Author: jmcconnell
Date: Thu Mar 1 10:32:59 2007
New Revision: 513431
URL: http://svn.apache.org/viewvc?view=rev&rev=513431
Log:
Security role changes, added global repository manager that is the role for
administering all repositories configuration wise, the particular repository
managers now administer content _in_ their assigned repositories, observers get
read access to corresponding repository (or global access to add if they get
the global observer) and I also removed the archiva-edit-configuration
operation since it was duplicated by the archiva-manage-configuraiton operation
Removed:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/BaseRepositoryManagerRoleProfile.java
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java
maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml
maven/archiva/trunk/archiva-webapp/pom.xml
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
(original)
+++
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
Thu Mar 1 10:32:59 2007
@@ -36,8 +36,6 @@
public static final String GUEST_ROLE = "Guest";
- public static final String BASE_REPOSITORY_MANAGER = "Repository Manager
Base";
-
// dynamic role prefixes
public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository
Manager";
@@ -65,6 +63,5 @@
public static final String OPERATION_EDIT_REPOSITORY =
"archiva-edit-repository";
public static final String OPERATION_REPOSITORY_UPLOAD =
"archiva-upload-repository";
-
- public static final String OPERATION_EDIT_CONFIGURATION =
"archiva-edit-configuration";
+
}
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java
(original)
+++
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleProfileManager.java
Thu Mar 1 10:32:59 2007
@@ -25,6 +25,8 @@
/**
* Role profile manager.
*
+ * Role Structures are laid out as documented
http://docs.codehaus.org/display/MAVENUSER/Archiva+Security+Roles
+ *
* @author Brett Porter
* @todo composition over inheritence?
* @plexus.component
role="org.codehaus.plexus.rbac.profile.RoleProfileManager" role-hint="archiva"
@@ -35,8 +37,9 @@
public void initialize()
throws RoleProfileException
{
- getRole( "archiva-repository-manager-base" );
-
+ getRole( "global-repository-manager" );
+ getRole( "global-repository-observer" );
+
mergeRoleProfiles( "system-administrator",
"archiva-system-administrator" );
mergeRoleProfiles( "user-administrator", "archiva-user-administrator"
);
mergeRoleProfiles( "guest", "archiva-guest" );
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
(original)
+++
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
Thu Mar 1 10:32:59 2007
@@ -41,7 +41,6 @@
{
List operations = new ArrayList();
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
- operations.add( ArchivaRoleConstants.OPERATION_EDIT_CONFIGURATION );
operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java
(original)
+++
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryManagerRoleProfile.java
Thu Mar 1 10:32:59 2007
@@ -26,7 +26,7 @@
/**
* @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile"
- * role-hint="archiva-repository-administrator"
+ * role-hint="global-repository-manager"
*/
public class GlobalRepositoryManagerRoleProfile
extends AbstractRoleProfile
@@ -49,9 +49,21 @@
public List getOperations()
{
List operations = new ArrayList();
+ operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
return operations;
}
+
+ public List getChildRoles()
+ {
+ List childRoles = new ArrayList();
+ childRoles.add( ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE );
+ return childRoles;
+ }
+
+
+
+
}
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java
(original)
+++
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/GlobalRepositoryObserverRoleProfile.java
Thu Mar 1 10:32:59 2007
@@ -26,7 +26,7 @@
/**
* @plexus.component role="org.codehaus.plexus.rbac.profile.RoleProfile"
- * role-hint="archiva-repository-administrator"
+ * role-hint="global-repository-observer"
*/
public class GlobalRepositoryObserverRoleProfile
extends AbstractRoleProfile
@@ -48,6 +48,8 @@
public List getOperations()
{
- return null;
+ List operations = new ArrayList();
+ operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+ return operations;
}
}
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java
(original)
+++
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryManagerDynamicRoleProfile.java
Thu Mar 1 10:32:59 2007
@@ -50,61 +50,17 @@
{
List operations = new ArrayList();
- // I'm not sure these are appropriate roles.
operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
-
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
return operations;
}
-
- public List getChildRoles()
- {
- return Collections.singletonList(
ArchivaRoleConstants.BASE_REPOSITORY_MANAGER );
- }
-
- public List getDynamicChildRoles( String string )
- {
- return Collections.singletonList(
- ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX +
ArchivaRoleConstants.DELIMITER + string );
- }
-
public boolean isAssignable()
{
return true;
}
-
- public Role getRole( String resource )
- throws RoleProfileException
- {
- try
- {
- if ( rbacManager.roleExists( getRoleName( resource ) ) )
- {
- return rbacManager.getRole( getRoleName( resource ) );
- }
- else
- {
- // first time assign the role to the group administrator since
they need the access
- Role newRole = generateRole( resource );
-
- Role repoAdmin = rbacManager.getRole(
ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE );
- repoAdmin.addChildRoleName( newRole.getName() );
- rbacManager.saveRole( repoAdmin );
-
- return newRole;
- }
- }
- catch ( RbacObjectNotFoundException ne )
- {
- throw new RoleProfileException( "unable to get role", ne );
- }
- catch ( RbacManagerException e )
- {
- throw new RoleProfileException( "system error with rbac manager",
e );
- }
- }
+
}
Modified:
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java
(original)
+++
maven/archiva/trunk/archiva-security/src/main/java/org/apache/maven/archiva/security/RepositoryObserverDynamicRoleProfile.java
Thu Mar 1 10:32:59 2007
@@ -57,34 +57,4 @@
return true;
}
- public Role getRole( String resource )
- throws RoleProfileException
-{
- try
- {
- if ( rbacManager.roleExists( getRoleName( resource ) ) )
- {
- return rbacManager.getRole( getRoleName( resource ) );
- }
- else
- {
- // first time assign the role to the group administrator since
they need the access
- Role newRole = generateRole( resource );
-
- Role repoAdmin = rbacManager.getRole(
ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE );
- repoAdmin.addChildRoleName( newRole.getName() );
- rbacManager.saveRole( repoAdmin );
-
- return newRole;
- }
- }
- catch ( RbacObjectNotFoundException ne )
- {
- throw new RoleProfileException( "unable to get role", ne );
- }
- catch ( RbacManagerException e )
- {
- throw new RoleProfileException( "system error with rbac manager", e );
- }
-}
}
Modified:
maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml
(original)
+++
maven/archiva/trunk/archiva-security/src/main/resources/META-INF/plexus/components.xml
Thu Mar 1 10:32:59 2007
@@ -85,8 +85,22 @@
</component>
<component>
<role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
- <role-hint>archiva-repository-manager-base</role-hint>
-
<implementation>org.apache.maven.archiva.security.BaseRepositoryManagerRoleProfile</implementation>
+ <role-hint>global-repository-manager</role-hint>
+
<implementation>org.apache.maven.archiva.security.GlobalRepositoryManagerRoleProfile</implementation>
+ <requirements>
+ <requirement>
+ <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+ </requirement>
+ <requirement>
+ <role>org.codehaus.plexus.PlexusContainer</role>
+ <field-name>container</field-name>
+ </requirement>
+ </requirements>
+ </component>
+ <component>
+ <role>org.codehaus.plexus.rbac.profile.RoleProfile</role>
+ <role-hint>global-repository-observer</role-hint>
+
<implementation>org.apache.maven.archiva.security.GlobalRepositoryObserverRoleProfile</implementation>
<requirements>
<requirement>
<role>org.codehaus.plexus.security.rbac.RBACManager</role>
Modified: maven/archiva/trunk/archiva-webapp/pom.xml
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/pom.xml?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
--- maven/archiva/trunk/archiva-webapp/pom.xml (original)
+++ maven/archiva/trunk/archiva-webapp/pom.xml Thu Mar 1 10:32:59 2007
@@ -264,7 +264,7 @@
<jettyEnvXml>src/jetty-env.xml</jettyEnvXml>
<connectors>
<connector
implementation="org.mortbay.jetty.nio.SelectChannelConnector">
- <port>9091</port>
+ <port>9090</port>
<maxIdleTime>60000</maxIdleTime>
</connector>
</connectors>
Modified:
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
(original)
+++
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
Thu Mar 1 10:32:59 2007
@@ -35,7 +35,7 @@
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
- <pss:ifAuthorized permission="archiva-edit-configuration" resource="*">
+ <pss:ifAuthorized permission="archiva-manage-configuration">
<a href="<ww:url action="configure" />">Edit Configuration</a>
</pss:ifAuthorized>
</div>
Modified:
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp
(original)
+++
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/managedRepositories.jsp
Thu Mar 1 10:32:59 2007
@@ -39,7 +39,7 @@
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
- <pss:ifAuthorized permission="archiva-add-repository">
+ <pss:ifAuthorized permission="archiva-manage-configuration">
<ww:url id="addRepositoryUrl" action="addRepository" method="input"/>
<ww:a href="%{addRepositoryUrl}">Add Repository</ww:a>
</pss:ifAuthorized>
@@ -52,9 +52,10 @@
<strong>There are no managed repositories configured yet.</strong>
</c:if>
<c:forEach items="${repositories}" var="repository" varStatus="i">
- <pss:ifAnyAuthorized permissions="archiva-edit-repository,
archiva-delete-repository" resource="${repository.id}">
+
<div>
<div style="float: right">
+ <pss:ifAnyAuthorized permissions="archiva-manage-configuration">
<ww:url id="editRepositoryUrl" action="editRepository" method="input">
<ww:param name="repoId" value="%{'${repository.id}'}"/>
</ww:url>
@@ -64,6 +65,7 @@
<%-- TODO replace with icons --%>
<ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a>
<ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a>
+ </pss:ifAnyAuthorized>
</div>
<h3>${repository.name}</h3>
<table class="infoTable">
@@ -142,7 +144,6 @@
</tr>
</table>
</div>
- </pss:ifAnyAuthorized>
</c:forEach>
</div>
Modified:
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp
URL:
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp?view=diff&rev=513431&r1=513430&r2=513431
==============================================================================
---
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp
(original)
+++
maven/archiva/trunk/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/proxiedRepositories.jsp
Thu Mar 1 10:32:59 2007
@@ -20,6 +20,7 @@
<%@ taglib prefix="ww" uri="/webwork" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %>
<%@ taglib prefix="my" tagdir="/WEB-INF/tags" %>
+<%@ taglib prefix="pss" uri="/plexusSecuritySystem" %>
<html>
<head>
@@ -33,10 +34,14 @@
<div id="contentArea">
<div>
+
<%-- TODO replace with icons --%>
<div style="float: right">
- <a href="<ww:url action="addProxiedRepository" method="input" />">Add
Repository</a>
+ <pss:ifAuthorized permission="archiva-manage-configuration">
+ <a href="<ww:url action="addProxiedRepository" method="input" />">Add
Repository</a>
+ </pss:ifAuthorized>
</div>
+
<h2>Proxied Repositories</h2>
</div>
@@ -48,10 +53,12 @@
<div>
<div style="float: right">
<%-- TODO replace with icons --%>
- <a href="<ww:url action="editProxiedRepository"
method="input"><ww:param name="repoId" value="%{'${repository.id}'}"
/></ww:url>">Edit
+ <pss:ifAuthorized permission="archiva-manage-configuration">
+ <a href="<ww:url action="editProxiedRepository"
method="input"><ww:param name="repoId" value="%{'${repository.id}'}"
/></ww:url>">Edit
Repository</a> | <a
href="<ww:url action="deleteProxiedRepository"
method="input"><ww:param name="repoId" value="%{'${repository.id}'}"
/></ww:url>">Delete
- Repository</a>
+ Repository</a>
+ </pss:ifAuthorized>
</div>
<h3>${repository.name}</h3>
<table class="infoTable">
