Return-Path: X-Original-To: apmail-archiva-commits-archive@www.apache.org Delivered-To: apmail-archiva-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 12C4517DB8 for ; Fri, 6 Feb 2015 12:10:25 +0000 (UTC) Received: (qmail 95296 invoked by uid 500); 6 Feb 2015 12:10:25 -0000 Delivered-To: apmail-archiva-commits-archive@archiva.apache.org Received: (qmail 95190 invoked by uid 500); 6 Feb 2015 12:10:24 -0000 Mailing-List: contact commits-help@archiva.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@archiva.apache.org Delivered-To: mailing list commits@archiva.apache.org Received: (qmail 95049 invoked by uid 99); 6 Feb 2015 12:10:24 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Feb 2015 12:10:24 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 95AEDE05D4; Fri, 6 Feb 2015 12:10:24 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: olamy@apache.org To: commits@archiva.apache.org Date: Fri, 06 Feb 2015 12:10:29 -0000 Message-Id: <24fddc326b9d4e229948bef95383e25b@git.apache.org> In-Reply-To: <14a2bc5e438744199a557f1bfff31f2c@git.apache.org> References: <14a2bc5e438744199a557f1bfff31f2c@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [6/7] archiva-redback-core git commit: fix unit test fix unit test Project: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/repo Commit: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/commit/f77d21b5 Tree: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/tree/f77d21b5 Diff: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/diff/f77d21b5 Branch: refs/heads/master Commit: f77d21b58956342acf102b71ab166eb1995e4503 Parents: 8edcb36 Author: Olivier Lamy Authored: Fri Feb 6 23:09:37 2015 +1100 Committer: Olivier Lamy Committed: Fri Feb 6 23:09:37 2015 +1100 ---------------------------------------------------------------------- .../interceptors/PermissionsInterceptor.java | 37 ++++++++++++----- .../redback/rest/services/UserServiceTest.java | 19 +++++++-- .../src/test/resources/log4j2-test.xml | 3 +- .../redback/system/DefaultSecuritySession.java | 12 +++++- .../redback/system/DefaultSecuritySystem.java | 42 ++++++++++++++------ .../archiva/redback/system/SecuritySystem.java | 4 ++ 6 files changed, 90 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/f77d21b5/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java ---------------------------------------------------------------------- diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java index f2d4284..fc2a11f 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java @@ -22,6 +22,7 @@ package org.apache.archiva.redback.rest.services.interceptors; import org.apache.archiva.redback.authentication.AuthenticationException; import org.apache.archiva.redback.authentication.AuthenticationResult; import org.apache.archiva.redback.authorization.AuthorizationException; +import org.apache.archiva.redback.authorization.AuthorizationResult; import org.apache.archiva.redback.authorization.RedbackAuthorization; import org.apache.archiva.redback.integration.filter.authentication.basic.HttpBasicAuthentication; import org.apache.archiva.redback.policy.AccountLockedException; @@ -75,6 +76,7 @@ public class PermissionsInterceptor { if ( redbackAuthorization.noRestriction() ) { + log.debug( "redbackAuthorization.noRestriction() so skip permission check" ); // we are fine this services is marked as non restrictive access return; } @@ -84,48 +86,64 @@ public class PermissionsInterceptor && !( permissions.length == 1 && StringUtils.isEmpty( permissions[0] ) ) ) { HttpServletRequest request = getHttpServletRequest( message ); - SecuritySession securitySession = httpAuthenticator.getSecuritySession( request.getSession( true ) ); + SecuritySession securitySession = httpAuthenticator.getSecuritySession( request.getSession() ); AuthenticationResult authenticationResult = message.get( AuthenticationResult.class ); + log.debug( "authenticationResult from message: {}", authenticationResult ); + if ( authenticationResult == null ) { try { authenticationResult = httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( message ) ); + + log.debug( "authenticationResult from request: {}", authenticationResult ); } catch ( AuthenticationException e ) { log.debug( "failed to authenticate for path {}", message.get( Message.REQUEST_URI ) ); containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); + return; } catch ( AccountLockedException e ) { log.debug( "account locked for path {}", message.get( Message.REQUEST_URI ) ); containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); + return; } catch ( MustChangePasswordException e ) { log.debug( "must change password for path {}", message.get( Message.REQUEST_URI ) ); containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); + return; } } if ( authenticationResult != null && authenticationResult.isAuthenticated() ) { + message.put( AuthenticationResult.class, authenticationResult ); for ( String permission : permissions ) { + log.debug( "check permission: {} with securitySession {}", permission, securitySession ); if ( StringUtils.isBlank( permission ) ) { continue; } try { - if ( securitySystem.isAuthorized( securitySession, permission, - StringUtils.isBlank( redbackAuthorization.resource() ) - ? null - : redbackAuthorization.resource() ) ) + AuthorizationResult authorizationResult = + securitySystem.authorize( authenticationResult.getUser(), permission, // + StringUtils.isBlank( redbackAuthorization.resource() ) // + ? null : redbackAuthorization.resource() ); + /* + if ( securitySystem.isAuthorized( securitySession, permission, // + StringUtils.isBlank( redbackAuthorization.resource() ) // + ? null : redbackAuthorization.resource() ) ) + */ + if ( authenticationResult != null && authorizationResult.isAuthorized() ) { + log.debug( "isAuthorized for permission {}", permission ); return; } else @@ -140,13 +158,12 @@ public class PermissionsInterceptor } catch ( AuthorizationException e ) { - log.debug( e.getMessage(), e ); - + log.debug( " AuthorizationException " + e.getMessage() // + + " checking permission " + permission, e ); + containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); + return; } } - containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() ); - return; - } else { http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/f77d21b5/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java ---------------------------------------------------------------------- diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java index 629e8fc..b5a80d2 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java @@ -25,6 +25,7 @@ import org.apache.archiva.redback.rest.api.model.Permission; import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest; import org.apache.archiva.redback.rest.api.model.User; import org.apache.archiva.redback.rest.api.model.UserRegistrationRequest; +import org.apache.archiva.redback.rest.api.services.RedbackServiceException; import org.apache.archiva.redback.rest.api.services.UserService; import org.apache.archiva.redback.rest.services.mock.EmailMessage; import org.apache.archiva.redback.rest.services.mock.ServicesAssert; @@ -178,7 +179,7 @@ public class UserServiceTest } finally { - getUserService( authorizationHeader ).deleteUser( "toto" ); + deleteUserQuietly( "toto" ); } } @@ -237,7 +238,7 @@ public class UserServiceTest } finally { - getUserService( authorizationHeader ).deleteUser( "toto" ); + deleteUserQuietly( "toto" ); } } @@ -307,11 +308,23 @@ public class UserServiceTest } finally { - getUserService( authorizationHeader ).deleteUser( "toto" ); + deleteUserQuietly( "toto" ); } } + private void deleteUserQuietly( String userName ) + { + try + { + getUserService( authorizationHeader ).deleteUser( userName ); + } + catch ( Exception e ) + { + log.warn( "ignore fail to delete user " + e.getMessage(), e ); + } + } + @Test public void getAdminPermissions() throws Exception http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/f77d21b5/redback-integrations/redback-rest/redback-rest-services/src/test/resources/log4j2-test.xml ---------------------------------------------------------------------- diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/resources/log4j2-test.xml b/redback-integrations/redback-rest/redback-rest-services/src/test/resources/log4j2-test.xml index eb55d39..e058bdb 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/resources/log4j2-test.xml +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/resources/log4j2-test.xml @@ -21,7 +21,7 @@ - + @@ -32,6 +32,7 @@ + http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/f77d21b5/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySession.java ---------------------------------------------------------------------- diff --git a/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySession.java b/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySession.java index 2fc40c2..9acbec4 100644 --- a/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySession.java +++ b/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySession.java @@ -19,8 +19,8 @@ package org.apache.archiva.redback.system; * under the License. */ -import org.apache.archiva.redback.users.User; import org.apache.archiva.redback.authentication.AuthenticationResult; +import org.apache.archiva.redback.users.User; import org.springframework.stereotype.Service; import java.io.Serializable; @@ -74,4 +74,14 @@ public class DefaultSecuritySession { return ( ( user != null ) && authenticated ); } + + @Override + public String toString() + { + return "DefaultSecuritySession{" + + "authenticationResult=" + authenticationResult + + ", user=" + user + + ", authenticated=" + authenticated + + '}'; + } } http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/f77d21b5/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySystem.java ---------------------------------------------------------------------- diff --git a/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySystem.java b/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySystem.java index f5fc35c..c572089 100644 --- a/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySystem.java +++ b/redback-system/src/main/java/org/apache/archiva/redback/system/DefaultSecuritySystem.java @@ -19,13 +19,6 @@ package org.apache.archiva.redback.system; * under the License. */ -import org.apache.archiva.redback.keys.KeyManager; -import org.apache.archiva.redback.policy.AccountLockedException; -import org.apache.archiva.redback.policy.UserSecurityPolicy; -import org.apache.archiva.redback.users.User; -import org.apache.archiva.redback.users.UserManager; -import org.apache.archiva.redback.users.UserManagerException; -import org.apache.archiva.redback.users.UserNotFoundException; import org.apache.archiva.redback.authentication.AuthenticationDataSource; import org.apache.archiva.redback.authentication.AuthenticationException; import org.apache.archiva.redback.authentication.AuthenticationManager; @@ -34,7 +27,14 @@ import org.apache.archiva.redback.authorization.AuthorizationDataSource; import org.apache.archiva.redback.authorization.AuthorizationException; import org.apache.archiva.redback.authorization.AuthorizationResult; import org.apache.archiva.redback.authorization.Authorizer; +import org.apache.archiva.redback.keys.KeyManager; +import org.apache.archiva.redback.policy.AccountLockedException; import org.apache.archiva.redback.policy.MustChangePasswordException; +import org.apache.archiva.redback.policy.UserSecurityPolicy; +import org.apache.archiva.redback.users.User; +import org.apache.archiva.redback.users.UserManager; +import org.apache.archiva.redback.users.UserManagerException; +import org.apache.archiva.redback.users.UserNotFoundException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; @@ -47,7 +47,7 @@ import javax.inject.Named; * * @author: Jesse McConnell */ -@Service("securitySystem") +@Service( "securitySystem" ) public class DefaultSecuritySystem implements SecuritySystem { @@ -57,15 +57,15 @@ public class DefaultSecuritySystem private AuthenticationManager authnManager; @Inject - @Named(value = "authorizer#default") + @Named( value = "authorizer#default" ) private Authorizer authorizer; @Inject - @Named(value = "userManager#default") + @Named( value = "userManager#default" ) private UserManager userManager; @Inject - @Named(value = "keyManager#cached") + @Named( value = "keyManager#cached" ) private KeyManager keyManager; @Inject @@ -92,7 +92,6 @@ public class DefaultSecuritySystem * @throws UserNotFoundException * @throws MustChangePasswordException * @throws org.apache.archiva.redback.policy.AccountLockedException - * * @throws MustChangePasswordException */ public SecuritySession authenticate( AuthenticationDataSource source ) @@ -176,6 +175,24 @@ public class DefaultSecuritySystem return authorizer.isAuthorized( source ); } + public AuthorizationResult authorize( User user, String permission, String resource ) + throws AuthorizationException + { + AuthorizationDataSource source = null; + + if ( user != null ) + { + source = new AuthorizationDataSource( user.getUsername(), user, permission, resource ); + } + + if ( source == null ) + { + source = new AuthorizationDataSource( null, null, permission, resource ); + } + + return authorizer.isAuthorized( source ); + } + public boolean isAuthorized( SecuritySession session, String permission ) throws AuthorizationException { @@ -287,4 +304,5 @@ public class DefaultSecuritySystem { return userManager.isReadOnly(); } + } http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/f77d21b5/redback-system/src/main/java/org/apache/archiva/redback/system/SecuritySystem.java ---------------------------------------------------------------------- diff --git a/redback-system/src/main/java/org/apache/archiva/redback/system/SecuritySystem.java b/redback-system/src/main/java/org/apache/archiva/redback/system/SecuritySystem.java index 66f775e..ad751cd 100644 --- a/redback-system/src/main/java/org/apache/archiva/redback/system/SecuritySystem.java +++ b/redback-system/src/main/java/org/apache/archiva/redback/system/SecuritySystem.java @@ -22,6 +22,7 @@ package org.apache.archiva.redback.system; import org.apache.archiva.redback.policy.AccountLockedException; import org.apache.archiva.redback.policy.MustChangePasswordException; import org.apache.archiva.redback.policy.UserSecurityPolicy; +import org.apache.archiva.redback.users.User; import org.apache.archiva.redback.users.UserManagerException; import org.apache.archiva.redback.users.UserNotFoundException; import org.apache.archiva.redback.authentication.AuthenticationDataSource; @@ -73,6 +74,9 @@ public interface SecuritySystem AuthorizationResult authorize( SecuritySession session, String permission, String resource ) throws AuthorizationException; + AuthorizationResult authorize( User user, String permission, String resource ) + throws AuthorizationException; + boolean isAuthorized( SecuritySession session, String permission, String resource ) throws AuthorizationException;