1 package org.apache.maven.continuum.web.action;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import com.opensymphony.xwork2.ActionContext;
23 import com.opensymphony.xwork2.Preparable;
24 import org.apache.maven.continuum.Continuum;
25 import org.apache.maven.continuum.security.ContinuumRoleConstants;
26 import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
27 import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
28 import org.codehaus.plexus.redback.authorization.AuthorizationException;
29 import org.codehaus.plexus.redback.system.SecuritySession;
30 import org.codehaus.plexus.redback.system.SecuritySystem;
31 import org.codehaus.plexus.redback.system.SecuritySystemConstants;
32 import org.codehaus.plexus.redback.users.User;
33 import org.codehaus.plexus.redback.users.UserNotFoundException;
34 import org.codehaus.plexus.util.StringUtils;
35
36 import java.text.SimpleDateFormat;
37 import java.util.ResourceBundle;
38
39
40
41
42
43
44
45 public class ContinuumActionSupport
46 extends PlexusActionSupport
47 implements Preparable
48 {
49 private SecuritySession securitySession;
50
51
52
53
54 private SecuritySystem securitySystem;
55
56 protected static final String REQUIRES_AUTHENTICATION = "requires-authentication";
57
58 protected static final String REQUIRES_AUTHORIZATION = "requires-authorization";
59
60 protected static final String RELEASE_ERROR = "releaseError";
61
62 protected static final String ERROR_MSG_AUTHORIZATION_REQUIRED = "You are not authorized to access this page. " +
63 "Please contact your administrator to be granted the appropriate permissions.";
64
65 protected static final String ERROR_MSG_PROCESSING_AUTHORIZATION =
66 "An error occurred while performing authorization.";
67
68
69
70
71 private Continuum continuum;
72
73 protected final SimpleDateFormat dateFormatter = new SimpleDateFormat( "MMM dd, yyyy hh:mm:ss aaa z" );
74
75 public void prepare()
76 throws Exception
77 {
78 if ( securitySession == null )
79 {
80 securitySession = (SecuritySession) getContext().getSession().get(
81 SecuritySystemConstants.SECURITY_SESSION_KEY );
82 }
83 }
84
85 public Continuum getContinuum()
86 {
87 return continuum;
88 }
89
90 public void setContinuum( Continuum continuum )
91 {
92 this.continuum = continuum;
93 }
94
95 public String doDefault()
96 throws Exception
97 {
98 return REQUIRES_AUTHORIZATION;
99 }
100
101 public String input()
102 throws Exception
103 {
104 return REQUIRES_AUTHORIZATION;
105 }
106
107 public String execute()
108 throws Exception
109 {
110 return REQUIRES_AUTHORIZATION;
111 }
112
113
114
115
116
117
118
119 protected void checkAuthorization( String role )
120 throws AuthorizationRequiredException
121 {
122 checkAuthorization( role, null, false );
123 }
124
125
126
127
128
129
130
131
132 protected void checkAuthorization( String role, String resource )
133 throws AuthorizationRequiredException
134 {
135 checkAuthorization( role, resource, true );
136 }
137
138
139
140
141
142
143
144
145
146 protected void checkAuthorization( String role, String resource, boolean requiredResource )
147 throws AuthorizationRequiredException
148 {
149 try
150 {
151 if ( resource != null && StringUtils.isNotEmpty( resource.trim() ) )
152 {
153 if ( !getSecuritySystem().isAuthorized( getSecuritySession(), role, resource ) )
154 {
155 throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
156 }
157 }
158 else
159 {
160 if ( requiredResource || !getSecuritySystem().isAuthorized( getSecuritySession(), role ) )
161 {
162 throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
163 }
164 }
165 }
166 catch ( AuthorizationException ae )
167 {
168 throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
169 }
170 }
171
172
173
174
175
176
177
178 protected void checkViewProjectGroupAuthorization( String resource )
179 throws AuthorizationRequiredException
180 {
181 checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource );
182 }
183
184
185
186
187
188
189 protected void checkAddProjectGroupAuthorization()
190 throws AuthorizationRequiredException
191 {
192 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION );
193 }
194
195
196
197
198
199
200
201 protected void checkRemoveProjectGroupAuthorization( String resource )
202 throws AuthorizationRequiredException
203 {
204 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource );
205 }
206
207
208
209
210
211
212
213 protected void checkBuildProjectGroupAuthorization( String resource )
214 throws AuthorizationRequiredException
215 {
216 checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource );
217 }
218
219
220
221
222
223
224
225 protected void checkModifyProjectGroupAuthorization( String resource )
226 throws AuthorizationRequiredException
227 {
228 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource );
229 }
230
231
232
233
234
235
236
237 protected void checkAddProjectToGroupAuthorization( String resource )
238 throws AuthorizationRequiredException
239 {
240 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource );
241 }
242
243
244
245
246
247
248
249 protected void checkRemoveProjectFromGroupAuthorization( String resource )
250 throws AuthorizationRequiredException
251 {
252 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION, resource );
253 }
254
255
256
257
258
259
260
261 protected void checkModifyProjectInGroupAuthorization( String resource )
262 throws AuthorizationRequiredException
263 {
264 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION, resource );
265 }
266
267
268
269
270
271
272
273 protected void checkBuildProjectInGroupAuthorization( String resource )
274 throws AuthorizationRequiredException
275 {
276 checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION, resource );
277 }
278
279
280
281
282
283
284
285
286 protected void checkAddGroupBuildDefinitionAuthorization( String resource )
287 throws AuthorizationRequiredException
288 {
289 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION, resource );
290 }
291
292
293
294
295
296
297
298
299 protected void checkRemoveGroupBuildDefinitionAuthorization( String resource )
300 throws AuthorizationRequiredException
301 {
302 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION, resource );
303 }
304
305
306
307
308
309
310
311
312 protected void checkModifyGroupBuildDefinitionAuthorization( String resource )
313 throws AuthorizationRequiredException
314 {
315 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION, resource );
316 }
317
318
319
320
321
322
323
324
325 protected void checkAddProjectBuildDefinitionAuthorization( String resource )
326 throws AuthorizationRequiredException
327 {
328 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION, resource );
329 }
330
331
332
333
334
335
336
337 protected void checkModifyProjectBuildDefinitionAuthorization( String resource )
338 throws AuthorizationRequiredException
339 {
340 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION, resource );
341 }
342
343
344
345
346
347
348
349
350 protected void checkRemoveProjectBuildDefinitionAuthorization( String resource )
351 throws AuthorizationRequiredException
352 {
353 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION, resource );
354 }
355
356
357
358
359
360
361
362
363 protected void checkAddProjectGroupNotifierAuthorization( String resource )
364 throws AuthorizationRequiredException
365 {
366 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION, resource );
367 }
368
369
370
371
372
373
374
375
376 protected void checkRemoveProjectGroupNotifierAuthorization( String resource )
377 throws AuthorizationRequiredException
378 {
379 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION, resource );
380 }
381
382
383
384
385
386
387
388
389 protected void checkModifyProjectGroupNotifierAuthorization( String resource )
390 throws AuthorizationRequiredException
391 {
392 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION, resource );
393 }
394
395
396
397
398
399
400
401 protected void checkAddProjectNotifierAuthorization( String resource )
402 throws AuthorizationRequiredException
403 {
404 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION, resource );
405 }
406
407
408
409
410
411
412
413 protected void checkRemoveProjectNotifierAuthorization( String resource )
414 throws AuthorizationRequiredException
415 {
416 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION, resource );
417 }
418
419
420
421
422
423
424
425 protected void checkModifyProjectNotifierAuthorization( String resource )
426 throws AuthorizationRequiredException
427 {
428 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION, resource );
429 }
430
431
432
433
434
435
436
437
438 protected void checkManageConfigurationAuthorization()
439 throws AuthenticationRequiredException, AuthorizationRequiredException
440 {
441 if ( !isAuthenticated() )
442 {
443 throw new AuthenticationRequiredException( "Authentication required." );
444 }
445
446 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION );
447 }
448
449
450
451
452
453
454
455
456 protected void checkManageSchedulesAuthorization()
457 throws AuthenticationRequiredException, AuthorizationRequiredException
458 {
459 if ( !isAuthenticated() )
460 {
461 throw new AuthenticationRequiredException( "Authentication required." );
462 }
463
464 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES );
465 }
466
467
468
469
470
471
472
473
474 protected void checkManageQueuesAuthorization()
475 throws AuthenticationRequiredException, AuthorizationRequiredException
476 {
477 if ( !isAuthenticated() )
478 {
479 throw new AuthenticationRequiredException( "Authentication required" );
480 }
481
482 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_QUEUES );
483 }
484
485 protected void checkManageLocalRepositoriesAuthorization()
486 throws AuthorizationRequiredException
487 {
488 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_REPOSITORIES );
489 }
490
491 protected void checkViewReportsAuthorization()
492 throws AuthorizationRequiredException
493 {
494 checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_REPORT );
495 }
496
497
498
499
500
501
502 private SecuritySession getSecuritySession()
503 {
504
505 return securitySession;
506 }
507
508
509
510
511
512
513 private ActionContext getContext()
514 {
515
516 return ActionContext.getContext();
517 }
518
519
520
521
522
523
524 protected SecuritySystem getSecuritySystem()
525 {
526 return securitySystem;
527 }
528
529 protected boolean requiresAuthentication()
530 {
531 return true;
532 }
533
534
535
536
537
538
539 public boolean isAuthenticated()
540 {
541 if ( requiresAuthentication() )
542 {
543 if ( getSecuritySession() == null || !getSecuritySession().isAuthenticated() )
544 {
545 return false;
546 }
547 }
548
549 return true;
550 }
551
552 protected ResourceBundle getResourceBundle()
553 {
554 return getTexts( "localization/Continuum" );
555 }
556
557 protected String getPrincipal()
558 {
559 String principal = "guest";
560
561 if ( getSecuritySession() != null )
562 {
563 if ( getSecuritySession().getUser() != null )
564 {
565 principal = (String) getSecuritySession().getUser().getPrincipal();
566 }
567 }
568 else
569 {
570 principal = "unknown-user";
571 }
572 return principal;
573 }
574
575 protected User getUser( String principal )
576 throws UserNotFoundException
577 {
578 return getSecuritySystem().getUserManager().findUser( principal );
579 }
580 }