archiva-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From och...@apache.org
Subject svn commit: r703379 - in /archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src: main/java/org/apache/archiva/web/xmlrpc/security/ test/java/org/apache/archiva/xmlrpc/security/
Date Fri, 10 Oct 2008 10:12:50 GMT
Author: oching
Date: Fri Oct 10 03:12:49 2008
New Revision: 703379

URL: http://svn.apache.org/viewvc?rev=703379&view=rev
Log:
attempt at simplifying authorization check for each requested service method

Added:
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/ServiceMethodsPermissionsMapping.java
Modified:
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java

Added: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/ServiceMethodsPermissionsMapping.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/ServiceMethodsPermissionsMapping.java?rev=703379&view=auto
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/ServiceMethodsPermissionsMapping.java
(added)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/ServiceMethodsPermissionsMapping.java
Fri Oct 10 03:12:49 2008
@@ -0,0 +1,68 @@
+package org.apache.archiva.web.xmlrpc.security;
+
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * ServiceMethodsPermissionsMapping
+ * 
+ * Used by the XmlRpcAuthenticationHandler to check the permissions specific to the requested
service method.
+ * New methods in exposed services must be registered in the appropriate operation below.

+ * 
+ * @version $Id: ServiceMethodsPermissionsMapping.java
+ */
+public class ServiceMethodsPermissionsMapping
+{   
+    public static final List<String> SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION
= new ArrayList<String>()
+    {
+        {
+            add( "AdministrationService.configureRepositoryConsumer" );
+            add( "AdministrationService.configureDatabaseConsumer" );
+            add( "AdministrationService.executeDatabaseScanner" );
+            add( "AdministrationService.getAllManagedRepositories" );
+            add( "AdministrationService.getAllRemoteRepositories" );
+            add( "AdministrationService.getAllDatabaseConsumers" );
+            add( "AdministrationService.getAllRepositoryConsumers" );
+        }
+    };
+
+    public static final List<String> SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER = new
ArrayList<String>() 
+    { 
+        {
+            add( "AdministrationService.executeRepositoryScanner"); 
+        }
+    };    
+    
+    public static final List<String> SERVICE_METHODS_FOR_OPERATION_ACCESS_REPORT =
new ArrayList<String>();
+    
+    public static final List<String> SERVICE_METHODS_FOR_OPERATION_REPOSITORY_ACCESS
= new ArrayList<String>();
+    
+    public static final List<String> SERVICE_METHODS_FOR_OPERATION_ADD_REPOSITORY =
new ArrayList<String>();
+    
+    public static final List<String> SERVICE_METHODS_FOR_OPERATION_DELETE_REPOSITORY
= new ArrayList<String>();
+    
+    public static final List<String> SERVICE_METHODS_FOR_OPERATION_EDIT_REPOSITORY
= new ArrayList<String>();
+    
+    public static final List<String> SERVICE_METHODS_FOR_OPERATION_REPOSITORY_UPLOAD
= new ArrayList<String>();
+    
+}

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java?rev=703379&r1=703378&r2=703379&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java
(original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java
Fri Oct 10 03:12:49 2008
@@ -33,6 +33,13 @@
 import org.codehaus.plexus.redback.system.SecuritySystem;
 import org.codehaus.plexus.redback.users.UserNotFoundException;
 
+/**
+ * XmlRpcAuthenticator
+ * 
+ * Custom authentication and authorization handler for xmlrpc requests.
+ * 
+ * @version $Id 
+ */
 public class XmlRpcAuthenticator
     implements AuthenticationHandler
 {
@@ -45,14 +52,16 @@
 
     public boolean isAuthorized( XmlRpcRequest pRequest )
         throws XmlRpcException
-    {
+    {   
         if ( pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl )
         {
             XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl) pRequest.getConfig();
             SecuritySession session =
                 authenticate( new PasswordBasedAuthenticationDataSource( config.getBasicUserName(),
                                                                          config.getBasicPassword()
) );
-            AuthorizationResult result = authorize( session );
+            String method = pRequest.getMethodName();            
+            AuthorizationResult result = authorize( session, method );
+            
             return result.isAuthorized();
         }
 
@@ -80,14 +89,25 @@
         }
     }
 
-    private AuthorizationResult authorize( SecuritySession session )
+    private AuthorizationResult authorize( SecuritySession session, String methodName )
         throws XmlRpcException
-    {
+    {   
         try
-        {
-            //TODO authorization/permissions should be checked depending on the service being
accessed
-            
-            return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE
);
+        {     
+            // sample attempt at simplifying authorization checking of requested service
method
+            // TODO test with a sample client to see if this would work!
+            if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION.contains(
methodName ) )
+            {                
+                return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION
);
+            }
+            else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER.contains(
methodName ) )
+            {                
+                return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_RUN_INDEXER
);
+            }
+            else
+            {
+                return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE
);
+            }
         }
         catch ( AuthorizationException e )
         {

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java?rev=703379&r1=703378&r2=703379&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java
(original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java
Fri Oct 10 03:12:49 2008
@@ -130,6 +130,9 @@
         
         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
         
+        xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+                                              "AdministrationService.getAllManagedRepositories"
);
+        
         xmlRpcRequestControl.replay();
         configControl.replay();
         
@@ -167,6 +170,9 @@
         
         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
         
+        xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+                                              "AdministrationService.getAllManagedRepositories"
);
+        
         xmlRpcRequestControl.replay();
         configControl.replay();
         
@@ -198,6 +204,9 @@
         
         configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
         
+        xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+                                              "AdministrationService.getAllManagedRepositories"
);
+        
         xmlRpcRequestControl.replay();
         configControl.replay();
         



Mime
View raw message