1 package org.apache.maven.continuum.xmlrpc.server;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.maven.continuum.ContinuumException;
23 import org.apache.maven.continuum.security.ContinuumRoleConstants;
24 import org.apache.maven.continuum.xmlrpc.ContinuumService;
25 import org.codehaus.plexus.redback.authorization.AuthorizationException;
26 import org.codehaus.plexus.redback.system.SecuritySession;
27 import org.codehaus.plexus.redback.system.SecuritySystem;
28 import org.codehaus.plexus.util.StringUtils;
29
30
31
32
33
34 public abstract class AbstractContinuumSecureService
35 implements ContinuumService, ContinuumXmlRpcComponent
36 {
37
38
39
40 private SecuritySystem securitySystem;
41
42 private ContinuumXmlRpcConfig config;
43
44 public void setConfig( ContinuumXmlRpcConfig config )
45 {
46 this.config = config;
47 }
48
49 public SecuritySystem getSecuritySystem()
50 {
51 return securitySystem;
52 }
53
54 public SecuritySession getSecuritySession()
55 {
56 return config.getSecuritySession();
57 }
58
59
60
61
62
63
64 public boolean isAuthenticated()
65 {
66 return !( getSecuritySession() == null || !getSecuritySession().isAuthenticated() );
67
68 }
69
70
71
72
73
74
75
76 protected void checkAuthorization( String role )
77 throws ContinuumException
78 {
79 checkAuthorization( role, null, false );
80 }
81
82
83
84
85
86
87
88
89 protected void checkAuthorization( String role, String resource )
90 throws ContinuumException
91 {
92 checkAuthorization( role, resource, true );
93 }
94
95
96
97
98
99
100
101
102
103 protected boolean isAuthorized( String role, String resource )
104 throws AuthorizationException
105 {
106 return isAuthorized( role, resource, true );
107 }
108
109
110
111
112
113
114
115
116
117
118 protected boolean isAuthorized( String role, String resource, boolean requiredResource )
119 throws AuthorizationException
120 {
121 if ( resource != null && StringUtils.isNotEmpty( resource.trim() ) )
122 {
123 if ( !getSecuritySystem().isAuthorized( config.getSecuritySession(), role, resource ) )
124 {
125 return false;
126 }
127 }
128 else
129 {
130 if ( requiredResource || !getSecuritySystem().isAuthorized( config.getSecuritySession(), role ) )
131 {
132 return false;
133 }
134 }
135 return true;
136 }
137
138
139
140
141
142
143
144
145
146 protected void checkAuthorization( String role, String resource, boolean requiredResource )
147 throws ContinuumException
148 {
149 try
150 {
151 if ( !isAuthorized( role, resource, requiredResource ) )
152 {
153 throw new ContinuumException( "You're not authorized to execute this action." );
154 }
155 }
156 catch ( AuthorizationException ae )
157 {
158 throw new ContinuumException( "error authorizing request." );
159 }
160 }
161
162
163
164
165
166
167
168 protected void checkViewProjectGroupAuthorization( String resource )
169 throws ContinuumException
170 {
171 checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource );
172 }
173
174
175
176
177
178
179 protected void checkAddProjectGroupAuthorization()
180 throws ContinuumException
181 {
182 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_OPERATION );
183 }
184
185
186
187
188
189
190
191 protected void checkRemoveProjectGroupAuthorization( String resource )
192 throws ContinuumException
193 {
194 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource );
195 }
196
197
198
199
200
201
202
203 protected void checkBuildProjectGroupAuthorization( String resource )
204 throws ContinuumException
205 {
206 checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource );
207 }
208
209
210
211
212
213
214
215 protected void checkModifyProjectGroupAuthorization( String resource )
216 throws ContinuumException
217 {
218 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource );
219 }
220
221
222
223
224
225
226
227 protected void checkAddProjectToGroupAuthorization( String resource )
228 throws ContinuumException
229 {
230 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource );
231 }
232
233
234
235
236
237
238
239 protected void checkRemoveProjectFromGroupAuthorization( String resource )
240 throws ContinuumException
241 {
242 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION, resource );
243 }
244
245
246
247
248
249
250
251 protected void checkModifyProjectInGroupAuthorization( String resource )
252 throws ContinuumException
253 {
254 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION, resource );
255 }
256
257
258
259
260
261
262
263 protected void checkBuildProjectInGroupAuthorization( String resource )
264 throws ContinuumException
265 {
266 checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION, resource );
267 }
268
269
270
271
272
273
274
275
276 protected void checkAddGroupBuildDefinitionAuthorization( String resource )
277 throws ContinuumException
278 {
279 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION, resource );
280 }
281
282
283
284
285
286
287
288
289 protected void checkRemoveGroupBuildDefinitionAuthorization( String resource )
290 throws ContinuumException
291 {
292 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION, resource );
293 }
294
295
296
297
298
299
300
301
302 protected void checkModifyGroupBuildDefinitionAuthorization( String resource )
303 throws ContinuumException
304 {
305 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION, resource );
306 }
307
308
309
310
311
312
313
314
315 protected void checkAddProjectBuildDefinitionAuthorization( String resource )
316 throws ContinuumException
317 {
318 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION, resource );
319 }
320
321
322
323
324
325
326
327 protected void checkModifyProjectBuildDefinitionAuthorization( String resource )
328 throws ContinuumException
329 {
330 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION, resource );
331 }
332
333
334
335
336
337
338
339
340 protected void checkRemoveProjectBuildDefinitionAuthorization( String resource )
341 throws ContinuumException
342 {
343 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION, resource );
344 }
345
346
347
348
349
350
351
352
353 protected void checkAddProjectGroupNotifierAuthorization( String resource )
354 throws ContinuumException
355 {
356 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION, resource );
357 }
358
359
360
361
362
363
364
365
366 protected void checkRemoveProjectGroupNotifierAuthorization( String resource )
367 throws ContinuumException
368 {
369 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION, resource );
370 }
371
372
373
374
375
376
377
378
379 protected void checkModifyProjectGroupNotifierAuthorization( String resource )
380 throws ContinuumException
381 {
382 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION, resource );
383 }
384
385
386
387
388
389
390
391 protected void checkAddProjectNotifierAuthorization( String resource )
392 throws ContinuumException
393 {
394 checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION, resource );
395 }
396
397
398
399
400
401
402
403 protected void checkRemoveProjectNotifierAuthorization( String resource )
404 throws ContinuumException
405 {
406 checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION, resource );
407 }
408
409
410
411
412
413
414
415 protected void checkModifyProjectNotifierAuthorization( String resource )
416 throws ContinuumException
417 {
418 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION, resource );
419 }
420
421
422
423
424
425
426 protected void checkManageConfigurationAuthorization()
427 throws ContinuumException
428 {
429 if ( !isAuthenticated() )
430 {
431 throw new ContinuumException( "Authentication required." );
432 }
433
434 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION );
435 }
436
437
438
439
440
441
442 protected void checkManageSchedulesAuthorization()
443 throws ContinuumException
444 {
445 if ( !isAuthenticated() )
446 {
447 throw new ContinuumException( "Authentication required." );
448 }
449
450 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES );
451 }
452
453
454
455
456
457
458 protected void checkManageInstallationsAuthorization()
459 throws ContinuumException
460 {
461 if ( !isAuthenticated() )
462 {
463 throw new ContinuumException( "Authentication required." );
464 }
465
466 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_INSTALLATIONS );
467 }
468
469
470
471
472
473
474 protected void checkManageProfilesAuthorization()
475 throws ContinuumException
476 {
477 if ( !isAuthenticated() )
478 {
479 throw new ContinuumException( "Authentication required." );
480 }
481
482 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_PROFILES );
483 }
484
485
486
487
488
489
490 protected void checkManageBuildDefinitionTemplatesAuthorization()
491 throws ContinuumException
492 {
493 if ( !isAuthenticated() )
494 {
495 throw new ContinuumException( "Authentication required." );
496 }
497
498 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_BUILD_TEMPLATES );
499 }
500
501 protected void checkManageQueuesAuthorization()
502 throws ContinuumException
503 {
504 if ( !isAuthenticated() )
505 {
506 throw new ContinuumException( "Authentication required." );
507 }
508
509 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_QUEUES );
510 }
511
512 protected void checkManagePurgingAuthorization()
513 throws ContinuumException
514 {
515 if ( !isAuthenticated() )
516 {
517 throw new ContinuumException( "Authentication required." );
518 }
519
520 try
521 {
522 checkAuthorization( ContinuumRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
523 }
524 catch ( ContinuumException e )
525 {
526 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_PURGING );
527 }
528 }
529
530 protected void checkManageRepositoriesAuthorization()
531 throws ContinuumException
532 {
533 if ( !isAuthenticated() )
534 {
535 throw new ContinuumException( "Authentication required." );
536 }
537
538 try
539 {
540 checkAuthorization( ContinuumRoleConstants.SYSTEM_ADMINISTRATOR_ROLE );
541 }
542 catch ( ContinuumException e )
543 {
544 checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_REPOSITORIES );
545 }
546 }
547 }