Search in sources :

Example 1 with UserAssignment

use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.

the class ArchivaLockedAdminEnvironmentCheck method validateEnvironment.

/**
 * This environment check will unlock system administrator accounts that are locked on the restart of the
 * application when the environment checks are processed.
 *
 * @param violations
 */
@Override
public void validateEnvironment(List<String> violations) {
    if (!checked) {
        for (UserManager userManager : userManagers) {
            if (userManager.isReadOnly()) {
                continue;
            }
            List<String> roles = new ArrayList<>();
            roles.add(RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE);
            List<UserAssignment> systemAdminstrators;
            try {
                systemAdminstrators = rbacManager.getUserAssignmentsForRoles(roles);
                for (UserAssignment userAssignment : systemAdminstrators) {
                    try {
                        User admin = userManager.findUser(userAssignment.getPrincipal());
                        if (admin.isLocked()) {
                            log.info("Unlocking system administrator: {}", admin.getUsername());
                            admin.setLocked(false);
                            userManager.updateUser(admin);
                        }
                    } catch (UserNotFoundException ne) {
                        log.warn("Dangling UserAssignment -> {}", userAssignment.getPrincipal());
                    } catch (UserManagerException e) {
                        log.warn("fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(), e.getMessage());
                    }
                }
            } catch (RbacManagerException e) {
                log.warn("Exception when checking for locked admin user: {}", e.getMessage(), e);
            }
            checked = true;
        }
    }
}
Also used : UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException) UserAssignment(org.apache.archiva.redback.rbac.UserAssignment) User(org.apache.archiva.redback.users.User) RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException) UserManagerException(org.apache.archiva.redback.users.UserManagerException) UserManager(org.apache.archiva.redback.users.UserManager) ArrayList(java.util.ArrayList)

Example 2 with UserAssignment

use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.

the class ArchivaRbacManager method getUserAssignmentsForRoles.

@Override
public List<UserAssignment> getUserAssignmentsForRoles(Collection<String> roleNames) throws RbacManagerException {
    List<UserAssignment> allUserAssignments = new ArrayList<>();
    boolean allFailed = true;
    Exception lastException = null;
    for (RBACManager rbacManager : rbacManagersPerId.values()) {
        try {
            List<UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles(roleNames);
            allUserAssignments.addAll(userAssignments);
            allFailed = false;
        } catch (Exception e) {
            lastException = e;
        }
    }
    if (lastException != null && allFailed) {
        throw new RbacManagerException(lastException.getMessage(), lastException);
    }
    return allUserAssignments;
}
Also used : UserAssignment(org.apache.archiva.redback.rbac.UserAssignment) RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException) ArrayList(java.util.ArrayList) AbstractRBACManager(org.apache.archiva.redback.rbac.AbstractRBACManager) RBACManager(org.apache.archiva.redback.rbac.RBACManager) RbacObjectNotFoundException(org.apache.archiva.redback.rbac.RbacObjectNotFoundException) RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException) RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException) RbacObjectInvalidException(org.apache.archiva.redback.rbac.RbacObjectInvalidException)

Example 3 with UserAssignment

use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.

the class ArchivaRbacManager method getAllUserAssignments.

@Override
public List<UserAssignment> getAllUserAssignments() throws RbacManagerException {
    Map<String, UserAssignment> allUserAssignments = new HashMap<>();
    boolean allFailed = true;
    Exception lastException = null;
    for (RBACManager rbacManager : rbacManagersPerId.values()) {
        try {
            List<UserAssignment> userAssignments = rbacManager.getAllUserAssignments();
            for (UserAssignment ua : userAssignments) {
                UserAssignment userAssignment = allUserAssignments.get(ua.getPrincipal());
                if (userAssignment != null) {
                    for (String roleName : ua.getRoleNames()) {
                        userAssignment.addRoleName(roleName);
                    }
                }
                allUserAssignments.put(ua.getPrincipal(), ua);
            }
            allFailed = false;
        } catch (Exception e) {
            lastException = e;
        }
    }
    if (lastException != null && allFailed) {
        throw new RbacManagerException(lastException.getMessage(), lastException);
    }
    return new ArrayList<>(allUserAssignments.values());
}
Also used : UserAssignment(org.apache.archiva.redback.rbac.UserAssignment) RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ArrayList(java.util.ArrayList) AbstractRBACManager(org.apache.archiva.redback.rbac.AbstractRBACManager) RBACManager(org.apache.archiva.redback.rbac.RBACManager) RbacObjectNotFoundException(org.apache.archiva.redback.rbac.RbacObjectNotFoundException) RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException) RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException) RbacObjectInvalidException(org.apache.archiva.redback.rbac.RbacObjectInvalidException)

Example 4 with UserAssignment

use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.

the class ArchivaRbacManager method getUserAssignment.

@Override
public UserAssignment getUserAssignment(String principal) throws RbacObjectNotFoundException, RbacManagerException {
    UserAssignment el = userAssignmentsCache.get(principal);
    if (el != null) {
        return el;
    }
    UserAssignment ua = null;
    Exception lastException = null;
    for (RBACManager rbacManager : rbacManagersPerId.values()) {
        try {
            if (ua == null) {
                ua = rbacManager.getUserAssignment(principal);
            } else {
                UserAssignment userAssignment = rbacManager.getUserAssignment(principal);
                if (userAssignment != null) {
                    for (String roleName : userAssignment.getRoleNames()) {
                        ua.addRoleName(roleName);
                    }
                }
            }
        } catch (Exception e) {
            lastException = e;
        }
    }
    if (ua != null) {
        userAssignmentsCache.put(principal, ua);
        return ua;
    }
    if (lastException != null) {
        throw new RbacManagerException(lastException.getMessage(), lastException);
    }
    return null;
}
Also used : UserAssignment(org.apache.archiva.redback.rbac.UserAssignment) RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException) AbstractRBACManager(org.apache.archiva.redback.rbac.AbstractRBACManager) RBACManager(org.apache.archiva.redback.rbac.RBACManager) RbacObjectNotFoundException(org.apache.archiva.redback.rbac.RbacObjectNotFoundException) RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException) RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException) RbacObjectInvalidException(org.apache.archiva.redback.rbac.RbacObjectInvalidException)

Example 5 with UserAssignment

use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.

the class SecuritySynchronization method assignRepositoryObserverToGuestUser.

private void assignRepositoryObserverToGuestUser(List<ManagedRepositoryConfiguration> repos) {
    for (ManagedRepositoryConfiguration repoConfig : repos) {
        String repoId = repoConfig.getId();
        String principal = UserManager.GUEST_USERNAME;
        try {
            UserAssignment ua;
            if (rbacManager.userAssignmentExists(principal)) {
                ua = rbacManager.getUserAssignment(principal);
            } else {
                ua = rbacManager.createUserAssignment(principal);
            }
            ua.addRoleName(ArchivaRoleConstants.toRepositoryObserverRoleName(repoId));
            rbacManager.saveUserAssignment(ua);
        } catch (RbacManagerException e) {
            log.warn("Unable to add role [{}] to {} user.", ArchivaRoleConstants.toRepositoryObserverRoleName(repoId), principal, e);
        }
    }
}
Also used : UserAssignment(org.apache.archiva.redback.rbac.UserAssignment) RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException) ManagedRepositoryConfiguration(org.apache.archiva.configuration.ManagedRepositoryConfiguration)

Aggregations

UserAssignment (org.apache.archiva.redback.rbac.UserAssignment)6 RbacManagerException (org.apache.archiva.redback.rbac.RbacManagerException)5 RbacObjectNotFoundException (org.apache.archiva.redback.rbac.RbacObjectNotFoundException)4 ArrayList (java.util.ArrayList)3 RepositoryAdminException (org.apache.archiva.admin.model.RepositoryAdminException)3 AbstractRBACManager (org.apache.archiva.redback.rbac.AbstractRBACManager)3 RBACManager (org.apache.archiva.redback.rbac.RBACManager)3 RbacObjectInvalidException (org.apache.archiva.redback.rbac.RbacObjectInvalidException)3 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1 ManagedRepositoryConfiguration (org.apache.archiva.configuration.ManagedRepositoryConfiguration)1 User (org.apache.archiva.redback.users.User)1 UserManager (org.apache.archiva.redback.users.UserManager)1 UserManagerException (org.apache.archiva.redback.users.UserManagerException)1 UserNotFoundException (org.apache.archiva.redback.users.UserNotFoundException)1