redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySystem.java - archiva-redback-core - Git at Google

 package org.apache.archiva.redback.system;

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 import org.apache.archiva.redback.authentication.AuthenticationDataSource;
 import org.apache.archiva.redback.authentication.AuthenticationException;
 import org.apache.archiva.redback.authentication.AuthenticationManager;
 import org.apache.archiva.redback.authentication.AuthenticationResult;
 import org.apache.archiva.redback.authorization.AuthorizationDataSource;
 import org.apache.archiva.redback.authorization.AuthorizationException;
 import org.apache.archiva.redback.authorization.AuthorizationResult;
 import org.apache.archiva.redback.authorization.Authorizer;
 import org.apache.archiva.redback.keys.KeyManager;
 import org.apache.archiva.redback.policy.AccountLockedException;
 import org.apache.archiva.redback.policy.MustChangePasswordException;
 import org.apache.archiva.redback.policy.UserSecurityPolicy;
 import org.apache.archiva.redback.users.User;
 import org.apache.archiva.redback.users.UserManager;
 import org.apache.archiva.redback.users.UserManagerException;
 import org.apache.archiva.redback.users.UserNotFoundException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;

 import javax.inject.Inject;
 import javax.inject.Named;

 /**
  * DefaultSecuritySystem:
  *
  * @author: Jesse McConnell
  */
 @Service( "securitySystem" )
 public class DefaultSecuritySystem
     implements SecuritySystem
 {
     private Logger log = LoggerFactory.getLogger( DefaultSecuritySystem.class );

     @Inject
     private AuthenticationManager authnManager;

     @Inject
     @Named( value = "authorizer#default" )
     private Authorizer authorizer;

     @Inject
     @Named( value = "userManager#default" )
     private UserManager userManager;

     @Inject
     @Named( value = "keyManager#cached" )
     private KeyManager keyManager;

     @Inject
     private UserSecurityPolicy policy;

     // ----------------------------------------------------------------------------
     // Authentication: delegate to the authnManager
     // ----------------------------------------------------------------------------

     /**
      * delegate to the authentication system for boolean authentication checks,
      * if the result is authentic then pull the user object from the user
      * manager and add it to the session.  If the result is false return the result in
      * an authenticated session and a null user object.
      *
      * in the event of a successful authentication and a lack of corresponding user in the
      * usermanager return a null user as well
      *
      * //todo should this last case create a user in the usermanager?
      *
      * @param source
      * @return
      * @throws AuthenticationException
      * @throws UserNotFoundException
      * @throws MustChangePasswordException
      * @throws org.apache.archiva.redback.policy.AccountLockedException
      * @throws MustChangePasswordException
      */
     public SecuritySession authenticate( AuthenticationDataSource source )
         throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException,
         UserManagerException
     {
         // Perform Authentication.
         AuthenticationResult result = authnManager.authenticate( source );

         log.debug( "authnManager.authenticate() result: {}", result );

         // Process Results.
         if ( result.isAuthenticated() )
         {
             log.debug( "User '{}' authenticated.", result.getPrincipal() );
             User user = userManager.findUser( result.getPrincipal() );
             if ( user != null )
             {
                 log.debug( "User '{}' exists.", result.getPrincipal() );
                 log.debug( "User: {}", user );
                 return new DefaultSecuritySession( result, user );
             }
             else
             {
                 log.debug( "User '{}' DOES NOT exist.", result.getPrincipal() );
                 return new DefaultSecuritySession( result );
             }
         }
         else
         {
             log.debug( "User '{}' IS NOT authenticated.", result.getPrincipal() );
             return new DefaultSecuritySession( result );
         }
     }

     public boolean isAuthenticated( AuthenticationDataSource source )
         throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException,
         UserManagerException
     {
         return authenticate( source ).getAuthenticationResult().isAuthenticated();
     }

     public String getAuthenticatorId()
     {
         if ( authnManager == null )
         {
             return "<null>";
         }
         return authnManager.getId();
     }

     // ----------------------------------------------------------------------------
     // Authorization: delegate to the authorizer
     // ----------------------------------------------------------------------------

     public AuthorizationResult authorize( SecuritySession session, String permission )
         throws AuthorizationException
     {
         return authorize( session, permission, null );
     }

     public AuthorizationResult authorize( SecuritySession session, String permission, String resource )
         throws AuthorizationException
     {
         AuthorizationDataSource source = null;

         if ( session != null )
         {
             User user = session.getUser();
             if ( user != null )
             {
                 source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
             }
         }

         if ( source == null )
         {
             source = new AuthorizationDataSource( null, null, permission, resource );
         }

         return authorizer.isAuthorized( source );
     }

     public AuthorizationResult authorize( User user, String permission, String resource )
         throws AuthorizationException
     {
         AuthorizationDataSource source = null;

         if ( user != null )
         {
             source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
         }

         if ( source == null )
         {
             source = new AuthorizationDataSource( null, null, permission, resource );
         }

         return authorizer.isAuthorized( source );
     }

     public boolean isAuthorized( SecuritySession session, String permission )
         throws AuthorizationException
     {
         return isAuthorized( session, permission, null );
     }

     public boolean isAuthorized( SecuritySession session, String permission, String resource )
         throws AuthorizationException
     {
         return authorize( session, permission, resource ).isAuthorized();
     }

     public String getAuthorizerId()
     {
         if ( authorizer == null )
         {
             return "<null>";
         }
         return authorizer.getId();
     }

     // ----------------------------------------------------------------------------
     // User Management: delegate to the user manager
     // ----------------------------------------------------------------------------

     public UserManager getUserManager()
     {
         return userManager;
     }

     public String getUserManagementId()
     {
         if ( userManager == null )
         {
             return "<null>";
         }
         return userManager.getId();
     }

     public KeyManager getKeyManager()
     {
         return keyManager;
     }

     public String getKeyManagementId()
     {
         if ( keyManager == null )
         {
             return "<null>";
         }
         return keyManager.getId();
     }

     public UserSecurityPolicy getPolicy()
     {
         return policy;
     }

     public String getPolicyId()
     {
         if ( policy == null )
         {
             return "<null>";
         }
         return policy.getId();
     }

     public AuthenticationManager getAuthenticationManager()
     {
         return authnManager;
     }

     public Authorizer getAuthorizer()
     {
         return authorizer;
     }

     public AuthenticationManager getAuthnManager()
     {
         return authnManager;
     }

     public void setAuthnManager( AuthenticationManager authnManager )
     {
         this.authnManager = authnManager;
     }

     public void setAuthorizer( Authorizer authorizer )
     {
         this.authorizer = authorizer;
     }

     public void setUserManager( UserManager userManager )
     {
         this.userManager = userManager;
     }

     public void setKeyManager( KeyManager keyManager )
     {
         this.keyManager = keyManager;
     }

     public void setPolicy( UserSecurityPolicy policy )
     {
         this.policy = policy;
     }

     public boolean userManagerReadOnly()
     {
         return userManager.isReadOnly();
     }

 }
	package org.apache.archiva.redback.system;

	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	import org.apache.archiva.redback.authentication.AuthenticationDataSource;
	import org.apache.archiva.redback.authentication.AuthenticationException;
	import org.apache.archiva.redback.authentication.AuthenticationManager;
	import org.apache.archiva.redback.authentication.AuthenticationResult;
	import org.apache.archiva.redback.authorization.AuthorizationDataSource;
	import org.apache.archiva.redback.authorization.AuthorizationException;
	import org.apache.archiva.redback.authorization.AuthorizationResult;
	import org.apache.archiva.redback.authorization.Authorizer;
	import org.apache.archiva.redback.keys.KeyManager;
	import org.apache.archiva.redback.policy.AccountLockedException;
	import org.apache.archiva.redback.policy.MustChangePasswordException;
	import org.apache.archiva.redback.policy.UserSecurityPolicy;
	import org.apache.archiva.redback.users.User;
	import org.apache.archiva.redback.users.UserManager;
	import org.apache.archiva.redback.users.UserManagerException;
	import org.apache.archiva.redback.users.UserNotFoundException;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.springframework.stereotype.Service;

	import javax.inject.Inject;
	import javax.inject.Named;

	/**
	* DefaultSecuritySystem:
	*
	* @author: Jesse McConnell
	*/
	@Service( "securitySystem" )
	public class DefaultSecuritySystem
	implements SecuritySystem
	{
	private Logger log = LoggerFactory.getLogger( DefaultSecuritySystem.class );

	@Inject
	private AuthenticationManager authnManager;

	@Inject
	@Named( value = "authorizer#default" )
	private Authorizer authorizer;

	@Inject
	@Named( value = "userManager#default" )
	private UserManager userManager;

	@Inject
	@Named( value = "keyManager#cached" )
	private KeyManager keyManager;

	@Inject
	private UserSecurityPolicy policy;

	// ----------------------------------------------------------------------------
	// Authentication: delegate to the authnManager
	// ----------------------------------------------------------------------------

	/**
	* delegate to the authentication system for boolean authentication checks,
	* if the result is authentic then pull the user object from the user
	* manager and add it to the session. If the result is false return the result in
	* an authenticated session and a null user object.
	*
	* in the event of a successful authentication and a lack of corresponding user in the
	* usermanager return a null user as well
	*
	* //todo should this last case create a user in the usermanager?
	*
	* @param source
	* @return
	* @throws AuthenticationException
	* @throws UserNotFoundException
	* @throws MustChangePasswordException
	* @throws org.apache.archiva.redback.policy.AccountLockedException
	* @throws MustChangePasswordException
	*/
	public SecuritySession authenticate( AuthenticationDataSource source )
	throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException,
	UserManagerException
	{
	// Perform Authentication.
	AuthenticationResult result = authnManager.authenticate( source );

	log.debug( "authnManager.authenticate() result: {}", result );

	// Process Results.
	if ( result.isAuthenticated() )
	{
	log.debug( "User '{}' authenticated.", result.getPrincipal() );
	User user = userManager.findUser( result.getPrincipal() );
	if ( user != null )
	{
	log.debug( "User '{}' exists.", result.getPrincipal() );
	log.debug( "User: {}", user );
	return new DefaultSecuritySession( result, user );
	}
	else
	{
	log.debug( "User '{}' DOES NOT exist.", result.getPrincipal() );
	return new DefaultSecuritySession( result );
	}
	}
	else
	{
	log.debug( "User '{}' IS NOT authenticated.", result.getPrincipal() );
	return new DefaultSecuritySession( result );
	}
	}

	public boolean isAuthenticated( AuthenticationDataSource source )
	throws AuthenticationException, UserNotFoundException, AccountLockedException, MustChangePasswordException,
	UserManagerException
	{
	return authenticate( source ).getAuthenticationResult().isAuthenticated();
	}

	public String getAuthenticatorId()
	{
	if ( authnManager == null )
	{
	return "<null>";
	}
	return authnManager.getId();
	}

	// ----------------------------------------------------------------------------
	// Authorization: delegate to the authorizer
	// ----------------------------------------------------------------------------

	public AuthorizationResult authorize( SecuritySession session, String permission )
	throws AuthorizationException
	{
	return authorize( session, permission, null );
	}

	public AuthorizationResult authorize( SecuritySession session, String permission, String resource )
	throws AuthorizationException
	{
	AuthorizationDataSource source = null;

	if ( session != null )
	{
	User user = session.getUser();
	if ( user != null )
	{
	source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
	}
	}

	if ( source == null )
	{
	source = new AuthorizationDataSource( null, null, permission, resource );
	}

	return authorizer.isAuthorized( source );
	}

	public AuthorizationResult authorize( User user, String permission, String resource )
	throws AuthorizationException
	{
	AuthorizationDataSource source = null;

	if ( user != null )
	{
	source = new AuthorizationDataSource( user.getUsername(), user, permission, resource );
	}

	if ( source == null )
	{
	source = new AuthorizationDataSource( null, null, permission, resource );
	}

	return authorizer.isAuthorized( source );
	}

	public boolean isAuthorized( SecuritySession session, String permission )
	throws AuthorizationException
	{
	return isAuthorized( session, permission, null );
	}

	public boolean isAuthorized( SecuritySession session, String permission, String resource )
	throws AuthorizationException
	{
	return authorize( session, permission, resource ).isAuthorized();
	}

	public String getAuthorizerId()
	{
	if ( authorizer == null )
	{
	return "<null>";
	}
	return authorizer.getId();
	}

	// ----------------------------------------------------------------------------
	// User Management: delegate to the user manager
	// ----------------------------------------------------------------------------

	public UserManager getUserManager()
	{
	return userManager;
	}

	public String getUserManagementId()
	{
	if ( userManager == null )
	{
	return "<null>";
	}
	return userManager.getId();
	}

	public KeyManager getKeyManager()
	{
	return keyManager;
	}

	public String getKeyManagementId()
	{
	if ( keyManager == null )
	{
	return "<null>";
	}
	return keyManager.getId();
	}

	public UserSecurityPolicy getPolicy()
	{
	return policy;
	}

	public String getPolicyId()
	{
	if ( policy == null )
	{
	return "<null>";
	}
	return policy.getId();
	}

	public AuthenticationManager getAuthenticationManager()
	{
	return authnManager;
	}

	public Authorizer getAuthorizer()
	{
	return authorizer;
	}

	public AuthenticationManager getAuthnManager()
	{
	return authnManager;
	}

	public void setAuthnManager( AuthenticationManager authnManager )
	{
	this.authnManager = authnManager;
	}

	public void setAuthorizer( Authorizer authorizer )
	{
	this.authorizer = authorizer;
	}

	public void setUserManager( UserManager userManager )
	{
	this.userManager = userManager;
	}

	public void setKeyManager( KeyManager keyManager )
	{
	this.keyManager = keyManager;
	}

	public void setPolicy( UserSecurityPolicy policy )
	{
	this.policy = policy;
	}

	public boolean userManagerReadOnly()
	{
	return userManager.isReadOnly();
	}

	}