You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by jm...@apache.org on 2006/09/14 23:56:44 UTC
svn commit: r443495 - in /maven/archiva/trunk/archiva-webapp/src/main:
java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
resources/xwork.xml webapp/WEB-INF/jsp/admin/findUser.jsp
webapp/WEB-INF/jsp/alert.jsp
Author: jmcconnell
Date: Thu Sep 14 14:56:43 2006
New Revision: 443495
URL: http://svn.apache.org/viewvc?view=rev&rev=443495
Log:
UserManagementAction is now implementing the SecureAction interface from plexus-security, all action statements in the xwork.xml using this Action now require authenticated sessions and that the user using them has edit-user or edit-all-users operations granted. Before we go any further on these I am hoping folks can take a peek and see if its too clunky or if perhaps we should change the interfaces for this type of functionality.
Added:
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/alert.jsp (with props)
Modified:
maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
maven/archiva/trunk/archiva-webapp/src/main/resources/xwork.xml
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/findUser.jsp
Modified: maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java?view=diff&rev=443495&r1=443494&r2=443495
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java Thu Sep 14 14:56:43 2006
@@ -1,21 +1,20 @@
package org.apache.maven.archiva.web.action.admin;
-
/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+* Copyright 2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
import com.opensymphony.xwork.Preparable;
import org.codehaus.plexus.security.rbac.RBACManager;
@@ -23,6 +22,9 @@
import org.codehaus.plexus.security.user.User;
import org.codehaus.plexus.security.user.UserManager;
import org.codehaus.plexus.security.user.UserNotFoundException;
+import org.codehaus.plexus.security.user.UserManagerException;
+import org.codehaus.plexus.security.authorization.rbac.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.authorization.rbac.web.interceptor.SecureActionException;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
import java.util.ArrayList;
@@ -38,7 +40,8 @@
* role-hint="userManagement"
*/
public class UserManagementAction
- extends PlexusActionSupport implements Preparable
+ extends PlexusActionSupport
+ implements Preparable, SecureAction
{
/**
* @plexus.requirement
@@ -73,38 +76,51 @@
public void prepare()
throws Exception
{
- if ( username == null || "".equals( username ) )
- {
- user = userManager.findUser( (String) session.get( "MANAGED_USERNAME" ) );
- username = user.getUsername();
- }
- else
+ try
{
- user = userManager.findUser( username );
- }
+ if ( username == null || "".equals( username ) )
+ {
+ user = userManager.findUser( (String) session.get( "MANAGED_USERNAME" ) );
+ username = user.getUsername();
+ }
+ else
+ {
+ user = userManager.findUser( username );
+ }
- session.put( "MANAGED_USERNAME", username );
+ session.put( "MANAGED_USERNAME", username );
- principal = user.getPrincipal().toString();
- fullName = user.getFullName();
- email = user.getEmail();
+ principal = user.getPrincipal().toString();
+ fullName = user.getFullName();
+ email = user.getEmail();
- if ( principal != null && rbacManager.userAssignmentExists( principal ) )
+ if ( principal != null && rbacManager.userAssignmentExists( principal ) )
+ {
+ assignedRoles = new ArrayList( rbacManager.getAssignedRoles( principal ) );
+ availableRoles = new ArrayList( rbacManager.getUnassignedRoles( principal ) );
+ }
+ else
+ {
+ assignedRoles = new ArrayList();
+ availableRoles = rbacManager.getAllAssignableRoles();
+ }
+ }
+ catch ( UserNotFoundException ne )
{
- assignedRoles = new ArrayList( rbacManager.getAssignedRoles( principal ) );
- availableRoles = new ArrayList( rbacManager.getUnassignedRoles( principal ) );
+ addActionError( "user cound not found" );
+ assignedRoles = new ArrayList();
+ availableRoles = new ArrayList();
}
- else
+ catch ( UserManagerException ume )
{
assignedRoles = new ArrayList();
- availableRoles = rbacManager.getAllAssignableRoles();
+ availableRoles = new ArrayList();
}
-
}
/**
* for this method username should be populated
- *
+ *
* @return
*/
public String findUser()
@@ -124,7 +140,7 @@
}
catch ( UserNotFoundException ne )
{
- addActionError( "user could not be found " + username );
+ addActionError( "user could not be found " + username );
return ERROR;
}
}
@@ -160,6 +176,39 @@
}
return SUCCESS;
+ }
+
+
+ public List getRequiredOperations()
+ throws SecureActionException
+ {
+ List operations = new ArrayList();
+ operations.add( "edit-all-users" );
+ operations.add( "edit-user" );
+ return operations;
+ }
+
+ public String getRequiredResource()
+ throws SecureActionException
+ {
+ SecuritySession securitySession = (SecuritySession) session.get( SecuritySession.ROLE );
+
+ User user = securitySession.getUser();
+
+ if ( user != null )
+ {
+ return user.getPrincipal().toString();
+ }
+ else
+ {
+ throw new SecureActionException( "unable to obtain principal from users session" );
+ }
+ }
+
+ public boolean authenticationRequired()
+ throws SecureActionException
+ {
+ return true;
}
public String getUsername()
Modified: maven/archiva/trunk/archiva-webapp/src/main/resources/xwork.xml
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/resources/xwork.xml?view=diff&rev=443495&r1=443494&r2=443495
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/resources/xwork.xml (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/resources/xwork.xml Thu Sep 14 14:56:43 2006
@@ -26,13 +26,16 @@
<package name="base" extends="webwork-default">
<interceptors>
<interceptor name="configuration" class="configurationInterceptor"/>
+ <interceptor name="pssSecureActions" class="pssSecureActionInterceptor"/>
<interceptor-stack name="configuredStack">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="configuration"/>
+ <interceptor-ref name="pssSecureActions"/>
</interceptor-stack>
<interceptor-stack name="configuredPrepareParamsStack">
<interceptor-ref name="paramsPrepareParamsStack"/>
<interceptor-ref name="configuration"/>
+ <interceptor-ref name="pssSecureActions"/>
</interceptor-stack>
</interceptors>
@@ -57,6 +60,8 @@
<param name="method">input</param>
</result>
<result name="error">/WEB-INF/jsp/generalError.jsp</result>
+ <result name="requires-authentication">/WEB-INF/jsp/alert.jsp</result>
+ <result name="requires-authorization">/WEB-INF/jsp/alert.jsp</result>
</global-results>
</package>
@@ -67,6 +72,7 @@
<interceptor-stack name="configuredStack">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="configuration"/>
+ <interceptor-ref name="pssSecureActions"/>
</interceptor-stack>
</interceptors>
Modified: maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/findUser.jsp
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/findUser.jsp?view=diff&rev=443495&r1=443494&r2=443495
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/findUser.jsp (original)
+++ maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/findUser.jsp Thu Sep 14 14:56:43 2006
@@ -28,6 +28,9 @@
<div id="contentArea">
<div id="searchBox">
+ <div id="results">
+ <ww:actionerror/>
+ </div>
<ww:form action="userManagement" method="post" namespace="/admin">
<p>
<ww:textfield label="Find a user" name="username"/>
Added: maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/alert.jsp
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/alert.jsp?view=auto&rev=443495
==============================================================================
--- maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/alert.jsp (added)
+++ maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/alert.jsp Thu Sep 14 14:56:43 2006
@@ -0,0 +1,42 @@
+<%--
+ ~ Copyright 2005-2006 The Apache Software Foundation.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+<html>
+<head>
+ <title>Security Alert Page</title>
+ <ww:head/>
+</head>
+
+<body>
+
+<div id="contentArea">
+ <div id="searchBox">
+ <div id="results">
+ You are not authorized for this activity.
+ </div>
+ </div>
+</div>
+
+<div class="clear">
+ <hr/>
+</div>
+
+</body>
+
+</html>
Propchange: maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/alert.jsp
------------------------------------------------------------------------------
svn:eol-style = native