archiva-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jdu...@apache.org
Subject svn commit: r692370 - in /archiva/branches/MRM-124: ./ archiva-modules/archiva-web/archiva-webapp/ archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/ archiva-modules/archiva-web/archiva-xmlrpc/ archiva-modules/archiva-web/archiva-xmlrp...
Date Fri, 05 Sep 2008 07:43:52 GMT
Author: jdumay
Date: Fri Sep  5 00:43:50 2008
New Revision: 692370

URL: http://svn.apache.org/viewvc?rev=692370&view=rev
Log:
Implemented security for XmlRpcServlet.

XmlRpcAuthenticator is injected into the servlet via spring.



Added:
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/xmlrpc/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/xmlrpc/security/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticator.java
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/maven/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/maven/archiva/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/maven/archiva/xmlrpc/
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/maven/archiva/xmlrpc/security/
Modified:
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/pom.xml
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/applicationContext.xml
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml
    archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/pom.xml
    archiva/branches/MRM-124/pom.xml

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/pom.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/pom.xml?rev=692370&r1=692369&r2=692370&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/pom.xml (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/pom.xml Fri Sep  5
00:43:50 2008
@@ -89,6 +89,10 @@
       <artifactId>archiva-xmlrpc-services</artifactId>
     </dependency>
     <dependency>
+      <groupId>org.apache.archiva</groupId>
+      <artifactId>archiva-xmlrpc-security</artifactId>
+    </dependency>
+    <dependency>
       <groupId>javax.servlet</groupId>
       <artifactId>servlet-api</artifactId>
       <scope>provided</scope>

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/applicationContext.xml?rev=692370&r1=692369&r2=692370&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/applicationContext.xml
(original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/applicationContext.xml
Fri Sep  5 00:43:50 2008
@@ -40,4 +40,10 @@
     </constructor-arg>
   </bean>
 
+  <bean name="xmlRpcAuthenticator" class="org.apache.maven.archiva.xmlrpc.security.XmlRpcAuthenticator">
+      <constructor-arg>
+         <ref bean="securitySystem"/>
+      </constructor-arg>
+  </bean>
+
 </beans>

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml?rev=692370&r1=692369&r2=692370&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml
(original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml
Fri Sep  5 00:43:50 2008
@@ -90,7 +90,11 @@
         <param-name>serviceListBeanName</param-name>
         <param-value>xmlrpcServicesList</param-value>
     </init-param>
-    <load-on-startup>1</load-on-startup>
+        <init-param>
+            <param-name>authHandlerBeanName</param-name>
+            <param-value>xmlRpcAuthenticator</param-value>
+        </init-param>
+        <load-on-startup>1</load-on-startup>
   </servlet>
   
   <servlet>

Added: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml?rev=692370&view=auto
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml
(added)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/pom.xml
Fri Sep  5 00:43:50 2008
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.archiva</groupId>
+        <artifactId>archiva-xmlrpc</artifactId>
+        <version>1.2-SNAPSHOT</version>
+    </parent>
+    <artifactId>archiva-xmlrpc-security</artifactId>
+    <version>1.2-SNAPSHOT</version>
+    <name>Archiva Web :: XML-RPC Security</name>
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.xmlrpc</groupId>
+            <artifactId>xmlrpc-server</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.codehaus.plexus.redback</groupId>
+            <artifactId>redback-system</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.archiva</groupId>
+            <artifactId>archiva-security</artifactId>
+        </dependency>
+    </dependencies>
+</project>

Added: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticator.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticator.java?rev=692370&view=auto
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticator.java
(added)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/maven/archiva/xmlrpc/security/XmlRpcAuthenticator.java
Fri Sep  5 00:43:50 2008
@@ -0,0 +1,91 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.maven.archiva.xmlrpc.security;
+
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.xmlrpc.XmlRpcException;
+import org.apache.xmlrpc.XmlRpcRequest;
+import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
+import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler;
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.AuthorizationResult;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+
+public class XmlRpcAuthenticator implements AuthenticationHandler
+{
+    private final SecuritySystem securitySystem;
+
+    public XmlRpcAuthenticator(SecuritySystem securitySystem)
+    {
+        this.securitySystem = securitySystem;
+    }
+
+    public boolean isAuthorized(XmlRpcRequest pRequest) throws XmlRpcException {
+        if (pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl)
+        {
+            XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl)pRequest.getConfig();
+            SecuritySession session = authenticate(new PasswordBasedAuthenticationDataSource(config.getBasicUserName(),
config.getBasicPassword()));
+            AuthorizationResult result = authorize(session);
+            return result.isAuthorized();
+        }
+
+        throw new XmlRpcException("Unsupported transport (must be http)");
+    }
+    
+    private SecuritySession authenticate(PasswordBasedAuthenticationDataSource authenticationDataSource)
+        throws XmlRpcException
+    {
+        try
+        {
+            return securitySystem.authenticate(authenticationDataSource);
+        }
+        catch (AccountLockedException e)
+        {
+            throw new XmlRpcException(401, e.getMessage(), e);
+        }
+        catch (AuthenticationException e)
+        {
+            throw new XmlRpcException(401, e.getMessage(), e);
+        }
+        catch (UserNotFoundException e)
+        {
+            throw new XmlRpcException(401, e.getMessage(), e);
+        }
+    }
+    
+    private AuthorizationResult authorize(SecuritySession session)
+        throws XmlRpcException
+    {
+        try
+        {
+            return securitySystem.authorize(session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE);
+        }
+        catch (AuthorizationException e)
+        {
+            throw new XmlRpcException(401, e.getMessage(), e);
+        }
+    }
+}

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/pom.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/pom.xml?rev=692370&r1=692369&r2=692370&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/pom.xml (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-xmlrpc/pom.xml Fri Sep  5
00:43:50 2008
@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
   ~ Licensed to the Apache Software Foundation (ASF) under one
   ~ or more contributor license agreements.  See the NOTICE file
@@ -16,9 +16,7 @@
   ~ KIND, either express or implied.  See the License for the
   ~ specific language governing permissions and limitations
   ~ under the License.
-  -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  --><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <parent>
     <groupId>org.apache.archiva</groupId>
@@ -32,5 +30,6 @@
   <modules>
     <module>archiva-xmlrpc-api</module>
     <module>archiva-xmlrpc-services</module>
+    <module>archiva-xmlrpc-security</module>
   </modules>
-</project>
+</project>
\ No newline at end of file

Modified: archiva/branches/MRM-124/pom.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/pom.xml?rev=692370&r1=692369&r2=692370&view=diff
==============================================================================
--- archiva/branches/MRM-124/pom.xml (original)
+++ archiva/branches/MRM-124/pom.xml Fri Sep  5 00:43:50 2008
@@ -393,6 +393,11 @@
       </dependency>
       <dependency>
         <groupId>org.apache.archiva</groupId>
+        <artifactId>archiva-xmlrpc-security</artifactId>
+        <version>1.2-SNAPSHOT</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.archiva</groupId>
         <artifactId>archiva-rss</artifactId>
         <version>1.2-SNAPSHOT</version>
       </dependency>
@@ -512,6 +517,11 @@
         <version>1.4</version>
       </dependency>
       <dependency>
+        <groupId>org.apache.xmlrpc</groupId>
+        <artifactId>xmlrpc-server</artifactId>
+        <version>3.1</version>
+      </dependency>
+      <dependency>
         <groupId>org.apache.maven</groupId>
         <artifactId>maven-artifact-manager</artifactId>
         <version>${maven.version}</version>



Mime
View raw message