You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by jo...@apache.org on 2007/10/12 23:36:11 UTC
svn commit: r584279 - in /maven/archiva/trunk/archiva-web:
archiva-security/src/main/java/org/apache/maven/archiva/security/
archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/
archiva-webapp/src/main/java/org/apache/ma...
Author: joakime
Date: Fri Oct 12 14:35:41 2007
New Revision: 584279
URL: http://svn.apache.org/viewvc?rev=584279&view=rev
Log:
[MRM-398] configure guest access by default for pre-configured repositories
Newly added repositories are assigned to the guest user in read-only mode.
Removed:
maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/check/RoleExistanceEnvironmentCheck.java
Modified:
maven/archiva/trunk/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java
maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java
maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java
maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java
Modified: maven/archiva/trunk/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java?rev=584279&r1=584278&r2=584279&view=diff
==============================================================================
--- maven/archiva/trunk/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java (original)
+++ maven/archiva/trunk/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java Fri Oct 12 14:35:41 2007
@@ -63,5 +63,9 @@
public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
+
+ // Role templates
+ public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager";
+ public static final String TEMPLATE_REPOSITORY_OBSERVER = "archiva-repository-observer";
}
Modified: maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java?rev=584279&r1=584278&r2=584279&view=diff
==============================================================================
--- maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java (original)
+++ maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/repositories/AbstractManagedRepositoriesAction.java Fri Oct 12 14:35:41 2007
@@ -22,6 +22,10 @@
import org.apache.commons.io.FileUtils;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.codehaus.plexus.redback.rbac.RBACManager;
+import org.codehaus.plexus.redback.rbac.RbacManagerException;
+import org.codehaus.plexus.redback.rbac.UserAssignment;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
@@ -43,6 +47,11 @@
* @plexus.requirement role-hint="default"
*/
protected RoleManager roleManager;
+
+ /**
+ * @plexus.requirement role-hint="cached"
+ */
+ protected RBACManager rbacManager;
public RoleManager getRoleManager()
{
@@ -75,10 +84,32 @@
protected void addRepositoryRoles( ManagedRepositoryConfiguration newRepository ) throws RoleManagerException
{
+ String repoId = newRepository.getId();
+
// TODO: double check these are configured on start up
// TODO: belongs in the business logic
- roleManager.createTemplatedRole( "archiva-repository-manager", newRepository.getId() );
- roleManager.createTemplatedRole( "archiva-repository-observer", newRepository.getId() );
+
+ if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
+ {
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
+ }
+
+ if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
+ {
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
+ }
+
+ try
+ {
+ UserAssignment ua = rbacManager.getUserAssignment( ArchivaRoleConstants.GUEST_ROLE );
+ ua.addRoleName( ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId );
+ rbacManager.saveUserAssignment( ua );
+ }
+ catch ( RbacManagerException e )
+ {
+ getLogger().warn( "Unable to add role [" + ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - "
+ + repoId + "] to Guest user.", e );
+ }
}
protected void removeContents( ManagedRepositoryConfiguration existingRepository )
@@ -99,9 +130,18 @@
protected void removeRepositoryRoles( ManagedRepositoryConfiguration existingRepository )
throws RoleManagerException
{
- roleManager.removeTemplatedRole( "archiva-repository-manager", existingRepository.getId() );
- roleManager.removeTemplatedRole( "archiva-repository-observer", existingRepository.getId() );
+ String repoId = existingRepository.getId();
+
+ if ( roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId ) )
+ {
+ roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, repoId );
+ }
+
+ if ( roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId ) )
+ {
+ roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId );
+ }
- getLogger().debug( "removed user roles associated with repository " + existingRepository.getId() );
+ getLogger().debug( "removed user roles associated with repository " + repoId );
}
}
Modified: maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java?rev=584279&r1=584278&r2=584279&view=diff
==============================================================================
--- maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java (original)
+++ maven/archiva/trunk/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java Fri Oct 12 14:35:41 2007
@@ -23,6 +23,7 @@
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ConfigurationNames;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.logging.AbstractLogEnabled;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
@@ -69,19 +70,25 @@
private void synchConfiguration( List<ManagedRepositoryConfiguration> repos )
{
+ // NOTE: Remote Repositories do not have roles or security placed around them.
+
for ( ManagedRepositoryConfiguration repoConfig : repos )
{
// manage roles for repositories
try
{
- if ( !roleManager.templatedRoleExists( "archiva-repository-observer", repoConfig.getId() ) )
+ if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER,
+ repoConfig.getId() ) )
{
- roleManager.createTemplatedRole( "archiva-repository-observer", repoConfig.getId() );
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER,
+ repoConfig.getId() );
}
- if ( !roleManager.templatedRoleExists( "archiva-repository-manager", repoConfig.getId() ) )
+ if ( !roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER,
+ repoConfig.getId() ) )
{
- roleManager.createTemplatedRole( "archiva-repository-manager", repoConfig.getId() );
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER,
+ repoConfig.getId() );
}
}
catch ( RoleManagerException e )
@@ -89,7 +96,6 @@
// Log error.
getLogger().error( "Unable to create roles for configured repositories: " + e.getMessage(), e );
}
-
}
}
Modified: maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java?rev=584279&r1=584278&r2=584279&view=diff
==============================================================================
--- maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java (original)
+++ maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/AddManagedRepositoryActionTest.java Fri Oct 12 14:35:41 2007
@@ -25,6 +25,7 @@
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.PlexusTestCase;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle;
@@ -119,9 +120,14 @@
{
FileUtils.deleteDirectory( location );
- // TODO: should be in the business model
- roleManager.createTemplatedRole( "archiva-repository-manager", REPO_ID );
- roleManager.createTemplatedRole( "archiva-repository-observer", REPO_ID );
+ roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+ roleManagerControl.setReturnValue( false );
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+ roleManagerControl.setVoidCallable();
+ roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+ roleManagerControl.setReturnValue( false );
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+ roleManagerControl.setVoidCallable();
roleManagerControl.replay();
Modified: maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java?rev=584279&r1=584278&r2=584279&view=diff
==============================================================================
--- maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java (original)
+++ maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/DeleteManagedRepositoryActionTest.java Fri Oct 12 14:35:41 2007
@@ -25,8 +25,10 @@
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.IndeterminateConfigurationException;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.PlexusTestCase;
import org.codehaus.plexus.redback.role.RoleManager;
+import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle;
import org.codehaus.plexus.redback.xwork.interceptor.SecureActionException;
import org.codehaus.plexus.registry.RegistryException;
@@ -114,8 +116,10 @@
}
public void testDeleteRepositoryKeepContent()
- throws RegistryException, IndeterminateConfigurationException
+ throws Exception
{
+ prepareRoleManagerMock();
+
Configuration configuration = prepDeletionTest( createRepository(), "delete-entry" );
String status = action.deleteEntry();
assertEquals( Action.SUCCESS, status );
@@ -126,8 +130,10 @@
}
public void testDeleteRepositoryDeleteContent()
- throws RegistryException, IndeterminateConfigurationException
+ throws Exception
{
+ prepareRoleManagerMock();
+
Configuration configuration = prepDeletionTest( createRepository(), "delete-contents" );
String status = action.deleteContents();
assertEquals( Action.SUCCESS, status );
@@ -226,4 +232,15 @@
repository.setDeleteReleasedSnapshots( true );
}
+ private void prepareRoleManagerMock()
+ throws RoleManagerException
+ {
+ roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+ roleManagerControl.setReturnValue( true );
+ roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+ roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+ roleManagerControl.setReturnValue( true );
+ roleManager.removeTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+ roleManagerControl.replay();
+ }
}
Modified: maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java
URL: http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java?rev=584279&r1=584278&r2=584279&view=diff
==============================================================================
--- maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java (original)
+++ maven/archiva/trunk/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/action/admin/repositories/EditManagedRepositoryActionTest.java Fri Oct 12 14:35:41 2007
@@ -24,6 +24,7 @@
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.Configuration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.PlexusTestCase;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.xwork.interceptor.SecureActionBundle;
@@ -112,9 +113,14 @@
public void testEditRepository()
throws Exception
{
- // TODO: should be in the business model
- roleManager.createTemplatedRole( "archiva-repository-manager", REPO_ID );
- roleManager.createTemplatedRole( "archiva-repository-observer", REPO_ID );
+ roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+ roleManagerControl.setReturnValue( false );
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, REPO_ID );
+ roleManagerControl.setVoidCallable();
+ roleManager.templatedRoleExists( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+ roleManagerControl.setReturnValue( false );
+ roleManager.createTemplatedRole( ArchivaRoleConstants.TEMPLATE_REPOSITORY_MANAGER, REPO_ID );
+ roleManagerControl.setVoidCallable();
roleManagerControl.replay();