You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by br...@apache.org on 2009/03/18 21:47:20 UTC
svn commit: r755726 - in /archiva/trunk/archiva-modules/archiva-web:
archiva-security/src/main/java/org/apache/maven/archiva/security/
archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/
archiva-webapp/src/test/java/org/apache/maven/archi...
Author: brett
Date: Wed Mar 18 20:47:20 2009
New Revision: 755726
URL: http://svn.apache.org/viewvc?rev=755726&view=rev
Log:
[MRM-913] bring delete artifact security into line with uploading an artifact
Modified:
archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java
archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java?rev=755726&r1=755725&r2=755726&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java Wed Mar 18 20:47:20 2009
@@ -64,6 +64,8 @@
public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
+ public static final String OPERATION_REPOSITORY_DELETE = "archiva-delete-artifact";
+
// Role templates
public static final String TEMPLATE_REPOSITORY_MANAGER = "archiva-repository-manager";
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java?rev=755726&r1=755725&r2=755726&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java Wed Mar 18 20:47:20 2009
@@ -20,17 +20,12 @@
*/
import java.util.ArrayList;
-import java.util.Collection;
import java.util.List;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.rbac.RBACManager;
-import org.codehaus.plexus.redback.rbac.RbacManagerException;
-import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
-import org.codehaus.plexus.redback.rbac.Role;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.DefaultSecuritySession;
@@ -38,6 +33,8 @@
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* DefaultUserRepositories
@@ -54,11 +51,6 @@
private SecuritySystem securitySystem;
/**
- * @plexus.requirement role-hint="cached"
- */
- private RBACManager rbacManager;
-
- /**
* @plexus.requirement role-hint="default"
*/
private RoleManager roleManager;
@@ -67,6 +59,8 @@
* @plexus.requirement
*/
private ArchivaConfiguration archivaConfiguration;
+
+ private Logger log = LoggerFactory.getLogger( DefaultUserRepositories.class );
public List<String> getObservableRepositoryIds( String principal )
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
@@ -87,49 +81,59 @@
private List<String> getAccessibleRepositoryIds( String principal, String operation )
throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException
{
- try
+ SecuritySession securitySession = createSession( principal );
+
+ List<String> repoIds = new ArrayList<String>();
+
+ List<ManagedRepositoryConfiguration> repos =
+ archivaConfiguration.getConfiguration().getManagedRepositories();
+
+ for ( ManagedRepositoryConfiguration repo : repos )
{
- User user = securitySystem.getUserManager().findUser( principal );
- if ( user == null )
+ try
{
- throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
+ String repoId = repo.getId();
+ if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
+ {
+ repoIds.add( repoId );
+ }
}
-
- if ( user.isLocked() )
+ catch ( AuthorizationException e )
{
- throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
+ // swallow.
+ log.debug( "Not authorizing '" + principal + "' for repository '" + repo.getId() + "': "
+ + e.getMessage() );
}
+ }
- AuthenticationResult authn = new AuthenticationResult( true, principal, null );
- SecuritySession securitySession = new DefaultSecuritySession( authn, user );
-
- List<String> repoIds = new ArrayList<String>();
-
- List<ManagedRepositoryConfiguration> repos =
- archivaConfiguration.getConfiguration().getManagedRepositories();
+ return repoIds;
+ }
- for ( ManagedRepositoryConfiguration repo : repos )
+ private SecuritySession createSession( String principal )
+ throws ArchivaSecurityException, AccessDeniedException
+ {
+ User user;
+ try
+ {
+ user = securitySystem.getUserManager().findUser( principal );
+ if ( user == null )
{
- try
- {
- String repoId = repo.getId();
- if ( securitySystem.isAuthorized( securitySession, operation, repoId ) )
- {
- repoIds.add( repoId );
- }
- }
- catch ( AuthorizationException e )
- {
- // swallow.
- }
+ throw new ArchivaSecurityException(
+ "The security system had an internal error - please check your system logs" );
}
-
- return repoIds;
}
catch ( UserNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
}
+
+ if ( user.isLocked() )
+ {
+ throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
+ }
+
+ AuthenticationResult authn = new AuthenticationResult( true, principal, null );
+ return new DefaultSecuritySession( authn, user );
}
public void createMissingRepositoryRoles( String repoId )
@@ -160,28 +164,12 @@
{
try
{
- User user = securitySystem.getUserManager().findUser( principal );
- if ( user == null )
- {
- throw new ArchivaSecurityException( "The security system had an internal error - please check your system logs" );
- }
-
- if ( user.isLocked() )
- {
- throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
- }
-
- AuthenticationResult authn = new AuthenticationResult( true, principal, null );
- SecuritySession securitySession = new DefaultSecuritySession( authn, user );
+ SecuritySession securitySession = createSession( principal );
return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
repoId );
}
- catch ( UserNotFoundException e )
- {
- throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
- }
catch ( AuthorizationException e )
{
throw new ArchivaSecurityException( e.getMessage() );
@@ -189,41 +177,19 @@
}
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- throws RbacManagerException, RbacObjectNotFoundException
+ throws AccessDeniedException, ArchivaSecurityException
{
- boolean isAuthorized = false;
- String delimiter = " - ";
-
try
{
- Collection<Role> roleList = rbacManager.getEffectivelyAssignedRoles( principal );
-
- for ( Role role : roleList )
- {
- String roleName = role.getName();
-
- if ( roleName.startsWith( ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX ) )
- {
- int delimiterIndex = roleName.indexOf( delimiter );
- String resourceName = roleName.substring( delimiterIndex + delimiter.length() );
-
- if ( resourceName.equals( repoId ) )
- {
- isAuthorized = true;
- break;
- }
- }
- }
- }
- catch ( RbacObjectNotFoundException e )
- {
- throw new RbacObjectNotFoundException( "Unable to find user " + principal + "" );
+ SecuritySession securitySession = createSession( principal );
+
+ return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_DELETE,
+ repoId );
+
}
- catch ( RbacManagerException e )
+ catch ( AuthorizationException e )
{
- throw new RbacManagerException( "Unable to get roles for user " + principal + "" );
+ throw new ArchivaSecurityException( e.getMessage() );
}
-
- return isAuthorized;
}
}
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java?rev=755726&r1=755725&r2=755726&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java Wed Mar 18 20:47:20 2009
@@ -19,9 +19,6 @@
* under the License.
*/
-import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
-import org.codehaus.plexus.redback.rbac.RbacManagerException;
-
import java.util.List;
/**
@@ -82,10 +79,10 @@
* @param principal
* @param repoId
* @return
- * @throws RbacManagerException
- * @throws RbacObjectNotFoundException
+ * @throws ArchivaSecurityException
+ * @throws AccessDeniedException
*/
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- throws RbacManagerException, RbacObjectNotFoundException;
+ throws AccessDeniedException, ArchivaSecurityException;
}
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java?rev=755726&r1=755725&r2=755726&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/DeleteArtifactAction.java Wed Mar 18 20:47:20 2009
@@ -35,33 +35,32 @@
import org.apache.maven.archiva.common.utils.VersionUtil;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.apache.maven.archiva.database.updater.DatabaseConsumers;
import org.apache.maven.archiva.database.ArchivaDatabaseException;
import org.apache.maven.archiva.database.ArtifactDAO;
import org.apache.maven.archiva.database.constraints.ArtifactVersionsConstraint;
+import org.apache.maven.archiva.database.updater.DatabaseConsumers;
import org.apache.maven.archiva.model.ArchivaArtifact;
import org.apache.maven.archiva.model.ArchivaRepositoryMetadata;
import org.apache.maven.archiva.model.VersionedReference;
-import org.apache.maven.archiva.repository.audit.Auditable;
+import org.apache.maven.archiva.repository.ContentNotFoundException;
+import org.apache.maven.archiva.repository.ManagedRepositoryContent;
+import org.apache.maven.archiva.repository.RepositoryContentFactory;
+import org.apache.maven.archiva.repository.RepositoryException;
+import org.apache.maven.archiva.repository.RepositoryNotFoundException;
import org.apache.maven.archiva.repository.audit.AuditEvent;
import org.apache.maven.archiva.repository.audit.AuditListener;
+import org.apache.maven.archiva.repository.audit.Auditable;
import org.apache.maven.archiva.repository.metadata.MetadataTools;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataException;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
-import org.apache.maven.archiva.repository.ContentNotFoundException;
-import org.apache.maven.archiva.repository.RepositoryException;
-import org.apache.maven.archiva.repository.RepositoryNotFoundException;
-import org.apache.maven.archiva.repository.ManagedRepositoryContent;
-import org.apache.maven.archiva.repository.RepositoryContentFactory;
import org.apache.maven.archiva.security.AccessDeniedException;
import org.apache.maven.archiva.security.ArchivaSecurityException;
import org.apache.maven.archiva.security.ArchivaXworkUser;
import org.apache.maven.archiva.security.PrincipalNotFoundException;
import org.apache.maven.archiva.security.UserRepositories;
-import org.codehaus.plexus.redback.rbac.RbacManagerException;
-
import org.apache.struts2.ServletActionContext;
+
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.Preparable;
import com.opensymphony.xwork2.Validateable;
@@ -394,7 +393,11 @@
addActionError( "Invalid version." );
}
}
- catch ( RbacManagerException e )
+ catch ( AccessDeniedException e )
+ {
+ addActionError( e.getMessage() );
+ }
+ catch ( ArchivaSecurityException e )
{
addActionError( e.getMessage() );
}
Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java
URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java?rev=755726&r1=755725&r2=755726&view=diff
==============================================================================
--- archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java (original)
+++ archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/security/UserRepositoriesStub.java Wed Mar 18 20:47:20 2009
@@ -22,13 +22,6 @@
import java.util.ArrayList;
import java.util.List;
-import org.apache.maven.archiva.security.AccessDeniedException;
-import org.apache.maven.archiva.security.ArchivaSecurityException;
-import org.apache.maven.archiva.security.PrincipalNotFoundException;
-import org.apache.maven.archiva.security.UserRepositories;
-import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
-import org.codehaus.plexus.redback.rbac.RbacManagerException;
-
/**
* UserRepositories stub used for testing.
*
@@ -62,7 +55,6 @@
}
public boolean isAuthorizedToDeleteArtifacts( String principal, String repoId )
- throws RbacManagerException, RbacObjectNotFoundException
{
return false;
}