View Javadoc

1   package org.apache.maven.continuum.web.action;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import com.opensymphony.xwork2.ActionContext;
23  import com.opensymphony.xwork2.Preparable;
24  import org.apache.maven.continuum.Continuum;
25  import org.apache.maven.continuum.security.ContinuumRoleConstants;
26  import org.apache.maven.continuum.web.exception.AuthenticationRequiredException;
27  import org.apache.maven.continuum.web.exception.AuthorizationRequiredException;
28  import org.codehaus.plexus.redback.authorization.AuthorizationException;
29  import org.codehaus.plexus.redback.system.SecuritySession;
30  import org.codehaus.plexus.redback.system.SecuritySystem;
31  import org.codehaus.plexus.redback.system.SecuritySystemConstants;
32  import org.codehaus.plexus.redback.users.User;
33  import org.codehaus.plexus.redback.users.UserNotFoundException;
34  import org.codehaus.plexus.util.StringUtils;
35  
36  import java.text.SimpleDateFormat;
37  import java.util.ResourceBundle;
38  
39  /**
40   * ContinuumActionSupport
41   *
42   * @author Jesse McConnell <jesse@codehaus.org>
43   * @version $Id: ContinuumActionSupport.java 1395451 2012-10-08 05:06:18Z brett $
44   */
45  public class ContinuumActionSupport
46      extends PlexusActionSupport
47      implements Preparable
48  {
49      private SecuritySession securitySession;
50  
51      /**
52       * @plexus.requirement
53       */
54      private SecuritySystem securitySystem;
55  
56      protected static final String REQUIRES_AUTHENTICATION = "requires-authentication";
57  
58      protected static final String REQUIRES_AUTHORIZATION = "requires-authorization";
59  
60      protected static final String RELEASE_ERROR = "releaseError";
61  
62      protected static final String ERROR_MSG_AUTHORIZATION_REQUIRED = "You are not authorized to access this page. " +
63          "Please contact your administrator to be granted the appropriate permissions.";
64  
65      protected static final String ERROR_MSG_PROCESSING_AUTHORIZATION =
66          "An error occurred while performing authorization.";
67  
68      /**
69       * @plexus.requirement
70       */
71      private Continuum continuum;
72  
73      protected final SimpleDateFormat dateFormatter = new SimpleDateFormat( "MMM dd, yyyy hh:mm:ss aaa z" );
74  
75      public void prepare()
76          throws Exception
77      {
78          if ( securitySession == null )
79          {
80              securitySession = (SecuritySession) getContext().getSession().get(
81                  SecuritySystemConstants.SECURITY_SESSION_KEY );
82          }
83      }
84  
85      public Continuum getContinuum()
86      {
87          return continuum;
88      }
89  
90      public void setContinuum( Continuum continuum )
91      {
92          this.continuum = continuum;
93      }
94  
95      public String doDefault()
96          throws Exception
97      {
98          return REQUIRES_AUTHORIZATION;
99      }
100 
101     public String input()
102         throws Exception
103     {
104         return REQUIRES_AUTHORIZATION;
105     }
106 
107     public String execute()
108         throws Exception
109     {
110         return REQUIRES_AUTHORIZATION;
111     }
112 
113     /**
114      * Check if the current user is authorized to do the action
115      *
116      * @param role the role
117      * @throws AuthorizationRequiredException if the user isn't authorized
118      */
119     protected void checkAuthorization( String role )
120         throws AuthorizationRequiredException
121     {
122         checkAuthorization( role, null, false );
123     }
124 
125     /**
126      * Check if the current user is authorized to do the action
127      *
128      * @param role     the role
129      * @param resource the operation resource
130      * @throws AuthorizationRequiredException if the user isn't authorized
131      */
132     protected void checkAuthorization( String role, String resource )
133         throws AuthorizationRequiredException
134     {
135         checkAuthorization( role, resource, true );
136     }
137 
138     /**
139      * Check if the current user is authorized to do the action
140      *
141      * @param role             the role
142      * @param resource         the operation resource
143      * @param requiredResource true if resource can't be null
144      * @throws AuthorizationRequiredException if the user isn't authorized
145      */
146     protected void checkAuthorization( String role, String resource, boolean requiredResource )
147         throws AuthorizationRequiredException
148     {
149         try
150         {
151             if ( resource != null && StringUtils.isNotEmpty( resource.trim() ) )
152             {
153                 if ( !getSecuritySystem().isAuthorized( getSecuritySession(), role, resource ) )
154                 {
155                     throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
156                 }
157             }
158             else
159             {
160                 if ( requiredResource || !getSecuritySystem().isAuthorized( getSecuritySession(), role ) )
161                 {
162                     throw new AuthorizationRequiredException( ERROR_MSG_AUTHORIZATION_REQUIRED );
163                 }
164             }
165         }
166         catch ( AuthorizationException ae )
167         {
168             throw new AuthorizationRequiredException( ERROR_MSG_PROCESSING_AUTHORIZATION );
169         }
170     }
171 
172     /**
173      * Check if the current user is authorized to view the specified project group
174      *
175      * @param resource the operation resource
176      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
177      */
178     protected void checkViewProjectGroupAuthorization( String resource )
179         throws AuthorizationRequiredException
180     {
181         checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource );
182     }
183 
184     /**
185      * Check if the current user is authorized to add a project group
186      *
187      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
188      */
189     protected void checkAddProjectGroupAuthorization()
190         throws AuthorizationRequiredException
191     {
192         checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION );
193     }
194 
195     /**
196      * Check if the current user is authorized to delete the specified project group
197      *
198      * @param resource the operation resource
199      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
200      */
201     protected void checkRemoveProjectGroupAuthorization( String resource )
202         throws AuthorizationRequiredException
203     {
204         checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource );
205     }
206 
207     /**
208      * Check if the current user is authorized to build the specified project group
209      *
210      * @param resource the operation resource
211      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
212      */
213     protected void checkBuildProjectGroupAuthorization( String resource )
214         throws AuthorizationRequiredException
215     {
216         checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource );
217     }
218 
219     /**
220      * Check if the current user is authorized to modify the specified project group
221      *
222      * @param resource the operation resource
223      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
224      */
225     protected void checkModifyProjectGroupAuthorization( String resource )
226         throws AuthorizationRequiredException
227     {
228         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource );
229     }
230 
231     /**
232      * Check if the current user is authorized to add a project to a specific project group
233      *
234      * @param resource the operation resource
235      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
236      */
237     protected void checkAddProjectToGroupAuthorization( String resource )
238         throws AuthorizationRequiredException
239     {
240         checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource );
241     }
242 
243     /**
244      * Check if the current user is authorized to delete a project from a specified group
245      *
246      * @param resource the operation resource
247      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
248      */
249     protected void checkRemoveProjectFromGroupAuthorization( String resource )
250         throws AuthorizationRequiredException
251     {
252         checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION, resource );
253     }
254 
255     /**
256      * Check if the current user is authorized to modify a project in the specified group
257      *
258      * @param resource the operation resource
259      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
260      */
261     protected void checkModifyProjectInGroupAuthorization( String resource )
262         throws AuthorizationRequiredException
263     {
264         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION, resource );
265     }
266 
267     /**
268      * Check if the current user is authorized to build a project in the specified group
269      *
270      * @param resource the operation resource
271      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
272      */
273     protected void checkBuildProjectInGroupAuthorization( String resource )
274         throws AuthorizationRequiredException
275     {
276         checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION, resource );
277     }
278 
279     /**
280      * Check if the current user is authorized to add a build definition for the specified
281      * project group
282      *
283      * @param resource the operation resource
284      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
285      */
286     protected void checkAddGroupBuildDefinitionAuthorization( String resource )
287         throws AuthorizationRequiredException
288     {
289         checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION, resource );
290     }
291 
292     /**
293      * Check if the current user is authorized to delete a build definition in the specified
294      * project group
295      *
296      * @param resource the operation resource
297      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
298      */
299     protected void checkRemoveGroupBuildDefinitionAuthorization( String resource )
300         throws AuthorizationRequiredException
301     {
302         checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION, resource );
303     }
304 
305     /**
306      * Check if the current user is authorized to modify a build definition in the specified
307      * project group
308      *
309      * @param resource the operation resource
310      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
311      */
312     protected void checkModifyGroupBuildDefinitionAuthorization( String resource )
313         throws AuthorizationRequiredException
314     {
315         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION, resource );
316     }
317 
318     /**
319      * Check if the current user is authorized to add a group build definition to a specific
320      * project
321      *
322      * @param resource the operation resource
323      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
324      */
325     protected void checkAddProjectBuildDefinitionAuthorization( String resource )
326         throws AuthorizationRequiredException
327     {
328         checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION, resource );
329     }
330 
331     /**
332      * Check if the current user is authorized to modify a build definition of a specific project
333      *
334      * @param resource the operation resource
335      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
336      */
337     protected void checkModifyProjectBuildDefinitionAuthorization( String resource )
338         throws AuthorizationRequiredException
339     {
340         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION, resource );
341     }
342 
343     /**
344      * Check if the current user is authorized to delete a build definition of a specific
345      * project
346      *
347      * @param resource the operation resource
348      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
349      */
350     protected void checkRemoveProjectBuildDefinitionAuthorization( String resource )
351         throws AuthorizationRequiredException
352     {
353         checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION, resource );
354     }
355 
356     /**
357      * Check if the current user is authorized to add a notifier to the specified
358      * project group
359      *
360      * @param resource the operation resource
361      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
362      */
363     protected void checkAddProjectGroupNotifierAuthorization( String resource )
364         throws AuthorizationRequiredException
365     {
366         checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION, resource );
367     }
368 
369     /**
370      * Check if the current user is authorized to delete a notifier in the specified
371      * project group
372      *
373      * @param resource the operation resource
374      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
375      */
376     protected void checkRemoveProjectGroupNotifierAuthorization( String resource )
377         throws AuthorizationRequiredException
378     {
379         checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION, resource );
380     }
381 
382     /**
383      * Check if the current user is authorized to modify a notifier in the specified
384      * project group
385      *
386      * @param resource the operartion resource
387      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
388      */
389     protected void checkModifyProjectGroupNotifierAuthorization( String resource )
390         throws AuthorizationRequiredException
391     {
392         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION, resource );
393     }
394 
395     /**
396      * Check if the current user is authorized to add a notifier to a specific project
397      *
398      * @param resource the operation resource
399      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
400      */
401     protected void checkAddProjectNotifierAuthorization( String resource )
402         throws AuthorizationRequiredException
403     {
404         checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION, resource );
405     }
406 
407     /**
408      * Check if the current user is authorized to delete a notifier in a specific project
409      *
410      * @param resource the operation resource
411      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
412      */
413     protected void checkRemoveProjectNotifierAuthorization( String resource )
414         throws AuthorizationRequiredException
415     {
416         checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION, resource );
417     }
418 
419     /**
420      * Check if the current user is authorized to modify a notifier in a specific project
421      *
422      * @param resource the operation resource
423      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
424      */
425     protected void checkModifyProjectNotifierAuthorization( String resource )
426         throws AuthorizationRequiredException
427     {
428         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION, resource );
429     }
430 
431     /**
432      * Check if the current user is authorized to manage the application's configuration
433      *
434      * @throws AuthenticationRequiredException
435      *                                        if the user isn't authorized if the user isn't authenticated
436      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
437      */
438     protected void checkManageConfigurationAuthorization()
439         throws AuthenticationRequiredException, AuthorizationRequiredException
440     {
441         if ( !isAuthenticated() )
442         {
443             throw new AuthenticationRequiredException( "Authentication required." );
444         }
445 
446         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION );
447     }
448 
449     /**
450      * Check if the current user is authorized to manage the project build schedules
451      *
452      * @throws AuthenticationRequiredException
453      *                                        if the user isn't authorized if the user isn't authenticated
454      * @throws AuthorizationRequiredException if the user isn't authorized if the user isn't authorized
455      */
456     protected void checkManageSchedulesAuthorization()
457         throws AuthenticationRequiredException, AuthorizationRequiredException
458     {
459         if ( !isAuthenticated() )
460         {
461             throw new AuthenticationRequiredException( "Authentication required." );
462         }
463 
464         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES );
465     }
466 
467     /**
468      * Check if the current user is authorized to manage queues
469      *
470      * @throws AuthenticationRequiredException
471      *                                        if the user isn't authenticated
472      * @throws AuthorizationRequiredException if the user isn't authorized
473      */
474     protected void checkManageQueuesAuthorization()
475         throws AuthenticationRequiredException, AuthorizationRequiredException
476     {
477         if ( !isAuthenticated() )
478         {
479             throw new AuthenticationRequiredException( "Authentication required" );
480         }
481 
482         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_QUEUES );
483     }
484 
485     protected void checkManageLocalRepositoriesAuthorization()
486         throws AuthorizationRequiredException
487     {
488         checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_REPOSITORIES );
489     }
490 
491     protected void checkViewReportsAuthorization()
492         throws AuthorizationRequiredException
493     {
494         checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_REPORT );
495     }
496 
497     /**
498      * Get the security session
499      *
500      * @return current SecuritySession
501      */
502     private SecuritySession getSecuritySession()
503     {
504 
505         return securitySession;
506     }
507 
508     /**
509      * Get the action context
510      *
511      * @return action context
512      */
513     private ActionContext getContext()
514     {
515 
516         return ActionContext.getContext();
517     }
518 
519     /**
520      * Get the security system
521      *
522      * @return the security system
523      */
524     protected SecuritySystem getSecuritySystem()
525     {
526         return securitySystem;
527     }
528 
529     protected boolean requiresAuthentication()
530     {
531         return true;
532     }
533 
534     /**
535      * Check if the current user is already authenticated
536      *
537      * @return true if the user is authenticated
538      */
539     public boolean isAuthenticated()
540     {
541         if ( requiresAuthentication() )
542         {
543             if ( getSecuritySession() == null || !getSecuritySession().isAuthenticated() )
544             {
545                 return false;
546             }
547         }
548 
549         return true;
550     }
551 
552     protected ResourceBundle getResourceBundle()
553     {
554         return getTexts( "localization/Continuum" );
555     }
556 
557     protected String getPrincipal()
558     {
559         String principal = "guest";
560 
561         if ( getSecuritySession() != null )
562         {
563             if ( getSecuritySession().getUser() != null )
564             {
565                 principal = (String) getSecuritySession().getUser().getPrincipal();
566             }
567         }
568         else
569         {
570             principal = "unknown-user";
571         }
572         return principal;
573     }
574 
575     protected User getUser( String principal )
576         throws UserNotFoundException
577     {
578         return getSecuritySystem().getUserManager().findUser( principal );
579     }
580 }