Author: jmcconnell
Date: Fri May 11 11:21:53 2007
New Revision: 537255
URL: http://svn.apache.org/viewvc?view=rev&rev=537255
Log:
working redback authn and authz with xmlrpc
Modified:
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/pom.xml
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcConfig.java
maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/pom.xml
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/pom.xml?view=diff&rev=537255&r1=537254&r2=537255
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/pom.xml (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/pom.xml Fri May 11 11:21:53 2007
@@ -33,6 +33,14 @@
continuum-xmlrpc-api
+ org.apache.maven.continuum
+ continuum-security
+
+
+ org.codehaus.plexus.redback
+ redback-system
+
+
org.codehaus.plexus
plexus-xwork-integration
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java?view=diff&rev=537255&r1=537254&r2=537255
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumServiceImpl.java Fri May 11 11:21:53 2007
@@ -32,6 +32,8 @@
import org.apache.maven.continuum.xmlrpc.project.ProjectGroup;
import org.apache.maven.continuum.xmlrpc.project.ProjectGroupSummary;
import org.apache.maven.continuum.xmlrpc.project.ProjectSummary;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.system.SecuritySystem;
import java.util.ArrayList;
import java.util.Collection;
@@ -51,8 +53,13 @@
*/
private Continuum continuum;
+ /**
+ * @plexus.requirement role-hint="default"
+ */
+ private SecuritySystem securitySystem;
+
private ContinuumXmlRpcConfig config;
-
+
public void setConfig( ContinuumXmlRpcConfig config )
{
this.config = config;
@@ -204,8 +211,22 @@
public AddingResult addMavenTwoProject( String url )
throws ContinuumException
{
- ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url );
- return populateAddingResult( result );
+ try
+ {
+ if ( securitySystem.isAuthorized( config.getSecuritySession(), "continuum-add-group" ) )
+ {
+ ContinuumProjectBuildingResult result = continuum.addMavenTwoProject( url );
+ return populateAddingResult( result );
+ }
+ else
+ {
+ throw new ContinuumException( "unauthorized add project request" );
+ }
+ }
+ catch (AuthorizationException e )
+ {
+ throw new ContinuumException( "error authorizing request", e );
+ }
}
public AddingResult addMavenTwoProject( String url, int projectGroupId )
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcConfig.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcConfig.java?view=diff&rev=537255&r1=537254&r2=537255
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcConfig.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcConfig.java Fri May 11 11:21:53 2007
@@ -20,6 +20,7 @@
*/
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
+import org.codehaus.plexus.redback.system.SecuritySession;
import javax.servlet.http.HttpServletRequest;
@@ -31,6 +32,8 @@
extends XmlRpcHttpRequestConfigImpl
{
private HttpServletRequest httpServletRequest;
+
+ private SecuritySession securitySession;
public HttpServletRequest getHttpServletRequest()
{
@@ -41,4 +44,16 @@
{
this.httpServletRequest = httpServletRequest;
}
+
+ public SecuritySession getSecuritySession()
+ {
+ return securitySession;
+ }
+
+ public void setSecuritySession( SecuritySession securitySession )
+ {
+ this.securitySession = securitySession;
+ }
+
+
}
Modified: maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java
URL: http://svn.apache.org/viewvc/maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java?view=diff&rev=537255&r1=537254&r2=537255
==============================================================================
--- maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java (original)
+++ maven/continuum/trunk/continuum-xmlrpc/continuum-xmlrpc-server/src/main/java/org/apache/maven/continuum/xmlrpc/server/ContinuumXmlRpcServlet.java Fri May 11 11:21:53 2007
@@ -33,6 +33,11 @@
import org.codehaus.plexus.classworlds.ClassWorld;
import org.codehaus.plexus.component.repository.exception.ComponentLifecycleException;
import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.codehaus.plexus.xwork.PlexusLifecycleListener;
import javax.servlet.ServletConfig;
@@ -54,6 +59,8 @@
{
private ContinuumXmlRpcServletServer server;
+ private SecuritySystem securitySystem;
+
public String getServletInfo()
{
return "Continuum XMLRPC Servlet";
@@ -92,6 +99,16 @@
throws ServletException
{
server = new ContinuumXmlRpcServletServer();
+
+ try
+ {
+ securitySystem = (SecuritySystem)getPlexusContainer().lookup( SecuritySystem.ROLE );
+ }
+ catch ( ComponentLookupException e )
+ {
+ throw new ServletException( "Can't init the xml rpc server, unable to obtain security system", e );
+ }
+
try
{
XmlRpcServerConfigImpl cfg = (XmlRpcServerConfigImpl) server.getConfig();
@@ -116,18 +133,45 @@
new AbstractReflectiveHandlerMapping.AuthenticationHandler()
{
public boolean isAuthorized( XmlRpcRequest pRequest )
- {
- XmlRpcHttpRequestConfig config = (XmlRpcHttpRequestConfig) pRequest.getConfig();
- return isAuthenticated( config.getBasicUserName(), config.getBasicPassword() );
+ {
+ if ( pRequest.getConfig() instanceof ContinuumXmlRpcConfig )
+ {
+ ContinuumXmlRpcConfig config = (ContinuumXmlRpcConfig) pRequest.getConfig();
+
+ PasswordBasedAuthenticationDataSource authdatasource = new PasswordBasedAuthenticationDataSource();
+ authdatasource.setPrincipal( config.getBasicUserName() );
+ authdatasource.setPassword( config.getBasicPassword() );
+
+ try
+ {
+ config.setSecuritySession( securitySystem.authenticate( authdatasource ) );
+
+ return config.getSecuritySession().isAuthenticated();
+ }
+ catch ( AuthenticationException e )
+ {
+ e.printStackTrace();
+ return false;
+ }
+ catch ( AccountLockedException e )
+ {
+ e.printStackTrace();
+ return false;
+ }
+ catch ( UserNotFoundException e )
+ {
+ e.printStackTrace();
+ return false;
+ }
+ }
+ else
+ {
+ System.out.println( "unknown xml rpc configiration object found..." );
+ return false;
+ }
}
};
return handler;
- }
-
- protected boolean isAuthenticated( String username, String password )
- {
- //TODO: Add authentication there.
- return true;
}
public void doPost( HttpServletRequest pRequest, HttpServletResponse pResponse )