diff --git a/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo b/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo index a9a393b7c..31c57cd65 100644 --- a/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo +++ b/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo @@ -1496,8 +1496,8 @@ - authorizerImpls - The authorizer impls to use. + rbacManagerImpls + The RBAC Manager impls to use. 1.4.0+ String diff --git a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java index ac47544c9..fe4a45011 100644 --- a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java +++ b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java @@ -40,9 +40,9 @@ public class RedbackRuntimeConfiguration private List userManagerImpls = new ArrayList(); /** - * Field authorizerImpls. + * Field rbacManagerImpls. */ - private java.util.List authorizerImpls; + private java.util.List rbacManagerImpls; private LdapConfiguration ldapConfiguration; @@ -158,14 +158,14 @@ public class RedbackRuntimeConfiguration this.usersCacheConfiguration = usersCacheConfiguration; } - public List getAuthorizerImpls() + public List getRbacManagerImpls() { - return authorizerImpls; + return rbacManagerImpls; } - public void setAuthorizerImpls( List authorizerImpls ) + public void setRbacManagerImpls( List rbacManagerImpls ) { - this.authorizerImpls = authorizerImpls; + this.rbacManagerImpls = rbacManagerImpls; } @Override @@ -174,7 +174,7 @@ public class RedbackRuntimeConfiguration final StringBuilder sb = new StringBuilder(); sb.append( "RedbackRuntimeConfiguration" ); sb.append( "{userManagerImpls=" ).append( userManagerImpls ); - sb.append( ", authorizerImpls=" ).append( authorizerImpls ); + sb.append( ", rbacManagerImpls=" ).append( rbacManagerImpls ); sb.append( ", ldapConfiguration=" ).append( ldapConfiguration ); sb.append( ", migratedFromRedbackConfiguration=" ).append( migratedFromRedbackConfiguration ); sb.append( ", configurationProperties=" ).append( configurationProperties ); diff --git a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java index 73f04ac0f..6dc5b0def 100644 --- a/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java +++ b/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java @@ -97,7 +97,7 @@ public class DefaultRedbackRuntimeConfigurationAdmin } String authorizerImpls = - userConfiguration.getConcatenatedList( UserConfigurationKeys.AUTHORIZER_IMPL, "rbac" ); + userConfiguration.getConcatenatedList( UserConfigurationKeys.RBAC_MANAGER_IMPL, "cached" ); if ( StringUtils.isNotEmpty( authorizerImpls ) ) { @@ -106,12 +106,12 @@ public class DefaultRedbackRuntimeConfigurationAdmin String[] impls = StringUtils.split( authorizerImpls, ',' ); for ( String impl : impls ) { - redbackRuntimeConfiguration.getAuthorizerImpls().add( impl ); + redbackRuntimeConfiguration.getRbacManagerImpls().add( impl ); } } else { - redbackRuntimeConfiguration.getAuthorizerImpls().add( userManagerImpl ); + redbackRuntimeConfiguration.getRbacManagerImpls().add( userManagerImpl ); } } @@ -154,11 +154,11 @@ public class DefaultRedbackRuntimeConfigurationAdmin } // we ensure authorizerImpls is not empty if so put - if ( redbackRuntimeConfiguration.getAuthorizerImpls().isEmpty() ) + if ( redbackRuntimeConfiguration.getRbacManagerImpls().isEmpty() ) { log.info( "redbackRuntimeConfiguration with empty authorizerImpls so force at least rbac implementation !" ); - redbackRuntimeConfiguration.getAuthorizerImpls().add( "rbac" ); + redbackRuntimeConfiguration.getRbacManagerImpls().add( "rbac" ); updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration ); } diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/ArchivaStandardRolesCheck.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/ArchivaStandardRolesCheck.java index 1dfd4cdb5..c39ca2753 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/ArchivaStandardRolesCheck.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/archiva/security/ArchivaStandardRolesCheck.java @@ -21,6 +21,7 @@ package org.apache.archiva.security; import java.util.List; +import org.apache.archiva.redback.rbac.RbacManagerException; import org.apache.archiva.redback.system.check.EnvironmentCheck; import org.apache.archiva.security.common.ArchivaRoleConstants; import org.apache.archiva.redback.rbac.RBACManager; @@ -32,20 +33,19 @@ import javax.inject.Inject; import javax.inject.Named; /** - * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions. - * - * + * ArchivaStandardRolesCheck tests for the existance of expected / standard roles and permissions. */ @Service("environmentCheck#archiva-required-roles") public class ArchivaStandardRolesCheck implements EnvironmentCheck { private Logger log = LoggerFactory.getLogger( ArchivaStandardRolesCheck.class ); - + /** * */ - @Inject @Named(value = "rbacManager#cached") + @Inject + @Named(value = "rbacManager#cached") private RBACManager rbacManager; /** @@ -57,36 +57,35 @@ public class ArchivaStandardRolesCheck { if ( !checked ) { - String expectedRoles[] = new String[] { - ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE, + String expectedRoles[] = new String[]{ ArchivaRoleConstants.SYSTEM_ADMINISTRATOR_ROLE, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, - ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, - ArchivaRoleConstants.GUEST_ROLE, - ArchivaRoleConstants.REGISTERED_USER_ROLE, - ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE }; + ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE, ArchivaRoleConstants.GUEST_ROLE, + ArchivaRoleConstants.REGISTERED_USER_ROLE, ArchivaRoleConstants.USER_ADMINISTRATOR_ROLE }; log.info( "Checking the existance of required roles." ); for ( String roleName : expectedRoles ) { - if ( !rbacManager.roleExists( roleName ) ) + try { + if ( !rbacManager.roleExists( roleName ) ) + { + violations.add( "Unable to validate the existances of the '" + roleName + "' role." ); + } + } + catch ( RbacManagerException e ) + { + log.warn( "fail to verify existence of role '{}'", roleName ); violations.add( "Unable to validate the existances of the '" + roleName + "' role." ); } } - String expectedOperations[] = new String[] { - ArchivaRoleConstants.OPERATION_MANAGE_USERS, - ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, - ArchivaRoleConstants.OPERATION_REGENERATE_INDEX, - ArchivaRoleConstants.OPERATION_RUN_INDEXER, - ArchivaRoleConstants.OPERATION_ACCESS_REPORT, - ArchivaRoleConstants.OPERATION_ADD_REPOSITORY, - ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY, - ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, - ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, - ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, - ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, + String expectedOperations[] = new String[]{ ArchivaRoleConstants.OPERATION_MANAGE_USERS, + ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION, ArchivaRoleConstants.OPERATION_REGENERATE_INDEX, + ArchivaRoleConstants.OPERATION_RUN_INDEXER, ArchivaRoleConstants.OPERATION_ACCESS_REPORT, + ArchivaRoleConstants.OPERATION_ADD_REPOSITORY, ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY, + ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, + ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, "archiva-guest" }; log.info( "Checking the existance of required operations." );