You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@continuum.apache.org by ev...@apache.org on 2007/05/14 20:46:08 UTC
svn commit: r537946 - in /maven/continuum/trunk/continuum-xmlrpc:
continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/
continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/
continuum-xmlrpc-server/src/main/jav...
Author: evenisse
Date: Mon May 14 11:46:07 2007
New Revision: 537946
URL: http://svn.apache.org/viewvc?view=rev&rev=537946
Log:
[CONTINUUM-684] Add security to xmlrpc. Need more work to do.
Modified:
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java Mon May 14 11:46:07 2007
@@ -43,11 +43,12 @@
/**
* Get All projects.
*
+ * @param projectGroupId The project group Id
* @return List of {@link ProjectSummary}
* @throws ContinuumException
* @throws XmlRpcException
*/
- List getProjects()
+ List getProjects( int projectGroupId )
throws ContinuumException, XmlRpcException;
/**
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java Mon May 14 11:46:07 2007
@@ -93,12 +93,12 @@
// Projects
// ----------------------------------------------------------------------
- public List getProjects()
+ public List getProjects( int projectGroupId )
throws ContinuumException
{
try
{
- return continuum.getProjects();
+ return continuum.getProjects( projectGroupId );
}
catch ( Exception e )
{
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java Mon May 14 11:46:07 2007
@@ -28,9 +28,11 @@
}
System.out.println( "Project Groups added." );
System.out.println( "=====================" );
+ int projectGroupId = 0;
for ( Iterator i = result.getProjectGroups().iterator(); i.hasNext(); )
{
ProjectGroupSummary pg = (ProjectGroupSummary) i.next();
+ projectGroupId = pg.getId();
System.out.println( "Id: " + pg.getId() );
System.out.println( "Group Id" + pg.getGroupId() );
System.out.println( "Name: " + pg.getName() );
@@ -86,7 +88,7 @@
System.out.println( "Projects list." );
System.out.println( "=====================" );
- List projects = client.getProjects();
+ List projects = client.getProjects( projectGroupId );
for ( Iterator i = projects.iterator(); i.hasNext(); )
{
ps = (ProjectSummary) i.next();
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java Mon May 14 11:46:07 2007
@@ -23,6 +23,7 @@
import org.apache.maven.continuum.security.ContinuumRoleConstants;
import org.apache.maven.continuum.xmlrpc.ContinuumService;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.util.StringUtils;
@@ -50,6 +51,26 @@
return securitySystem;
}
+ public SecuritySession getSecuritySession()
+ {
+ return config.getSecuritySession();
+ }
+
+ /**
+ * Check if the current user is already authenticated
+ *
+ * @return true if the user is authenticated
+ */
+ public boolean isAuthenticated()
+ {
+ if ( getSecuritySession() == null || !getSecuritySession().isAuthenticated() )
+ {
+ return false;
+ }
+
+ return true;
+ }
+
/**
* Check if the current user is authorized to do the action
*
@@ -110,6 +131,18 @@
}
/**
+ * Check if the current user is authorized to view the specified project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkViewProjectGroupAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource );
+ }
+
+ /**
* Check if the current user is authorized to add a project group
*
* @throws ContinuumException if the user isn't authorized if the user isn't authorized
@@ -121,6 +154,42 @@
}
/**
+ * Check if the current user is authorized to delete the specified project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkRemoveProjectGroupAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to build the specified project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkBuildProjectGroupAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to modify the specified project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkModifyProjectGroupAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource );
+ }
+
+ /**
* Check if the current user is authorized to add a project to a specific project group
*
* @param resource the operation resource
@@ -130,5 +199,229 @@
throws ContinuumException
{
checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to delete a project from a specified group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkRemoveProjectFromGroupAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to modify a project in the specified group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkModifyProjectInGroupAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to build a project in the specified group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkBuildProjectInGroupAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to add a build definition for the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkAddGroupBuildDefinitionAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to delete a build definition in the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkRemoveGroupBuildDefinitionAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to modify a build definition in the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkModifyGroupBuildDefinitionAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to add a group build definition to a specific
+ * project
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkAddProjectBuildDefinitionAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to modify a build definition of a specific project
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkModifyProjectBuildDefinitionAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to delete a build definition of a specific
+ * project
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkRemoveProjectBuildDefinitionAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to add a notifier to the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkAddProjectGroupNotifierAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to delete a notifier in the specified
+ * project group
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkRemoveProjectGroupNotifierAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to modify a notifier in the specified
+ * project group
+ *
+ * @param resource the operartion resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkModifyProjectGroupNotifierAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to add a notifier to a specific project
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkAddProjectNotifierAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to delete a notifier in a specific project
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkRemoveProjectNotifierAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to modify a notifier in a specific project
+ *
+ * @param resource the operation resource
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkModifyProjectNotifierAuthorization( String resource )
+ throws ContinuumException
+ {
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION, resource );
+ }
+
+ /**
+ * Check if the current user is authorized to manage the application's configuration
+ *
+ * @throws ContinuumException
+ * if the user isn't authorized if the user isn't authenticated
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkManageConfigurationAuthorization()
+ throws ContinuumException, ContinuumException
+ {
+ if ( !isAuthenticated() )
+ {
+ throw new ContinuumException( "Authentication required." );
+ }
+
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION );
+ }
+
+ /**
+ * Check if the current user is authorized to manage the project build schedules
+ *
+ * @throws ContinuumException
+ * if the user isn't authorized if the user isn't authenticated
+ * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+ */
+ protected void checkManageSchedulesAuthorization()
+ throws ContinuumException, ContinuumException
+ {
+ if ( !isAuthenticated() )
+ {
+ throw new ContinuumException( "Authentication required." );
+ }
+
+ checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES );
}
}
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java Mon May 14 11:46:07 2007
@@ -54,9 +54,11 @@
// Projects
// ----------------------------------------------------------------------
- public List getProjects()
+ public List getProjects( int projectGroupId )
throws ContinuumException
{
+ checkViewProjectGroupAuthorization( getProjectGroupName( projectGroupId ) );
+
List projectsList = new ArrayList();
Collection projects = continuum.getProjects();
@@ -77,6 +79,9 @@
throws ContinuumException
{
org.apache.maven.continuum.model.project.Project project = continuum.getProject( projectId );
+
+ checkViewProjectGroupAuthorization( project.getProjectGroup().getName() );
+
return populateProjectSummary( project );
}
@@ -84,6 +89,9 @@
throws ContinuumException
{
org.apache.maven.continuum.model.project.Project project = continuum.getProjectWithAllDetails( projectId );
+
+ checkViewProjectGroupAuthorization( project.getProjectGroup().getName() );
+
return populateProject( project );
}
@@ -91,7 +99,12 @@
public int removeProject( int projectId )
throws ContinuumException
{
+ ProjectSummary ps = getProjectSummary( projectId );
+
+ checkRemoveProjectFromGroupAuthorization( ps.getProjectGroup().getName() );
+
continuum.removeProject( projectId );
+
return 0;
}
@@ -99,6 +112,15 @@
// Projects Groups
// ----------------------------------------------------------------------
+ public String getProjectGroupName( int projectGroupId )
+ throws ContinuumException
+ {
+ checkViewProjectGroupAuthorization( getProjectGroupName( projectGroupId ) );
+
+ ProjectGroupSummary pgs = getProjectGroupSummary( projectGroupId );
+ return pgs.getName();
+ }
+
public ProjectGroupSummary getProjectGroupSummary( int projectGroupId )
throws ContinuumException
{
@@ -205,8 +227,7 @@
public AddingResult addMavenTwoProject( String url, int projectGroupId )
throws ContinuumException
{
- ProjectGroupSummary pgs = getProjectGroupSummary( projectGroupId );
- checkAddProjectToGroupAuthorization( pgs.getName() );
+ checkAddProjectToGroupAuthorization( getProjectGroupName( projectGroupId ) );
ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url, projectGroupId );
return populateAddingResult( result );