archiva-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From och...@apache.org
Subject svn commit: r693694 - in /archiva/branches/archiva-1.1.x/archiva-modules/archiva-web: archiva-security/src/main/java/org/apache/maven/archiva/security/ archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ archiva-webdav/src/test/java/org/apach...
Date Wed, 10 Sep 2008 03:46:04 GMT
Author: oching
Date: Tue Sep  9 20:46:03 2008
New Revision: 693694

URL: http://svn.apache.org/viewvc?rev=693694&view=rev
Log:
[MRM-911]
-check first if guest is enabled for the repository before failing the authentication

Modified:
    archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
    archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
    archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java
    archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
    archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java
    archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java
    archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java

Modified: archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java?rev=693694&r1=693693&r2=693694&view=diff
==============================================================================
--- archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
(original)
+++ archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
Tue Sep  9 20:46:03 2008
@@ -93,7 +93,7 @@
         return true;
     }
 
-    public boolean isAuthorizedToAccessVirtualRepository( String principal, String repoId
)
+    public boolean isAuthorized( String principal, String repoId )
         throws UnauthorizedException
     {
         try

Modified: archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java?rev=693694&r1=693693&r2=693694&view=diff
==============================================================================
--- archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
(original)
+++ archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
Tue Sep  9 20:46:03 2008
@@ -41,6 +41,6 @@
     public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession,
String repositoryId,
         boolean isWriteRequest ) throws AuthorizationException, UnauthorizedException;
     
-    public boolean isAuthorizedToAccessVirtualRepository( String principal, String repoId
)
+    public boolean isAuthorized( String principal, String repoId )
         throws UnauthorizedException;
 }

Modified: archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java?rev=693694&r1=693693&r2=693694&view=diff
==============================================================================
--- archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java
(original)
+++ archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java
Tue Sep  9 20:46:03 2008
@@ -772,6 +772,22 @@
         }
         catch ( AuthenticationException e )
         {
+            // safety check for MRM-911            
+            String guest = archivaXworkUser.getGuest();
+            try
+            {
+                if( servletAuth.isAuthorized( guest, 
+                      ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId()
) )
+                {   
+                    return true;
+                }
+            }
+            catch ( UnauthorizedException ae )
+            {
+                throw new UnauthorizedDavException( repositoryId,
+                        "You are not authenticated and authorized to access any repository."
);
+            }
+                        
             throw new UnauthorizedDavException( repositoryId, "You are not authenticated"
);
         }
         catch ( MustChangePasswordException e )
@@ -840,7 +856,7 @@
                     // for the current user logged in
                     try
                     {
-                        if( servletAuth.isAuthorizedToAccessVirtualRepository( activePrincipal,
repository ) )
+                        if( servletAuth.isAuthorized( activePrincipal, repository ) )
                         {
                             getResource( locator, mergedRepositoryContents, logicalResource,
repository );
                         }
@@ -936,7 +952,7 @@
             {
                 try
                 {
-                    if( servletAuth.isAuthorizedToAccessVirtualRepository( activePrincipal,
repository ) )
+                    if( servletAuth.isAuthorized( activePrincipal, repository ) )
                     {
                         allow = true;
                         break;

Modified: archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java?rev=693694&r1=693693&r2=693694&view=diff
==============================================================================
--- archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
(original)
+++ archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
Tue Sep  9 20:46:03 2008
@@ -24,9 +24,11 @@
 import org.apache.jackrabbit.webdav.DavException;
 import org.apache.jackrabbit.webdav.DavServletRequest;
 import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
+import org.apache.maven.archiva.security.ArchivaXworkUser;
 import org.apache.maven.archiva.security.ServletAuthenticator;
 import org.codehaus.plexus.redback.authentication.AuthenticationException;
 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
 import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
@@ -45,10 +47,13 @@
 
     private HttpAuthenticator httpAuth;
     
-    public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator
httpAuth )
+    private ArchivaXworkUser archivaXworkUser;
+    
+    public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator
httpAuth, ArchivaXworkUser archivaXworkUser )
     {
         this.servletAuth = servletAuth;
         this.httpAuth = httpAuth;
+        this.archivaXworkUser = archivaXworkUser;
     }
 
     public boolean attachSession( WebdavRequest request )
@@ -67,7 +72,24 @@
         }
         catch ( AuthenticationException e )
         {   
-            throw new UnauthorizedDavException( repositoryId, "You are not authenticated"
);            
+            // safety check for MRM-911            
+            String guest = archivaXworkUser.getGuest();
+            try
+            {
+                if( servletAuth.isAuthorized( guest, 
+                      ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId()
) )
+                {
+                    request.setDavSession(new ArchivaDavSession());
+                    return true;
+                }
+            }
+            catch ( UnauthorizedException ae )
+            {
+                throw new UnauthorizedDavException( repositoryId,
+                    "You are not authenticated and authorized to access any repository."
);
+            }
+            
+            throw new UnauthorizedDavException( repositoryId, "You are not authenticated."
);            
         }
         catch ( MustChangePasswordException e )
         {         

Modified: archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java?rev=693694&r1=693693&r2=693694&view=diff
==============================================================================
--- archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java
(original)
+++ archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java
Tue Sep  9 20:46:03 2008
@@ -44,6 +44,7 @@
 import org.apache.maven.archiva.configuration.ConfigurationEvent;
 import org.apache.maven.archiva.configuration.ConfigurationListener;
 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaXworkUser;
 import org.apache.maven.archiva.security.ServletAuthenticator;
 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
 import org.codehaus.plexus.spring.PlexusToSpringUtils;
@@ -195,7 +196,9 @@
         HttpAuthenticator httpAuth =
             (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE,
"basic" ) );
         
-        sessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth );
+        ArchivaXworkUser archivaXworkUser =
+            (ArchivaXworkUser) wac.getBean( PlexusToSpringUtils.buildSpringId( ArchivaXworkUser.class.getName()
) );
+        sessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser
);
     }
 
     public void configurationEvent( ConfigurationEvent event )

Modified: archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java?rev=693694&r1=693693&r2=693694&view=diff
==============================================================================
--- archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java
(original)
+++ archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java
Tue Sep  9 20:46:03 2008
@@ -59,7 +59,7 @@
         throws Exception
     {
         super.setUp();
-        sessionProvider = new ArchivaDavSessionProvider(new ServletAuthenticatorMock(), new
HttpAuthenticatorMock());
+        sessionProvider = new ArchivaDavSessionProvider(new ServletAuthenticatorMock(), new
HttpAuthenticatorMock(), null);
         request = new WebdavRequestImpl(new HttpServletRequestMock(), null);
     }
     
@@ -362,7 +362,7 @@
             return true;
         }
 
-        public boolean isAuthorizedToAccessVirtualRepository(String arg0, String arg1)
+        public boolean isAuthorized(String arg0, String arg1)
             throws UnauthorizedException
         {
             return true;

Modified: archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java?rev=693694&r1=693693&r2=693694&view=diff
==============================================================================
--- archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java
(original)
+++ archiva/branches/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java
Tue Sep  9 20:46:03 2008
@@ -29,7 +29,7 @@
 {
     public UnauthenticatedDavSessionProvider()
     {
-        super(null, null);
+        super(null, null, null);
     }
     
     @Override



Mime
View raw message