From continuum-commits-return-3137-apmail-maven-continuum-commits-archive=maven.apache.org@maven.apache.org Mon May 14 18:46:30 2007 Return-Path: Delivered-To: apmail-maven-continuum-commits-archive@www.apache.org Received: (qmail 51066 invoked from network); 14 May 2007 18:46:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 May 2007 18:46:29 -0000 Received: (qmail 18354 invoked by uid 500); 14 May 2007 18:46:36 -0000 Delivered-To: apmail-maven-continuum-commits-archive@maven.apache.org Received: (qmail 18329 invoked by uid 500); 14 May 2007 18:46:36 -0000 Mailing-List: contact continuum-commits-help@maven.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: continuum-dev@maven.apache.org Delivered-To: mailing list continuum-commits@maven.apache.org Received: (qmail 18312 invoked by uid 99); 14 May 2007 18:46:36 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 May 2007 11:46:36 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 May 2007 11:46:28 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 73BEF1A9838; Mon, 14 May 2007 11:46:08 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r537946 - in /maven/continuum/trunk/continuum-xmlrpc: continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ continuum-xmlrpc-server/src/main/jav... Date: Mon, 14 May 2007 18:46:08 -0000 To: continuum-commits@maven.apache.org From: evenisse@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070514184608.73BEF1A9838@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: evenisse Date: Mon May 14 11:46:07 2007 New Revision: 537946 URL: http://svn.apache.org/viewvc?view=rev&rev=537946 Log: [CONTINUUM-684] Add security to xmlrpc. Need more work to do. Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java?view=diff&rev=537946&r1=537945&r2=537946 ============================================================================== --- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java (original) +++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-api/src/main/java/org/apache/maven/continuum/xmlrpc/ContinuumService.java Mon May 14 11:46:07 2007 @@ -43,11 +43,12 @@ /** * Get All projects. * + * @param projectGroupId The project group Id * @return List of {@link ProjectSummary} * @throws ContinuumException * @throws XmlRpcException */ - List getProjects() + List getProjects( int projectGroupId ) throws ContinuumException, XmlRpcException; /** Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java?view=diff&rev=537946&r1=537945&r2=537946 ============================================================================== --- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java (original) +++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/ContinuumXmlRpcClient.java Mon May 14 11:46:07 2007 @@ -93,12 +93,12 @@ // Projects // ---------------------------------------------------------------------- - public List getProjects() + public List getProjects( int projectGroupId ) throws ContinuumException { try { - return continuum.getProjects(); + return continuum.getProjects( projectGroupId ); } catch ( Exception e ) { Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java?view=diff&rev=537946&r1=537945&r2=537946 ============================================================================== --- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java (original) +++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-client/src/main/java/org/apache/maven/continuum/xmlrpc/client/SampleClient.java Mon May 14 11:46:07 2007 @@ -28,9 +28,11 @@ } System.out.println( "Project Groups added." ); System.out.println( "=====================" ); + int projectGroupId = 0; for ( Iterator i = result.getProjectGroups().iterator(); i.hasNext(); ) { ProjectGroupSummary pg = (ProjectGroupSummary) i.next(); + projectGroupId = pg.getId(); System.out.println( "Id: " + pg.getId() ); System.out.println( "Group Id" + pg.getGroupId() ); System.out.println( "Name: " + pg.getName() ); @@ -86,7 +88,7 @@ System.out.println( "Projects list." ); System.out.println( "=====================" ); - List projects = client.getProjects(); + List projects = client.getProjects( projectGroupId ); for ( Iterator i = projects.iterator(); i.hasNext(); ) { ps = (ProjectSummary) i.next(); Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java?view=diff&rev=537946&r1=537945&r2=537946 ============================================================================== --- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java (original) +++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/AbstractContinuumSecureService.java Mon May 14 11:46:07 2007 @@ -23,6 +23,7 @@ import org.apache.maven.continuum.security.ContinuumRoleConstants; import org.apache.maven.continuum.xmlrpc.ContinuumService; import org.codehaus.plexus.redback.authorization.AuthorizationException; +import org.codehaus.plexus.redback.system.SecuritySession; import org.codehaus.plexus.redback.system.SecuritySystem; import org.codehaus.plexus.util.StringUtils; @@ -50,6 +51,26 @@ return securitySystem; } + public SecuritySession getSecuritySession() + { + return config.getSecuritySession(); + } + + /** + * Check if the current user is already authenticated + * + * @return true if the user is authenticated + */ + public boolean isAuthenticated() + { + if ( getSecuritySession() == null || !getSecuritySession().isAuthenticated() ) + { + return false; + } + + return true; + } + /** * Check if the current user is authorized to do the action * @@ -110,6 +131,18 @@ } /** + * Check if the current user is authorized to view the specified project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkViewProjectGroupAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_VIEW_GROUP_OPERATION, resource ); + } + + /** * Check if the current user is authorized to add a project group * * @throws ContinuumException if the user isn't authorized if the user isn't authorized @@ -121,6 +154,42 @@ } /** + * Check if the current user is authorized to delete the specified project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkRemoveProjectGroupAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to build the specified project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkBuildProjectGroupAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_GROUP_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to modify the specified project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkModifyProjectGroupAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_OPERATION, resource ); + } + + /** * Check if the current user is authorized to add a project to a specific project group * * @param resource the operation resource @@ -130,5 +199,229 @@ throws ContinuumException { checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_TO_GROUP_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to delete a project from a specified group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkRemoveProjectFromGroupAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_FROM_GROUP_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to modify a project in the specified group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkModifyProjectInGroupAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_IN_GROUP_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to build a project in the specified group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkBuildProjectInGroupAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_BUILD_PROJECT_IN_GROUP_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to add a build definition for the specified + * project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkAddGroupBuildDefinitionAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_BUILD_DEFINTION_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to delete a build definition in the specified + * project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkRemoveGroupBuildDefinitionAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_BUILD_DEFINITION_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to modify a build definition in the specified + * project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkModifyGroupBuildDefinitionAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_BUILD_DEFINITION_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to add a group build definition to a specific + * project + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkAddProjectBuildDefinitionAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_BUILD_DEFINTION_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to modify a build definition of a specific project + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkModifyProjectBuildDefinitionAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_BUILD_DEFINITION_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to delete a build definition of a specific + * project + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkRemoveProjectBuildDefinitionAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_BUILD_DEFINITION_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to add a notifier to the specified + * project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkAddProjectGroupNotifierAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_GROUP_NOTIFIER_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to delete a notifier in the specified + * project group + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkRemoveProjectGroupNotifierAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_GROUP_NOTIFIER_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to modify a notifier in the specified + * project group + * + * @param resource the operartion resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkModifyProjectGroupNotifierAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_GROUP_NOTIFIER_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to add a notifier to a specific project + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkAddProjectNotifierAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_ADD_PROJECT_NOTIFIER_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to delete a notifier in a specific project + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkRemoveProjectNotifierAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_REMOVE_PROJECT_NOTIFIER_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to modify a notifier in a specific project + * + * @param resource the operation resource + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkModifyProjectNotifierAuthorization( String resource ) + throws ContinuumException + { + checkAuthorization( ContinuumRoleConstants.CONTINUUM_MODIFY_PROJECT_NOTIFIER_OPERATION, resource ); + } + + /** + * Check if the current user is authorized to manage the application's configuration + * + * @throws ContinuumException + * if the user isn't authorized if the user isn't authenticated + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkManageConfigurationAuthorization() + throws ContinuumException, ContinuumException + { + if ( !isAuthenticated() ) + { + throw new ContinuumException( "Authentication required." ); + } + + checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_CONFIGURATION ); + } + + /** + * Check if the current user is authorized to manage the project build schedules + * + * @throws ContinuumException + * if the user isn't authorized if the user isn't authenticated + * @throws ContinuumException if the user isn't authorized if the user isn't authorized + */ + protected void checkManageSchedulesAuthorization() + throws ContinuumException, ContinuumException + { + if ( !isAuthenticated() ) + { + throw new ContinuumException( "Authentication required." ); + } + + checkAuthorization( ContinuumRoleConstants.CONTINUUM_MANAGE_SCHEDULES ); } } Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java?view=diff&rev=537946&r1=537945&r2=537946 ============================================================================== --- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java (original) +++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java Mon May 14 11:46:07 2007 @@ -54,9 +54,11 @@ // Projects // ---------------------------------------------------------------------- - public List getProjects() + public List getProjects( int projectGroupId ) throws ContinuumException { + checkViewProjectGroupAuthorization( getProjectGroupName( projectGroupId ) ); + List projectsList = new ArrayList(); Collection projects = continuum.getProjects(); @@ -77,6 +79,9 @@ throws ContinuumException { org.apache.maven.continuum.model.project.Project project = continuum.getProject( projectId ); + + checkViewProjectGroupAuthorization( project.getProjectGroup().getName() ); + return populateProjectSummary( project ); } @@ -84,6 +89,9 @@ throws ContinuumException { org.apache.maven.continuum.model.project.Project project = continuum.getProjectWithAllDetails( projectId ); + + checkViewProjectGroupAuthorization( project.getProjectGroup().getName() ); + return populateProject( project ); } @@ -91,7 +99,12 @@ public int removeProject( int projectId ) throws ContinuumException { + ProjectSummary ps = getProjectSummary( projectId ); + + checkRemoveProjectFromGroupAuthorization( ps.getProjectGroup().getName() ); + continuum.removeProject( projectId ); + return 0; } @@ -99,6 +112,15 @@ // Projects Groups // ---------------------------------------------------------------------- + public String getProjectGroupName( int projectGroupId ) + throws ContinuumException + { + checkViewProjectGroupAuthorization( getProjectGroupName( projectGroupId ) ); + + ProjectGroupSummary pgs = getProjectGroupSummary( projectGroupId ); + return pgs.getName(); + } + public ProjectGroupSummary getProjectGroupSummary( int projectGroupId ) throws ContinuumException { @@ -205,8 +227,7 @@ public AddingResult addMavenTwoProject( String url, int projectGroupId ) throws ContinuumException { - ProjectGroupSummary pgs = getProjectGroupSummary( projectGroupId ); - checkAddProjectToGroupAuthorization( pgs.getName() ); + checkAddProjectToGroupAuthorization( getProjectGroupName( projectGroupId ) ); ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url, projectGroupId ); return populateAddingResult( result );