authorizerImpls );
        sb.append( ", ldapConfiguration=" ).append( ldapConfiguration );
        sb.append( ", migratedFromRedbackConfiguration=" ).append( migratedFromRedbackConfiguration );
        sb.append( ", configurationProperties=" ).append( configurationProperties );
--- a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java
+++ b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java
@ -40,7 +40,10 @@ import org.springframework.stereotype.Service;
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
 import javax.inject.Named;
+import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;

 /**
 * @author Olivier Lamy
@ -75,7 +78,8 @@ public class DefaultRedbackRuntimeConfigurationAdmin
            if ( !redbackRuntimeConfiguration.isMigratedFromRedbackConfiguration() )
            {
                // so migrate if available
-                String userManagerImpl = userConfiguration.getString( UserConfigurationKeys.USER_MANAGER_IMPL );
+                String userManagerImpl =
+                    userConfiguration.getConcatenatedList( UserConfigurationKeys.USER_MANAGER_IMPL, "jdo" );
                if ( StringUtils.isNotEmpty( userManagerImpl ) )
                {
                    if ( StringUtils.contains( userManagerImpl, ',' ) )
@ -92,6 +96,25 @@ public class DefaultRedbackRuntimeConfigurationAdmin
                    }
                }

+                String authorizerImpls =
+                    userConfiguration.getConcatenatedList( UserConfigurationKeys.AUTHORIZER_IMPL, "rbac" );
+
+                if ( StringUtils.isNotEmpty( authorizerImpls ) )
+                {
+                    if ( StringUtils.contains( authorizerImpls, ',' ) )
+                    {
+                        String[] impls = StringUtils.split( authorizerImpls, ',' );
+                        for ( String impl : impls )
+                        {
+                            redbackRuntimeConfiguration.getAuthorizerImpls().add( impl );
+                        }
+                    }
+                    else
+                    {
+                        redbackRuntimeConfiguration.getAuthorizerImpls().add( userManagerImpl );
+                    }
+                }
+
                // now ldap

                LdapConfiguration ldapConfiguration = redbackRuntimeConfiguration.getLdapConfiguration();
@ -130,6 +153,15 @@ public class DefaultRedbackRuntimeConfigurationAdmin
                updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration );
            }

+            // we ensure authorizerImpls is not empty if so put
+            if ( redbackRuntimeConfiguration.getAuthorizerImpls().isEmpty() )
+            {
+                log.info(
+                    "redbackRuntimeConfiguration with empty authorizerImpls so force at least rbac implementation !" );
+                redbackRuntimeConfiguration.getAuthorizerImpls().add( "rbac" );
+                updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration );
+            }
+
            boolean save = false;

            // NPE free
@ -502,4 +534,15 @@ public class DefaultRedbackRuntimeConfigurationAdmin
        }
        return userConfiguration.getConcatenatedList( key, defaultValue );
    }
+
+    public Collection<String> getKeys()
+    {
+        Collection<String> keys = userConfiguration.getKeys();
+
+        Set<String> keysSet = new HashSet<String>( keys );
+
+        keysSet.addAll( getRedbackRuntimeConfiguration().getConfigurationProperties().keySet() );
+
+        return keysSet;
+    }
 }
--- a/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java
+++ b/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java
@ -18,12 +18,16 @@ package org.apache.archiva.web.security;
 * under the License.
 */

+import org.apache.archiva.admin.model.RepositoryAdminException;
+import org.apache.archiva.admin.model.beans.RedbackRuntimeConfiguration;
+import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
 import org.apache.archiva.redback.authorization.AuthorizationDataSource;
 import org.apache.archiva.redback.authorization.AuthorizationException;
 import org.apache.archiva.redback.authorization.AuthorizationResult;
 import org.apache.archiva.redback.authorization.Authorizer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;

 import javax.inject.Inject;
@ -40,13 +44,10 @@ public class ArchivaAuthorizer
    private Logger log = LoggerFactory.getLogger( getClass() );

    @Inject
-    @Named( value = "authorizer#rbac" )
-    private Authorizer rbacAuthorizer;
-
+    private ApplicationContext applicationContext;

    @Inject
-    @Named( value = "authorizer#ldap" )
-    private Authorizer ldapAuthorizer;
+    private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;

    public String getId()
    {
@ -58,11 +59,54 @@ public class ArchivaAuthorizer
    {
        log.debug( "isAuthorized source: {}", source );

-        AuthorizationResult result = ldapAuthorizer.isAuthorized( source );
+        try
+        {
+            RedbackRuntimeConfiguration redbackRuntimeConfiguration =
+                redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration();

+            AuthorizationException authorizationException = null;

+            AuthorizationResult lastResult = null;

-        return rbacAuthorizer.isAuthorized( source );
+            for ( String id : redbackRuntimeConfiguration.getAuthorizerImpls() )
+            {
+                Authorizer authorizer = getAuthorizer( id );
+
+                AuthorizationResult result = null;
+                try
+                {
+                    result = authorizer.isAuthorized( source );
+                    log.debug( "AuthorizationResult {} with id '{}", result, id );
+                }
+                catch ( AuthorizationException e )
+                {
+                    log.debug( "AuthorizationException {} with id '{}", e.getMessage(), id );
+                    authorizationException = e;
+                }
+
+                if ( result.isAuthorized() )
+                {
+                    return result;
+                }
+
+                lastResult = result;
+            }
+            if ( authorizationException != null )
+            {
+                throw authorizationException;
+            }
+            return lastResult;
+        }
+        catch ( RepositoryAdminException e )
+        {
+            throw new AuthorizationException( e.getMessage(), e );
+        }
+
+    }
+
+    private Authorizer getAuthorizer( String id )
+    {
+        return applicationContext.getBean( "authorizer#" + id, Authorizer.class );
    }

    public boolean isFinalImplementation()