Author: joakime
Date: Fri Nov 2 10:47:55 2007
New Revision: 591410
URL: http://svn.apache.org/viewvc?rev=591410&view=rev
Log:
[MRM-569] Browse shows results for all repositories, regardless of security.
Added ArchivaUser interface to obtain the active principal.
Added ArchivaXworkUser implementation to obtain principal from
redback-xwork-integration layer.
Updated (Default)UserRepositories to utilize redback
SecuritySystem.isAuthorized() properly.
Updated BrowseAction and ShowArtifactAction to show the limited view provided.
Added:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java
(with props)
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/repository-archiva.xml
(with props)
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java
(with props)
Modified:
maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/ProjectModelDAO.java
maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/jdo/JdoProjectModelDAO.java
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.java
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.xml
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/BrowseAction.java
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
Modified:
maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/ProjectModelDAO.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/ProjectModelDAO.java?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/ProjectModelDAO.java
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/ProjectModelDAO.java
Fri Nov 2 10:47:55 2007
@@ -57,7 +57,7 @@
public ArchivaProjectModel getProjectModel( String groupId, String
artifactId, String version )
throws ObjectNotFoundException, ArchivaDatabaseException;
- public List /*<ArchivaProjectModel>*/queryProjectModels( Constraint
constraint )
+ public List<ArchivaProjectModel> queryProjectModels( Constraint constraint
)
throws ObjectNotFoundException, ArchivaDatabaseException;
public ArchivaProjectModel saveProjectModel( ArchivaProjectModel model )
Modified:
maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/jdo/JdoProjectModelDAO.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/jdo/JdoProjectModelDAO.java?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/jdo/JdoProjectModelDAO.java
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-database/src/main/java/org/apache/maven/archiva/database/jdo/JdoProjectModelDAO.java
Fri Nov 2 10:47:55 2007
@@ -74,7 +74,7 @@
return (ArchivaProjectModel) jdo.getObjectById(
ArchivaProjectModel.class, key, null );
}
- public List queryProjectModels( Constraint constraint )
+ public List<ArchivaProjectModel> queryProjectModels( Constraint constraint
)
throws ObjectNotFoundException, ArchivaDatabaseException
{
return jdo.queryObjects( ArchivaProjectModel.class, constraint );
Modified:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
Fri Nov 2 10:47:55 2007
@@ -35,6 +35,10 @@
public static final String REGISTERED_USER_ROLE = "Registered User";
public static final String GUEST_ROLE = "Guest";
+
+ // principals
+
+ public static final String PRINCIPAL_GUEST = "guest";
// dynamic role prefixes
public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository
Manager";
@@ -69,14 +73,11 @@
public static final String TEMPLATE_REPOSITORY_OBSERVER =
"archiva-repository-observer";
+ public static final String TEMPLATE_GLOBAL_REPOSITORY_OBSERVER =
"archiva-global-repository-observer";
+
public static final String TEMPLATE_SYSTEM_ADMIN =
"archiva-system-administrator";
public static final String TEMPLATE_GUEST = "archiva-guest";
-
- public static String toRepositoryObserverRoleId( String repoId )
- {
- return TEMPLATE_REPOSITORY_OBSERVER + "-" + repoId;
- }
public static String toRepositoryObserverRoleName( String repoId )
{
Added:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java?rev=591410&view=auto
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java
(added)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java
Fri Nov 2 10:47:55 2007
@@ -0,0 +1,36 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * ArchivaUser- interface to access the active principal.
+ *
+ * @author <a href="mailto:[EMAIL PROTECTED]">Joakim Erdfelt</a>
+ * @version $Id$
+ */
+public interface ArchivaUser
+{
+ /**
+ * Get the active principal from the security system.
+ *
+ * @return the active principal. (if not authenticated, the guest
principal is returned)
+ */
+ public String getActivePrincipal();
+}
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java
------------------------------------------------------------------------------
svn:keywords = "Author Date Id Revision"
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaUser.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
Fri Nov 2 10:47:55 2007
@@ -19,21 +19,22 @@
* under the License.
*/
-import org.codehaus.plexus.redback.rbac.Permission;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.maven.archiva.configuration.ArchivaConfiguration;
+import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.rbac.RBACManager;
-import org.codehaus.plexus.redback.rbac.RbacManagerException;
-import org.codehaus.plexus.redback.rbac.RbacObjectNotFoundException;
import org.codehaus.plexus.redback.role.RoleManager;
import org.codehaus.plexus.redback.role.RoleManagerException;
+import org.codehaus.plexus.redback.system.DefaultSecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
/**
* DefaultUserRepositories
*
@@ -61,6 +62,11 @@
*/
private RoleManager roleManager;
+ /**
+ * @plexus.requirement
+ */
+ private ArchivaConfiguration archivaConfiguration;
+
public List<String> getObservableRepositoryIds( String principal )
throws PrincipalNotFoundException, AccessDeniedException,
ArchivaSecurityException
{
@@ -73,38 +79,35 @@
{
throw new AccessDeniedException( "User " + principal + "(" +
user.getFullName() + ") is locked." );
}
-
- Map<String, List<Permission>> permissionMap =
rbacManager.getAssignedPermissionMap( principal );
+
+ AuthenticationResult authn = new AuthenticationResult( true,
principal, null );
+ SecuritySession securitySession = new DefaultSecuritySession(
authn, user );
List<String> repoIds = new ArrayList<String>();
+
+ List<ManagedRepositoryConfiguration> repos =
archivaConfiguration.getConfiguration().getManagedRepositories();
- for( Entry<String,List<Permission>> entry:
permissionMap.entrySet() )
+ for ( ManagedRepositoryConfiguration repo : repos )
{
- List<Permission> perms = entry.getValue();
-
- for( Permission perm: perms )
+ try
+ {
+ String repoId = repo.getId();
+ if ( securitySystem.isAuthorized( securitySession,
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
+ {
+ repoIds.add( repoId );
+ }
+ }
+ catch ( AuthorizationException e )
{
- System.out.println( "Principal[" + principal + "] :
Permission[" + entry.getKey() + "]:" + perm.getName() + " - Operation:"
- + perm.getOperation().getName() + " - Resource:" +
perm.getResource().getIdentifier() );
+ // swallow.
}
}
- System.out.println("-");
-
return repoIds;
}
catch ( UserNotFoundException e )
{
throw new PrincipalNotFoundException( "Unable to find principal "
+ principal + "" );
- }
- catch ( RbacObjectNotFoundException e )
- {
- throw new PrincipalNotFoundException( "Unable to find user role
assignments for user " + principal, e );
- }
- catch ( RbacManagerException e )
- {
- throw new ArchivaSecurityException( "Unable to initialize
underlying security framework: " + e.getMessage(),
- e );
}
}
Modified:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.java?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.java
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/java/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.java
Fri Nov 2 10:47:55 2007
@@ -19,22 +19,20 @@
* under the License.
*/
+import java.io.File;
+import java.util.List;
+
+import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
+import org.apache.maven.archiva.configuration.ArchivaConfiguration;
+import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.codehaus.plexus.PlexusTestCase;
-import org.codehaus.plexus.redback.rbac.Operation;
-import org.codehaus.plexus.redback.rbac.Permission;
import org.codehaus.plexus.redback.rbac.RBACManager;
-import org.codehaus.plexus.redback.rbac.Resource;
-import org.codehaus.plexus.redback.rbac.Role;
-import org.codehaus.plexus.redback.rbac.UserAssignment;
import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.role.RoleManagerException;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserManager;
-import java.util.List;
-
/**
* DefaultUserRepositoriesTest
*
@@ -44,8 +42,6 @@
public class DefaultUserRepositoriesTest
extends PlexusTestCase
{
- private static final String PERMISSION_READ_REPOSITORY = "Archiva Read
Repository";
-
private static final String USER_GUEST = "guest";
private static final String USER_ADMIN = "admin";
@@ -58,27 +54,28 @@
private RoleManager roleManager;
+ private ArchivaConfiguration archivaConfiguration;
+
+ private UserRepositories userRepos;
+
public void testGetObservableRepositoryIds()
throws Exception
{
- UserRepositories userRepos = (UserRepositories) lookup(
UserRepositories.class, "default" );
- assertNotNull( userRepos );
-
// create some users.
createUser( USER_ALPACA, "Al 'Archiva' Paca" );
assertEquals( "Expected users", 3,
securitySystem.getUserManager().getUsers().size() );
// some unassigned repo observer roles.
- userRepos.createMissingRepositoryRoles( "central" );
- userRepos.createMissingRepositoryRoles( "coporate" );
- userRepos.createMissingRepositoryRoles( "internal" );
- userRepos.createMissingRepositoryRoles( "snapshots" );
- userRepos.createMissingRepositoryRoles( "secret" );
+ setupRepository( "central" );
+ setupRepository( "corporate" );
+ setupRepository( "internal" );
+ setupRepository( "snapshots" );
+ setupRepository( "secret" );
// some assigned repo observer roles.
- assignRepositoryObserverRole( USER_ALPACA, "central" );
assignRepositoryObserverRole( USER_ALPACA, "corporate" );
+ assignRepositoryObserverRole( USER_ALPACA, "central" );
assignRepositoryObserverRole( USER_GUEST, "corporate" );
// the global repo observer role.
assignGlobalRepositoryObserverRole( USER_ADMIN );
@@ -101,104 +98,30 @@
}
}
- private void assignGlobalRepositoryObserverRole( String principal )
- throws Exception
- {
- Role role = createRepositoryObserverRole(
ArchivaRoleConstants.GLOBAL_REPOSITORY_OBSERVER_ROLE,
- PERMISSION_READ_REPOSITORY,
Resource.GLOBAL );
- assignRole( principal, role );
- }
-
- private void assignRepositoryObserverRole( String principal, String repoId
)
- throws Exception
- {
- // String roleId = ArchivaRoleConstants.toRepositoryObserverRoleId(
repoId );
- String roleId = ArchivaRoleConstants.toRepositoryObserverRoleName(
repoId );
- roleManager.assignRole( roleId, principal );
-
-// Role role = createRepositoryObserverRole( roleName,
PERMISSION_READ_REPOSITORY, repoId );
-// assertEquals( roleName, role.getName() );
-// assignRole( principal, role );
- }
-
- private void assignRole( String principal, Role role )
+ private void setupRepository( String repoId )
throws Exception
{
- UserAssignment ua;
-
- if ( rbacManager.userAssignmentExists( principal ) )
- {
- ua = rbacManager.getUserAssignment( principal );
- }
- else
- {
- ua = rbacManager.createUserAssignment( principal );
- }
-
- ua.addRoleName( role );
+ // Add repo to configuration.
+ ManagedRepositoryConfiguration repoConfig = new
ManagedRepositoryConfiguration();
+ repoConfig.setId( repoId );
+ repoConfig.setName( "Testable repo <" + repoId + ">" );
+ repoConfig.setLocation( getTestPath( "target/test-repo/" + repoId ) );
+ archivaConfiguration.getConfiguration().addManagedRepository(
repoConfig );
- rbacManager.saveUserAssignment( ua );
+ // Add repo roles to security.
+ userRepos.createMissingRepositoryRoles( repoId );
}
- private void createRepositoryObserverRole( String repoId )
+ private void assignGlobalRepositoryObserverRole( String principal )
throws Exception
{
- createRepositoryObserverRole(
ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ),
- PERMISSION_READ_REPOSITORY + "-" +
repoId, repoId );
+ roleManager.assignRole(
ArchivaRoleConstants.TEMPLATE_GLOBAL_REPOSITORY_OBSERVER, principal );
}
- private Role createRepositoryObserverRole( String roleName, String
permissionName, String resourceId )
+ private void assignRepositoryObserverRole( String principal, String repoId
)
throws Exception
{
- if ( rbacManager.roleExists( roleName ) )
- {
- return rbacManager.getRole( roleName );
- }
-
- Permission perm;
- Operation operationRepoAccess;
- Resource resource;
-
- // if ( rbacManager.resourceExists( resourceId ) )
- // {
- // resource = rbacManager.getResource( resourceId );
- // }
- // else
- // {
- // resource = rbacManager.createResource( resourceId );
- // }
- resource = rbacManager.createResource( resourceId );
-
- // if ( rbacManager.operationExists(
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) )
- // {
- // operationRepoAccess = rbacManager.getOperation(
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
- // }
- // else
- // {
- // operationRepoAccess = rbacManager.createOperation(
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
- // }
- operationRepoAccess = rbacManager.createOperation(
ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
-
- // if ( rbacManager.permissionExists( permissionName ) )
- // {
- // perm = rbacManager.getPermission( permissionName );
- // }
- // else
- // {
- // perm = rbacManager.createPermission( permissionName );
- // }
- perm = rbacManager.createPermission( permissionName );
- perm.setOperation( operationRepoAccess );
- perm.setResource( resource );
-
- Role role = rbacManager.createRole( roleName );
- role.addPermission( perm );
-
- rbacManager.saveOperation( operationRepoAccess );
- rbacManager.savePermission( perm );
- rbacManager.saveRole( role );
-
- return role;
+ roleManager.assignTemplatedRole(
ArchivaRoleConstants.TEMPLATE_REPOSITORY_OBSERVER, repoId, principal );
}
private User createUser( String principal, String fullname )
@@ -219,10 +142,27 @@
{
super.setUp();
+ File srcConfig = getTestFile(
"src/test/resources/repository-archiva.xml" );
+ File destConfig = getTestFile( "target/test-conf/archiva.xml" );
+
+ destConfig.getParentFile().mkdirs();
+ destConfig.delete();
+
+ FileUtils.copyFile( srcConfig, destConfig );
+
securitySystem = (SecuritySystem) lookup( SecuritySystem.class,
"testable" );
rbacManager = (RBACManager) lookup( RBACManager.class, "memory" );
roleManager = (RoleManager) lookup( RoleManager.class, "default" );
-
+ userRepos = (UserRepositories) lookup( UserRepositories.class,
"default" );
+ archivaConfiguration = (ArchivaConfiguration) lookup(
ArchivaConfiguration.class );
+
+ // Some basic asserts.
+ assertNotNull( securitySystem );
+ assertNotNull( rbacManager );
+ assertNotNull( roleManager );
+ assertNotNull( userRepos );
+ assertNotNull( archivaConfiguration );
+
// Setup Admin User.
User adminUser = createUser( USER_ADMIN, "Admin User" );
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN,
adminUser.getPrincipal().toString() );
@@ -230,5 +170,6 @@
// Setup Guest User.
User guestUser = createUser( USER_GUEST, "Guest User" );
roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST,
guestUser.getPrincipal().toString() );
+
}
}
Modified:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.xml
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.xml?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.xml
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/org/apache/maven/archiva/security/DefaultUserRepositoriesTest.xml
Fri Nov 2 10:47:55 2007
@@ -23,6 +23,10 @@
<role-hint>default</role-hint>
<field-name>roleManager</field-name>
</requirement>
+ <requirement>
+
<role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role>
+ <field-name>archivaConfiguration</field-name>
+ </requirement>
</requirements>
</component>
@@ -160,6 +164,29 @@
<field-name>rbacManager</field-name>
</requirement>
</requirements>
+ </component>
+
+ <component>
+ <role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role>
+
<implementation>org.apache.maven.archiva.configuration.DefaultArchivaConfiguration</implementation>
+ <requirements>
+ <requirement>
+ <role>org.codehaus.plexus.registry.Registry</role>
+ <role-hint>configured</role-hint>
+ </requirement>
+ </requirements>
+ </component>
+ <component>
+ <role>org.codehaus.plexus.registry.Registry</role>
+ <role-hint>configured</role-hint>
+
<implementation>org.codehaus.plexus.registry.commons.CommonsConfigurationRegistry</implementation>
+ <configuration>
+ <properties>
+ <system/>
+ <xml fileName="${basedir}/target/test-conf/archiva.xml"
+ config-name="org.apache.maven.archiva.base"
config-at="org.apache.maven.archiva"/>
+ </properties>
+ </configuration>
</component>
</components>
Added:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/repository-archiva.xml
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/repository-archiva.xml?rev=591410&view=auto
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/repository-archiva.xml
(added)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/repository-archiva.xml
Fri Nov 2 10:47:55 2007
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<configuration>
+
+ <version>2</version>
+
+ <repositoryScanning>
+ <fileTypes>
+ <fileType>
+ <id>artifacts</id>
+ <patterns>
+ <pattern>**/*.pom</pattern>
+ <pattern>**/*.jar</pattern>
+ <pattern>**/*.ear</pattern>
+ <pattern>**/*.war</pattern>
+ <pattern>**/*.car</pattern>
+ <pattern>**/*.sar</pattern>
+ <pattern>**/*.mar</pattern>
+ <pattern>**/*.rar</pattern>
+ <pattern>**/*.dtd</pattern>
+ <pattern>**/*.tld</pattern>
+ <pattern>**/*.tar.gz</pattern>
+ <pattern>**/*.tar.bz2</pattern>
+ <pattern>**/*.zip</pattern>
+ </patterns>
+ </fileType>
+ <fileType>
+ <id>indexable-content</id>
+ <patterns>
+ <pattern>**/*.txt</pattern>
+ <pattern>**/*.TXT</pattern>
+ <pattern>**/*.block</pattern>
+ <pattern>**/*.config</pattern>
+ <pattern>**/*.pom</pattern>
+ <pattern>**/*.xml</pattern>
+ <pattern>**/*.xsd</pattern>
+ <pattern>**/*.dtd</pattern>
+ <pattern>**/*.tld</pattern>
+ </patterns>
+ </fileType>
+ <fileType>
+ <id>auto-remove</id>
+ <patterns>
+ <pattern>**/*.bak</pattern>
+ <pattern>**/*~</pattern>
+ <pattern>**/*-</pattern>
+ </patterns>
+ </fileType>
+ <fileType>
+ <id>ignored</id>
+ <patterns>
+ <pattern>**/.htaccess</pattern>
+ <pattern>**/KEYS</pattern>
+ <pattern>**/*.rb</pattern>
+ <pattern>**/*.sh</pattern>
+ <pattern>**/.svn/**</pattern>
+ <pattern>**/.DAV/**</pattern>
+ </patterns>
+ </fileType>
+ </fileTypes>
+ <knownContentConsumers>
+ <knownContentConsumer>update-db-artifact</knownContentConsumer>
+ <knownContentConsumer>create-missing-checksums</knownContentConsumer>
+
<knownContentConsumer>update-db-repository-metadata</knownContentConsumer>
+ <knownContentConsumer>validate-checksum</knownContentConsumer>
+ <knownContentConsumer>validate-signature</knownContentConsumer>
+ <knownContentConsumer>index-content</knownContentConsumer>
+ <knownContentConsumer>auto-remove</knownContentConsumer>
+ <knownContentConsumer>auto-rename</knownContentConsumer>
+ </knownContentConsumers>
+ <invalidContentConsumers>
+ <invalidContentConsumer>update-db-bad-content</invalidContentConsumer>
+ </invalidContentConsumers>
+ </repositoryScanning>
+
+ <databaseScanning>
+ <cronExpression>0 0 * * ?</cronExpression>
+ <unprocessedConsumers>
+ <unprocessedConsumer>index-artifact</unprocessedConsumer>
+ <unprocessedConsumer>update-db-project</unprocessedConsumer>
+ <unprocessedConsumer>validate-repository-metadata</unprocessedConsumer>
+ <unprocessedConsumer>index-archive-toc</unprocessedConsumer>
+ <unprocessedConsumer>update-db-bytecode-stats</unprocessedConsumer>
+ <unprocessedConsumer>index-public-methods</unprocessedConsumer>
+ </unprocessedConsumers>
+ <cleanupConsumers>
+ <cleanupConsumer>not-present-remove-db-artifact</cleanupConsumer>
+ <cleanupConsumer>not-present-remove-db-project</cleanupConsumer>
+ <cleanupConsumer>not-present-remove-indexed</cleanupConsumer>
+ </cleanupConsumers>
+ </databaseScanning>
+
+</configuration>
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/repository-archiva.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/repository-archiva.xml
------------------------------------------------------------------------------
svn:keywords = "Author Date Id Revision"
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-security/src/test/resources/repository-archiva.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/BrowseAction.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/BrowseAction.java?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/BrowseAction.java
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/BrowseAction.java
Fri Nov 2 10:47:55 2007
@@ -22,8 +22,16 @@
import org.apache.commons.lang.StringUtils;
import org.apache.maven.archiva.database.browsing.BrowsingResults;
import org.apache.maven.archiva.database.browsing.RepositoryBrowsing;
+import org.apache.maven.archiva.security.AccessDeniedException;
+import org.apache.maven.archiva.security.ArchivaSecurityException;
+import org.apache.maven.archiva.security.ArchivaUser;
+import org.apache.maven.archiva.security.PrincipalNotFoundException;
+import org.apache.maven.archiva.security.UserRepositories;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import java.util.Collections;
+import java.util.List;
+
/**
* Browse the repository.
*
@@ -39,6 +47,16 @@
* @plexus.requirement role-hint="default"
*/
private RepositoryBrowsing repoBrowsing;
+
+ /**
+ * @plexus.requirement
+ */
+ private UserRepositories userRepositories;
+
+ /**
+ * @plexus.requirement role-hint="xwork"
+ */
+ private ArchivaUser archivaUser;
private BrowsingResults results;
@@ -48,7 +66,7 @@
public String browse()
{
- this.results = repoBrowsing.getRoot();
+ this.results = repoBrowsing.getRoot( getPrincipal(),
getObservableRepos() );
return SUCCESS;
}
@@ -61,7 +79,7 @@
return ERROR;
}
- this.results = repoBrowsing.selectGroupId( groupId );
+ this.results = repoBrowsing.selectGroupId( getPrincipal(),
getObservableRepos(), groupId );
return SUCCESS;
}
@@ -81,8 +99,35 @@
return ERROR;
}
- this.results = repoBrowsing.selectArtifactId( groupId, artifactId );
+ this.results = repoBrowsing.selectArtifactId( getPrincipal(),
getObservableRepos(), groupId, artifactId );
return SUCCESS;
+ }
+
+ private String getPrincipal()
+ {
+ return archivaUser.getActivePrincipal();
+ }
+
+ private List<String> getObservableRepos()
+ {
+ try
+ {
+ return userRepositories.getObservableRepositoryIds( getPrincipal()
);
+ }
+ catch ( PrincipalNotFoundException e )
+ {
+ getLogger().warn( e.getMessage(), e );
+ }
+ catch ( AccessDeniedException e )
+ {
+ getLogger().warn( e.getMessage(), e );
+ // TODO: pass this onto the screen.
+ }
+ catch ( ArchivaSecurityException e )
+ {
+ getLogger().warn( e.getMessage(), e );
+ }
+ return Collections.emptyList();
}
public String getGroupId()
Modified:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java
Fri Nov 2 10:47:55 2007
@@ -26,8 +26,14 @@
import org.apache.maven.archiva.database.ObjectNotFoundException;
import org.apache.maven.archiva.database.browsing.RepositoryBrowsing;
import org.apache.maven.archiva.model.ArchivaProjectModel;
+import org.apache.maven.archiva.security.AccessDeniedException;
+import org.apache.maven.archiva.security.ArchivaSecurityException;
+import org.apache.maven.archiva.security.ArchivaUser;
+import org.apache.maven.archiva.security.PrincipalNotFoundException;
+import org.apache.maven.archiva.security.UserRepositories;
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import java.util.Collections;
import java.util.List;
/**
@@ -46,6 +52,16 @@
* @plexus.requirement role-hint="default"
*/
private RepositoryBrowsing repoBrowsing;
+
+ /**
+ * @plexus.requirement
+ */
+ private UserRepositories userRepositories;
+
+ /**
+ * @plexus.requirement role-hint="xwork"
+ */
+ private ArchivaUser archivaUser;
/* .\ Input Parameters \.________________________________________ */
@@ -86,7 +102,7 @@
{
try
{
- this.model = repoBrowsing.selectVersion( groupId, artifactId,
version );
+ this.model = repoBrowsing.selectVersion( getPrincipal(),
getObservableRepos(), groupId, artifactId, version );
}
catch ( ObjectNotFoundException oe )
{
@@ -104,7 +120,7 @@
public String dependencies()
throws ObjectNotFoundException, ArchivaDatabaseException
{
- this.model = repoBrowsing.selectVersion( groupId, artifactId, version
);
+ this.model = repoBrowsing.selectVersion( getPrincipal(),
getObservableRepos(), groupId, artifactId, version );
this.dependencies = model.getDependencies();
@@ -117,7 +133,7 @@
public String mailingLists()
throws ObjectNotFoundException, ArchivaDatabaseException
{
- this.model = repoBrowsing.selectVersion( groupId, artifactId, version
);
+ this.model = repoBrowsing.selectVersion( getPrincipal(),
getObservableRepos(), groupId, artifactId, version );
this.mailingLists = model.getMailingLists();
return SUCCESS;
@@ -142,9 +158,9 @@
public String dependees()
throws ObjectNotFoundException, ArchivaDatabaseException
{
- this.model = repoBrowsing.selectVersion( groupId, artifactId, version
);
+ this.model = repoBrowsing.selectVersion( getPrincipal(),
getObservableRepos(), groupId, artifactId, version );
- this.dependees = repoBrowsing.getUsedBy( groupId, artifactId, version
);
+ this.dependees = repoBrowsing.getUsedBy( getPrincipal(),
getObservableRepos(), groupId, artifactId, version );
return SUCCESS;
}
@@ -155,9 +171,36 @@
public String dependencyTree()
throws ObjectNotFoundException, ArchivaDatabaseException
{
- this.model = repoBrowsing.selectVersion( groupId, artifactId, version
);
+ this.model = repoBrowsing.selectVersion( getPrincipal(),
getObservableRepos(), groupId, artifactId, version );
return SUCCESS;
+ }
+
+ private String getPrincipal()
+ {
+ return archivaUser.getActivePrincipal();
+ }
+
+ private List<String> getObservableRepos()
+ {
+ try
+ {
+ return userRepositories.getObservableRepositoryIds( getPrincipal()
);
+ }
+ catch ( PrincipalNotFoundException e )
+ {
+ getLogger().warn( e.getMessage(), e );
+ }
+ catch ( AccessDeniedException e )
+ {
+ getLogger().warn( e.getMessage(), e );
+ // TODO: pass this onto the screen.
+ }
+ catch ( ArchivaSecurityException e )
+ {
+ getLogger().warn( e.getMessage(), e );
+ }
+ return Collections.emptyList();
}
public void validate()
Modified:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java?rev=591410&r1=591409&r2=591410&view=diff
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
(original)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
Fri Nov 2 10:47:55 2007
@@ -193,14 +193,13 @@
ua = rbacManager.createUserAssignment( principal );
}
- ua.addRoleName(
ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - " + repoId );
+ ua.addRoleName(
ArchivaRoleConstants.toRepositoryObserverRoleName( repoId ) );
rbacManager.saveUserAssignment( ua );
}
catch ( RbacManagerException e )
{
- getLogger().warn(
- "Unable to add role [" +
ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + " - "
- + repoId + "] to " + principal + "
user.", e );
+ getLogger().warn( "Unable to add role [" +
ArchivaRoleConstants.toRepositoryObserverRoleName( repoId )
+ + "] to " + principal + " user.", e );
}
}
}
Added:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java
URL:
http://svn.apache.org/viewvc/maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java?rev=591410&view=auto
==============================================================================
---
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java
(added)
+++
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java
Fri Nov 2 10:47:55 2007
@@ -0,0 +1,77 @@
+package org.apache.maven.archiva.web.util;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import com.opensymphony.xwork.ActionContext;
+
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.maven.archiva.security.ArchivaUser;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.users.User;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * ArchivaXworkUser
+ *
+ * @author <a href="mailto:[EMAIL PROTECTED]">Joakim Erdfelt</a>
+ * @version $Id$
+ *
+ * @plexus.component role="org.apache.maven.archiva.security.ArchivaUser"
+ * role-hint="xwork"
+ */
+public class ArchivaXworkUser
+ implements ArchivaUser
+{
+ private Map<String, Object> getContextSession()
+ {
+ ActionContext context = ActionContext.getContext();
+ Map<String, Object> sessionMap = context.getSession();
+ if ( sessionMap == null )
+ {
+ sessionMap = new HashMap<String, Object>();
+ }
+
+ return sessionMap;
+ }
+
+ private SecuritySession getSecuritySession()
+ {
+ return (SecuritySession) getContextSession().get( SecuritySession.ROLE
);
+ }
+
+ public String getActivePrincipal()
+ {
+ SecuritySession securitySession = getSecuritySession();
+ if ( securitySession == null )
+ {
+ return ArchivaRoleConstants.PRINCIPAL_GUEST;
+ }
+
+ User user = securitySession.getUser();
+ if ( user == null )
+ {
+ return ArchivaRoleConstants.PRINCIPAL_GUEST;
+ }
+
+ return (String) user.getPrincipal();
+ }
+}
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java
------------------------------------------------------------------------------
svn:keywords = "Author Date Id Revision"
Propchange:
maven/archiva/branches/archiva-backend-security/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/ArchivaXworkUser.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
