archiva-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maria Odea Ching" <och...@apache.org>
Subject Re: svn commit: r654479 - in /archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src: main/java/org/apache/maven/archiva/web/rss/ test/java/org/apache/maven/archiva/web/rss/
Date Fri, 09 May 2008 05:06:20 GMT
I'll see how I can refactor this.. the code for authentication &
authorization in RepositoryServlet is actually in the
ArchivaDavSessionProvider, not in the servlet itself.

Thanks,
Deng

On Fri, May 9, 2008 at 11:36 AM, Joakim Erdfelt <joakim@erdfelt.com> wrote:

> Can we create a AbstractSecuredServlet base for those two servlets to use?
>
> - Joakim
>
>
> oching@apache.org wrote:
>
>> Author: oching
>> Date: Thu May  8 04:27:00 2008
>> New Revision: 654479
>>
>> URL: http://svn.apache.org/viewvc?rev=654479&view=rev
>> Log:
>> [MRM-773]
>> -use authentication scheme used in RepositoryServlet
>> -temporarily commented out authentication for new versions of artifacts
>> Modified:
>>
>>  archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
>>
>>  archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java
>>
>>  archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java
>>
>> Modified:
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
>> URL:
>> http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java?rev=654479&r1=654478&r2=654479&view=diff
>>
>> ==============================================================================
>> ---
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
>> (original)
>> +++
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
>> Thu May  8 04:27:00 2008
>> @@ -40,14 +40,16 @@
>>  import org.apache.maven.archiva.security.ArchivaSecurityException;
>>  import org.apache.maven.archiva.security.PrincipalNotFoundException;
>>  import org.apache.maven.archiva.security.UserRepositories;
>> -import
>> org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
>>  import
>> org.codehaus.plexus.redback.authentication.AuthenticationException;
>> -import
>> org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
>> +import org.codehaus.plexus.redback.authentication.AuthenticationResult;
>>  import org.codehaus.plexus.redback.authorization.AuthorizationException;
>> +import org.codehaus.plexus.redback.authorization.AuthorizationResult;
>>  import org.codehaus.plexus.redback.policy.AccountLockedException;
>> +import org.codehaus.plexus.redback.policy.MustChangePasswordException;
>>  import org.codehaus.plexus.redback.system.SecuritySession;
>>  import org.codehaus.plexus.redback.system.SecuritySystem;
>>  import org.codehaus.plexus.redback.users.UserNotFoundException;
>> +import
>> org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
>>  import org.codehaus.plexus.spring.PlexusToSpringUtils;
>>  import org.slf4j.Logger;
>>  import org.slf4j.LoggerFactory;
>> @@ -85,6 +87,8 @@
>>       private UserRepositories userRepositories;
>>  +    private HttpAuthenticator httpAuth;
>> +
>>     public void init( javax.servlet.ServletConfig servletConfig )
>>         throws ServletException
>>     {
>> @@ -94,11 +98,13 @@
>>             (SecuritySystem) wac.getBean(
>> PlexusToSpringUtils.buildSpringId( SecuritySystem.class.getName() ) );
>>         userRepositories =
>>             (UserRepositories) wac.getBean(
>> PlexusToSpringUtils.buildSpringId( UserRepositories.class.getName() ) );
>> +        httpAuth =
>> +            (HttpAuthenticator) wac.getBean(
>> PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) );
>>     }
>>       public void doGet( HttpServletRequest req, HttpServletResponse res )
>>         throws ServletException, IOException
>> -    {       +    {
>>         try
>>         {
>>             Map<String, String> map = new HashMap<String, String>();
>> @@ -107,16 +113,22 @@
>>             String groupId = req.getParameter( "groupId" );
>>             String artifactId = req.getParameter( "artifactId" );
>>             -            if ( isAuthorized( req ) )
>> +            if( ( repoId == null ) && ( groupId == null && artifactId
==
>> null ) )                +            {
>> +                res.sendError( HttpServletResponse.SC_BAD_REQUEST,
>> "Required fields not found in request." );
>> +                return;
>> +            }
>> +
>> +            if ( isAllowed( req ) )
>>             {
>>                 if ( repoId != null )
>> -                {                   +                {
>>                     // new artifacts in repo feed request
>>                     processor =
>>                         (RssFeedProcessor) wac.getBean(
>> PlexusToSpringUtils.buildSpringId(
>>
>>                  RssFeedProcessor.class.getName(),
>>
>>                  "new-artifacts" ) );
>> -                    map.put( RssFeedProcessor.KEY_REPO_ID, repoId );
>>                +                    map.put( RssFeedProcessor.KEY_REPO_ID,
>> repoId );
>>                 }
>>                 else if ( ( groupId != null ) && ( artifactId != null ) )
>>                 {
>> @@ -126,23 +138,18 @@
>>
>>                  RssFeedProcessor.class.getName(),
>>
>>                  "new-versions" ) );
>>                     map.put( RssFeedProcessor.KEY_GROUP_ID, groupId );
>> -                    map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId
>> );                    -                }
>> -                else
>> -                {
>> -                    res.sendError( HttpServletResponse.SC_BAD_REQUEST,
>> "Required fields not found in request." );
>> -                    return;
>> -                }
>> +                    map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId
>> );
>> +                }                             }
>>             else
>>             {
>>                 res.sendError( HttpServletResponse.SC_UNAUTHORIZED,
>> "Request is not authorized." );
>>                 return;
>>             }
>> -            +
>>             feed = processor.process( map );
>>             res.setContentType( MIME_TYPE );
>> -            +
>>             if ( repoId != null )
>>             {
>>                 feed.setLink( req.getRequestURL() + "?repoId=" + repoId );
>> @@ -188,55 +195,62 @@
>>      * @param req
>>      * @return
>>      */
>> -    private boolean isAuthorized( HttpServletRequest req )
>> +    private boolean isAllowed( HttpServletRequest req )
>>         throws UserNotFoundException, AccountLockedException,
>> AuthenticationException, AuthorizationException
>>     {
>>         String auth = req.getHeader( "Authorization" );
>> -        -        if ( auth == null )
>> -        {
>> -            return false;
>> -        }
>> -
>> -        if ( !auth.toUpperCase().startsWith( "BASIC " ) )
>> -        {
>> -            return false;
>> -        }
>> -
>> -        Decoder dec = new Base64();        -        String
>> usernamePassword = "";
>>  -        try
>> -        {
>> -            usernamePassword = new String( ( byte[] ) dec.decode(
>> auth.substring( 6 ).getBytes() ) );
>> -        }
>> -        catch ( DecoderException ie )
>> -        {
>> -            log.error( "Error decoding username and password.",
>> ie.getMessage() );
>> -        }
>> -        -        String[] userCredentials = usernamePassword.split( ":"
>> );
>> -        String username = userCredentials[0];
>> -        String password = userCredentials[1];
>> -        -        AuthenticationDataSource dataSource = new
>> PasswordBasedAuthenticationDataSource( username, password );
>> -        SecuritySession session = null;
>> +        //        if ( auth == null )
>> +        //        {
>> +        //            return false;
>> +        //        }
>>           List<String> repoIds = new ArrayList<String>();
>>         if ( req.getParameter( "repoId" ) != null )
>>         {
>>             repoIds.add( req.getParameter( "repoId" ) );
>>         }
>> -        else
>> +
>> +        if ( auth != null )
>>         {
>> -            repoIds = getObservableRepos( username );
>> -        }
>> +            if ( !auth.toUpperCase().startsWith( "BASIC " ) )
>> +            {
>> +                return false;
>> +            }
>> +
>> +            Decoder dec = new Base64();
>> +            String usernamePassword = "";
>>  -        session = securitySystem.authenticate( dataSource );
>> +            try
>> +            {
>> +                usernamePassword = new String( (byte[]) dec.decode(
>> auth.substring( 6 ).getBytes() ) );
>> +            }
>> +            catch ( DecoderException ie )
>> +            {
>> +                log.error( "Error decoding username and password.",
>> ie.getMessage() );
>> +            }
>> +
>> +            if ( usernamePassword != null &&
>> !usernamePassword.trim().equals( "" ) )
>> +            {
>> +                //String[] userCredentials = usernamePassword.split( ":"
>> );
>> +                //String username = userCredentials[0];
>> +                //String password = userCredentials[1];
>> +
>> +                //AuthenticationDataSource dataSource = new
>> PasswordBasedAuthenticationDataSource( username, password );
>> +                //SecuritySession session = null;            +
>> +                //if( req.getParameter( "groupId" ) != null &&
>> req.getParameter( "artifactId" ) != null )            +                //{
>> +                //    repoIds = getObservableRepos( username );
>> +                //}
>> +            }
>> +        }
>> +        //session = securitySystem.authenticate( dataSource );
>>           for ( String repoId : repoIds )
>> -        {            -            if ( securitySystem.isAuthorized(
>> session, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
>> +        {
>> +            //if ( securitySystem.isAuthorized( session,
>> ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
>> +            if ( isAuthenticated( req, repoId ) && isAuthorized( req,
>> repoId ) )
>>             {
>>                 return true;
>>             }
>> @@ -266,4 +280,65 @@
>>           return Collections.emptyList();
>>     }
>> +
>> +    private boolean isAuthenticated( HttpServletRequest request, String
>> repositoryId )
>> +    {
>> +        try
>> +        {
>> +            AuthenticationResult result =
>> httpAuth.getAuthenticationResult( request, null );
>> +           +            if ( result != null && !result.isAuthenticated()
>> )
>> +            {
>> +                log.error( "User credentials is invalid." );
>> +                return false;
>> +            }
>> +        }
>> +        catch ( AuthenticationException e )
>> +        {
>> +            log.error( "User is not authenticated." );
>> +            return false;
>> +        }
>> +        catch ( AccountLockedException e )
>> +        {
>> +            log.error( "User account is locked." );
>> +            return false;
>> +        }
>> +        catch ( MustChangePasswordException e )
>> +        {
>> +            log.error( "Password must be changed." );
>> +            return false;
>> +        }
>> +
>> +        log.info( "before returning TRUE in isAuthenticated(..)" );
>> +        return true;
>> +    }
>> +
>> +    private boolean isAuthorized( HttpServletRequest request, String
>> repositoryId )
>> +    {
>> +        SecuritySession securitySession = httpAuth.getSecuritySession();
>> +
>> +        try
>> +        {
>> +            String permission =
>> ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
>> +
>> +            AuthorizationResult authzResult = securitySystem.authorize(
>> securitySession, permission, repositoryId );
>> +
>> +            if ( !authzResult.isAuthorized() )
>> +            {
>> +                if ( authzResult.getException() != null )
>> +                {
>> +                    log.info( "Authorization Denied [ip=" +
>> request.getRemoteAddr() + ",permission=" + permission +
>> +                        ",repo=" + repositoryId + "] : " +
>> authzResult.getException().getMessage() );
>> +                }
>> +                return false;
>> +            }
>> +        }
>> +        catch ( AuthorizationException e )
>> +        {
>> +            log.error( "Error in authorization : " + e.getMessage() );
>> +            return false;
>> +        }
>> +
>> +        return true;
>> +    }
>>  }
>>
>> Modified:
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java
>> URL:
>> http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java?rev=654479&r1=654478&r2=654479&view=diff
>>
>> ==============================================================================
>> ---
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java
>> (original)
>> +++
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java
>> Thu May  8 04:27:00 2008
>> @@ -83,6 +83,7 @@
>>         assertEquals( "Should have been an OK response code.",
>> HttpServletResponse.SC_OK, response.getResponseCode() );
>>     }
>>  +    /*
>>     public void testRequestNewVersionsOfArtifact()
>>         throws Exception
>>     {
>> @@ -103,6 +104,7 @@
>>         assertNotNull( "Should have recieved a response", response );
>>         assertEquals( "Should have been an OK response code.",
>> HttpServletResponse.SC_OK, response.getResponseCode() );             }
>> +    */
>>         public void testInvalidRequest()
>>         throws Exception
>>
>> Modified:
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java
>> URL:
>> http://svn.apache.org/viewvc/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java?rev=654479&r1=654478&r2=654479&view=diff
>>
>> ==============================================================================
>> ---
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java
>> (original)
>> +++
>> archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java
>> Thu May  8 04:27:00 2008
>> @@ -24,6 +24,7 @@
>>  import java.util.List;
>>  import java.util.Map;
>>  +import org.apache.maven.archiva.security.ArchivaRoleConstants;
>>  import
>> org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
>>  import
>> org.codehaus.plexus.redback.authentication.AuthenticationException;
>>  import org.codehaus.plexus.redback.authentication.AuthenticationResult;
>> @@ -89,15 +90,15 @@
>>     public AuthorizationResult authorize( SecuritySession arg0, Object
>> arg1 )
>>         throws AuthorizationException
>>     {
>> -        // TODO Auto-generated method stub
>>         return null;
>>     }
>>       public AuthorizationResult authorize( SecuritySession arg0, Object
>> arg1, Object arg2 )
>>         throws AuthorizationException
>>     {
>> -        // TODO Auto-generated method stub
>> -        return null;
>> +        AuthorizationResult result = new AuthorizationResult( true, arg1,
>> null);
>> +        +        return result;
>>     }
>>       public String getAuthenticatorId()
>>
>>
>>
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message