Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-09 06:55:47 +01:00
Code Issues Packages Projects Releases Activity

merge with branch 1.x

Browse Source
This commit is contained in:
Sebastian Sdorra
2014-08-15 23:53:31 +02:00
parent 3abbff2317 b394950088
commit f1a0435014
45 changed files with 1512 additions and 244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scm-webapp/src/main/java/sonia/scm/ScmServletModule.java
View File

@@ -55,6 +55,7 @@ import sonia.scm.event.ScmEventBus;
import sonia.scm.filter.AdminSecurityFilter;
import sonia.scm.filter.BaseUrlFilter;
import sonia.scm.filter.GZipFilter;
import sonia.scm.filter.MDCFilter;
import sonia.scm.filter.SecurityFilter;
import sonia.scm.group.DefaultGroupManager;
import sonia.scm.group.GroupDAO;
@@ -340,6 +341,9 @@ public class ScmServletModule extends JerseyServletModule
filter(PATTERN_RESTAPI, PATTERN_DEBUG).through(SecurityFilter.class);
filter(PATTERN_CONFIG, PATTERN_ADMIN).through(AdminSecurityFilter.class);
// added mdcs for logging
filter(PATTERN_ALL).through(MDCFilter.class);
// debug servlet
serve(PATTERN_DEBUG).with(DebugServlet.class);

86
scm-webapp/src/main/java/sonia/scm/api/rest/resources/CipherResource.java Normal file
View File

@@ -0,0 +1,86 @@
/**
* Copyright (c) 2010, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.api.rest.resources;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import org.apache.shiro.SecurityUtils;
import sonia.scm.security.CipherUtil;
import sonia.scm.security.Role;
//~--- JDK imports ------------------------------------------------------------
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* Rest resource to encrypt values.
*
* @author Sebastian Sdorra
* @since 1.41
*/
@Path("security/cipher")
public class CipherResource
{
/**
* Encrypts the request body and returns an encrypted string. This method can
* only executed with administration privileges.<br />
* <br />
* <ul>
* <li>200 success</li>
* <li>500 internal server error</li>
* </ul>
*
* @param value value to encrypt
*
* @return unique key
*/
@POST
@Path("encrypt")
@Produces(MediaType.TEXT_PLAIN)
public String encrypt(String value)
{
SecurityUtils.getSubject().checkRole(Role.ADMIN);
Preconditions.checkArgument(!Strings.isNullOrEmpty(value),
"value is required");
return CipherUtil.getInstance().encode(value);
}
}

98
scm-webapp/src/main/java/sonia/scm/api/rest/resources/KeyResource.java Normal file
View File

@@ -0,0 +1,98 @@
/**
* Copyright (c) 2010, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.api.rest.resources;
//~--- non-JDK imports --------------------------------------------------------
import com.google.inject.Inject;
import org.apache.shiro.SecurityUtils;
import sonia.scm.security.KeyGenerator;
import sonia.scm.security.Role;
//~--- JDK imports ------------------------------------------------------------
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
/**
* Rest resource to generate unique keys.
*
* @author Sebastian Sdorra
* @since 1.41
*/
@Path("security/key")
public class KeyResource
{
/**
* Constructs a new KeyResource.
*
*
* @param keyGenerator key generator
*/
@Inject
public KeyResource(KeyGenerator keyGenerator)
{
this.keyGenerator = keyGenerator;
}
//~--- methods --------------------------------------------------------------
/**
* Generates a unique key. This method can only executed with administration
* privileges.<br />
* <br />
* <ul>
* <li>200 success</li>
* <li>500 internal server error</li>
* </ul>
*
* @return unique key
*/
@GET
@Produces(MediaType.TEXT_PLAIN)
public String generateKey()
{
SecurityUtils.getSubject().checkRole(Role.ADMIN);
return keyGenerator.createKey();
}
//~--- fields ---------------------------------------------------------------
/** Field description */
private final KeyGenerator keyGenerator;
}

131
scm-webapp/src/main/java/sonia/scm/filter/MDCFilter.java Normal file
View File

@@ -0,0 +1,131 @@
/**
* Copyright (c) 2010, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.filter;
//~--- non-JDK imports --------------------------------------------------------
import com.google.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.MDC;
import sonia.scm.SCMContext;
import sonia.scm.web.filter.HttpFilter;
//~--- JDK imports ------------------------------------------------------------
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* @author Sebastian Sdorra
*/
@Singleton
public class MDCFilter extends HttpFilter
{
/** Field description */
private static final String MDC_CLIEN_HOST = "client_host";
/** Field description */
private static final String MDC_CLIEN_IP = "client_ip";
/** Field description */
private static final String MDC_USERNAME = "username";
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @param request
* @param response
* @param chain
*
* @throws IOException
* @throws ServletException
*/
@Override
protected void doFilter(HttpServletRequest request,
HttpServletResponse response, FilterChain chain)
throws IOException, ServletException
{
MDC.put(MDC_USERNAME, getUsername());
MDC.put(MDC_CLIEN_IP, request.getRemoteAddr());
MDC.put(MDC_CLIEN_HOST, request.getRemoteHost());
try
{
chain.doFilter(request, response);
}
finally
{
MDC.remove(MDC_USERNAME);
MDC.remove(MDC_CLIEN_IP);
MDC.remove(MDC_CLIEN_HOST);
}
}
//~--- get methods ----------------------------------------------------------
/**
* Method description
*
*
* @return
*/
private String getUsername()
{
Subject subject = SecurityUtils.getSubject();
String username;
Object principal = subject.getPrincipal();
if (principal == null)
{
username = SCMContext.USER_ANONYMOUS;
}
else
{
username = principal.toString();
}
return username;
}
}

164
scm-webapp/src/main/java/sonia/scm/plugin/AdvancedPluginConfiguration.java Normal file
View File

@@ -0,0 +1,164 @@
/**
* Copyright (c) 2010, Sebastian Sdorra All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer. 2. Redistributions in
* binary form must reproduce the above copyright notice, this list of
* conditions and the following disclaimer in the documentation and/or other
* materials provided with the distribution. 3. Neither the name of SCM-Manager;
* nor the names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* http://bitbucket.org/sdorra/scm-manager
*
*/
package sonia.scm.plugin;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.collect.ImmutableSet;
import sonia.scm.xml.XmlCipherStringAdapter;
//~--- JDK imports ------------------------------------------------------------
import java.util.Set;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
/**
*
* @author Sebastian Sdorra
* @since 1.41
*/
@XmlAccessorType(XmlAccessType.FIELD)
@XmlRootElement(name = "advanced-configuration")
public class AdvancedPluginConfiguration
{
/**
* Method description
*
*
* @return
*/
public Set<PluginRepository> getRepositories()
{
if (repositories == null)
{
repositories = ImmutableSet.of();
}
return repositories;
}
/**
* Method description
*
*
* @return
*/
public Set<Server> getServers()
{
if (servers == null)
{
servers = ImmutableSet.of();
}
return servers;
}
//~--- inner classes --------------------------------------------------------
/**
* Class description
*
*
* @version Enter version here..., 14/07/20
* @author Enter your name here...
*/
@XmlAccessorType(XmlAccessType.FIELD)
public static class Server
{
/**
* Method description
*
*
* @return
*/
public String getId()
{
return id;
}
/**
* Method description
*
*
* @return
*/
public String getPassword()
{
return password;
}
/**
* Method description
*
*
* @return
*/
public String getUsername()
{
return username;
}
//~--- fields -------------------------------------------------------------
/** Field description */
private String id;
/** Field description */
@XmlJavaTypeAdapter(XmlCipherStringAdapter.class)
private String password;
/** Field description */
private String username;
}
//~--- fields ---------------------------------------------------------------
/** Field description */
@XmlElement(name = "repository")
@XmlElementWrapper(name = "repositories")
private Set<PluginRepository> repositories;
/** Field description */
@XmlElement(name = "server")
@XmlElementWrapper(name = "servers")
private Set<Server> servers;
}

13
scm-webapp/src/main/java/sonia/scm/plugin/DefaultPluginManager.java
View File

@@ -38,7 +38,6 @@ package sonia.scm.plugin;
import com.github.legman.Subscribe;
import com.google.common.base.Predicate;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
import com.google.inject.Inject;
import com.google.inject.Provider;
@@ -48,7 +47,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.ConfigurationException;
import sonia.scm.SCMContext;
import sonia.scm.SCMContextProvider;
import sonia.scm.cache.Cache;
import sonia.scm.cache.CacheManager;
@@ -100,6 +98,10 @@ public class DefaultPluginManager implements PluginManager
/** Field description */
public static final String ENCODING = "UTF-8";
/** Field description */
private static final String ADVANCED_CONFIGURATION =
"advanced-configuration.xml";
/** the logger for DefaultPluginManager */
private static final Logger logger =
LoggerFactory.getLogger(DefaultPluginManager.class);
@@ -116,10 +118,6 @@ public class DefaultPluginManager implements PluginManager
/**
* Constructs ...
*
*
*
*
*
* @param context
* @param configuration
* @param pluginLoader
@@ -647,7 +645,8 @@ public class DefaultPluginManager implements PluginManager
/*if (pluginHandler == null)
{
pluginHandler = new AetherPluginHandler(this,
SCMContext.getContext(), configuration);
SCMContext.getContext(), configuration,
advancedPluginConfiguration);
}
pluginHandler.setPluginRepositories(center.getRepositories());*/

18
scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java
View File

@@ -36,8 +36,10 @@ package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import com.github.legman.Subscribe;
import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableList.Builder;
import com.google.inject.Inject;
@@ -125,6 +127,7 @@ public class DefaultSecuritySystem implements SecuritySystem
public StoredAssignedPermission addPermission(AssignedPermission permission)
{
assertIsAdmin();
validatePermission(permission);
String id = store.put(permission);
@@ -234,6 +237,7 @@ public class DefaultSecuritySystem implements SecuritySystem
public void modifyPermission(StoredAssignedPermission permission)
{
assertIsAdmin();
validatePermission(permission);
synchronized (store)
{
@@ -425,6 +429,20 @@ public class DefaultSecuritySystem implements SecuritySystem
availablePermissions = builder.build();
}
/**
* Method description
*
*
* @param perm
*/
private void validatePermission(AssignedPermission perm)
{
Preconditions.checkArgument(!Strings.isNullOrEmpty(perm.getName()),
"name is required");
Preconditions.checkArgument(!Strings.isNullOrEmpty(perm.getPermission()),
"permission is required");
}
//~--- get methods ----------------------------------------------------------
/**

34
scm-webapp/src/main/java/sonia/scm/security/RepositoryPermissionResolver.java
View File

@@ -36,6 +36,7 @@ package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import org.apache.shiro.authz.permission.PermissionResolver;
@@ -76,24 +77,33 @@ public class RepositoryPermissionResolver implements PermissionResolver
public RepositoryPermission resolvePermission(String permissionString)
{
RepositoryPermission permission = null;
Iterator<String> permissionIt =
Splitter.on(':').omitEmptyStrings().trimResults().split(
permissionString).iterator();
if (permissionIt.hasNext())
if (!Strings.isNullOrEmpty(permissionString))
{
String type = permissionIt.next();
Iterator<String> permissionIt =
Splitter.on(':').omitEmptyStrings().trimResults().split(
permissionString).iterator();
if (type.equals(RepositoryPermission.TYPE))
if (permissionIt.hasNext())
{
permission = createRepositoryPermission(permissionIt);
}
else if (logger.isWarnEnabled())
{
logger.warn("permission '{}' is not a repository permission",
permissionString);
String type = permissionIt.next();
if (type.equals(RepositoryPermission.TYPE))
{
permission = createRepositoryPermission(permissionIt);
}
else if (logger.isWarnEnabled())
{
logger.warn("permission '{}' is not a repository permission",
permissionString);
}
}
}
else
{
logger.warn(
"permision string is empty, could not resolve empty permission");
}
return permission;
}