Google Git
Sign in
apache / archiva-redback-core / f012c5608a510acb9844ad4711d1588fe55593f0 / . / redback-authorization / redback-authorization-providers / redback-authorization-rbac / src / main / java / org / apache / archiva / redback / authorization / rbac / RbacAuthorizer.java
blob: 33dde907b63322ebc0b1e3c3377846c649552f82 [file] [log] [blame]
package org.apache.archiva.redback.authorization.rbac;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.archiva.redback.authorization.AuthorizationDataSource;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.AuthorizationResult;
import org.apache.archiva.redback.authorization.Authorizer;
import org.apache.archiva.redback.authorization.NotAuthorizedException;
import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluationException;
import org.apache.archiva.redback.authorization.rbac.evaluator.PermissionEvaluator;
import org.apache.archiva.redback.rbac.Permission;
import org.apache.archiva.redback.rbac.RBACManager;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import javax.inject.Inject;
import javax.inject.Named;
import java.util.List;
import java.util.Map;
/**
* RbacAuthorizer:
*
* @author Jesse McConnell
*/
@Service("authorizer#rbac")
public class RbacAuthorizer
implements Authorizer
{
private Logger log = LoggerFactory.getLogger( getClass() );
@Inject
@Named(value = "rbacManager#default")
private RBACManager manager;
@Inject
@Named(value = "userManager#default")
private UserManager userManager;
@Inject
private PermissionEvaluator evaluator;
public String getId()
{
return "rbac";
}
/**
* @param source
* @return
* @throws AuthorizationException
*/
public AuthorizationResult isAuthorized( AuthorizationDataSource source )
throws AuthorizationException
{
String principal = source.getPrincipal();
String operation = source.getPermission();
String resource = source.getResource();
try
{
if ( principal != null )
{
// Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( principal );
if ( permissionMap.keySet().contains( operation ) )
{
for ( Permission permission : permissionMap.get( operation ) )
{
log.debug( "checking permission {} for operation {} resource {}",
( permission != null ? permission.getName() : "null" ), operation, resource );
if ( evaluator.evaluate( permission, operation, resource, principal ) )
{
return new AuthorizationResult( true, permission, null );
}
}
log.debug( "no permission found for operation {} resource {}", operation, resource );
}
else
{
log.debug( "permission map does not contain operation: {}", operation );
}
}
// check if guest user is enabled, if so check the global permissions
User guest = userManager.getGuestUser();
if ( !guest.isLocked() )
{
// Set permissions = manager.getAssignedPermissions( principal.toString(), operation );
Map<String, List<Permission>> permissionMap = manager.getAssignedPermissionMap( guest.getUsername() );
if ( permissionMap.keySet().contains( operation ) )
{
for ( Permission permission : permissionMap.get( operation ) )
{
log.debug( "checking permission {}", permission.getName() );
if ( evaluator.evaluate( permission, operation, resource, guest.getUsername() ) )
{
return new AuthorizationResult( true, permission, null );
}
}
}
}
return new AuthorizationResult( false, null, new NotAuthorizedException( "no matching permissions" ) );
}
catch ( PermissionEvaluationException pe )
{
return new AuthorizationResult( false, null, pe );
}
catch ( RbacObjectNotFoundException nfe )
{
return new AuthorizationResult( false, null, nfe );
}
catch ( UserNotFoundException ne )
{
return new AuthorizationResult( false, null,
new NotAuthorizedException( "no matching permissions, guest not found" ) );
}
catch ( RbacManagerException rme )
{
return new AuthorizationResult( false, null, rme );
}
catch ( UserManagerException e )
{
return new AuthorizationResult( false, null, e );
}
}
public RBACManager getManager()
{
return manager;
}
public void setManager( RBACManager manager )
{
this.manager = manager;
}
public UserManager getUserManager()
{
return userManager;
}
public void setUserManager( UserManager userManager )
{
this.userManager = userManager;
}
public PermissionEvaluator getEvaluator()
{
return evaluator;
}
public void setEvaluator( PermissionEvaluator evaluator )
{
this.evaluator = evaluator;
}
public boolean isFinalImplementation()
{
return true;
}
public String getDescriptionKey()
{
return "archiva.redback.authorizer.rbac";
}
}