org.apache.archiva.redback.system.DefaultSecuritySystem Maven / Gradle / Ivy
package org.apache.archiva.redback.system;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.archiva.redback.authentication.AuthenticationDataSource;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationManager;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authorization.AuthorizationDataSource;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.Authorizer;
import org.apache.archiva.redback.keys.KeyManager;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import javax.inject.Inject;
import javax.inject.Named;
/**
* DefaultSecuritySystem:
*
* @author: Jesse McConnell
*/
@Service( "securitySystem" )
public class DefaultSecuritySystem
implements SecuritySystem
{
private Logger log = LoggerFactory.getLogger( DefaultSecuritySystem.class );
@Inject
private AuthenticationManager authnManager;
@Inject
@Named( value = "authorizer#default" )
private Authorizer authorizer;
@Inject
@Named( value = "userManager#default" )
private UserManager userManager;
@Inject
@Named( value = "keyManager#cached" )
private KeyManager keyManager;
@Inject
private UserSecurityPolicy policy;
// ----------------------------------------------------------------------------
// Authentication: delegate to the authnManager
// ----------------------------------------------------------------------------
/**
* delegate to the authentication system for boolean authentication checks,
* if the result is authentic then pull the user object from the user
* manager and add it to the session. If the result is false return the result in
* an authenticated session and a null user object.
*
* in the event of a successful authentication and a lack of corresponding user in the
* usermanager return a null user as well
*
* //todo should this last case create a user in the usermanager?
*
* @param source
* @return
* @throws AuthenticationException
* @throws UserNotFoundException
* @throws MustChangePasswordException
* @throws org.apache.archiva.redback.policy.AccountLockedException
* @throws MustChangePasswordException
*/
public SecuritySession authenticate( AuthenticationDataSource source )
throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException,
UserManagerException
{
// Perform Authentication.
AuthenticationResult result = authnManager.authenticate( source );
log.debug( "authnManager.authenticate() result: {}", result );
// Process Results.
if ( result.isAuthenticated() )
{
log.debug( "User '{}' authenticated.", result.getPrincipal() );
User user = userManager.findUser( result.getPrincipal() );
if ( user != null )
{
log.debug( "User '{}' exists.", result.getPrincipal() );
log.debug( "User: {}", user );
return new DefaultSecuritySession( result, user );
}
else
{
log.debug( "User '{}' DOES NOT exist.", result.getPrincipal() );
return new DefaultSecuritySession( result );
}
}
else
{
log.debug( "User '{}' IS NOT authenticated.", result.getPrincipal() );
return new DefaultSecuritySession( result );
}
}
public boolean isAuthenticated( AuthenticationDataSource source )
throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException,
UserManagerException
{
return authenticate( source ).getAuthenticationResult().isAuthenticated();
}
public String getAuthenticatorId()
{
if ( authnManager == null )
{
return "";
}
return authnManager.getId();
}
// ----------------------------------------------------------------------------
// Authorization: delegate to the authorizer
// ----------------------------------------------------------------------------
public AuthorizationResult authorize( SecuritySession session, String permission )
throws AuthorizationException
{
return authorize( session, permission, null );
}
public AuthorizationResult authorize( SecuritySession session, String permission, String resource )
throws AuthorizationException
{
AuthorizationDataSource source = null;
if ( session != null )
{
User user = session.getUser();
if ( user != null )
{
source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
}
}
if ( source == null )
{
source = new AuthorizationDataSource( null, null, permission, resource );
}
return authorizer.isAuthorized( source );
}
public AuthorizationResult authorize( User user, String permission, String resource )
throws AuthorizationException
{
AuthorizationDataSource source = null;
if ( user != null )
{
source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
}
if ( source == null )
{
source = new AuthorizationDataSource( null, null, permission, resource );
}
return authorizer.isAuthorized( source );
}
public boolean isAuthorized( SecuritySession session, String permission )
throws AuthorizationException
{
return isAuthorized( session, permission, null );
}
public boolean isAuthorized( SecuritySession session, String permission, String resource )
throws AuthorizationException
{
return authorize( session, permission, resource ).isAuthorized();
}
public String getAuthorizerId()
{
if ( authorizer == null )
{
return "";
}
return authorizer.getId();
}
// ----------------------------------------------------------------------------
// User Management: delegate to the user manager
// ----------------------------------------------------------------------------
public UserManager getUserManager()
{
return userManager;
}
public String getUserManagementId()
{
if ( userManager == null )
{
return "";
}
return userManager.getId();
}
public KeyManager getKeyManager()
{
return keyManager;
}
public String getKeyManagementId()
{
if ( keyManager == null )
{
return "";
}
return keyManager.getId();
}
public UserSecurityPolicy getPolicy()
{
return policy;
}
public String getPolicyId()
{
if ( policy == null )
{
return "";
}
return policy.getId();
}
public AuthenticationManager getAuthenticationManager()
{
return authnManager;
}
public Authorizer getAuthorizer()
{
return authorizer;
}
public AuthenticationManager getAuthnManager()
{
return authnManager;
}
public void setAuthnManager( AuthenticationManager authnManager )
{
this.authnManager = authnManager;
}
public void setAuthorizer( Authorizer authorizer )
{
this.authorizer = authorizer;
}
public void setUserManager( UserManager userManager )
{
this.userManager = userManager;
}
public void setKeyManager( KeyManager keyManager )
{
this.keyManager = keyManager;
}
public void setPolicy( UserSecurityPolicy policy )
{
this.policy = policy;
}
public boolean userManagerReadOnly()
{
return userManager.isReadOnly();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy