Apache
/
archiva
mirror of https://github.com/apache/archiva.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Initial work to establish archiva-security with UserRepositories concept. 

Created SecurityStartup to bring startup mechanism back into archiva-security from archiva-webapp.
Created a few generic security exceptions to help pass along security problems.
Removed xwork-integration requirement from pom.



git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/branches/archiva-backend-security@590766 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joakim Erdfelt 2007-10-31 17:37:36 +00:00
parent d1ee9122cd
commit 831c6c9810
15 changed files with 1553 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
archiva-web/archiva-security/pom.xml
View File

@ -28,24 +28,42 @@
<artifactId>archiva-security</artifactId>
<name>Archiva Web :: Security Configuration</name>
<dependencies>
<dependency>
<groupId>org.apache.maven.archiva</groupId>
<artifactId>archiva-configuration</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-system</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-rbac-model</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-rbac-role-manager</artifactId>
</dependency>
<!-- Test Scoped -->
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-authorization-rbac</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-keys-memory</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-users-memory</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-rbac-memory</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.codehaus.plexus.redback</groupId>
<artifactId>redback-xwork-integration</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
</project>

40
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/AccessDeniedException.java Normal file
View File

@ -0,0 +1,40 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* AccessDeniedException
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*/
public class AccessDeniedException
extends ArchivaSecurityException
{
public AccessDeniedException( String message, Throwable cause )
{
super( message, cause );
}
public AccessDeniedException( String message )
{
super( message );
}
}

14
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
View File

@ -68,4 +68,18 @@ public class ArchivaRoleConstants
public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager";
public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer";
public static final String TEMPLATE_SYSTEM_ADMIN = "archiva-system-administrator";
public static final String TEMPLATE_GUEST = "archiva-guest";
public static String toRepositoryObserverRoleId( String repoId )
{
return TEMPLATE_REPOSITORY_OBSERVER + "-" + repoId;
}
public static String toRepositoryObserverRoleName( String repoId )
{
return REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId;
}
}

42
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSecurityException.java Normal file
View File

@ -0,0 +1,42 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.maven.archiva.common.ArchivaException;
/**
* ArchivaSecurityException
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*/
public class ArchivaSecurityException
extends ArchivaException
{
public ArchivaSecurityException( String message, Throwable cause )
{
super( message, cause );
}
public ArchivaSecurityException( String message )
{
super( message );
}
}

103
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaStandardRolesCheck.java Normal file
View File

@ -0,0 +1,103 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
import java.util.List;
/**
* ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*
* @plexus.component role="org.codehaus.plexus.redback.system.check.EnvironmentCheck"
* role-hint="required-roles"
*/
public class ArchivaStandardRolesCheck
extends AbstractLogEnabled
implements EnvironmentCheck
{
/**
* @plexus.requirement role-hint="cached"
*/
private RBACManager rbacManager;
/**
* boolean detailing if this environment check has been executed
*/
private boolean checked = false;
@SuppressWarnings("unchecked")
public void validateEnvironment( List violations )
{
if ( !checked )
{
String expectedRoles[] = new String[] {
ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE,
ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE,
ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE,
ArchivaRoleConstants.GUEST_ROLE,
ArchivaRoleConstants.REGISTERED_USER_ROLE,
ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE };
getLogger().info( "Checking the existance of required roles." );
for ( String roleName : expectedRoles )
{
if ( !rbacManager.roleExists( roleName ) )
{
violations.add( "Unable to validate the existances of the '" + roleName + "' role." );
}
}
String expectedOperations[] = new String[] {
ArchivaRoleConstants.OPERATION_MANAGE_USERS,
ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION,
ArchivaRoleConstants.OPERATION_REGENERATE_INDEX,
ArchivaRoleConstants.OPERATION_RUN_INDEXER,
ArchivaRoleConstants.OPERATION_ACCESS_REPORT,
ArchivaRoleConstants.OPERATION_ADD_REPOSITORY,
ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY,
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY,
ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS,
"archiva-guest" };
getLogger().info( "Checking the existance of required operations." );
for ( String operation : expectedOperations )
{
if ( !rbacManager.operationExists( operation ) )
{
violations.add( "Unable to validate the existances of the '" + operation + "' operation." );
}
}
checked = true;
}
}
}

132
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java Normal file
View File

@ -0,0 +1,132 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
/**
* DefaultUserRepositories
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*
* @plexus.component role="org.apache.maven.archiva.security.UserRepositories"
* role-hint="default"
*/
public class DefaultUserRepositories
implements UserRepositories
{
/**
* @plexus.requirement
*/
private SecuritySystem securitySystem;
/**
* @plexus.requirement role-hint="cached"
*/
private RBACManager rbacManager;
/**
* @plexus.requirement role-hint="default"
*/
private RoleManager roleManager;
public List<String> getObservableRepositoryIds( String principal )
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
{
try
{
User user = securitySystem.getUserManager().findUser( principal );
if ( user.isLocked() )
{
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
}
Map<String, List<Permission>> permissionMap = rbacManager.getAssignedPermissionMap( principal );
List<String> repoIds = new ArrayList<String>();
for( Entry<String,List<Permission>> entry: permissionMap.entrySet() )
{
List<Permission> perms = entry.getValue();
for( Permission perm: perms )
{
System.out.println( "Principal[" + principal + "] : Permission[" + entry.getKey() + "]:" + perm.getName() + " - Operation:"
+ perm.getOperation().getName() + " - Resource:" + perm.getResource().getIdentifier() );
}
}
System.out.println("-");
return repoIds;
}
catch ( UserNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
}
catch ( RbacObjectNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find user role assignments for user " + principal, e );
}
catch ( RbacManagerException e )
{
throw new ArchivaSecurityException( "Unable to initialize underlying security framework: " + e.getMessage(),
e );
}
}
public void createMissingRepositoryRoles( String repoId )
throws ArchivaSecurityException
{
try
{
if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
{
roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
}
if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
{
roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
}
}
catch ( RoleManagerException e )
{
throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
e );
}
}
}

40
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/PrincipalNotFoundException.java Normal file
View File

@ -0,0 +1,40 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* PrincipalNotFoundException
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*/
public class PrincipalNotFoundException
extends ArchivaSecurityException
{
public PrincipalNotFoundException( String message, Throwable cause )
{
super( message, cause );
}
public PrincipalNotFoundException( String message )
{
super( message );
}
}

206
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java Normal file
View File

@ -0,0 +1,206 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.commons.collections.CollectionUtils;
import org.apache.maven.archiva.common.ArchivaException;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ConfigurationNames;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.RbacManagerException;
import org.codehaus.plexus.redback.rbac.UserAssignment;
import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
import org.codehaus.plexus.registry.Registry;
import org.codehaus.plexus.registry.RegistryListener;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
/**
* SecurityStartup
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*
* @plexus.component role="org.apache.maven.archiva.security.SecurityStartup"
*/
public class SecurityStartup
extends AbstractLogEnabled
implements RegistryListener
{
/**
* @plexus.requirement
*/
private UserRepositories userRepos;
/**
* @plexus.requirement role-hint="cached"
*/
private RBACManager rbacManager;
/**
* @plexus.requirement role="org.codehaus.plexus.redback.system.check.EnvironmentCheck"
*/
private Map<String, EnvironmentCheck> checkers;
/**
* @plexus.requirement
*/
private ArchivaConfiguration archivaConfiguration;
public void afterConfigurationChange( Registry registry, String propertyName, Object propertyValue )
{
if ( ConfigurationNames.isManagedRepositories( propertyName ) )
{
createMissingManagedRepositoryRoles( archivaConfiguration.getConfiguration().getManagedRepositories() );
}
}
public void assignRepositoryObserverToGuestUser( List<ManagedRepositoryConfiguration> repos )
{
for ( ManagedRepositoryConfiguration repoConfig : repos )
{
String repoId = repoConfig.getId();
// TODO: Use the Redback / UserConfiguration..getString( "redback.default.guest" ) to get the right name.
String principal = "guest";
try
{
UserAssignment ua;
if ( rbacManager.userAssignmentExists( principal ) )
{
ua = rbacManager.getUserAssignment( principal );
}
else
{
ua = rbacManager.createUserAssignment( principal );
}
ua.addRoleName( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) );
rbacManager.saveUserAssignment( ua );
}
catch ( RbacManagerException e )
{
getLogger().warn(
"Unable to add role [" + ArchivaRoleConstants.toRepositoryObserverRoleName( repoId )
+ "] to " + principal + " user.", e );
}
}
}
public void beforeConfigurationChange( Registry registry, String propertyName, Object propertyValue )
{
/* do nothing */
}
public void createMissingManagedRepositoryRoles( List<ManagedRepositoryConfiguration> repos )
{
// NOTE: Remote Repositories do not have roles or security placed around them.
for ( ManagedRepositoryConfiguration repoConfig : repos )
{
// manage roles for repositories
try
{
userRepos.createMissingRepositoryRoles( repoConfig.getId() );
}
catch ( ArchivaSecurityException e )
{
getLogger().warn( e.getMessage(), e );
}
}
}
public void createMissingRepositoryRoles( List<String> repoIds )
{
for ( String repoId : repoIds )
{
// manage roles for repositories
try
{
userRepos.createMissingRepositoryRoles( repoId );
}
catch ( ArchivaSecurityException e )
{
getLogger().warn( e.getMessage(), e );
}
}
}
public void executeEnvironmentChecks()
throws ArchivaException
{
if ( ( checkers == null ) || CollectionUtils.isEmpty( checkers.values() ) )
{
throw new ArchivaException( "Unable to initialize the Redback Security Environment, "
+ "no Environment Check components found." );
}
List<String> violations = new ArrayList<String>();
for ( Entry<String, EnvironmentCheck> entry : checkers.entrySet() )
{
EnvironmentCheck check = entry.getValue();
getLogger().info( "Running Environment Check: " + entry.getKey() );
check.validateEnvironment( violations );
}
if ( CollectionUtils.isNotEmpty( violations ) )
{
StringBuffer msg = new StringBuffer();
msg.append( "EnvironmentCheck Failure.\n" );
msg.append( "======================================================================\n" );
msg.append( " ENVIRONMENT FAILURE !! \n" );
msg.append( "\n" );
for ( String violation : violations )
{
msg.append( violation ).append( "\n" );
}
msg.append( "\n" );
msg.append( "======================================================================" );
getLogger().fatalError( msg.toString() );
throw new ArchivaException( "Unable to initialize Redback Security Environment, [" + violations.size()
+ "] violation(s) encountered, See log for details." );
}
}
public void startup()
throws ArchivaException
{
executeEnvironmentChecks();
createMissingManagedRepositoryRoles( archivaConfiguration.getConfiguration().getManagedRepositories() );
archivaConfiguration.addChangeListener( this );
if ( archivaConfiguration.isDefaulted() )
{
assignRepositoryObserverToGuestUser( archivaConfiguration.getConfiguration().getManagedRepositories() );
}
}
}

52
archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java Normal file
View File

@ -0,0 +1,52 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import java.util.List;
/**
* UserRepositories
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*/
public interface UserRepositories
{
/**
* Get the list of observable repository ids for the user specified.
*
* @param principal the principle to obtain the observable repository ids from.
* @return the list of observable repository ids.
* @throws PrincipalNotFoundException
* @throws AccessDeniedException
* @throws ArchivaSecurityException
*/
public List<String> getObservableRepositoryIds( String principal )
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException;
/**
* Create any missing repository roles for the provided repository id.
*
* @param repoId the repository id to work off of.
* @throws ArchivaSecurityException if there was a problem creating the repository roles.
*/
public void createMissingRepositoryRoles( String repoId )
throws ArchivaSecurityException;
}

234
archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.java Normal file
View File

@ -0,0 +1,234 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.commons.lang.StringUtils;
import org.codehaus.plexus.PlexusTestCase;
import org.codehaus.plexus.redback.rbac.Operation;
import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RBACManager;
import org.codehaus.plexus.redback.rbac.Resource;
import org.codehaus.plexus.redback.rbac.Role;
import org.codehaus.plexus.redback.rbac.UserAssignment;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
import java.util.List;
/**
* DefaultUserRepositoriesTest
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*/
public class DefaultUserRepositoriesTest
extends PlexusTestCase
{
private static final String PERMISSION_READ_REPOSITORY = "Archiva Read Repository";
private static final String USER_GUEST = "guest";
private static final String USER_ADMIN = "admin";
private static final String USER_ALPACA = "alpaca";
private SecuritySystem securitySystem;
private RBACManager rbacManager;
private RoleManager roleManager;
public void testGetObservableRepositoryIds()
throws Exception
{
UserRepositories userRepos = (UserRepositories) lookup( UserRepositories.class, "default" );
assertNotNull( userRepos );
// create some users.
createUser( USER_ALPACA, "Al 'Archiva' Paca" );
assertEquals( "Expected users", 3, securitySystem.getUserManager().getUsers().size() );
// some unassigned repo observer roles.
userRepos.createMissingRepositoryRoles( "central" );
userRepos.createMissingRepositoryRoles( "coporate" );
userRepos.createMissingRepositoryRoles( "internal" );
userRepos.createMissingRepositoryRoles( "snapshots" );
userRepos.createMissingRepositoryRoles( "secret" );
// some assigned repo observer roles.
assignRepositoryObserverRole( USER_ALPACA, "central" );
assignRepositoryObserverRole( USER_ALPACA, "corporate" );
assignRepositoryObserverRole( USER_GUEST, "corporate" );
// the global repo observer role.
assignGlobalRepositoryObserverRole( USER_ADMIN );
assertRepoIds( new String[] { "central", "corporate" }, userRepos.getObservableRepositoryIds( USER_ALPACA ) );
assertRepoIds( new String[] { "coporate" }, userRepos.getObservableRepositoryIds( USER_GUEST ) );
assertRepoIds( new String[] { "central", "internal", "corporate", "snapshots", "secret" }, userRepos
.getObservableRepositoryIds( USER_ADMIN ) );
}
private void assertRepoIds( String[] expectedRepoIds, List<String> observableRepositoryIds )
{
assertNotNull( "Observable Repository Ids cannot be null.", observableRepositoryIds );
if ( expectedRepoIds.length != observableRepositoryIds.size() )
{
fail( "Size of Observable Repository Ids wrong, expected <" + expectedRepoIds.length + "> but got <"
+ observableRepositoryIds.size() + "> instead. \nExpected: [" + StringUtils.join( expectedRepoIds, "," )
+ "]\nActual: [" + StringUtils.join( observableRepositoryIds.iterator(), "," ) + "]" );
}
}
private void assignGlobalRepositoryObserverRole( String principal )
throws Exception
{
Role role = createRepositoryObserverRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE,
PERMISSION_READ_REPOSITORY, Resource.GLOBAL );
assignRole( principal, role );
}
private void assignRepositoryObserverRole( String principal, String repoId )
throws Exception
{
// String roleId = ArchivaRoleConstants.toRepositoryObserverRoleId( repoId );
String roleId = ArchivaRoleConstants.toRepositoryObserverRoleName( repoId );
roleManager.assignRole( roleId, principal );
// Role role = createRepositoryObserverRole( roleName, PERMISSION_READ_REPOSITORY, repoId );
// assertEquals( roleName, role.getName() );
// assignRole( principal, role );
}
private void assignRole( String principal, Role role )
throws Exception
{
UserAssignment ua;
if ( rbacManager.userAssignmentExists( principal ) )
{
ua = rbacManager.getUserAssignment( principal );
}
else
{
ua = rbacManager.createUserAssignment( principal );
}
ua.addRoleName( role );
rbacManager.saveUserAssignment( ua );
}
private void createRepositoryObserverRole( String repoId )
throws Exception
{
createRepositoryObserverRole( ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ),
PERMISSION_READ_REPOSITORY + "-" + repoId, repoId );
}
private Role createRepositoryObserverRole( String roleName, String permissionName, String resourceId )
throws Exception
{
if ( rbacManager.roleExists( roleName ) )
{
return rbacManager.getRole( roleName );
}
Permission perm;
Operation operationRepoAccess;
Resource resource;
// if ( rbacManager.resourceExists( resourceId ) )
// {
// resource = rbacManager.getResource( resourceId );
// }
// else
// {
// resource = rbacManager.createResource( resourceId );
// }
resource = rbacManager.createResource( resourceId );
// if ( rbacManager.operationExists( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) )
// {
// operationRepoAccess = rbacManager.getOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
// }
// else
// {
// operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
// }
operationRepoAccess = rbacManager.createOperation( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
// if ( rbacManager.permissionExists( permissionName ) )
// {
// perm = rbacManager.getPermission( permissionName );
// }
// else
// {
// perm = rbacManager.createPermission( permissionName );
// }
perm = rbacManager.createPermission( permissionName );
perm.setOperation( operationRepoAccess );
perm.setResource( resource );
Role role = rbacManager.createRole( roleName );
role.addPermission( perm );
rbacManager.saveOperation( operationRepoAccess );
rbacManager.savePermission( perm );
rbacManager.saveRole( role );
return role;
}
private User createUser( String principal, String fullname )
{
UserManager userManager = securitySystem.getUserManager();
User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );
securitySystem.getPolicy().setEnabled( false );
userManager.addUser( user );
securitySystem.getPolicy().setEnabled( true );
return user;
}
@Override
protected void setUp()
throws Exception
{
super.setUp();
securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" );
rbacManager = (RBACManager) lookup( RBACManager.class, "memory" );
roleManager = (RoleManager) lookup( RoleManager.class, "default" );
// Setup Admin User.
User adminUser = createUser( USER_ADMIN, "Admin User" );
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
// Setup Guest User.
User guestUser = createUser( USER_GUEST, "Guest User" );
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );
}
}

49
archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/SecurityStartupTest.java Normal file
View File

@ -0,0 +1,49 @@
package org.apache.maven.archiva.security;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.codehaus.plexus.PlexusTestCase;
/**
* SecurityStartupTest
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
*/
public class SecurityStartupTest
extends PlexusTestCase
{
private SecurityStartup secStart;
@Override
protected void setUp()
throws Exception
{
super.setUp();
secStart = (SecurityStartup) lookup( SecurityStartup.class );
}
public void testEnvironmentChecks()
throws Exception
{
secStart.executeEnvironmentChecks();
}
}

195
archiva-web/archiva-security/src/test/resources/META-INF/redback/redback-core.xml Normal file
View File

@ -0,0 +1,195 @@
<?xml version="1.0" ?>
<redback-role-model>
<version>1.0.0</version>
<application>Redback XWork Integration Security Core</application>
<resources>
<resource>
<id>global</id>
<name>*</name>
<permanent>true</permanent>
<description>global resource implies full access for authorization</description>
</resource>
<resource>
<id>username</id>
<name>${username}</name>
<permanent>true</permanent>
<description>replaced with the username of the principal at authorization check time</description>
</resource>
</resources>
<operations>
<operation>
<id>configuration-edit</id>
<name>configuration-edit</name>
<description>edit configuration</description>
<permanent>true</permanent>
</operation>
<operation>
<id>user-management-user-create</id>
<name>user-management-user-create</name>
<description>create user</description>
<permanent>true</permanent>
</operation>
<operation>
<id>user-management-user-edit</id>
<name>user-management-user-edit</name>
<description>edit user</description>
<permanent>true</permanent>
</operation>
<operation>
<id>user-management-user-role</id>
<name>user-management-user-role</name>
<description>user roles</description>
<permanent>true</permanent>
</operation>
<operation>
<id>user-management-user-delete</id>
<name>user-management-user-delete</name>
<description>delete user</description>
<permanent>true</permanent>
</operation>
<operation>
<id>user-management-user-list</id>
<name>user-management-user-list</name>
<description>list users</description>
<permanent>true</permanent>
</operation>
<operation>
<id>user-management-role-grant</id>
<name>user-management-role-grant</name>
<description>grant role</description>
<permanent>true</permanent>
</operation>
<operation>
<id>user-management-role-drop</id>
<name>user-management-role-drop</name>
<description>drop role</description>
<permanent>true</permanent>
</operation>
<operation>
<id>user-management-rbac-admin</id>
<name>user-management-rbac-admin</name>
<description>administer rbac</description>
<permanent>true</permanent>
</operation>
<operation>
<id>guest-access</id>
<name>guest-access</name>
<description>access guest</description>
<permanent>true</permanent>
</operation>
</operations>
<roles>
<role>
<id>system-administrator</id>
<name>System Administrator</name>
<permanent>true</permanent>
<assignable>true</assignable>
<permissions>
<permission>
<id>edit-redback-configuration</id>
<name>Edit Redback Configuration</name>
<operation>configuration-edit</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
<permission>
<id>manage-rbac-setup</id>
<name>User RBAC Management</name>
<operation>user-management-rbac-admin</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
</permissions>
<childRoles>
<childRole>user-administrator</childRole>
</childRoles>
</role>
<role>
<id>user-administrator</id>
<name>User Administrator</name>
<permanent>true</permanent>
<assignable>true</assignable>
<permissions>
<permission>
<id>drop-roles-for-anyone</id>
<name>Drop Roles for Anyone</name>
<operation>user-management-role-drop</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
<permission>
<id>grant-roles-for-anyone</id>
<name>Grant Roles for Anyone</name>
<operation>user-management-role-grant</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
<permission>
<id>user-create</id>
<name>Create Users</name>
<operation>user-management-user-create</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
<permission>
<id>user-delete</id>
<name>Delete Users</name>
<operation>user-management-user-delete</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
<permission>
<id>user-edit</id>
<name>Edit Users</name>
<operation>user-management-user-edit</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
<permission>
<id>access-users-roles</id>
<name>Access Users Roles</name>
<operation>user-management-user-role</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
<permission>
<id>access-user-list</id>
<name>Access User List</name>
<operation>user-management-user-list</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
</permissions>
</role>
<role>
<id>registered-user</id>
<name>Registered User</name>
<permanent>true</permanent>
<assignable>true</assignable>
<permissions>
<permission>
<id>edit-user-by-username</id>
<name>Edit User Data by Username</name>
<operation>user-management-user-edit</operation>
<resource>username</resource>
<permanent>true</permanent>
</permission>
</permissions>
</role>
<role>
<id>guest</id>
<name>Guest</name>
<permanent>true</permanent>
<assignable>true</assignable>
<permissions>
<permission>
<id>guest-permission</id>
<name>Guest Permission</name>
<operation>guest-access</operation>
<resource>global</resource>
<permanent>true</permanent>
</permission>
</permissions>
</role>
</roles>
</redback-role-model>

166
archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.xml Normal file
View File

@ -0,0 +1,166 @@
<?xml version="1.0" ?>
<component-set>
<components>
<component>
<role>org.apache.maven.archiva.security.UserRepositories</role>
<role-hint>default</role-hint>
<implementation>org.apache.maven.archiva.security.DefaultUserRepositories</implementation>
<description>DefaultUserRepositories</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.system.SecuritySystem</role>
<role-hint>testable</role-hint>
<field-name>securitySystem</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.role.RoleManager</role>
<role-hint>default</role-hint>
<field-name>roleManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.system.SecuritySystem</role>
<role-hint>testable</role-hint>
<implementation>org.codehaus.plexus.redback.system.DefaultSecuritySystem</implementation>
<description>DefaultSecuritySystem:</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.authentication.AuthenticationManager</role>
<field-name>authnManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.authorization.Authorizer</role>
<role-hint>rbac</role-hint>
<field-name>authorizer</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.users.UserManager</role>
<role-hint>memory</role-hint>
<field-name>userManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.keys.KeyManager</role>
<role-hint>memory</role-hint>
<field-name>keyManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role>
<field-name>policy</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.authorization.Authorizer</role>
<role-hint>rbac</role-hint>
<implementation>org.codehaus.plexus.redback.authorization.rbac.RbacAuthorizer</implementation>
<description>RbacAuthorizer:</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>manager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.users.UserManager</role>
<role-hint>memory</role-hint>
<field-name>userManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role>
<role-hint>default</role-hint>
<field-name>evaluator</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
<role-hint>default</role-hint>
<field-name>config</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.authorization.rbac.evaluator.DefaultPermissionEvaluator</implementation>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.users.UserManager</role>
<role-hint>memory</role-hint>
<field-name>userManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.role.RoleManager</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.role.DefaultRoleManager</implementation>
<description>RoleProfileManager:</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.role.merger.RoleModelMerger</role>
<role-hint>default</role-hint>
<field-name>modelMerger</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.role.validator.RoleModelValidator</role>
<role-hint>default</role-hint>
<field-name>modelValidator</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role>
<role-hint>default</role-hint>
<field-name>modelProcessor</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role>
<role-hint>default</role-hint>
<field-name>templateProcessor</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor</implementation>
<description>DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor</implementation>
<description>DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
</requirements>
</component>
</components>
</component-set>

43
archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/RoleManagerTest.xml
View File

@ -34,7 +34,7 @@
</requirement>
</requirements>
</component>
<component>
<component>
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor</implementation>
@ -47,6 +47,7 @@
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role>
<role-hint>default</role-hint>
@ -60,5 +61,45 @@
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.system.check.EnvironmentCheck</role>
<role-hint>required-roles</role-hint>
<implementation>org.apache.maven.archiva.security.ArchivaStandardRolesCheck</implementation>
<description>ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.apache.maven.archiva.security.SecurityStartup</role>
<implementation>org.apache.maven.archiva.security.SecurityStartup</implementation>
<description>SecurityStartup</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.role.RoleManager</role>
<role-hint>default</role-hint>
<field-name>roleManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.system.check.EnvironmentCheck</role>
<field-name>checkers</field-name>
</requirement>
<requirement>
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role>
<field-name>archivaConfiguration</field-name>
</requirement>
</requirements>
</component>
</components>
</component-set>

210
archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/SecurityStartupTest.xml Normal file
View File

@ -0,0 +1,210 @@
<?xml version="1.0" ?>
<component-set>
<components>
<component>
<role>org.codehaus.plexus.redback.system.check.EnvironmentCheck</role>
<role-hint>required-roles</role-hint>
<implementation>org.apache.maven.archiva.security.ArchivaStandardRolesCheck</implementation>
<description>ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions.</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.apache.maven.archiva.security.SecurityStartup</role>
<implementation>org.apache.maven.archiva.security.SecurityStartup</implementation>
<description>SecurityStartup</description>
<requirements>
<requirement>
<role>org.apache.maven.archiva.security.UserRepositories</role>
<field-name>userRepos</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.system.check.EnvironmentCheck</role>
<field-name>checkers</field-name>
</requirement>
<requirement>
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role>
<field-name>archivaConfiguration</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.apache.maven.archiva.security.UserRepositories</role>
<role-hint>default</role-hint>
<implementation>org.apache.maven.archiva.security.DefaultUserRepositories</implementation>
<description>DefaultUserRepositories</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.system.SecuritySystem</role>
<role-hint>testable</role-hint>
<field-name>securitySystem</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.role.RoleManager</role>
<role-hint>default</role-hint>
<field-name>roleManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor</implementation>
<description>DefaultRoleTemplateProcessor: inserts the components of a template into the rbac manager</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor</implementation>
<description>DefaultRoleModelProcessor: inserts the components of the model that can be populated into the rbac manager</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.role.RoleManager</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.role.DefaultRoleManager</implementation>
<instantiation-strategy>singleton</instantiation-strategy>
<description>RoleProfileManager:</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.role.merger.RoleModelMerger</role>
<role-hint>default</role-hint>
<field-name>modelMerger</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.role.validator.RoleModelValidator</role>
<role-hint>default</role-hint>
<field-name>modelValidator</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role>
<role-hint>default</role-hint>
<field-name>modelProcessor</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role>
<role-hint>default</role-hint>
<field-name>templateProcessor</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>rbacManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.PlexusContainer</role>
<field-name>container</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.system.SecuritySystem</role>
<role-hint>testable</role-hint>
<implementation>org.codehaus.plexus.redback.system.DefaultSecuritySystem</implementation>
<description>DefaultSecuritySystem:</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.authentication.AuthenticationManager</role>
<field-name>authnManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.authorization.Authorizer</role>
<role-hint>rbac</role-hint>
<field-name>authorizer</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.users.UserManager</role>
<role-hint>memory</role-hint>
<field-name>userManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.keys.KeyManager</role>
<role-hint>memory</role-hint>
<field-name>keyManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role>
<field-name>policy</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.authorization.Authorizer</role>
<role-hint>rbac</role-hint>
<implementation>org.codehaus.plexus.redback.authorization.rbac.RbacAuthorizer</implementation>
<description>RbacAuthorizer:</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.rbac.RBACManager</role>
<role-hint>memory</role-hint>
<field-name>manager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.users.UserManager</role>
<role-hint>memory</role-hint>
<field-name>userManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role>
<role-hint>default</role-hint>
<field-name>evaluator</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
<role-hint>default</role-hint>
<field-name>config</field-name>
</requirement>
</requirements>
</component>
<component>
<role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.redback.authorization.rbac.evaluator.DefaultPermissionEvaluator</implementation>
<requirements>
<requirement>
<role>org.codehaus.plexus.redback.users.UserManager</role>
<role-hint>memory</role-hint>
<field-name>userManager</field-name>
</requirement>
</requirements>
</component>
</components>
</component-set>