use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.
the class ArchivaLockedAdminEnvironmentCheck method validateEnvironment.
/**
* This environment check will unlock system administrator accounts that are locked on the restart of the
* application when the environment checks are processed.
*
* @param violations
*/
@Override
public void validateEnvironment(List<String> violations) {
if (!checked) {
for (UserManager userManager : userManagers) {
if (userManager.isReadOnly()) {
continue;
}
List<String> roles = new ArrayList<>();
roles.add(RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE);
List<UserAssignment> systemAdminstrators;
try {
systemAdminstrators = rbacManager.getUserAssignmentsForRoles(roles);
for (UserAssignment userAssignment : systemAdminstrators) {
try {
User admin = userManager.findUser(userAssignment.getPrincipal());
if (admin.isLocked()) {
log.info("Unlocking system administrator: {}", admin.getUsername());
admin.setLocked(false);
userManager.updateUser(admin);
}
} catch (UserNotFoundException ne) {
log.warn("Dangling UserAssignment -> {}", userAssignment.getPrincipal());
} catch (UserManagerException e) {
log.warn("fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(), e.getMessage());
}
}
} catch (RbacManagerException e) {
log.warn("Exception when checking for locked admin user: {}", e.getMessage(), e);
}
checked = true;
}
}
}
use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.
the class ArchivaRbacManager method getUserAssignmentsForRoles.
@Override
public List<UserAssignment> getUserAssignmentsForRoles(Collection<String> roleNames) throws RbacManagerException {
List<UserAssignment> allUserAssignments = new ArrayList<>();
boolean allFailed = true;
Exception lastException = null;
for (RBACManager rbacManager : rbacManagersPerId.values()) {
try {
List<UserAssignment> userAssignments = rbacManager.getUserAssignmentsForRoles(roleNames);
allUserAssignments.addAll(userAssignments);
allFailed = false;
} catch (Exception e) {
lastException = e;
}
}
if (lastException != null && allFailed) {
throw new RbacManagerException(lastException.getMessage(), lastException);
}
return allUserAssignments;
}
use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.
the class ArchivaRbacManager method getAllUserAssignments.
@Override
public List<UserAssignment> getAllUserAssignments() throws RbacManagerException {
Map<String, UserAssignment> allUserAssignments = new HashMap<>();
boolean allFailed = true;
Exception lastException = null;
for (RBACManager rbacManager : rbacManagersPerId.values()) {
try {
List<UserAssignment> userAssignments = rbacManager.getAllUserAssignments();
for (UserAssignment ua : userAssignments) {
UserAssignment userAssignment = allUserAssignments.get(ua.getPrincipal());
if (userAssignment != null) {
for (String roleName : ua.getRoleNames()) {
userAssignment.addRoleName(roleName);
}
}
allUserAssignments.put(ua.getPrincipal(), ua);
}
allFailed = false;
} catch (Exception e) {
lastException = e;
}
}
if (lastException != null && allFailed) {
throw new RbacManagerException(lastException.getMessage(), lastException);
}
return new ArrayList<>(allUserAssignments.values());
}
use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.
the class ArchivaRbacManager method getUserAssignment.
@Override
public UserAssignment getUserAssignment(String principal) throws RbacObjectNotFoundException, RbacManagerException {
UserAssignment el = userAssignmentsCache.get(principal);
if (el != null) {
return el;
}
UserAssignment ua = null;
Exception lastException = null;
for (RBACManager rbacManager : rbacManagersPerId.values()) {
try {
if (ua == null) {
ua = rbacManager.getUserAssignment(principal);
} else {
UserAssignment userAssignment = rbacManager.getUserAssignment(principal);
if (userAssignment != null) {
for (String roleName : userAssignment.getRoleNames()) {
ua.addRoleName(roleName);
}
}
}
} catch (Exception e) {
lastException = e;
}
}
if (ua != null) {
userAssignmentsCache.put(principal, ua);
return ua;
}
if (lastException != null) {
throw new RbacManagerException(lastException.getMessage(), lastException);
}
return null;
}
use of org.apache.archiva.redback.rbac.UserAssignment in project archiva by apache.
the class SecuritySynchronization method assignRepositoryObserverToGuestUser.
private void assignRepositoryObserverToGuestUser(List<ManagedRepositoryConfiguration> repos) {
for (ManagedRepositoryConfiguration repoConfig : repos) {
String repoId = repoConfig.getId();
String principal = UserManager.GUEST_USERNAME;
try {
UserAssignment ua;
if (rbacManager.userAssignmentExists(principal)) {
ua = rbacManager.getUserAssignment(principal);
} else {
ua = rbacManager.createUserAssignment(principal);
}
ua.addRoleName(ArchivaRoleConstants.toRepositoryObserverRoleName(repoId));
rbacManager.saveUserAssignment(ua);
} catch (RbacManagerException e) {
log.warn("Unable to add role [{}] to {} user.", ArchivaRoleConstants.toRepositoryObserverRoleName(repoId), principal, e);
}
}
}
Aggregations