You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ol...@apache.org on 2013/01/08 23:47:47 UTC
svn commit: r1430611 - in /archiva/trunk/archiva-modules:
archiva-base/archiva-configuration/src/main/mdo/
archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/
archiva-base/archiva-repos...
Author: olamy
Date: Tue Jan 8 22:47:47 2013
New Revision: 1430611
URL: http://svn.apache.org/viewvc?rev=1430611&view=rev
Log:
[MRM-1736] map roles to ldap groups
make authorizer impls dynamic
Modified:
archiva/trunk/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo
archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java
archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java
archiva/trunk/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java
Modified: archiva/trunk/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo?rev=1430611&r1=1430610&r2=1430611&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo (original)
+++ archiva/trunk/archiva-modules/archiva-base/archiva-configuration/src/main/mdo/configuration.mdo Tue Jan 8 22:47:47 2013
@@ -1496,6 +1496,15 @@
</association>
</field>
<field>
+ <name>authorizerImpls</name>
+ <description>The authorizer impls to use.</description>
+ <version>1.4.0+</version>
+ <association>
+ <type>String</type>
+ <multiplicity>*</multiplicity>
+ </association>
+ </field>
+ <field>
<name>ldapConfiguration</name>
<description>the ldap configuration</description>
<version>1.4.0+</version>
Modified: archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java?rev=1430611&r1=1430610&r2=1430611&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java (original)
+++ archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-api/src/main/java/org/apache/archiva/admin/model/beans/RedbackRuntimeConfiguration.java Tue Jan 8 22:47:47 2013
@@ -39,6 +39,11 @@ public class RedbackRuntimeConfiguration
*/
private List<String> userManagerImpls = new ArrayList<String>();
+ /**
+ * Field authorizerImpls.
+ */
+ private java.util.List<String> authorizerImpls;
+
private LdapConfiguration ldapConfiguration;
/**
@@ -153,12 +158,23 @@ public class RedbackRuntimeConfiguration
this.usersCacheConfiguration = usersCacheConfiguration;
}
+ public List<String> getAuthorizerImpls()
+ {
+ return authorizerImpls;
+ }
+
+ public void setAuthorizerImpls( List<String> authorizerImpls )
+ {
+ this.authorizerImpls = authorizerImpls;
+ }
+
@Override
public String toString()
{
final StringBuilder sb = new StringBuilder();
sb.append( "RedbackRuntimeConfiguration" );
sb.append( "{userManagerImpls=" ).append( userManagerImpls );
+ sb.append( ", authorizerImpls=" ).append( authorizerImpls );
sb.append( ", ldapConfiguration=" ).append( ldapConfiguration );
sb.append( ", migratedFromRedbackConfiguration=" ).append( migratedFromRedbackConfiguration );
sb.append( ", configurationProperties=" ).append( configurationProperties );
Modified: archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java?rev=1430611&r1=1430610&r2=1430611&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java (original)
+++ archiva/trunk/archiva-modules/archiva-base/archiva-repository-admin/archiva-repository-admin-default/src/main/java/org/apache/archiva/admin/repository/runtime/DefaultRedbackRuntimeConfigurationAdmin.java Tue Jan 8 22:47:47 2013
@@ -40,7 +40,10 @@ import org.springframework.stereotype.Se
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Named;
+import java.util.Collection;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
/**
* @author Olivier Lamy
@@ -75,7 +78,8 @@ public class DefaultRedbackRuntimeConfig
if ( !redbackRuntimeConfiguration.isMigratedFromRedbackConfiguration() )
{
// so migrate if available
- String userManagerImpl = userConfiguration.getString( UserConfigurationKeys.USER_MANAGER_IMPL );
+ String userManagerImpl =
+ userConfiguration.getConcatenatedList( UserConfigurationKeys.USER_MANAGER_IMPL, "jdo" );
if ( StringUtils.isNotEmpty( userManagerImpl ) )
{
if ( StringUtils.contains( userManagerImpl, ',' ) )
@@ -92,6 +96,25 @@ public class DefaultRedbackRuntimeConfig
}
}
+ String authorizerImpls =
+ userConfiguration.getConcatenatedList( UserConfigurationKeys.AUTHORIZER_IMPL, "rbac" );
+
+ if ( StringUtils.isNotEmpty( authorizerImpls ) )
+ {
+ if ( StringUtils.contains( authorizerImpls, ',' ) )
+ {
+ String[] impls = StringUtils.split( authorizerImpls, ',' );
+ for ( String impl : impls )
+ {
+ redbackRuntimeConfiguration.getAuthorizerImpls().add( impl );
+ }
+ }
+ else
+ {
+ redbackRuntimeConfiguration.getAuthorizerImpls().add( userManagerImpl );
+ }
+ }
+
// now ldap
LdapConfiguration ldapConfiguration = redbackRuntimeConfiguration.getLdapConfiguration();
@@ -130,6 +153,15 @@ public class DefaultRedbackRuntimeConfig
updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration );
}
+ // we ensure authorizerImpls is not empty if so put
+ if ( redbackRuntimeConfiguration.getAuthorizerImpls().isEmpty() )
+ {
+ log.info(
+ "redbackRuntimeConfiguration with empty authorizerImpls so force at least rbac implementation !" );
+ redbackRuntimeConfiguration.getAuthorizerImpls().add( "rbac" );
+ updateRedbackRuntimeConfiguration( redbackRuntimeConfiguration );
+ }
+
boolean save = false;
// NPE free
@@ -502,4 +534,15 @@ public class DefaultRedbackRuntimeConfig
}
return userConfiguration.getConcatenatedList( key, defaultValue );
}
+
+ public Collection<String> getKeys()
+ {
+ Collection<String> keys = userConfiguration.getKeys();
+
+ Set<String> keysSet = new HashSet<String>( keys );
+
+ keysSet.addAll( getRedbackRuntimeConfiguration().getConfigurationProperties().keySet() );
+
+ return keysSet;
+ }
}
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java?rev=1430611&r1=1430610&r2=1430611&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-web-common/src/main/java/org/apache/archiva/web/security/ArchivaAuthorizer.java Tue Jan 8 22:47:47 2013
@@ -18,12 +18,16 @@ package org.apache.archiva.web.security;
* under the License.
*/
+import org.apache.archiva.admin.model.RepositoryAdminException;
+import org.apache.archiva.admin.model.beans.RedbackRuntimeConfiguration;
+import org.apache.archiva.admin.model.runtime.RedbackRuntimeConfigurationAdmin;
import org.apache.archiva.redback.authorization.AuthorizationDataSource;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.Authorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import javax.inject.Inject;
@@ -40,13 +44,10 @@ public class ArchivaAuthorizer
private Logger log = LoggerFactory.getLogger( getClass() );
@Inject
- @Named( value = "authorizer#rbac" )
- private Authorizer rbacAuthorizer;
-
+ private ApplicationContext applicationContext;
@Inject
- @Named( value = "authorizer#ldap" )
- private Authorizer ldapAuthorizer;
+ private RedbackRuntimeConfigurationAdmin redbackRuntimeConfigurationAdmin;
public String getId()
{
@@ -58,11 +59,54 @@ public class ArchivaAuthorizer
{
log.debug( "isAuthorized source: {}", source );
- AuthorizationResult result = ldapAuthorizer.isAuthorized( source );
-
+ try
+ {
+ RedbackRuntimeConfiguration redbackRuntimeConfiguration =
+ redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration();
+
+ AuthorizationException authorizationException = null;
+
+ AuthorizationResult lastResult = null;
+
+ for ( String id : redbackRuntimeConfiguration.getAuthorizerImpls() )
+ {
+ Authorizer authorizer = getAuthorizer( id );
+
+ AuthorizationResult result = null;
+ try
+ {
+ result = authorizer.isAuthorized( source );
+ log.debug( "AuthorizationResult {} with id '{}", result, id );
+ }
+ catch ( AuthorizationException e )
+ {
+ log.debug( "AuthorizationException {} with id '{}", e.getMessage(), id );
+ authorizationException = e;
+ }
+
+ if ( result.isAuthorized() )
+ {
+ return result;
+ }
+
+ lastResult = result;
+ }
+ if ( authorizationException != null )
+ {
+ throw authorizationException;
+ }
+ return lastResult;
+ }
+ catch ( RepositoryAdminException e )
+ {
+ throw new AuthorizationException( e.getMessage(), e );
+ }
+ }
- return rbacAuthorizer.isAuthorized( source );
+ private Authorizer getAuthorizer( String id )
+ {
+ return applicationContext.getBean( "authorizer#" + id, Authorizer.class );
}
public boolean isFinalImplementation()