Example 11 with UserManager
use of org.apache.archiva.redback.users.UserManager in project archiva by apache.
the class ArchivaLockedAdminEnvironmentCheck method validateEnvironment.
/**
* This environment check will unlock system administrator accounts that are locked on the restart of the
* application when the environment checks are processed.
*
* @param violations
*/
@Override
public void validateEnvironment(List<String> violations) {
if (!checked) {
for (UserManager userManager : userManagers) {
if (userManager.isReadOnly()) {
continue;
}
List<String> roles = new ArrayList<>();
roles.add(RedbackRoleConstants.SYSTEM_ADMINISTRATOR_ROLE);
List<UserAssignment> systemAdminstrators;
try {
systemAdminstrators = rbacManager.getUserAssignmentsForRoles(roles);
for (UserAssignment userAssignment : systemAdminstrators) {
try {
User admin = userManager.findUser(userAssignment.getPrincipal());
if (admin.isLocked()) {
log.info("Unlocking system administrator: {}", admin.getUsername());
admin.setLocked(false);
userManager.updateUser(admin);
}
} catch (UserNotFoundException ne) {
log.warn("Dangling UserAssignment -> {}", userAssignment.getPrincipal());
} catch (UserManagerException e) {
log.warn("fail to find user {} for admin unlock check: {}", userAssignment.getPrincipal(), e.getMessage());
}
}
} catch (RbacManagerException e) {
log.warn("Exception when checking for locked admin user: {}", e.getMessage(), e);
}
checked = true;
}
}
}
Also used :
UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException)
UserAssignment(org.apache.archiva.redback.rbac.UserAssignment)
User(org.apache.archiva.redback.users.User)
RbacManagerException(org.apache.archiva.redback.rbac.RbacManagerException)
UserManagerException(org.apache.archiva.redback.users.UserManagerException)
UserManager(org.apache.archiva.redback.users.UserManager)
ArrayList(java.util.ArrayList)
Example 12 with UserManager
use of org.apache.archiva.redback.users.UserManager in project archiva by apache.
the class ArchivaConfigurableUsersManager method findUser.
@Override
public User findUser(String username, boolean useCache) throws UserNotFoundException, UserManagerException {
User user = null;
if (useUsersCache() && useCache) {
user = usersCache.get(username);
if (user != null) {
return user;
}
}
Exception lastException = null;
for (UserManager userManager : userManagerPerId.values()) {
try {
user = userManager.findUser(username);
if (user != null) {
if (useUsersCache()) {
usersCache.put(username, user);
}
return user;
}
} catch (UserNotFoundException e) {
lastException = e;
} catch (Exception e) {
lastException = e;
}
}
if (user == null) {
if (lastException != null) {
if (lastException instanceof UserNotFoundException) {
throw (UserNotFoundException) lastException;
}
throw new UserManagerException(lastException.getMessage(), lastException);
}
}
return user;
}
Also used :
UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException)
User(org.apache.archiva.redback.users.User)
UserManagerException(org.apache.archiva.redback.users.UserManagerException)
AbstractUserManager(org.apache.archiva.redback.users.AbstractUserManager)
UserManager(org.apache.archiva.redback.users.UserManager)
RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException)
UserManagerException(org.apache.archiva.redback.users.UserManagerException)
UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException)
Example 13 with UserManager
use of org.apache.archiva.redback.users.UserManager in project archiva by apache.
the class ArchivaConfigurableUsersManager method initialize.
@PostConstruct
@Override
public void initialize() {
try {
List<String> userManagerImpls = redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().getUserManagerImpls();
log.info("use userManagerImpls: '{}'", userManagerImpls);
userManagerPerId = new LinkedHashMap<>(userManagerImpls.size());
for (String id : userManagerImpls) {
UserManager userManagerImpl = applicationContext.getBean("userManager#" + id, UserManager.class);
setUserManagerImpl(userManagerImpl);
userManagerPerId.put(id, userManagerImpl);
}
this.usersCache.clear();
this.useUsersCache = redbackRuntimeConfigurationAdmin.getRedbackRuntimeConfiguration().isUseUsersCache();
} catch (RepositoryAdminException e) {
// revert to a default one ?
log.error(e.getMessage(), e);
throw new RuntimeException(e.getMessage(), e);
}
}
Also used :
AbstractUserManager(org.apache.archiva.redback.users.AbstractUserManager)
UserManager(org.apache.archiva.redback.users.UserManager)
RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException)
PostConstruct(javax.annotation.PostConstruct)
Example 14 with UserManager
use of org.apache.archiva.redback.users.UserManager in project archiva by apache.
the class ArchivaUserManagerAuthenticator method authenticate.
@Override
public AuthenticationResult authenticate(AuthenticationDataSource ds) throws AuthenticationException, AccountLockedException, MustChangePasswordException {
boolean authenticationSuccess = false;
String username = null;
Exception resultException = null;
PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
List<AuthenticationFailureCause> authnResultErrors = new ArrayList<>();
for (UserManager userManager : userManagers) {
try {
log.debug("Authenticate: {} with userManager: {}", source, userManager.getId());
User user = userManager.findUser(source.getUsername());
username = user.getUsername();
if (user.isLocked()) {
// throw new AccountLockedException( "Account " + source.getUsername() + " is locked.", user );
AccountLockedException e = new AccountLockedException("Account " + source.getUsername() + " is locked.", user);
log.warn("{}", e.getMessage());
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_LOCKED_USER_EXCEPTION, e.getMessage()));
}
if (user.isPasswordChangeRequired() && source.isEnforcePasswordChange()) {
// throw new MustChangePasswordException( "Password expired.", user );
MustChangePasswordException e = new MustChangePasswordException("Password expired.", user);
log.warn("{}", e.getMessage());
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION, e.getMessage()));
}
PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
log.debug("PasswordEncoder: {}", encoder.getClass().getName());
boolean isPasswordValid = encoder.isPasswordValid(user.getEncodedPassword(), source.getPassword());
if (isPasswordValid) {
log.debug("User {} provided a valid password", source.getUsername());
try {
securityPolicy.extensionPasswordExpiration(user);
authenticationSuccess = true;
// REDBACK-151 do not make unnessesary updates to the user object
if (user.getCountFailedLoginAttempts() > 0) {
user.setCountFailedLoginAttempts(0);
if (!userManager.isReadOnly()) {
userManager.updateUser(user);
}
}
return new AuthenticationResult(true, source.getUsername(), null);
} catch (MustChangePasswordException e) {
user.setPasswordChangeRequired(true);
// throw e;
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_MUST_CHANGE_PASSWORD_EXCEPTION, e.getMessage()).user(user));
}
} else {
log.warn("Password is Invalid for user {} and userManager '{}'.", source.getUsername(), userManager.getId());
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_NO_SUCH_USER, "Password is Invalid for user " + source.getUsername() + ".").user(user));
try {
securityPolicy.extensionExcessiveLoginAttempts(user);
} finally {
if (!userManager.isReadOnly()) {
userManager.updateUser(user);
}
}
// return new AuthenticationResult( false, source.getUsername(), null, authnResultExceptionsMap );
}
} catch (UserNotFoundException e) {
log.warn("Login for user {} and userManager {} failed. user not found.", source.getUsername(), userManager.getId());
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_NO_SUCH_USER, "Login for user " + source.getUsername() + " failed. user not found."));
} catch (Exception e) {
log.warn("Login for user {} and userManager {} failed, message: {}", source.getUsername(), userManager.getId(), e.getMessage());
e.printStackTrace();
resultException = e;
authnResultErrors.add(new AuthenticationFailureCause(AuthenticationConstants.AUTHN_RUNTIME_EXCEPTION, "Login for user " + source.getUsername() + " failed, message: " + e.getMessage()));
}
}
return new AuthenticationResult(authenticationSuccess, username, resultException, authnResultErrors);
}
Also used :
UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException)
AccountLockedException(org.apache.archiva.redback.policy.AccountLockedException)
User(org.apache.archiva.redback.users.User)
PasswordEncoder(org.apache.archiva.redback.policy.PasswordEncoder)
ArrayList(java.util.ArrayList)
RepositoryAdminException(org.apache.archiva.admin.model.RepositoryAdminException)
AuthenticationException(org.apache.archiva.redback.authentication.AuthenticationException)
UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException)
AccountLockedException(org.apache.archiva.redback.policy.AccountLockedException)
MustChangePasswordException(org.apache.archiva.redback.policy.MustChangePasswordException)
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
MustChangePasswordException(org.apache.archiva.redback.policy.MustChangePasswordException)
AuthenticationFailureCause(org.apache.archiva.redback.authentication.AuthenticationFailureCause)
UserManager(org.apache.archiva.redback.users.UserManager)
PasswordBasedAuthenticationDataSource(org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource)
Example 15 with UserManager
use of org.apache.archiva.redback.users.UserManager in project archiva by apache.
the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasWriteAccess.
@Test
public void testIsAuthorizedUserHasWriteAccess() throws Exception {
createUser(USER_ALPACA, "Al 'Archiva' Paca");
assignRepositoryManagerRole(USER_ALPACA, "corporate");
UserManager userManager = securitySystem.getUserManager();
User user = userManager.findUser(USER_ALPACA);
AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
SecuritySession session = new DefaultSecuritySession(result, user);
boolean isAuthorized = servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
assertTrue(isAuthorized);
restoreGuestInitialValues(USER_ALPACA);
}
Also used :
User(org.apache.archiva.redback.users.User)
UserManager(org.apache.archiva.redback.users.UserManager)
SecuritySession(org.apache.archiva.redback.system.SecuritySession)
DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession)
DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession)
AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)
Test(org.junit.Test)
Aggregations
UserManager (org.apache.archiva.redback.users.UserManager)15
User (org.apache.archiva.redback.users.User)11
RepositoryAdminException (org.apache.archiva.admin.model.RepositoryAdminException)7
AbstractUserManager (org.apache.archiva.redback.users.AbstractUserManager)7
UserNotFoundException (org.apache.archiva.redback.users.UserNotFoundException)7
UserManagerException (org.apache.archiva.redback.users.UserManagerException)6
AuthenticationResult (org.apache.archiva.redback.authentication.AuthenticationResult)5
DefaultSecuritySession (org.apache.archiva.redback.system.DefaultSecuritySession)4
SecuritySession (org.apache.archiva.redback.system.SecuritySession)4
Test (org.junit.Test)4
ArrayList (java.util.ArrayList)3
UnauthorizedException (org.apache.archiva.redback.authorization.UnauthorizedException)2
Map (java.util.Map)1
PostConstruct (javax.annotation.PostConstruct)1
AuthenticationException (org.apache.archiva.redback.authentication.AuthenticationException)1
AuthenticationFailureCause (org.apache.archiva.redback.authentication.AuthenticationFailureCause)1
PasswordBasedAuthenticationDataSource (org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource)1
AccountLockedException (org.apache.archiva.redback.policy.AccountLockedException)1
MustChangePasswordException (org.apache.archiva.redback.policy.MustChangePasswordException)1
PasswordEncoder (org.apache.archiva.redback.policy.PasswordEncoder)1
