You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by br...@apache.org on 2006/09/28 14:06:46 UTC
svn commit: r450822 - in /maven/archiva/trunk:
archiva-security/src/main/java/org/apache/maven/archiva/security/
archiva-security/src/main/resources/META-INF/plexus/ archiva-webapp/
archiva-webapp/src/main/java/org/apache/maven/archiva/web/ archiva-web...
Author: brett
Date: Thu Sep 28 05:06:45 2006
New Revision: 450822
URL: http://svn.apache.org/viewvc?view=rev&rev=450822
Log:
add role profiles
Added:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java (with props)
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java (with props)
Removed:
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java
maven/archiva/trunk/archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml
maven/archiva/trunk/archiva-webapp/pom.xml
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
maven/archiva/trunk/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp
Modified: maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java (original)
+++ maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java Thu Sep 28 05:06:45 2006
@@ -18,14 +18,42 @@
public class ArchivaRoleConstants
{
+ public static final String DELIMITER = " - ";
+
// globalish roles
public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
+
public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
+
public static final String REGISTERED_USER_ROLE = "Registered User";
+
public static final String GUEST_ROLE = "Guest";
+ // dynamic role prefixes
+ public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
+
+ public static final String REPOSITORY_OBSERVER_ROLE_PREFIX = "Repository Observer";
+
// operations
public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
+
public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
+
public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
+
+ public static final String OPERATION_RUN_INDEXER = "archiva-run-indexer";
+
+ public static final String OPERATION_REGENERATE_INDEX = "archiva-regenerate-index";
+
+ public static final String OPERATION_ACCESS_REPORT = "archiva-access-reports";
+
+ public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
+
+ public static final String OPERATION_REPOSITORY_ACCESS = "archiva-read-repository";
+
+ public static final String OPERATION_DELETE_REPOSITORY = "archiva-delete-repository";
+
+ public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
+
+ public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
}
Modified: maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java (original)
+++ maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java Thu Sep 28 05:06:45 2006
@@ -39,6 +39,12 @@
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
+ operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
+ operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );
+ operations.add( ArchivaRoleConstants.OPERATION_ACCESS_REPORT ); // TODO: does this need to be templated?
+ operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
+ operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+ operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
return operations;
}
Added: maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java?view=auto&rev=450822
==============================================================================
--- maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java (added)
+++ maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java Thu Sep 28 05:06:45 2006
@@ -0,0 +1,61 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
+ * role-hint="archiva-repository-manager"
+ */
+public class RepsitoryManagerDynamicRoleProfile
+ extends AbstractDynamicRoleProfile
+{
+ public String getRoleName( String string )
+ {
+ return ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
+ }
+
+ public List getOperations()
+ {
+ List operations = new ArrayList();
+
+ // I'm not sure these are appropriate roles.
+ operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+ operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
+
+ operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+ operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
+ return operations;
+ }
+
+ public List getDynamicChildRoles( String string )
+ {
+ return Collections.singletonList(
+ ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string );
+ }
+
+ public boolean isAssignable()
+ {
+ return true;
+ }
+}
+
Propchange: maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java?view=auto&rev=450822
==============================================================================
--- maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java (added)
+++ maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java Thu Sep 28 05:06:45 2006
@@ -0,0 +1,47 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
+ * role-hint="archiva-repository-observer"
+ */
+public class RepsitoryObserverDynamicRoleProfile
+ extends AbstractDynamicRoleProfile
+{
+ public String getRoleName( String string )
+ {
+ return ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
+ }
+
+ public List getOperations()
+ {
+ List operations = new ArrayList();
+ operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+ return operations;
+ }
+
+ public boolean isAssignable()
+ {
+ return true;
+ }
+}
Propchange: maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml (original)
+++ maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml Thu Sep 28 05:06:45 2006
@@ -63,5 +63,25 @@
</requirement>
</requirements>
</component>
+ <component>
+ <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+ <role-hint>archiva-repository-manager</role-hint>
+ <implementation>org.apache.maven.archiva.security.RepositoryManagerDynamicRoleProfile</implementation>
+ <requirements>
+ <requirement>
+ <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+ </requirement>
+ </requirements>
+ </component>
+ <component>
+ <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+ <role-hint>archiva-repository-observer</role-hint>
+ <implementation>org.apache.maven.archiva.security.RepositoryObserverDynamicRoleProfile</implementation>
+ <requirements>
+ <requirement>
+ <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+ </requirement>
+ </requirements>
+ </component>
</components>
</component-set>
Modified: maven/archiva/trunk/archiva-webapp/pom.xml
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/pom.xml?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/pom.xml (original)
+++ maven/archiva/trunk/archiva-webapp/pom.xml Thu Sep 28 05:06:45 2006
@@ -198,14 +198,19 @@
</exclusions>
</dependency>
<dependency>
- <groupId>org.codehaus.plexus.security</groupId>
- <artifactId>plexus-security-keys-jdo</artifactId>
- <version>1.0-SNAPSHOT</version>
- </dependency>
+ <groupId>org.codehaus.plexus.security</groupId>
+ <artifactId>plexus-security-keys-jdo</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>1.2</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-mail-sender-javamail</artifactId>
+ <version>1.0-alpha-3</version>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
Modified: maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java Thu Sep 28 05:06:45 2006
@@ -16,7 +16,6 @@
* limitations under the License.
*/
-import com.opensymphony.xwork.ActionSupport;
import com.opensymphony.xwork.Preparable;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ConfigurationStore;
@@ -29,8 +28,13 @@
import org.apache.maven.archiva.reporting.ReportGroup;
import org.apache.maven.archiva.reporting.ReportingDatabase;
import org.apache.maven.archiva.reporting.ReportingStoreException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.maven.artifact.repository.ArtifactRepository;
import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
+import org.codehaus.plexus.security.rbac.Resource;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import java.util.ArrayList;
@@ -42,10 +46,11 @@
* Repository reporting.
*
* @plexus.component role="com.opensymphony.xwork.Action" role-hint="reportsAction"
+ * @todo split report access and report generation
*/
public class ReportsAction
extends PlexusActionSupport
- implements Preparable
+ implements Preparable, SecureAction
{
/**
* @plexus.requirement
@@ -222,5 +227,16 @@
public void setFilter( String filter )
{
this.filter = filter;
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+
+ bundle.setRequiresAuthentication( true );
+ bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_ACCESS_REPORT, Resource.GLOBAL );
+
+ return bundle;
}
}
Modified: maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java Thu Sep 28 05:06:45 2006
@@ -24,9 +24,14 @@
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
import org.apache.maven.archiva.configuration.InvalidConfigurationException;
-import org.apache.maven.archiva.web.util.RoleManager;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import org.codehaus.plexus.security.rbac.RbacManagerException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.rbac.profile.RoleProfileManager;
import java.io.IOException;
@@ -37,7 +42,7 @@
*/
public abstract class AbstractConfigureRepositoryAction
extends PlexusActionSupport
- implements ModelDriven, Preparable
+ implements ModelDriven, Preparable, SecureAction
{
/**
* @plexus.requirement
@@ -45,9 +50,9 @@
private ConfigurationStore configurationStore;
/**
- * @plexus.requirement
+ * @plexus.requirement role-hint="archiva"
*/
- protected RoleManager roleManager;
+ protected RoleProfileManager roleProfileManager;
/**
* The repository.
@@ -66,7 +71,7 @@
public String add()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
- RbacManagerException
+ RbacManagerException, RoleProfileException
{
// TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
@@ -82,7 +87,7 @@
public String edit()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
- RbacManagerException
+ RbacManagerException, RoleProfileException
{
// TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
@@ -98,12 +103,10 @@
private String saveConfiguration()
throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
- RbacManagerException
+ RbacManagerException, RoleProfileException
{
addRepository();
- roleManager.addRepository( repository.getId() );
-
configurationStore.storeConfiguration( configuration );
// TODO: do we need to check if indexing is needed?
@@ -114,7 +117,7 @@
}
protected abstract void addRepository()
- throws IOException;
+ throws IOException, RoleProfileException;
public String input()
{
@@ -161,5 +164,20 @@
public Configuration getConfiguration()
{
return configuration;
+ }
+
+ public SecureActionBundle getSecureActionBundle()
+ throws SecureActionException
+ {
+ SecureActionBundle bundle = new SecureActionBundle();
+
+ if ( getRepoId() != null )
+ {
+ bundle.setRequiresAuthentication( true );
+ // TODO: this is not right. It needs to change based on method
+ bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
+ }
+
+ return bundle;
}
}
Modified: maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java Thu Sep 28 05:06:45 2006
@@ -18,6 +18,11 @@
import org.apache.maven.archiva.configuration.AbstractRepositoryConfiguration;
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.rbac.Resource;
import java.io.File;
import java.io.IOException;
@@ -41,7 +46,7 @@
}
protected void addRepository()
- throws IOException
+ throws IOException, RoleProfileException
{
RepositoryConfiguration repository = (RepositoryConfiguration) getRepository();
@@ -55,6 +60,11 @@
}
configuration.addRepository( repository );
+
+ // TODO: double check these are configured on start up
+ roleProfileManager.getDynamicRole( "archiva-repository-manager", repository.getId() );
+
+ roleProfileManager.getDynamicRole( "archiva-repository-observer", repository.getId() );
}
protected AbstractRepositoryConfiguration createRepository()
Modified: maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java Thu Sep 28 05:06:45 2006
@@ -18,21 +18,9 @@
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
-
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ConfigurationStore;
-import org.apache.maven.archiva.configuration.ConfigurationStoreException;
-import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
-import org.apache.maven.archiva.web.util.RoleManager;
import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.user.UserManager;
-import org.codehaus.plexus.security.user.UserNotFoundException;
-
-import java.util.Iterator;
-import java.util.Map;
/**
* An interceptor that makes the application configuration available
@@ -51,28 +39,6 @@
private ConfigurationStore configurationStore;
/**
- * @plexus.requirement
- */
- private RoleManager roleManager;
-
- /**
- * @plexus.requirement
- */
- private RBACManager rbacManager;
-
- /**
- * @plexus.requirement
- */
- private UserManager userManager;
-
- /**
- * @plexus.requirement
- */
- private ArchivaSecurityDefaults archivaDefaults;
-
- private boolean adminInitialized = false;
-
- /**
*
* @param actionInvocation
* @return
@@ -81,30 +47,6 @@
public String intercept( ActionInvocation actionInvocation )
throws Exception
{
- archivaDefaults.ensureDefaultsExist();
- ensureRepoRolesExist();
-
- if ( !adminInitialized )
- {
- adminInitialized = true;
-
- try
- {
- User user = userManager.findUser( "admin" );
- if ( user == null )
- {
- getLogger().info( "No admin user configured - forwarding to admin user creation page." );
- return "admin-user-needed";
- }
- getLogger().info( "Admin user found. No need to configure admin user." );
- }
- catch ( UserNotFoundException e )
- {
- getLogger().info( "No admin user found - forwarding to admin user creation page." );
- return "admin-user-needed";
- }
- }
-
Configuration configuration = configurationStore.getConfigurationFromStore();
if ( !configuration.isValid() )
@@ -123,39 +65,6 @@
else
{
return actionInvocation.invoke();
- }
- }
-
- public void ensureRepoRolesExist()
- throws RbacManagerException
- {
- try
- {
- if ( configurationStore.getConfigurationFromStore().isValid() )
- {
- Map repositories = configurationStore.getConfigurationFromStore().getRepositoriesMap();
-
- for ( Iterator i = repositories.keySet().iterator(); i.hasNext(); )
- {
- String id = (String) i.next();
-
- if ( !rbacManager.roleExists( "Repository Observer - " + id ) )
- {
- getLogger().info( "recovering Repository Observer - " + id );
- roleManager.addRepository( id );
- }
-
- if ( !rbacManager.roleExists( "Repository Manager - " + id ) )
- {
- getLogger().info( "recovering Repository Manager - " + id );
- roleManager.addRepository( id );
- }
- }
- }
- }
- catch ( ConfigurationStoreException e )
- {
- throw new RuntimeException( "error with configurationStore()" );
}
}
Modified: maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java Thu Sep 28 05:06:45 2006
@@ -22,16 +22,16 @@
import org.apache.maven.archiva.configuration.ConfigurationStore;
import org.apache.maven.archiva.configuration.ConfigurationStoreException;
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
-import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.maven.archiva.web.servlet.AbstractPlexusServlet;
import org.codehaus.plexus.security.authentication.AuthenticationException;
import org.codehaus.plexus.security.authentication.AuthenticationResult;
import org.codehaus.plexus.security.authorization.AuthorizationException;
+import org.codehaus.plexus.security.policy.AccountLockedException;
+import org.codehaus.plexus.security.policy.MustChangePasswordException;
import org.codehaus.plexus.security.system.SecuritySession;
import org.codehaus.plexus.security.system.SecuritySystem;
import org.codehaus.plexus.security.ui.web.filter.authentication.HttpAuthenticator;
-import org.codehaus.plexus.security.policy.AccountLockedException;
-import org.codehaus.plexus.security.policy.MustChangePasswordException;
import org.codehaus.plexus.util.FileUtils;
import org.codehaus.plexus.util.StringUtils;
@@ -47,11 +47,10 @@
/**
* RepositoryAccess - access read/write to the repository.
*
- * @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
- * role-hint="repositoryAccess"
- *
* @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
* @version $Id$
+ * @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
+ * role-hint="repositoryAccess"
* @todo CACHE REPOSITORY LIST
*/
public class RepositoryAccess
@@ -73,11 +72,6 @@
private HttpAuthenticator httpAuth;
/**
- * @plexus.requirement
- */
- private ArchivaSecurityDefaults archivaSecurity;
-
- /**
* List of request methods that fall into the category of 'access' or 'read' of a repository.
* All other method requests are to be considered 'write' or 'upload' requests.
*/
@@ -137,7 +131,7 @@
routeToErrorPage( response, "Invalid Repository ID." );
return;
}
-
+
// Authentication Tests.
AuthenticationResult result;
@@ -148,8 +142,8 @@
if ( !result.isAuthenticated() )
{
// Must Authenticate.
- httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
- new AuthenticationException("User Credentials Invalid") );
+ httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
+ new AuthenticationException( "User Credentials Invalid" ) );
return;
}
}
@@ -161,12 +155,12 @@
catch ( AccountLockedException e )
{
httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
- new AuthenticationException("User account is locked") );
+ new AuthenticationException( "User account is locked" ) );
}
catch ( MustChangePasswordException e )
{
- httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
- new AuthenticationException("You must change your password before you can attempt this again.") );
+ httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), new AuthenticationException(
+ "You must change your password before you can attempt this again." ) );
}
// Authorization Tests.
@@ -176,11 +170,11 @@
SecuritySession securitySession = httpAuth.getSecuritySession();
try
{
- String permission = ArchivaSecurityDefaults.REPOSITORY_ACCESS;
+ String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
if ( isWriteRequest )
{
- permission = ArchivaSecurityDefaults.REPOSITORY_UPLOAD;
+ permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
}
permission += " - " + repoconfig.getId();
@@ -190,8 +184,8 @@
if ( !isAuthorized )
{
// Issue HTTP Challenge.
- httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
- new AuthenticationException("Authorization Denied.") );
+ httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
+ new AuthenticationException( "Authorization Denied." ) );
return;
}
}
@@ -204,8 +198,8 @@
RepositoryMapping repo = getRepositoryMapping( repoconfig );
- response.setHeader( "Server", getServletContext().getServerInfo() + " Archiva : "
- + DAVUtilities.SERVLET_SIGNATURE );
+ response.setHeader( "Server",
+ getServletContext().getServerInfo() + " Archiva : " + DAVUtilities.SERVLET_SIGNATURE );
DAVTransaction transaction = new DAVTransaction( request, response );
try
Modified: maven/archiva/trunk/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/resources/META-INF/plexus/application.xml?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/resources/META-INF/plexus/application.xml (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/resources/META-INF/plexus/application.xml Thu Sep 28 05:06:45 2006
@@ -441,8 +441,5 @@
<component>
<role>org.apache.maven.archiva.scheduler.RepositoryTaskScheduler</role>
</component>
- <component>
- <role>org.apache.maven.archiva.web.ArchivaSecurityDefaults</role>
- </component>
</load-on-start>
</plexus>
Modified: maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp Thu Sep 28 05:06:45 2006
@@ -52,7 +52,7 @@
</td>
<%-- TODO: a "delete index and run now" operation should be here too (really clean, remove deletions that didn't get picked up) --%>
<td>
- <pss:ifAuthorized permission="run-indexer">
+ <pss:ifAuthorized permission="archiva-run-indexer">
<a href="<ww:url action="runIndexer" />">Run Now</a>
</pss:ifAuthorized>
</td>
@@ -82,7 +82,7 @@
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
- <pss:ifAuthorized permission="add-repository">
+ <pss:ifAuthorized permission="archiva-add-repository">
<ww:url id="addRepositoryUrl" action="addRepository" method="input"/>
<ww:a href="%{addRepositoryUrl}">Add Repository</ww:a>
</pss:ifAuthorized>
@@ -104,7 +104,8 @@
<ww:param name="repoId" value="%{'${repository.id}'}" />
</ww:url>
<%-- TODO replace with icons --%>
- <pss:ifAuthorized permission="edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized><pss:ifAuthorized permission="delete-repository" resource="${repository.id}"> <ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
+ <pss:ifAuthorized permission="archiva-edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized>
+ <pss:ifAuthorized permission="archiva-delete-repository" resource="${repository.id}"><ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
</div>
<h3>${repository.name}</h3>
<table class="infoTable">
Modified: maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp Thu Sep 28 05:06:45 2006
@@ -92,10 +92,10 @@
<my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl>
</li>
</ul>
- <pss:ifAnyAuthorized permissions="archiva-manage-users,access-reports,archiva-manage-configuration">
+ <pss:ifAnyAuthorized permissions="archiva-manage-users,archiva-access-reports,archiva-manage-configuration">
<h5>Manage</h5>
<ul>
- <pss:ifAuthorized permission="access-reports">
+ <pss:ifAuthorized permission="archiva-access-reports">
<li class="none">
<my:currentWWUrl action="reports" namespace="/admin">Reports</my:currentWWUrl>
</li>
Modified: maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp?view=diff&rev=450822&r1=450821&r2=450822
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp Thu Sep 28 05:06:45 2006
@@ -34,7 +34,7 @@
<div id="contentArea">
-<pss:ifAnyAuthorized permissions="generate-reports">
+<pss:ifAnyAuthorized permissions="archiva-generate-reports">
<ww:form action="reports" namespace="/admin">
<ww:select list="reports" label="Report" name="reportGroup" onchange="document.reports.submit();"/>
<ww:select list="configuration.repositories" listKey="id" listValue="name" label="Repository" headerKey="-"
@@ -55,7 +55,7 @@
--%>
<c:choose>
<c:when test="${!database.inProgress}">
- <pss:ifAuthorized permission="generate-reports">
+ <pss:ifAuthorized permission="archiva-generate-reports">
<ww:url id="regenerateReportUrl" action="runReport" namespace="/admin">
<ww:param name="repositoryId">${database.repository.id}</ww:param>
<ww:param name="reportGroup" value="reportGroup"/>