new setup wizard that forces the creation of an administrator user

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@442742 13f79535-47bb-0310-9956-ffa450edef68

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java

@@ -22,6 +22,7 @@ import org.codehaus.plexus.security.user.User;
 import org.codehaus.plexus.security.user.UserManager;
 import org.codehaus.plexus.security.user.policy.PasswordRuleViolationException;
 import org.codehaus.plexus.security.user.policy.PasswordRuleViolations;
+import org.codehaus.plexus.security.rbac.RBACManager;
 import org.codehaus.plexus.util.StringUtils;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
@@ -51,6 +52,11 @@ public class NewUserAction
      */
     private RoleManager roleManager;
 
+    /**
+     * @plexus.requirement
+     */
+    private RBACManager rbacManager;
+
     private String username;
 
     private String password;
@@ -118,6 +124,7 @@ public class NewUserAction
                     addActionError( (String) it.next() );
                 }
             }
+
             roleManager.addUser( user.getPrincipal().toString() );
 
             addActionMessage( "user " + username + " was successfully registered!");
@@ -131,6 +138,76 @@ public class NewUserAction
         return SUCCESS;
     }
 
+    public String createAdminUser()
+    {
+        if ( username == null )
+        {
+            return INPUT;
+        }
+
+        // TODO: use commons-validator for these fields.
+
+        if ( StringUtils.isEmpty( username ) )
+        {
+            addActionError( "User Name is required." );
+        }
+
+        if ( StringUtils.isEmpty( fullName ) )
+        {
+            addActionError( "Full Name is required." );
+        }
+
+        if ( StringUtils.isEmpty( email ) )
+        {
+            addActionError( "Email Address is required." );
+        }
+
+        // TODO: Validate Email Address (use commons-validator)
+
+        if ( StringUtils.equals( password, passwordConfirm ) )
+        {
+            addActionError( "Passwords do not match." );
+        }
+
+        UserManager um = securitySystem.getUserManager();
+
+        if ( um.userExists( username ) )
+        {
+            addActionError( "User already exists!" );
+        }
+        else
+        {
+            User user = um.createUser( username, fullName, email );
+
+            user.setPassword( password );
+
+            try
+            {
+                um.addUser( user );
+            }
+            catch ( PasswordRuleViolationException e )
+            {
+                PasswordRuleViolations violations = e.getViolations();
+                List violationList = violations.getLocalizedViolations();
+                Iterator it = violationList.iterator();
+                while ( it.hasNext() )
+                {
+                    addActionError( (String) it.next() );
+                }
+            }
+
+            roleManager.addAdminUser( user.getPrincipal().toString() );
+            
+        }
+
+        if ( hasActionErrors() )
+        {
+            return INPUT;
+        }
+
+        return SUCCESS;
+    }
+
     public String getUsername()
     {
         return username;

archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java

@@ -22,6 +22,7 @@ import org.apache.maven.archiva.configuration.Configuration;
 import org.apache.maven.archiva.configuration.ConfigurationStore;
 import org.apache.maven.archiva.web.util.RoleManager;
 import org.codehaus.plexus.logging.AbstractLogEnabled;
+import org.codehaus.plexus.security.rbac.RBACManager;
 
 /**
  * An interceptor that makes the application configuration available
@@ -43,6 +44,11 @@ public class ConfigurationInterceptor
      */
     private RoleManager roleManager;
 
+    /**
+     * @plexus.requirement
+     */
+    private RBACManager rbacManager;
+
     /**
      *
      * @param actionInvocation
@@ -52,6 +58,13 @@ public class ConfigurationInterceptor
     public String intercept( ActionInvocation actionInvocation )
         throws Exception
     {
+
+        if ( rbacManager.getAllUserAssignments().size() == 0 )
+        {
+            getLogger().info( "no accounts setup, create user account, forwarding to registration" );
+            return "admin-account-needed";
+        }
+
         Configuration configuration = configurationStore.getConfigurationFromStore();
 
         if ( !configuration.isValid() )

archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java

@@ -253,6 +253,28 @@ public class DefaultRoleManager
 
     }
 
+    /**
+     * helper method for just creating an admin user assignment
+     *
+     * @param principal
+     * @throws RbacStoreException
+     * @throws RbacObjectNotFoundException
+     */
+    public void addAdminUser( String principal )
+        throws RbacStoreException
+    {
+        try
+        {
+            UserAssignment assignment = manager.createUserAssignment( principal );
+            assignment.addRole( manager.getRole( "System Administrator" ) );
+            manager.saveUserAssignment( assignment );
+        }
+        catch ( RbacObjectNotFoundException ne )
+        {
+            throw new RbacStoreException( "unable to find administrator role, this of course is bad", ne );
+        }
+    }
+
     public void addRepository( String repositoryName )
         throws RbacStoreException
     {

archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java

@@ -35,5 +35,8 @@ public interface RoleManager
     public void addUser( String principal )
         throws RbacStoreException;
 
+    public void addAdminUser( String principal )
+        throws RbacStoreException;
+
     public boolean isInitialized();
 }

archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties

@@ -1,3 +1,7 @@
+#
+# properties that might be used in plexus-security initialization
+#
+
 #
 # operations
 #

archiva-webapp/src/main/resources/xwork.xml

@@ -46,6 +46,11 @@
         <param name="namespace">/admin</param>
         <param name="actionName">configure</param>
       </result>
+      <result name="admin-account-needed" type="redirect-action">
+        <param name="namespace">/admin</param>
+        <param name="actionName">registerAdminAccount</param>
+        <param name="method">input</param>
+      </result>
       <result name="config-repository-needed" type="redirect-action">
         <param name="namespace">/admin</param>
         <param name="actionName">addRepository</param>
@@ -145,6 +150,13 @@
 
   <!-- Configuration for the admin package. -->
   <package name="admin" namespace="/admin" extends="base">
+    <action name="registerAdminAccount" class="newUser" method="createAdminUser">
+      <result name="input">/WEB-INF/jsp/admin/registerAdmin.jsp</result>
+      <result name="error">/WEB-INF/jsp/admin/registerAdmin.jsp</result>
+      <result type="redirect-action">index</result>
+      <interceptor-ref name="defaultStack"/>
+    </action>
+
     <action name="index" class="configureAction" method="input">
       <result name="input">/WEB-INF/jsp/admin/index.jsp</result>
     </action>

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/registerAdmin.jsp

@@ -0,0 +1,99 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+<html>
+<head>
+  <title>Adminsitrator Registration Page</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<div id="contentArea">
+  <div id="searchBox">
+    <p>
+      <ww:actionmessage/>
+      <ww:actionerror/>
+    </p>
+
+    <h2>Setup an Administrator Account</h2>
+    <ww:form action="registerAdminAccount" method="post" namespace="/admin">
+      <table class="bodyTable">
+        <tr class="b">
+          <th>
+            Username
+          </th>
+          <td>
+            <ww:textfield name="username" size="30"/>
+          </td>
+        </tr>
+        <tr class="a">
+          <th>
+            Password
+          </th>
+          <td>
+            <ww:password name="password" size="20"/>
+          </td>
+        </tr>
+        <tr class="b">
+          <th>
+            Confirm Password
+          </th>
+          <td>
+            <ww:password name="confirmPassword" size="20"/>
+          </td>
+
+        </tr>
+        <tr class="a">
+          <th>
+            Full Name
+          </th>
+          <td>
+            <ww:textfield name="fullName" size="30"/>
+          </td>
+        </tr>
+
+        <tr class="b">
+          <th>
+            Email
+          </th>
+          <td>
+            <ww:textfield name="email" size="50 "/>
+          </td>
+        </tr>
+        <tr class="a">
+          <td></td>
+          <td>
+            <ww:submit value="Register"/>
+          </td>
+        </tr>
+      </table>
+    </ww:form>
+
+  </div>
+</div>
+
+
+<div class="clear">
+  <hr/>
+</div>
+
+</body>
+
+</html>