Return-Path: Delivered-To: apmail-archiva-commits-archive@www.apache.org Received: (qmail 56476 invoked from network); 8 May 2008 11:27:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 May 2008 11:27:28 -0000 Received: (qmail 42733 invoked by uid 500); 8 May 2008 11:27:26 -0000 Delivered-To: apmail-archiva-commits-archive@archiva.apache.org Received: (qmail 42661 invoked by uid 500); 8 May 2008 11:27:25 -0000 Mailing-List: contact commits-help@archiva.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@archiva.apache.org Delivered-To: mailing list commits@archiva.apache.org Received: (qmail 42564 invoked by uid 99); 8 May 2008 11:27:25 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 May 2008 04:27:25 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 May 2008 11:26:47 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 86A8A2388A04; Thu, 8 May 2008 04:27:01 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r654479 - in /archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src: main/java/org/apache/maven/archiva/web/rss/ test/java/org/apache/maven/archiva/web/rss/ Date: Thu, 08 May 2008 11:27:01 -0000 To: commits@archiva.apache.org From: oching@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080508112701.86A8A2388A04@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: oching Date: Thu May 8 04:27:00 2008 New Revision: 654479 URL: http://svn.apache.org/viewvc?rev=654479&view=rev Log: [MRM-773] -use authentication scheme used in RepositoryServlet -temporarily commented out authentication for new versions of artifacts Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java?rev=654479&r1=654478&r2=654479&view=diff ============================================================================== --- archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java (original) +++ archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java Thu May 8 04:27:00 2008 @@ -40,14 +40,16 @@ import org.apache.maven.archiva.security.ArchivaSecurityException; import org.apache.maven.archiva.security.PrincipalNotFoundException; import org.apache.maven.archiva.security.UserRepositories; -import org.codehaus.plexus.redback.authentication.AuthenticationDataSource; import org.codehaus.plexus.redback.authentication.AuthenticationException; -import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource; +import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.authorization.AuthorizationException; +import org.codehaus.plexus.redback.authorization.AuthorizationResult; import org.codehaus.plexus.redback.policy.AccountLockedException; +import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.system.SecuritySession; import org.codehaus.plexus.redback.system.SecuritySystem; import org.codehaus.plexus.redback.users.UserNotFoundException; +import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; import org.codehaus.plexus.spring.PlexusToSpringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -85,6 +87,8 @@ private UserRepositories userRepositories; + private HttpAuthenticator httpAuth; + public void init( javax.servlet.ServletConfig servletConfig ) throws ServletException { @@ -94,11 +98,13 @@ (SecuritySystem) wac.getBean( PlexusToSpringUtils.buildSpringId( SecuritySystem.class.getName() ) ); userRepositories = (UserRepositories) wac.getBean( PlexusToSpringUtils.buildSpringId( UserRepositories.class.getName() ) ); + httpAuth = + (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) ); } public void doGet( HttpServletRequest req, HttpServletResponse res ) throws ServletException, IOException - { + { try { Map map = new HashMap(); @@ -107,16 +113,22 @@ String groupId = req.getParameter( "groupId" ); String artifactId = req.getParameter( "artifactId" ); - if ( isAuthorized( req ) ) + if( ( repoId == null ) && ( groupId == null && artifactId == null ) ) + { + res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Required fields not found in request." ); + return; + } + + if ( isAllowed( req ) ) { if ( repoId != null ) - { + { // new artifacts in repo feed request processor = (RssFeedProcessor) wac.getBean( PlexusToSpringUtils.buildSpringId( RssFeedProcessor.class.getName(), "new-artifacts" ) ); - map.put( RssFeedProcessor.KEY_REPO_ID, repoId ); + map.put( RssFeedProcessor.KEY_REPO_ID, repoId ); } else if ( ( groupId != null ) && ( artifactId != null ) ) { @@ -126,23 +138,18 @@ RssFeedProcessor.class.getName(), "new-versions" ) ); map.put( RssFeedProcessor.KEY_GROUP_ID, groupId ); - map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId ); - } - else - { - res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Required fields not found in request." ); - return; - } + map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId ); + } } else { res.sendError( HttpServletResponse.SC_UNAUTHORIZED, "Request is not authorized." ); return; } - + feed = processor.process( map ); res.setContentType( MIME_TYPE ); - + if ( repoId != null ) { feed.setLink( req.getRequestURL() + "?repoId=" + repoId ); @@ -188,55 +195,62 @@ * @param req * @return */ - private boolean isAuthorized( HttpServletRequest req ) + private boolean isAllowed( HttpServletRequest req ) throws UserNotFoundException, AccountLockedException, AuthenticationException, AuthorizationException { String auth = req.getHeader( "Authorization" ); - - if ( auth == null ) - { - return false; - } - - if ( !auth.toUpperCase().startsWith( "BASIC " ) ) - { - return false; - } - - Decoder dec = new Base64(); - String usernamePassword = ""; - try - { - usernamePassword = new String( ( byte[] ) dec.decode( auth.substring( 6 ).getBytes() ) ); - } - catch ( DecoderException ie ) - { - log.error( "Error decoding username and password.", ie.getMessage() ); - } - - String[] userCredentials = usernamePassword.split( ":" ); - String username = userCredentials[0]; - String password = userCredentials[1]; - - AuthenticationDataSource dataSource = new PasswordBasedAuthenticationDataSource( username, password ); - SecuritySession session = null; + // if ( auth == null ) + // { + // return false; + // } List repoIds = new ArrayList(); if ( req.getParameter( "repoId" ) != null ) { repoIds.add( req.getParameter( "repoId" ) ); } - else + + if ( auth != null ) { - repoIds = getObservableRepos( username ); - } + if ( !auth.toUpperCase().startsWith( "BASIC " ) ) + { + return false; + } + + Decoder dec = new Base64(); + String usernamePassword = ""; - session = securitySystem.authenticate( dataSource ); + try + { + usernamePassword = new String( (byte[]) dec.decode( auth.substring( 6 ).getBytes() ) ); + } + catch ( DecoderException ie ) + { + log.error( "Error decoding username and password.", ie.getMessage() ); + } + + if ( usernamePassword != null && !usernamePassword.trim().equals( "" ) ) + { + //String[] userCredentials = usernamePassword.split( ":" ); + //String username = userCredentials[0]; + //String password = userCredentials[1]; + + //AuthenticationDataSource dataSource = new PasswordBasedAuthenticationDataSource( username, password ); + //SecuritySession session = null; + + //if( req.getParameter( "groupId" ) != null && req.getParameter( "artifactId" ) != null ) + //{ + // repoIds = getObservableRepos( username ); + //} + } + } + //session = securitySystem.authenticate( dataSource ); for ( String repoId : repoIds ) - { - if ( securitySystem.isAuthorized( session, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) ) + { + //if ( securitySystem.isAuthorized( session, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) ) + if ( isAuthenticated( req, repoId ) && isAuthorized( req, repoId ) ) { return true; } @@ -266,4 +280,65 @@ return Collections.emptyList(); } + + private boolean isAuthenticated( HttpServletRequest request, String repositoryId ) + { + try + { + AuthenticationResult result = httpAuth.getAuthenticationResult( request, null ); + + if ( result != null && !result.isAuthenticated() ) + { + log.error( "User credentials is invalid." ); + return false; + } + } + catch ( AuthenticationException e ) + { + log.error( "User is not authenticated." ); + return false; + } + catch ( AccountLockedException e ) + { + log.error( "User account is locked." ); + return false; + } + catch ( MustChangePasswordException e ) + { + log.error( "Password must be changed." ); + return false; + } + + log.info( "before returning TRUE in isAuthenticated(..)" ); + return true; + } + + private boolean isAuthorized( HttpServletRequest request, String repositoryId ) + { + SecuritySession securitySession = httpAuth.getSecuritySession(); + + try + { + String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS; + + AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId ); + + if ( !authzResult.isAuthorized() ) + { + if ( authzResult.getException() != null ) + { + log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission + + ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() ); + } + return false; + } + } + catch ( AuthorizationException e ) + { + log.error( "Error in authorization : " + e.getMessage() ); + return false; + } + + return true; + } } Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java?rev=654479&r1=654478&r2=654479&view=diff ============================================================================== --- archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java (original) +++ archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java Thu May 8 04:27:00 2008 @@ -83,6 +83,7 @@ assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() ); } + /* public void testRequestNewVersionsOfArtifact() throws Exception { @@ -103,6 +104,7 @@ assertNotNull( "Should have recieved a response", response ); assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() ); } + */ public void testInvalidRequest() throws Exception Modified: archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java URL: http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java?rev=654479&r1=654478&r2=654479&view=diff ============================================================================== --- archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java (original) +++ archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java Thu May 8 04:27:00 2008 @@ -24,6 +24,7 @@ import java.util.List; import java.util.Map; +import org.apache.maven.archiva.security.ArchivaRoleConstants; import org.codehaus.plexus.redback.authentication.AuthenticationDataSource; import org.codehaus.plexus.redback.authentication.AuthenticationException; import org.codehaus.plexus.redback.authentication.AuthenticationResult; @@ -89,15 +90,15 @@ public AuthorizationResult authorize( SecuritySession arg0, Object arg1 ) throws AuthorizationException { - // TODO Auto-generated method stub return null; } public AuthorizationResult authorize( SecuritySession arg0, Object arg1, Object arg2 ) throws AuthorizationException { - // TODO Auto-generated method stub - return null; + AuthorizationResult result = new AuthorizationResult( true, arg1, null); + + return result; } public String getAuthenticatorId()