archiva-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From och...@apache.org
Subject svn commit: r702347 [4/4] - in /archiva/branches/MRM-124: ./ archiva-docs/src/site/apt/userguide/ archiva-jetty/ archiva-modules/archiva-base/archiva-consumers/archiva-core-consumers/ archiva-modules/archiva-base/archiva-consumers/archiva-core-consumer...
Date Tue, 07 Oct 2008 05:12:37 GMT
Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java Mon Oct  6 22:12:33 2008
@@ -174,6 +174,11 @@
      * @plexus.requirement role-hint="md5";
      */
     private Digester digestMd5;
+    
+    /**
+     * @plexus.requirement
+     */
+    private ArchivaXworkUser archivaXworkUser;
         
     public DavResource createResource( final DavResourceLocator locator, final DavServletRequest request,
                                        final DavServletResponse response )
@@ -181,14 +186,14 @@
     {
         checkLocatorIsInstanceOfRepositoryLocator( locator );
         ArchivaDavResourceLocator archivaLocator = (ArchivaDavResourceLocator) locator;
-
+        
         RepositoryGroupConfiguration repoGroupConfig =
             archivaConfiguration.getConfiguration().getRepositoryGroupsAsMap().get( archivaLocator.getRepositoryId() );
         List<String> repositories = new ArrayList<String>();
 
         boolean isGet = WebdavMethodUtil.isReadMethod( request.getMethod() );
         boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
-
+        
         if ( repoGroupConfig != null )
         {
             if( WebdavMethodUtil.isWriteMethod( request.getMethod() ) )
@@ -225,7 +230,7 @@
 
             try
             {
-                managedRepository = getManagedRepository( repositoryId );
+                managedRepository = getManagedRepository( repositoryId );                
             }
             catch ( DavException de )
             {
@@ -236,13 +241,13 @@
             DavResource resource = null;
             
             if ( !locator.getResourcePath().startsWith( ArchivaDavResource.HIDDEN_PATH_PREFIX ) )
-            {
+            {                
                 if ( managedRepository != null )
                 {
                     try
                     {
                         if( isAuthorized( request, repositoryId ) )
-                        {
+                        {   
                             LogicalResource logicalResource =
                                 new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
 
@@ -253,12 +258,12 @@
 
                             if ( isPut )
                             {
-                                resource = doPut( managedRepository, request, archivaLocator, logicalResource );
+                                resource = doPut( managedRepository, request, archivaLocator, logicalResource );                                
                             }
                         }
                     }
                     catch ( DavException de ) 
-                    {
+                    {                        
                         e = de;
                         continue;
                     }
@@ -268,11 +273,11 @@
                         e = new DavException( HttpServletResponse.SC_NOT_FOUND, "Resource does not exist" );
                     }
                     else
-                    {   
+                    {                           
                         availableResources.add( resource );
 
                         String logicalResource = RepositoryPathUtil.getLogicalResource( locator.getResourcePath() );
-                        resourcesInAbsolutePath.add( managedRepository.getRepoRoot() + logicalResource );
+                        resourcesInAbsolutePath.add( managedRepository.getRepoRoot() + logicalResource );                        
                     }
                 }
                 else
@@ -317,7 +322,7 @@
                         ArchivaDavResource metadataChecksumResource =
                             new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(), null,
                                                     request.getRemoteAddr(), request.getDavSession(), archivaLocator, this,
-                                                    mimeTypes, auditListeners, consumers );
+                                                    mimeTypes, auditListeners, consumers, archivaXworkUser );
                         availableResources.add( 0, metadataChecksumResource );
                     }
                 }
@@ -349,7 +354,7 @@
                         ArchivaDavResource metadataResource =
                             new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), null,
                                                     request.getRemoteAddr(), request.getDavSession(), archivaLocator, this,
-                                                    mimeTypes, auditListeners, consumers );
+                                                    mimeTypes, auditListeners, consumers, archivaXworkUser );
                         availableResources.add( 0, metadataResource );
                     }
                     catch ( RepositoryMetadataException r )
@@ -398,7 +403,7 @@
             resource =
                 new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource,
                                         managedRepository.getRepository(), davSession, archivaLocator, this, mimeTypes,
-                                        auditListeners, consumers );
+                                        auditListeners, consumers, archivaXworkUser );
         }
         resource.addLockManager(lockManager);
         return resource;
@@ -423,7 +428,7 @@
         ArchivaDavResource resource =
             new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
                                     managedRepository.getRepository(), request.getRemoteAddr(),
-                                    request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
+                                    request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers, archivaXworkUser );
 
         if ( !resource.isCollection() )
         {
@@ -468,7 +473,7 @@
                     new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
                                             managedRepository.getRepository(), request.getRemoteAddr(),
                                             request.getDavSession(), locator, this, mimeTypes, auditListeners,
-                                            consumers );
+                                            consumers, archivaXworkUser );
             }
         }
         return resource;
@@ -486,18 +491,19 @@
 
         File rootDirectory = new File( managedRepository.getRepoRoot() );
         File destDir = new File( rootDirectory, logicalResource.getPath() ).getParentFile();
+        
         if ( request.getMethod().equals(HTTP_PUT_METHOD) && !destDir.exists() )
         {
             destDir.mkdirs();
             String relPath = PathUtil.getRelative( rootDirectory.getAbsolutePath(), destDir );
             triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR );
         }
-
-        File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
-
+        
+        File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );        
+                
         return new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
                                        managedRepository.getRepository(), request.getRemoteAddr(),
-                                       request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
+                                       request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers, archivaXworkUser );
     }
 
     private boolean fetchContentFromProxies( ManagedRepositoryContent managedRepository, DavServletRequest request,
@@ -622,7 +628,7 @@
     // TODO: remove?
     private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action )
     {
-        String activePrincipal = ArchivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() );
+        String activePrincipal = archivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() );
         AuditEvent event = new AuditEvent( repositoryId, activePrincipal, resource, action );
         event.setRemoteIP( remoteIP );
 
@@ -716,9 +722,9 @@
 
     protected boolean isAuthorized( DavServletRequest request, String repositoryId )
         throws DavException
-    {
+    {   
         try
-        {
+        {     
             AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
             SecuritySession securitySession = httpAuth.getSecuritySession();
 
@@ -727,7 +733,25 @@
                                           WebdavMethodUtil.isWriteMethod( request.getMethod() ) );
         }
         catch ( AuthenticationException e )
-        {
+        {            
+            boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
+            
+            // safety check for MRM-911            
+            String guest = archivaXworkUser.getGuest();
+            try
+            {
+                if( servletAuth.isAuthorized( guest, 
+                      ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId(), isPut ) )
+                {   
+                    return true;
+                }
+            }
+            catch ( UnauthorizedException ae )
+            {
+                throw new UnauthorizedDavException( repositoryId,
+                        "You are not authenticated and authorized to access any repository." );
+            }
+                        
             throw new UnauthorizedDavException( repositoryId, "You are not authenticated" );
         }
         catch ( MustChangePasswordException e )
@@ -769,11 +793,13 @@
                             request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) );
         }
 
-        String activePrincipal = ArchivaXworkUser.getActivePrincipal( sessionMap );
+        String activePrincipal = archivaXworkUser.getActivePrincipal( sessionMap );
         boolean allow = isAllowedToContinue( request, repositories, activePrincipal );
 
         if( allow )
         {
+            boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
+            
             for( String repository : repositories )
             {
                 // for prompted authentication
@@ -796,7 +822,7 @@
                     // for the current user logged in
                     try
                     {
-                        if( servletAuth.isAuthorizedToAccessVirtualRepository( activePrincipal, repository ) )
+                        if( servletAuth.isAuthorized( activePrincipal, repository, isPut ) )
                         {
                             getResource( locator, mergedRepositoryContents, logicalResource, repository );
                         }
@@ -888,11 +914,12 @@
         }
         else
         {
+            boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
             for( String repository : repositories )
             {
                 try
-                {
-                    if( servletAuth.isAuthorizedToAccessVirtualRepository( activePrincipal, repository ) )
+                {   
+                    if( servletAuth.isAuthorized( activePrincipal, repository, isPut ) )
                     {
                         allow = true;
                         break;
@@ -953,4 +980,14 @@
            return true;
        }
     }
+    
+    public void setServletAuth( ServletAuthenticator servletAuth )
+    {
+        this.servletAuth = servletAuth;
+    }
+    
+    public void setHttpAuth( HttpAuthenticator httpAuth )
+    {
+        this.httpAuth = httpAuth;
+    }
 }

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java Mon Oct  6 22:12:33 2008
@@ -24,9 +24,12 @@
 import org.apache.jackrabbit.webdav.DavException;
 import org.apache.jackrabbit.webdav.DavServletRequest;
 import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
+import org.apache.maven.archiva.webdav.util.WebdavMethodUtil;
+import org.apache.maven.archiva.security.ArchivaXworkUser;
 import org.apache.maven.archiva.security.ServletAuthenticator;
 import org.codehaus.plexus.redback.authentication.AuthenticationException;
 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
 import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
@@ -45,10 +48,13 @@
 
     private HttpAuthenticator httpAuth;
     
-    public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator httpAuth )
+    private ArchivaXworkUser archivaXworkUser;
+    
+    public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator httpAuth, ArchivaXworkUser archivaXworkUser )
     {
         this.servletAuth = servletAuth;
         this.httpAuth = httpAuth;
+        this.archivaXworkUser = archivaXworkUser;
     }
 
     public boolean attachSession( WebdavRequest request )
@@ -67,7 +73,26 @@
         }
         catch ( AuthenticationException e )
         {   
-            throw new UnauthorizedDavException( repositoryId, "You are not authenticated" );            
+            boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
+            
+            // safety check for MRM-911            
+            String guest = archivaXworkUser.getGuest();
+            try
+            {
+                if( servletAuth.isAuthorized( guest, 
+                      ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId(), isPut ) )
+                {
+                    request.setDavSession(new ArchivaDavSession());
+                    return true;
+                }
+            }
+            catch ( UnauthorizedException ae )
+            {
+                throw new UnauthorizedDavException( repositoryId,
+                    "You are not authenticated and authorized to access any repository." );
+            }
+            
+            throw new UnauthorizedDavException( repositoryId, "You are not authenticated." );            
         }
         catch ( MustChangePasswordException e )
         {         

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java Mon Oct  6 22:12:33 2008
@@ -44,6 +44,7 @@
 import org.apache.maven.archiva.configuration.ConfigurationEvent;
 import org.apache.maven.archiva.configuration.ConfigurationListener;
 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaXworkUser;
 import org.apache.maven.archiva.security.ServletAuthenticator;
 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
 import org.codehaus.plexus.spring.PlexusToSpringUtils;
@@ -195,7 +196,9 @@
         HttpAuthenticator httpAuth =
             (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) );
         
-        sessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth );
+        ArchivaXworkUser archivaXworkUser =
+            (ArchivaXworkUser) wac.getBean( PlexusToSpringUtils.buildSpringId( ArchivaXworkUser.class.getName() ) );
+        sessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser );
     }
 
     public void configurationEvent( ConfigurationEvent event )

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java Mon Oct  6 22:12:33 2008
@@ -59,7 +59,7 @@
         throws Exception
     {
         super.setUp();
-        sessionProvider = new ArchivaDavSessionProvider(new ServletAuthenticatorMock(), new HttpAuthenticatorMock());
+        sessionProvider = new ArchivaDavSessionProvider(new ServletAuthenticatorMock(), new HttpAuthenticatorMock(), null);
         request = new WebdavRequestImpl(new HttpServletRequestMock(), null);
     }
     
@@ -362,7 +362,7 @@
             return true;
         }
 
-        public boolean isAuthorizedToAccessVirtualRepository(String arg0, String arg1)
+        public boolean isAuthorized(String arg0, String arg1, boolean isWriteRequest)
             throws UnauthorizedException
         {
             return true;

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java Mon Oct  6 22:12:33 2008
@@ -20,7 +20,6 @@
  */
 
 import java.io.File;
-import java.util.List;
 
 import org.apache.commons.io.FileUtils;
 import org.apache.jackrabbit.webdav.DavException;
@@ -37,12 +36,11 @@
 import org.apache.jackrabbit.webdav.lock.SimpleLockManager;
 import org.apache.jackrabbit.webdav.lock.Type;
 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
-import org.apache.maven.archiva.repository.audit.AuditListener;
 import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
+import org.apache.maven.archiva.security.ArchivaXworkUser;
 import org.apache.maven.archiva.webdav.util.MimeTypes;
 import org.codehaus.plexus.spring.PlexusInSpringTestCase;
 import org.codehaus.plexus.spring.PlexusToSpringUtils;
-import org.easymock.MockControl;
 
 import edu.emory.mathcs.backport.java.util.Collections;
 
@@ -69,6 +67,8 @@
     private RepositoryContentConsumers consumers;
 
     private ManagedRepositoryConfiguration repository = new ManagedRepositoryConfiguration();
+    
+    private ArchivaXworkUser archivaXworkUser;
 
     @Override
     protected void setUp()
@@ -87,6 +87,7 @@
         lockManager = new SimpleLockManager();
         resource.addLockManager(lockManager);
         consumers = new RepositoryContentConsumers();
+        archivaXworkUser = (ArchivaXworkUser) getApplicationContext().getBean( PlexusToSpringUtils.buildSpringId( ArchivaXworkUser.class ) );
     }
 
     @Override
@@ -101,7 +102,7 @@
     private DavResource getDavResource(String logicalPath, File file)
     {
         return new ArchivaDavResource( file.getAbsolutePath(), logicalPath, repository, session, resourceLocator,
-                                       resourceFactory, mimeTypes, Collections.emptyList(), consumers );
+                                       resourceFactory, mimeTypes, Collections.emptyList(), consumers, archivaXworkUser );
     }
     
     public void testDeleteNonExistantResourceShould404()
@@ -302,7 +303,7 @@
 
         public DavResource createResource(DavResourceLocator locator, DavSession session) throws DavException {
             return new ArchivaDavResource( baseDir.getAbsolutePath(), "/", repository, session, resourceLocator,
-                                           resourceFactory, mimeTypes, Collections.emptyList(), consumers );
+                                           resourceFactory, mimeTypes, Collections.emptyList(), consumers, archivaXworkUser );
         }
     }
 }

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java Mon Oct  6 22:12:33 2008
@@ -1,21 +1,550 @@
 package org.apache.maven.archiva.webdav;
 
-/**
- * RepositoryServletSecurityTest 
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
  *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.servlet.http.HttpServletResponse;
+
+import net.sf.ehcache.CacheManager;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.jackrabbit.webdav.DavResourceFactory;
+import org.apache.jackrabbit.webdav.DavSessionProvider;
+import org.apache.maven.archiva.configuration.ArchivaConfiguration;
+import org.apache.maven.archiva.configuration.Configuration;
+import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaXworkUser;
+import org.apache.maven.archiva.security.ServletAuthenticator;
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
+import org.codehaus.plexus.redback.system.DefaultSecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
+import org.codehaus.plexus.redback.xwork.filter.authentication.basic.HttpBasicAuthentication;
+import org.codehaus.plexus.spring.PlexusInSpringTestCase;
+import org.easymock.MockControl;
+import org.easymock.classextension.MockClassControl;
+import org.easymock.internal.AlwaysMatcher;
+
+import com.meterware.httpunit.GetMethodWebRequest;
+import com.meterware.httpunit.HttpUnitOptions;
+import com.meterware.httpunit.PutMethodWebRequest;
+import com.meterware.httpunit.WebRequest;
+import com.meterware.httpunit.WebResponse;
+import com.meterware.servletunit.InvocationContext;
+import com.meterware.servletunit.ServletRunner;
+import com.meterware.servletunit.ServletUnitClient;
+
+/**
+ * RepositoryServletSecurityTest
+ * 
+ * Test the flow of the authentication and authorization checks. This does not necessarily
+ * perform redback security checking.
+ * 
  * @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
  * @version $Id$
  */
 public class RepositoryServletSecurityTest
-    extends AbstractRepositoryServletTestCase
+    extends PlexusInSpringTestCase
 {
-    public void testSecuredGet()
+    protected static final String REPOID_INTERNAL = "internal";
+
+    protected ServletUnitClient sc;
+
+    protected File repoRootInternal;
+
+    private ServletRunner sr;
+
+    protected ArchivaConfiguration archivaConfiguration;
+
+    private DavSessionProvider davSessionProvider;
+
+    private MockControl servletAuthControl;
+
+    private ServletAuthenticator servletAuth;
+
+    private MockClassControl httpAuthControl;
+
+    private HttpAuthenticator httpAuth;
+
+    private ArchivaXworkUser archivaXworkUser;
+
+    private RepositoryServlet servlet;
+    
+    public void setUp()
+        throws Exception
+    {
+        super.setUp();
+
+        String appserverBase = getTestFile( "target/appserver-base" ).getAbsolutePath();
+        System.setProperty( "appserver.base", appserverBase );
+
+        File testConf = getTestFile( "src/test/resources/repository-archiva.xml" );
+        File testConfDest = new File( appserverBase, "conf/archiva.xml" );
+        FileUtils.copyFile( testConf, testConfDest );
+
+        archivaConfiguration = (ArchivaConfiguration) lookup( ArchivaConfiguration.class );
+        repoRootInternal = new File( appserverBase, "data/repositories/internal" );
+        Configuration config = archivaConfiguration.getConfiguration();
+
+        config.addManagedRepository( createManagedRepository( REPOID_INTERNAL, "Internal Test Repo", repoRootInternal ) );
+        saveConfiguration( archivaConfiguration );
+
+        CacheManager.getInstance().removeCache( "url-failures-cache" );
+
+        HttpUnitOptions.setExceptionsThrownOnErrorStatus( false );
+
+        sr = new ServletRunner( getTestFile( "src/test/resources/WEB-INF/repository-servlet-security-test/web.xml" ) );
+        sr.registerServlet( "/repository/*", RepositoryServlet.class.getName() );
+        sc = sr.newClient();
+
+        servletAuthControl = MockControl.createControl( ServletAuthenticator.class );
+        servletAuthControl.setDefaultMatcher( MockControl.ALWAYS_MATCHER );
+        servletAuth = (ServletAuthenticator) servletAuthControl.getMock();
+
+        httpAuthControl =
+            MockClassControl.createControl( HttpBasicAuthentication.class, HttpBasicAuthentication.class.getMethods() );
+        httpAuthControl.setDefaultMatcher( MockControl.ALWAYS_MATCHER );
+        httpAuth = (HttpAuthenticator) httpAuthControl.getMock();
+
+        archivaXworkUser = new ArchivaXworkUser();
+        archivaXworkUser.setGuest( "guest" );
+
+        davSessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser );      
+    }
+
+    protected ManagedRepositoryConfiguration createManagedRepository( String id, String name, File location )
     {
+        ManagedRepositoryConfiguration repo = new ManagedRepositoryConfiguration();
+        repo.setId( id );
+        repo.setName( name );
+        repo.setLocation( location.getAbsolutePath() );
+        return repo;
+    }
+
+    protected void saveConfiguration()
+        throws Exception
+    {
+        saveConfiguration( archivaConfiguration );
+    }
+
+    protected void saveConfiguration( ArchivaConfiguration archivaConfiguration )
+        throws Exception
+    {
+        archivaConfiguration.save( archivaConfiguration.getConfiguration() );
+    }
+
+    protected void setupCleanRepo( File repoRootDir )
+        throws IOException
+    {
+        FileUtils.deleteDirectory( repoRootDir );
+        if ( !repoRootDir.exists() )
+        {
+            repoRootDir.mkdirs();
+        }
+    }
+
+    @Override
+    protected String getPlexusConfigLocation()
+    {
+        return "org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml";
+    }
+
+    @Override
+    protected void tearDown()
+        throws Exception
+    {
+        if ( sc != null )
+        {
+            sc.clearContents();
+        }
+
+        if ( sr != null )
+        {
+            sr.shutDown();
+        }
+
+        if ( repoRootInternal.exists() )
+        {
+            FileUtils.deleteDirectory(repoRootInternal);
+        }
+
+        servlet = null;
         
+        super.tearDown();
     }
-    
-    public void testSecuredBrowse()
+
+    // test deploy with invalid user, and guest has no write access to repo
+    // 401 must be returned
+    public void testPutWithInvalidUserAndGuestHasNoWriteAccess()
+        throws Exception
     {
+        setupCleanRepo( repoRootInternal );
+
+        String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
+        InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
+        assertNotNull( "artifact.jar inputstream", is );
+
+        WebRequest request = new PutMethodWebRequest( putUrl, is, "application/octet-stream" );
+        InvocationContext ic = sc.newInvocation( request );
+        servlet = (RepositoryServlet) ic.getServlet();
+        servlet.setDavSessionProvider( davSessionProvider );
+
+        AuthenticationResult result = new AuthenticationResult();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, null ),
+                           new AuthenticationException( "Authentication error" ) );
+        
+        servletAuth.isAuthorized( "guest", "internal", true );        
+        servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
+        servletAuthControl.setThrowable( new UnauthorizedException( "'guest' has no write access to repository" ) );
+
+        httpAuthControl.replay();
+        servletAuthControl.replay();
+        
+        servlet.service( ic.getRequest(), ic.getResponse() );
+        
+        httpAuthControl.verify();
+        servletAuthControl.verify();
+
+        //assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode());
+    }
+
+    // test deploy with invalid user, but guest has write access to repo
+    public void testPutWithInvalidUserAndGuestHasWriteAccess()
+        throws Exception
+    {
+        setupCleanRepo( repoRootInternal );
+
+        String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
+        InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
+        assertNotNull( "artifact.jar inputstream", is );
+
+        WebRequest request = new PutMethodWebRequest( putUrl, is, "application/octet-stream" );
+
+        InvocationContext ic = sc.newInvocation( request );
+        servlet = (RepositoryServlet) ic.getServlet();
+        servlet.setDavSessionProvider( davSessionProvider );
+
+        ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
+        archivaDavResourceFactory.setHttpAuth( httpAuth );
+        archivaDavResourceFactory.setServletAuth( servletAuth );
+
+        servlet.setResourceFactory( archivaDavResourceFactory );
+        
+        AuthenticationResult result = new AuthenticationResult();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, null ),
+                                           new AuthenticationException( "Authentication error" ) );
+        
+        servletAuth.isAuthorized( "guest", "internal", true );
+        servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
+        servletAuthControl.setReturnValue( true );
+                
+     // ArchivaDavResourceFactory#isAuthorized()
+        SecuritySession session = new DefaultSecuritySession();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, result ),
+                                           new AuthenticationException( "Authentication error" ) );
+        
+        // check if guest has write access
+        servletAuth.isAuthorized( "guest", "internal", true );
+        servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
+        servletAuthControl.setReturnValue( true );
+        
+        httpAuthControl.replay();
+        servletAuthControl.replay();
+
+        servlet.service( ic.getRequest(), ic.getResponse() );
+
+        httpAuthControl.verify();
+        servletAuthControl.verify();
+
+        // assertEquals( HttpServletResponse.SC_CREATED, response.getResponseCode() );
+    }
+
+    // test deploy with a valid user with no write access
+    public void testPutWithValidUserWithNoWriteAccess()
+        throws Exception
+    {
+        setupCleanRepo( repoRootInternal );
+
+        String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
+        InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
+        assertNotNull( "artifact.jar inputstream", is );
+        
+        WebRequest request = new PutMethodWebRequest( putUrl, is, "application/octet-stream" );
+        
+        InvocationContext ic = sc.newInvocation( request ); 
+        servlet = (RepositoryServlet) ic.getServlet();
+        servlet.setDavSessionProvider( davSessionProvider );
+        
+        ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
+        archivaDavResourceFactory.setHttpAuth( httpAuth );
+        archivaDavResourceFactory.setServletAuth( servletAuth );
+        servlet.setResourceFactory( archivaDavResourceFactory );
+
+        AuthenticationResult result = new AuthenticationResult();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
+        
+     // ArchivaDavResourceFactory#isAuthorized()
+        SecuritySession session = new DefaultSecuritySession();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthorized( null, session, "internal", true ),
+                                           new UnauthorizedException( "User not authorized" ) );
+                
+        httpAuthControl.replay();
+        servletAuthControl.replay();
+        
+        servlet.service( ic.getRequest(), ic.getResponse() );
+
+        httpAuthControl.verify();
+        servletAuthControl.verify();
+        
+        // assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode());
+    }
+
+    // test deploy with a valid user with write access
+    public void testPutWithValidUserWithWriteAccess()
+        throws Exception
+    {
+        setupCleanRepo( repoRootInternal );
+        assertTrue( repoRootInternal.exists() );
+
+        String putUrl = "http://machine.com/repository/internal/path/to/artifact.jar";
+        InputStream is = getClass().getResourceAsStream( "/artifact.jar" );
+        assertNotNull( "artifact.jar inputstream", is );
+
+        WebRequest request = new PutMethodWebRequest( putUrl, is, "application/octet-stream" );
+
+        InvocationContext ic = sc.newInvocation( request );
+        servlet = (RepositoryServlet) ic.getServlet();
+        servlet.setDavSessionProvider( davSessionProvider );
+
+        ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
+        archivaDavResourceFactory.setHttpAuth( httpAuth );
+        archivaDavResourceFactory.setServletAuth( servletAuth );
+
+        servlet.setResourceFactory( archivaDavResourceFactory );
+
+        AuthenticationResult result = new AuthenticationResult();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
+
+        // ArchivaDavResourceFactory#isAuthorized()
+        SecuritySession session = new DefaultSecuritySession();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
+
+        httpAuthControl.replay();
+        servletAuthControl.replay();
+
+        servlet.service( ic.getRequest(), ic.getResponse() );
+
+        httpAuthControl.verify();
+        servletAuthControl.verify();
+
+        // assertEquals(HttpServletResponse.SC_CREATED, response.getResponseCode());
+    }
+
+    // test get with invalid user, and guest has read access to repo
+    public void testGetWithInvalidUserAndGuestHasReadAccess()
+        throws Exception
+    {
+        String commonsLangJar = "commons-lang/commons-lang/2.1/commons-lang-2.1.jar";
+        String expectedArtifactContents = "dummy-commons-lang-artifact";
+
+        File artifactFile = new File( repoRootInternal, commonsLangJar );
+        artifactFile.getParentFile().mkdirs();
+
+        FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, null );
+
+        WebRequest request = new GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
+        InvocationContext ic = sc.newInvocation( request );
+        servlet = (RepositoryServlet) ic.getServlet();
+        servlet.setDavSessionProvider( davSessionProvider );
+        
+        ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
+        archivaDavResourceFactory.setHttpAuth( httpAuth );
+        archivaDavResourceFactory.setServletAuth( servletAuth );
+
+        servlet.setResourceFactory( archivaDavResourceFactory );
+
+        AuthenticationResult result = new AuthenticationResult();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, null ),
+                                           new AuthenticationException( "Authentication error" ) );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal", false ), true );
+        
+     // ArchivaDavResourceFactory#isAuthorized()
+        SecuritySession session = new DefaultSecuritySession();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
+
+        httpAuthControl.replay();
+        servletAuthControl.replay();
+
+        WebResponse response = sc.getResponse( request );
+
+        httpAuthControl.verify();
+        servletAuthControl.verify();
+
+        assertEquals( HttpServletResponse.SC_OK, response.getResponseCode() );
+        assertEquals( "Expected file contents", expectedArtifactContents, response.getText() );
+    }
+
+    // test get with invalid user, and guest has no read access to repo
+    public void testGetWithInvalidUserAndGuestHasNoReadAccess()
+        throws Exception
+    {
+        String commonsLangJar = "commons-lang/commons-lang/2.1/commons-lang-2.1.jar";
+        String expectedArtifactContents = "dummy-commons-lang-artifact";
+
+        File artifactFile = new File( repoRootInternal, commonsLangJar );
+        artifactFile.getParentFile().mkdirs();
+
+        FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, null );
+
+        WebRequest request = new GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
+        InvocationContext ic = sc.newInvocation( request );
+        servlet = (RepositoryServlet) ic.getServlet();
+        servlet.setDavSessionProvider( davSessionProvider );
+
+        AuthenticationResult result = new AuthenticationResult();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, null ),
+                                           new AuthenticationException( "Authentication error" ) );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthorized( "guest", "internal", false ), false );
+
+        httpAuthControl.replay();
+        servletAuthControl.replay();
+
+        WebResponse response = sc.getResponse( request );
+
+        httpAuthControl.verify();
+        servletAuthControl.verify();
+
+        assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode() );
+    }
+
+    // test get with valid user with read access to repo
+    public void testGetWithAValidUserWithReadAccess()
+        throws Exception
+    {
+        String commonsLangJar = "commons-lang/commons-lang/2.1/commons-lang-2.1.jar";
+        String expectedArtifactContents = "dummy-commons-lang-artifact";
+
+        File artifactFile = new File( repoRootInternal, commonsLangJar );
+        artifactFile.getParentFile().mkdirs();
+
+        FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, null );
+
+        WebRequest request = new GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
+        InvocationContext ic = sc.newInvocation( request );
+        servlet = (RepositoryServlet) ic.getServlet();
+        servlet.setDavSessionProvider( davSessionProvider );
+
+        ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
+        archivaDavResourceFactory.setHttpAuth( httpAuth );
+        archivaDavResourceFactory.setServletAuth( servletAuth );
+
+        servlet.setResourceFactory( archivaDavResourceFactory );
+        
+        AuthenticationResult result = new AuthenticationResult();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
+        
+     // ArchivaDavResourceFactory#isAuthorized()
+        SecuritySession session = new DefaultSecuritySession();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
+        
+        httpAuthControl.replay();
+        servletAuthControl.replay();
+
+        WebResponse response = sc.getResponse( request );
+        
+        httpAuthControl.verify();
+        servletAuthControl.verify();
+
+        assertEquals( HttpServletResponse.SC_OK, response.getResponseCode() );
+        assertEquals( "Expected file contents", expectedArtifactContents, response.getText() );
+    }
+
+    // test get with valid user with no read access to repo
+    public void testGetWithAValidUserWithNoReadAccess()
+        throws Exception
+    {
+        String commonsLangJar = "commons-lang/commons-lang/2.1/commons-lang-2.1.jar";
+        String expectedArtifactContents = "dummy-commons-lang-artifact";
+
+        File artifactFile = new File( repoRootInternal, commonsLangJar );
+        artifactFile.getParentFile().mkdirs();
+
+        FileUtils.writeStringToFile( artifactFile, expectedArtifactContents, null );
+
+        WebRequest request = new GetMethodWebRequest( "http://machine.com/repository/internal/" + commonsLangJar );
+        InvocationContext ic = sc.newInvocation( request );
+        servlet = (RepositoryServlet) ic.getServlet();
+        servlet.setDavSessionProvider( davSessionProvider );
+
+        ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
+        archivaDavResourceFactory.setHttpAuth( httpAuth );
+        archivaDavResourceFactory.setServletAuth( servletAuth );
+
+        servlet.setResourceFactory( archivaDavResourceFactory );
+        
+        AuthenticationResult result = new AuthenticationResult();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, null ), true );
+
+     // ArchivaDavResourceFactory#isAuthorized()
+        SecuritySession session = new DefaultSecuritySession();
+        httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
+        httpAuthControl.expectAndReturn( httpAuth.getSecuritySession(), session );
+        servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
+        servletAuthControl.expectAndThrow( servletAuth.isAuthorized( null, session, "internal", true ),
+                                           new UnauthorizedException( "User not authorized to read repository." ) );
+        
+        httpAuthControl.replay();
+        servletAuthControl.replay();
+        
+        WebResponse response = sc.getResponse( request );
+
+        httpAuthControl.verify();
+        servletAuthControl.verify();
         
+        assertEquals( HttpServletResponse.SC_UNAUTHORIZED, response.getResponseCode() );
     }
 }

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java Mon Oct  6 22:12:33 2008
@@ -29,7 +29,7 @@
 {
     public UnauthenticatedDavSessionProvider()
     {
-        super(null, null);
+        super(null, null, null);
     }
     
     @Override

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml Mon Oct  6 22:12:33 2008
@@ -68,9 +68,12 @@
       <role-hint>default</role-hint>
       <implementation>org.apache.maven.archiva.webdav.DefaultDavServerManager</implementation>
       <description>DefaultDavServerManager</description>
-      <configuration>
-        <provider-hint>proxied</provider-hint>
-      </configuration>
+      <requirements>
+        <requirement>
+          <role>org.apache.maven.archiva.webdav.DavServerComponent</role>
+          <role-hint>proxied</role-hint>
+        </requirement>
+      </requirements>
     </component>
     
     <component>
@@ -99,174 +102,74 @@
     <component>
       <role>org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers</role>
       <role-hint>default</role-hint>
-      <implementation>org.apache.maven.archiva.web.repository.StubRepositoryContentConsumers</implementation>
+      <implementation>org.apache.maven.archiva.webdav.StubRepositoryContentConsumers</implementation>
     </component>
-
-    <!-- TODO: shouldn't need so many components just to use in-memory - is flaky since these are auto-generated -->
+    
     <component>
       <role>org.codehaus.plexus.redback.system.SecuritySystem</role>
       <role-hint>default</role-hint>
       <implementation>org.codehaus.plexus.redback.system.DefaultSecuritySystem</implementation>
-      <requirements>
-        <requirement>
-          <role>org.codehaus.plexus.redback.authentication.AuthenticationManager</role>
-          <field-name>authnManager</field-name>
-        </requirement>
-        <requirement>
-          <role>org.codehaus.plexus.redback.authorization.Authorizer</role>
-          <role-hint>rbac</role-hint>
-          <field-name>authorizer</field-name>
-        </requirement>
-        <requirement>
-          <role>org.codehaus.plexus.redback.users.UserManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>userManager</field-name>
-        </requirement>
-        <requirement>
-          <role>org.codehaus.plexus.redback.keys.KeyManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>keyManager</field-name>
-        </requirement>
-        <requirement>
-          <role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role>
-          <field-name>policy</field-name>
-        </requirement>
-      </requirements>
     </component>
-
-    <component>
-      <role>org.codehaus.plexus.redback.authentication.Authenticator</role>
-      <role-hint>user-manager</role-hint>
-      <implementation>org.codehaus.plexus.redback.authentication.users.UserManagerAuthenticator</implementation>
+	
+	<component>
+      <role>org.apache.maven.archiva.webdav.ArchivaDavResourceFactory</role>
+      <implementation>org.apache.maven.archiva.webdav.ArchivaDavResourceFactory</implementation>
       <requirements>
         <requirement>
-          <role>org.codehaus.plexus.redback.users.UserManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>userManager</field-name>
-        </requirement>
-        <requirement>
-          <role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role>
-          <field-name>securityPolicy</field-name>
-        </requirement>
-      </requirements>
-    </component>
-
-    <component>
-      <role>org.codehaus.plexus.redback.authentication.Authenticator</role>
-      <role-hint>keystore</role-hint>
-      <implementation>org.codehaus.plexus.redback.authentication.keystore.KeyStoreAuthenticator</implementation>
-      <requirements>
-        <requirement>
-          <role>org.codehaus.plexus.redback.keys.KeyManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>keystore</field-name>
-        </requirement>
-        <requirement>
-          <role>org.codehaus.plexus.redback.users.UserManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>userManager</field-name>
+          <role>org.apache.maven.archiva.configuration.ArchivaConfiguration</role>
+          <field-name>archivaConfiguration</field-name>
         </requirement>
-      </requirements>
-    </component>
-
-    <component>
-      <role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role>
-      <role-hint>default</role-hint>
-      <implementation>org.codehaus.plexus.redback.authorization.rbac.evaluator.DefaultPermissionEvaluator
-      </implementation>
-      <requirements>
         <requirement>
-          <role>org.codehaus.plexus.redback.users.UserManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>userManager</field-name>
-        </requirement>
-      </requirements>
-    </component>
-
-    <component>
-      <role>org.codehaus.plexus.redback.authorization.Authorizer</role>
-      <role-hint>rbac</role-hint>
-      <implementation>org.codehaus.plexus.redback.authorization.rbac.RbacAuthorizer</implementation>
-      <requirements>
+          <role>org.apache.maven.archiva.repository.RepositoryContentFactory</role>
+          <field-name>repositoryFactory</field-name>
+        </requirement>        
         <requirement>
-          <role>org.codehaus.plexus.redback.rbac.RBACManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>manager</field-name>
+          <role>org.apache.maven.archiva.repository.content.RepositoryRequest</role>
+          <field-name>repositoryRequest</field-name>
         </requirement>
         <requirement>
-          <role>org.codehaus.plexus.redback.users.UserManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>userManager</field-name>
+          <role>org.apache.maven.archiva.proxy.RepositoryProxyConnectors</role>
+          <field-name>connectors</field-name>
         </requirement>
         <requirement>
-          <role>org.codehaus.plexus.redback.authorization.rbac.evaluator.PermissionEvaluator</role>
-          <role-hint>default</role-hint>
-          <field-name>evaluator</field-name>
+          <role>org.apache.maven.archiva.repository.metadata.MetadataTools</role>
+          <field-name>metadataTools</field-name>
         </requirement>
-      </requirements>
-    </component>
-
-    <component>
-      <role>org.codehaus.plexus.redback.role.RoleManager</role>
-      <role-hint>default</role-hint>
-      <implementation>org.codehaus.plexus.redback.role.DefaultRoleManager</implementation>
-      <instantiation-strategy>singleton</instantiation-strategy>
-      <requirements>
         <requirement>
-          <role>org.codehaus.plexus.redback.role.merger.RoleModelMerger</role>
-          <role-hint>default</role-hint>
-          <field-name>modelMerger</field-name>
+          <role>org.apache.maven.archiva.security.ServletAuthenticator</role>
+          <field-name>servletAuth</field-name>
         </requirement>
         <requirement>
-          <role>org.codehaus.plexus.redback.role.validator.RoleModelValidator</role>
-          <role-hint>default</role-hint>
-          <field-name>modelValidator</field-name>
+          <role>org.apache.maven.archiva.webdav.util.MimeTypes</role>
+          <field-name>mimeTypes</field-name>
         </requirement>
         <requirement>
-          <role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role>
-          <role-hint>default</role-hint>
-          <field-name>modelProcessor</field-name>
+          <role>org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator</role>
+          <role-hint>basic</role-hint>
+          <field-name>httpAuth</field-name>
         </requirement>
         <requirement>
-          <role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role>
+          <role>org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers</role>
           <role-hint>default</role-hint>
-          <field-name>templateProcessor</field-name>
         </requirement>
         <requirement>
-          <role>org.codehaus.plexus.redback.rbac.RBACManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>rbacManager</field-name>
+          <role>org.codehaus.plexus.digest.ChecksumFile</role>
+          <field-name>checksum</field-name>
         </requirement>
         <requirement>
-          <role>org.codehaus.plexus.PlexusContainer</role>
-          <field-name>container</field-name>
+          <role>org.codehaus.plexus.digest.Digester</role>
+          <role-hint>sha1</role-hint>
+          <field-name>digestSha1</field-name>
         </requirement>
-      </requirements>
-    </component>
-
-    <component>
-      <role>org.codehaus.plexus.redback.role.processor.RoleModelProcessor</role>
-      <role-hint>default</role-hint>
-      <implementation>org.codehaus.plexus.redback.role.processor.DefaultRoleModelProcessor</implementation>
-      <requirements>
         <requirement>
-          <role>org.codehaus.plexus.redback.rbac.RBACManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>rbacManager</field-name>
+          <role>org.codehaus.plexus.digest.Digester</role>
+          <role-hint>md5</role-hint>
+          <field-name>digestMd5</field-name>
         </requirement>
-      </requirements>
-    </component>
-
-    <component>
-      <role>org.codehaus.plexus.redback.role.template.RoleTemplateProcessor</role>
-      <role-hint>default</role-hint>
-      <implementation>org.codehaus.plexus.redback.role.template.DefaultRoleTemplateProcessor</implementation>
-      <requirements>
         <requirement>
-          <role>org.codehaus.plexus.redback.rbac.RBACManager</role>
-          <role-hint>memory</role-hint>
-          <field-name>rbacManager</field-name>
-        </requirement>
+          <role>org.apache.maven.archiva.security.ArchivaXworkUser</role>
+          <field-name>archivaXworkUser</field-name>
+        </requirement>        
       </requirements>
     </component>
   </components>

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml Mon Oct  6 22:12:33 2008
@@ -165,6 +165,10 @@
           <role>org.codehaus.plexus.digest.Digester</role>
           <role-hint>md5</role-hint>
           <field-name>digestMd5</field-name>
+        </requirement>
+        <requirement>
+          <role>org.apache.maven.archiva.security.ArchivaXworkUser</role>
+          <field-name>archivaXworkUser</field-name>
         </requirement>        
       </requirements>
     </component>

Modified: archiva/branches/MRM-124/archiva-modules/archiva-web/pom.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/archiva-modules/archiva-web/pom.xml?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/archiva-modules/archiva-web/pom.xml (original)
+++ archiva/branches/MRM-124/archiva-modules/archiva-web/pom.xml Mon Oct  6 22:12:33 2008
@@ -32,7 +32,6 @@
     <module>archiva-webapp</module>
     <module>archiva-webdav</module>
     <module>archiva-rss</module>
-    <module>archiva-xmlrpc</module>
   </modules>
 
   <profiles>

Modified: archiva/branches/MRM-124/pom.xml
URL: http://svn.apache.org/viewvc/archiva/branches/MRM-124/pom.xml?rev=702347&r1=702346&r2=702347&view=diff
==============================================================================
--- archiva/branches/MRM-124/pom.xml (original)
+++ archiva/branches/MRM-124/pom.xml Mon Oct  6 22:12:33 2008
@@ -205,6 +205,12 @@
       <scope>test</scope>
     </dependency>
     <dependency>
+      <groupId>easymock</groupId>
+      <artifactId>easymockclassextension</artifactId>
+      <version>1.2</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>jcl104-over-slf4j</artifactId>
       <scope>test</scope>
@@ -383,21 +389,6 @@
       </dependency>
       <dependency>
         <groupId>org.apache.archiva</groupId>
-        <artifactId>archiva-xmlrpc-api</artifactId>
-        <version>1.2-SNAPSHOT</version>        
-      </dependency>
-      <dependency>
-        <groupId>org.apache.archiva</groupId>
-        <artifactId>archiva-xmlrpc-services</artifactId>
-        <version>1.2-SNAPSHOT</version>        
-      </dependency>
-      <dependency>
-        <groupId>org.apache.archiva</groupId>
-        <artifactId>archiva-xmlrpc-security</artifactId>
-        <version>1.2-SNAPSHOT</version>
-      </dependency>
-      <dependency>
-        <groupId>org.apache.archiva</groupId>
         <artifactId>archiva-rss</artifactId>
         <version>1.2-SNAPSHOT</version>
       </dependency>
@@ -517,11 +508,6 @@
         <version>1.4</version>
       </dependency>
       <dependency>
-        <groupId>org.apache.xmlrpc</groupId>
-        <artifactId>xmlrpc-server</artifactId>
-        <version>3.1</version>
-      </dependency>
-      <dependency>
         <groupId>org.apache.maven</groupId>
         <artifactId>maven-artifact-manager</artifactId>
         <version>${maven.version}</version>
@@ -648,7 +634,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-rbac-memory</artifactId>
         <version>${redback.version}</version>
         <scope>test</scope>
@@ -660,7 +646,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-users-memory</artifactId>
         <version>${redback.version}</version>
         <scope>test</scope>
@@ -672,7 +658,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-keys-memory</artifactId>
         <version>${redback.version}</version>
         <scope>test</scope>
@@ -684,7 +670,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-rbac-model</artifactId>
         <version>${redback.version}</version>
         <exclusions>
@@ -695,7 +681,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-authorization-rbac</artifactId>
         <version>${redback.version}</version>
         <exclusions>
@@ -706,7 +692,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-rbac-role-manager</artifactId>
         <version>${redback.version}</version>
         <exclusions>
@@ -717,7 +703,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-system</artifactId>
         <version>${redback.version}</version>
         <exclusions>
@@ -728,7 +714,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-taglib</artifactId>
         <version>${redback.version}</version>
         <exclusions>
@@ -739,7 +725,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-xwork-content</artifactId>
         <version>${redback.version}</version>
         <type>war</type>
@@ -751,7 +737,7 @@
         </exclusions>
       </dependency>
       <dependency>
-        <groupId>org.codehaus.plexus.redback</groupId>
+        <groupId>org.codehaus.redback</groupId>
         <artifactId>redback-xwork-integration</artifactId>
         <version>${redback.version}</version>
         <exclusions>
@@ -890,36 +876,6 @@
         <version>${jetty.version}</version>
       </dependency>
 
-      <!-- xmlrpc -->
-      <dependency>
-        <groupId>com.atlassian.xmlrpc</groupId>
-        <artifactId>atlassian-xmlrpc-binder-annotations</artifactId>
-        <version>${binder.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>com.atlassian.xmlrpc</groupId>
-        <artifactId>atlassian-xmlrpc-binder-server-spring</artifactId>
-        <version>${binder.version}</version>
-        <exclusions>
-          <exclusion>
-            <groupId>commons-logging</groupId>
-            <artifactId>commons-logging</artifactId>
-          </exclusion>
-        </exclusions>
-      </dependency>
-      <dependency>
-        <groupId>com.atlassian.xmlrpc</groupId>
-        <artifactId>atlassian-xmlrpc-binder</artifactId>
-        <version>${binder.version}</version>
-        <scope>test</scope>
-      </dependency>
-      <dependency>
-        <groupId>com.atlassian.xmlrpc</groupId>
-        <artifactId>atlassian-xmlrpc-binder-testing</artifactId>
-        <version>${binder.version}</version>
-        <scope>test</scope>
-      </dependency>
-
       <!-- Transitive versions to manage -->
       <dependency>
         <groupId>org.springframework</groupId>
@@ -1002,9 +958,8 @@
   <properties>
     <maven.version>2.0.8</maven.version>
     <wagon.version>1.0-beta-4</wagon.version>
-    <redback.version>1.0.3</redback.version>
+    <redback.version>1.1.1</redback.version>
     <jetty.version>6.1.6</jetty.version>
-    <binder.version>0.8</binder.version>
   </properties>
   <profiles>
     <profile>
@@ -1100,17 +1055,6 @@
           <name>Codehaus Snapshots Repository</name>
           <url>http://snapshots.repository.codehaus.org</url>
         </repository>
-        <repository>
-          <releases>
-            <enabled>false</enabled>
-          </releases>
-          <snapshots>
-            <enabled>true</enabled>
-          </snapshots>
-          <id>com.atlassian.snapshots</id>
-          <name>Atlassian Snapshots Repository</name>
-          <url>https://maven.atlassian.com/public-snapshot</url>
-        </repository>
       </repositories>
     </profile>
   </profiles>



Mime
View raw message