From 9d29df882b280a7c03d54ee3902bd7598f353a90 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Sat, 30 Jul 2011 11:25:57 +0200 Subject: [PATCH] added runAsAdmin api --- .../web/security/AdministrationContext.java | 60 +++++++ .../scm/web/security/PrivilegedAction.java | 41 +++++ .../java/sonia/scm/ScmContextListener.java | 4 + .../main/java/sonia/scm/ScmServletModule.java | 13 +- .../AdministrationSecurityContext.java | 146 ++++++++++++++++ .../DefaultAdministrationContext.java | 163 ++++++++++++++++++ .../security/LocalSecurityContextHolder.java | 96 +++++++++++ .../web/security/SecurityContextProvider.java | 108 ++++++++++++ .../sonia/scm/web/security/SecurityUtil.java | 82 +++++++++ .../sonia/scm/web/security/system-account.xml | 18 ++ 10 files changed, 729 insertions(+), 2 deletions(-) create mode 100644 scm-core/src/main/java/sonia/scm/web/security/AdministrationContext.java create mode 100644 scm-core/src/main/java/sonia/scm/web/security/PrivilegedAction.java create mode 100644 scm-webapp/src/main/java/sonia/scm/web/security/AdministrationSecurityContext.java create mode 100644 scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java create mode 100644 scm-webapp/src/main/java/sonia/scm/web/security/LocalSecurityContextHolder.java create mode 100644 scm-webapp/src/main/java/sonia/scm/web/security/SecurityContextProvider.java create mode 100644 scm-webapp/src/main/java/sonia/scm/web/security/SecurityUtil.java create mode 100644 scm-webapp/src/main/resources/sonia/scm/web/security/system-account.xml diff --git a/scm-core/src/main/java/sonia/scm/web/security/AdministrationContext.java b/scm-core/src/main/java/sonia/scm/web/security/AdministrationContext.java new file mode 100644 index 0000000000..b9c286827b --- /dev/null +++ b/scm-core/src/main/java/sonia/scm/web/security/AdministrationContext.java @@ -0,0 +1,60 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.web.security; + +/** + * Execute actions with administration privileges. + * + * @author Sebastian Sdorra + * @since 1.6 + */ +public interface AdministrationContext +{ + + /** + * Executes the given action with administration privileges. + * + * + * @param action to execute + */ + public void runAsAdmin(PrivilegedAction action); + + /** + * Executes the given action with administration privileges. + * + * + * @param actionClass to execute + */ + public void runAsAdmin(Class actionClass); +} diff --git a/scm-core/src/main/java/sonia/scm/web/security/PrivilegedAction.java b/scm-core/src/main/java/sonia/scm/web/security/PrivilegedAction.java new file mode 100644 index 0000000000..5713585f20 --- /dev/null +++ b/scm-core/src/main/java/sonia/scm/web/security/PrivilegedAction.java @@ -0,0 +1,41 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.web.security; + +/** + * + * @author Sebastian Sdorra + * @since 1.6 + */ +public interface PrivilegedAction extends Runnable {} diff --git a/scm-webapp/src/main/java/sonia/scm/ScmContextListener.java b/scm-webapp/src/main/java/sonia/scm/ScmContextListener.java index 6c75c5db86..b0c0f02f6a 100644 --- a/scm-webapp/src/main/java/sonia/scm/ScmContextListener.java +++ b/scm-webapp/src/main/java/sonia/scm/ScmContextListener.java @@ -49,6 +49,7 @@ import sonia.scm.store.StoreFactory; import sonia.scm.user.UserManager; import sonia.scm.util.IOUtil; import sonia.scm.web.security.AuthenticationManager; +import sonia.scm.web.security.LocalSecurityContextHolder; //~--- JDK imports ------------------------------------------------------------ @@ -93,6 +94,9 @@ public class ScmContextListener extends GuiceServletContextListener // close CacheManager IOUtil.close(injector.getInstance(CacheManager.class)); + + // remove thread local store + injector.getInstance(LocalSecurityContextHolder.class).destroy(); } super.contextDestroyed(servletContextEvent); diff --git a/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java b/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java index b9d323231a..b5dcd6135a 100644 --- a/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java +++ b/scm-webapp/src/main/java/sonia/scm/ScmServletModule.java @@ -35,6 +35,7 @@ package sonia.scm; //~--- non-JDK imports -------------------------------------------------------- +import com.google.inject.name.Names; import com.google.inject.servlet.ServletModule; import org.slf4j.Logger; @@ -76,9 +77,13 @@ import sonia.scm.util.DebugServlet; import sonia.scm.util.ScmConfigurationUtil; import sonia.scm.web.cgi.CGIExecutorFactory; import sonia.scm.web.cgi.DefaultCGIExecutorFactory; +import sonia.scm.web.security.AdministrationContext; import sonia.scm.web.security.AuthenticationManager; import sonia.scm.web.security.BasicSecurityContext; import sonia.scm.web.security.ChainAuthenticatonManager; +import sonia.scm.web.security.DefaultAdministrationContext; +import sonia.scm.web.security.LocalSecurityContextHolder; +import sonia.scm.web.security.SecurityContextProvider; import sonia.scm.web.security.WebSecurityContext; //~--- JDK imports ------------------------------------------------------------ @@ -206,8 +211,12 @@ public class ScmServletModule extends ServletModule // bind security stuff bind(AuthenticationManager.class).to(ChainAuthenticatonManager.class); - bind(SecurityContext.class).to(BasicSecurityContext.class); - bind(WebSecurityContext.class).to(BasicSecurityContext.class); + bind(LocalSecurityContextHolder.class); + bind(WebSecurityContext.class).annotatedWith(Names.named("userSession")).to( + BasicSecurityContext.class); + bind(SecurityContext.class).toProvider(SecurityContextProvider.class); + bind(WebSecurityContext.class).toProvider(SecurityContextProvider.class); + bind(AdministrationContext.class).to(DefaultAdministrationContext.class); // bind security cache bind(CacheManager.class).to(EhCacheManager.class); diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/AdministrationSecurityContext.java b/scm-webapp/src/main/java/sonia/scm/web/security/AdministrationSecurityContext.java new file mode 100644 index 0000000000..a77142d3af --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/web/security/AdministrationSecurityContext.java @@ -0,0 +1,146 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.web.security; + +//~--- non-JDK imports -------------------------------------------------------- + +import sonia.scm.user.User; + +//~--- JDK imports ------------------------------------------------------------ + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * + * @author Sebastian Sdorra + */ +public class AdministrationSecurityContext implements WebSecurityContext +{ + + /** + * Constructs ... + * + * + * @param user + */ + public AdministrationSecurityContext(User user) + { + this.user = user; + } + + //~--- methods -------------------------------------------------------------- + + /** + * Method description + * + * + * @param request + * @param response + * @param username + * @param password + * + * @return + */ + @Override + public User authenticate(HttpServletRequest request, + HttpServletResponse response, String username, + String password) + { + throw new UnsupportedOperationException("Not supported yet."); + } + + /** + * Method description + * + * + * @param request + * @param response + */ + @Override + public void logout(HttpServletRequest request, HttpServletResponse response) + { + throw new UnsupportedOperationException("Not supported yet."); + } + + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @return + */ + @Override + public Collection getGroups() + { + return groups; + } + + /** + * Method description + * + * + * @return + */ + @Override + public User getUser() + { + return user; + } + + /** + * Method description + * + * + * @return + */ + @Override + public boolean isAuthenticated() + { + return true; + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + private List groups = new ArrayList(); + + /** Field description */ + private User user; +} diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java b/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java new file mode 100644 index 0000000000..90e50ba8fe --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/web/security/DefaultAdministrationContext.java @@ -0,0 +1,163 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, sEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.web.security; + +//~--- non-JDK imports -------------------------------------------------------- + +import com.google.inject.Inject; +import com.google.inject.Injector; +import com.google.inject.Provider; +import com.google.inject.Singleton; +import com.google.inject.name.Named; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import sonia.scm.user.User; +import sonia.scm.util.AssertUtil; + +//~--- JDK imports ------------------------------------------------------------ + +import java.net.URL; + +import javax.xml.bind.JAXB; + +/** + * + * @author Sebastian Sdorra + */ +@Singleton +public class DefaultAdministrationContext implements AdministrationContext +{ + + /** Field description */ + public static final String SYSTEM_ACCOUNT = + "/sonia/scm/web/security/system-account.xml"; + + /** the logger for DefaultAdministrationContext */ + private static final Logger logger = + LoggerFactory.getLogger(DefaultAdministrationContext.class); + + //~--- constructors --------------------------------------------------------- + + /** + * Constructs ... + * + * + * @param injector + * @param userSessionProvider + * @param contextHolder + */ + @Inject + public DefaultAdministrationContext(Injector injector, + @Named("userSession") Provider userSessionProvider, + LocalSecurityContextHolder contextHolder) + { + this.injector = injector; + this.userSessionProvider = userSessionProvider; + this.contextHolder = contextHolder; + + URL url = DefaultAdministrationContext.class.getResource(SYSTEM_ACCOUNT); + + if (url == null) + { + throw new RuntimeException("could not find resource for system account"); + } + + User user = JAXB.unmarshal(url, User.class); + + adminContext = new AdministrationSecurityContext(user); + } + + //~--- methods -------------------------------------------------------------- + + /** + * Method description + * + * + * @param action + */ + @Override + public void runAsAdmin(PrivilegedAction action) + { + AssertUtil.assertIsNotNull(action); + + if (logger.isWarnEnabled()) + { + String user = SecurityUtil.getUsername(userSessionProvider); + + logger.warn("user {} executes {} as admin", user, + action.getClass().getName()); + } + + contextHolder.set(adminContext); + + try + { + action.run(); + } + finally + { + contextHolder.remove(); + } + } + + /** + * Method description + * + * + * @param actionClass + */ + @Override + public void runAsAdmin(Class actionClass) + { + PrivilegedAction action = injector.getInstance(actionClass); + + runAsAdmin(action); + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + private AdministrationSecurityContext adminContext; + + /** Field description */ + private LocalSecurityContextHolder contextHolder; + + /** Field description */ + private Injector injector; + + /** Field description */ + private Provider userSessionProvider; +} diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/LocalSecurityContextHolder.java b/scm-webapp/src/main/java/sonia/scm/web/security/LocalSecurityContextHolder.java new file mode 100644 index 0000000000..6f0277f25a --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/web/security/LocalSecurityContextHolder.java @@ -0,0 +1,96 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.web.security; + +import com.google.inject.Singleton; + +/** + * + * @author Sebastian Sdorra + */ +@Singleton +public class LocalSecurityContextHolder +{ + + /** + * Method description + * + */ + public void destroy() + { + store.remove(); + store = null; + } + + /** + * Method description + * + */ + public void remove() + { + store.remove(); + } + + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @return + */ + public WebSecurityContext get() + { + return store.get(); + } + + //~--- set methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @param value + */ + public void set(WebSecurityContext value) + { + store.set(value); + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + private ThreadLocal store = + new ThreadLocal(); +} diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/SecurityContextProvider.java b/scm-webapp/src/main/java/sonia/scm/web/security/SecurityContextProvider.java new file mode 100644 index 0000000000..fae4f1dfb3 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/web/security/SecurityContextProvider.java @@ -0,0 +1,108 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.web.security; + +//~--- non-JDK imports -------------------------------------------------------- + +import com.google.inject.Inject; +import com.google.inject.Provider; +import com.google.inject.name.Named; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * + * @author Sebastian Sdorra + */ +public class SecurityContextProvider implements Provider +{ + + /** the logger for SecurityContextProvider */ + private static final Logger logger = + LoggerFactory.getLogger(SecurityContextProvider.class); + + //~--- constructors --------------------------------------------------------- + + /** + * Constructs ... + * + * + * @param sessionContext + * @param localContext + */ + @Inject + public SecurityContextProvider( + @Named("userSession") Provider sessionContext, + LocalSecurityContextHolder localContext) + { + this.sessionContext = sessionContext; + this.localContext = localContext; + } + + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @return + */ + @Override + public WebSecurityContext get() + { + WebSecurityContext context = localContext.get(); + + if (context == null) + { + context = sessionContext.get(); + } + else if (logger.isDebugEnabled()) + { + String user = SecurityUtil.getUsername(sessionContext); + + logger.debug("return system session for user {}", user); + } + + return context; + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + private LocalSecurityContextHolder localContext; + + /** Field description */ + private Provider sessionContext; +} diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/SecurityUtil.java b/scm-webapp/src/main/java/sonia/scm/web/security/SecurityUtil.java new file mode 100644 index 0000000000..84b735cfa4 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/web/security/SecurityUtil.java @@ -0,0 +1,82 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.web.security; + +//~--- non-JDK imports -------------------------------------------------------- + +import com.google.inject.Provider; + +import sonia.scm.SCMContext; + +/** + * + * @author Sebastian Sdorra + */ +public class SecurityUtil +{ + + /** + * Method description + * + * + * @param securityContextProvider + * + * @return + */ + public static String getUsername( + Provider securityContextProvider) + { + return getUsername(securityContextProvider.get()); + } + + /** + * Method description + * + * + * @param securityContext + * + * @return + */ + public static String getUsername(WebSecurityContext securityContext) + { + String user = SCMContext.USER_ANONYMOUS; + + if ((securityContext != null) && (securityContext.getUser() != null)) + { + user = securityContext.getUser().getName(); + } + + return user; + } +} diff --git a/scm-webapp/src/main/resources/sonia/scm/web/security/system-account.xml b/scm-webapp/src/main/resources/sonia/scm/web/security/system-account.xml new file mode 100644 index 0000000000..448770c5da --- /dev/null +++ b/scm-webapp/src/main/resources/sonia/scm/web/security/system-account.xml @@ -0,0 +1,18 @@ + + + + + + scmsystem + SCM System + scm-sytem@scm-manager.com + * + true + xml + \ No newline at end of file