continuum-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eveni...@apache.org
Subject svn commit: r537946 - in /maven/continuum/trunk/continuum-xmlrpc: continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ continuum-xmlrpc-server/src/main/jav...
Date Mon, 14 May 2007 18:46:08 GMT
Author: evenisse
Date: Mon May 14 11:46:07 2007
New Revision: 537946

URL: http://svn.apache.org/viewvc?view=rev&rev=537946
Log:
[CONTINUUM-684] Add security to xmlrpc. Need more work to do.

Modified:
    maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java
    maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java
    maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java
    maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
    maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java

Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java
(original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java
Mon May 14 11:46:07 2007
@@ -43,11 +43,12 @@
     /**
      * Get All projects.
      *
+     * @param projectGroupId The project group Id
      * @return List of {@link ProjectSummary}
      * @throws ContinuumException
      * @throws XmlRpcException
      */
-    List getProjects()
+    List getProjects( int projectGroupId )
         throws ContinuumException, XmlRpcException;
 
     /**

Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java
(original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java
Mon May 14 11:46:07 2007
@@ -93,12 +93,12 @@
     // Projects
     // ----------------------------------------------------------------------
 
-    public List getProjects()
+    public List getProjects( int projectGroupId )
         throws ContinuumException
     {
         try
         {
-            return continuum.getProjects();
+            return continuum.getProjects( projectGroupId );
         }
         catch ( Exception e )
         {

Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java
(original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java
Mon May 14 11:46:07 2007
@@ -28,9 +28,11 @@
         }
         System.out.println( "Project Groups added." );
         System.out.println( "=====================" );
+        int projectGroupId = 0;
         for ( Iterator i = result.getProjectGroups().iterator(); i.hasNext(); )
         {
             ProjectGroupSummary pg = (ProjectGroupSummary) i.next();
+            projectGroupId = pg.getId();
             System.out.println( "Id: " + pg.getId() );
             System.out.println( "Group Id" + pg.getGroupId() );
             System.out.println( "Name: " + pg.getName() );
@@ -86,7 +88,7 @@
 
         System.out.println( "Projects list." );
         System.out.println( "=====================" );
-        List projects = client.getProjects();
+        List projects = client.getProjects( projectGroupId );
         for ( Iterator i = projects.iterator(); i.hasNext(); )
         {
             ps = (ProjectSummary) i.next();

Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
(original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java
Mon May 14 11:46:07 2007
@@ -23,6 +23,7 @@
 import org.apache.maven.continuum.security.ContinuumRoleConstants;
 import org.apache.maven.continuum.xmlrpc.ContinuumService;
 import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.system.SecuritySession;
 import org.codehaus.plexus.redback.system.SecuritySystem;
 import org.codehaus.plexus.util.StringUtils;
 
@@ -50,6 +51,26 @@
         return securitySystem;
     }
 
+    public SecuritySession getSecuritySession()
+    {
+        return config.getSecuritySession();
+    }
+
+    /**
+     * Check if the current user is already authenticated
+     *
+     * @return true if the user is authenticated
+     */
+    public boolean isAuthenticated()
+    {
+        if ( getSecuritySession() == null || !getSecuritySession().isAuthenticated() )
+        {
+            return false;
+        }
+
+        return true;
+    }
+
     /**
      * Check if the current user is authorized to do the action
      *
@@ -110,6 +131,18 @@
     }
 
     /**
+     * Check if the current user is authorized to view the specified project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkViewProjectGroupAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource
);
+    }
+
+    /**
      * Check if the current user is authorized to add a project group
      *
      * @throws ContinuumException if the user isn't authorized if the user isn't authorized
@@ -121,6 +154,42 @@
     }
 
     /**
+     * Check if the current user is authorized to delete the specified project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkRemoveProjectGroupAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource
);
+    }
+
+    /**
+     * Check if the current user is authorized to build the specified project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkBuildProjectGroupAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource
);
+    }
+
+    /**
+     * Check if the current user is authorized to modify the specified project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkModifyProjectGroupAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource
);
+    }
+
+    /**
      * Check if the current user is authorized to add a project to a specific project group
      *
      * @param resource the operation resource
@@ -130,5 +199,229 @@
         throws ContinuumException
     {
         checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to delete a project from a specified group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkRemoveProjectFromGroupAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to modify a project in the specified group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkModifyProjectInGroupAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to build a project in the specified group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkBuildProjectInGroupAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to add a build definition for the specified
+     * project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkAddGroupBuildDefinitionAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to delete a build definition in the specified
+     * project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkRemoveGroupBuildDefinitionAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to modify a build definition in the specified
+     * project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkModifyGroupBuildDefinitionAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to add a group build definition to a specific
+     * project
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkAddProjectBuildDefinitionAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to modify a build definition of a specific
project
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkModifyProjectBuildDefinitionAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to delete a build definition of a specific
+     * project
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkRemoveProjectBuildDefinitionAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to add a notifier to the specified
+     * project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkAddProjectGroupNotifierAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to delete a notifier in the specified
+     * project group
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkRemoveProjectGroupNotifierAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to modify a notifier in the specified
+     * project group
+     *
+     * @param resource the operartion resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkModifyProjectGroupNotifierAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to add a notifier to a specific project
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkAddProjectNotifierAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to delete a notifier in a specific project
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkRemoveProjectNotifierAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to modify a notifier in a specific project
+     *
+     * @param resource the operation resource
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkModifyProjectNotifierAuthorization( String resource )
+        throws ContinuumException
+    {
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION,
resource );
+    }
+
+    /**
+     * Check if the current user is authorized to manage the application's configuration
+     *
+     * @throws ContinuumException
+     *                                if the user isn't authorized if the user isn't authenticated
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkManageConfigurationAuthorization()
+        throws ContinuumException, ContinuumException
+    {
+        if ( !isAuthenticated() )
+        {
+            throw new ContinuumException( "Authentication required." );
+        }
+
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION );
+    }
+
+    /**
+     * Check if the current user is authorized to manage the project build schedules
+     *
+     * @throws ContinuumException
+     *                                if the user isn't authorized if the user isn't authenticated
+     * @throws ContinuumException if the user isn't authorized if the user isn't authorized
+     */
+    protected void checkManageSchedulesAuthorization()
+        throws ContinuumException, ContinuumException
+    {
+        if ( !isAuthenticated() )
+        {
+            throw new ContinuumException( "Authentication required." );
+        }
+
+        checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES );
     }
 }

Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java?view=diff&rev=537946&r1=537945&r2=537946
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
(original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
Mon May 14 11:46:07 2007
@@ -54,9 +54,11 @@
     // Projects
     // ----------------------------------------------------------------------
 
-    public List getProjects()
+    public List getProjects( int projectGroupId )
         throws ContinuumException
     {
+        checkViewProjectGroupAuthorization( getProjectGroupName( projectGroupId ) );
+
         List projectsList = new ArrayList();
 
         Collection projects = continuum.getProjects();
@@ -77,6 +79,9 @@
         throws ContinuumException
     {
         org.apache.maven.continuum.model.project.Project project = continuum.getProject(
projectId );
+
+        checkViewProjectGroupAuthorization( project.getProjectGroup().getName() );
+
         return populateProjectSummary( project );
     }
 
@@ -84,6 +89,9 @@
         throws ContinuumException
     {
         org.apache.maven.continuum.model.project.Project project = continuum.getProjectWithAllDetails(
projectId );
+
+        checkViewProjectGroupAuthorization( project.getProjectGroup().getName() );
+
         return populateProject( project );
     }
 
@@ -91,7 +99,12 @@
     public int removeProject( int projectId )
         throws ContinuumException
     {
+        ProjectSummary ps = getProjectSummary( projectId );
+
+        checkRemoveProjectFromGroupAuthorization( ps.getProjectGroup().getName() );
+
         continuum.removeProject( projectId );
+
         return 0;
     }
 
@@ -99,6 +112,15 @@
     // Projects Groups
     // ----------------------------------------------------------------------
 
+    public String getProjectGroupName( int projectGroupId )
+        throws ContinuumException
+    {
+        checkViewProjectGroupAuthorization( getProjectGroupName( projectGroupId ) );
+
+        ProjectGroupSummary pgs = getProjectGroupSummary( projectGroupId );
+        return pgs.getName();
+    }
+
     public ProjectGroupSummary getProjectGroupSummary( int projectGroupId )
         throws ContinuumException
     {
@@ -205,8 +227,7 @@
     public AddingResult addMavenTwoProject( String url, int projectGroupId )
         throws ContinuumException
     {
-        ProjectGroupSummary pgs = getProjectGroupSummary( projectGroupId );
-        checkAddProjectToGroupAuthorization( pgs.getName() );
+        checkAddProjectToGroupAuthorization( getProjectGroupName( projectGroupId ) );
 
         ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url, projectGroupId
);
         return populateAddingResult( result );



Mime
View raw message