source.dussan.org Git - archiva.git/blob

   1 package org.apache.maven.archiva.webdav;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import java.io.File;
  23 import java.io.FileNotFoundException;
  24 import java.io.FileReader;
  25 import java.io.IOException;
  26 import java.util.ArrayList;
  27 import java.util.HashMap;
  28 import java.util.List;
  29 import java.util.Map;
  30
  31 import javax.servlet.http.HttpServletResponse;
  32
  33 import org.apache.commons.io.FileUtils;
  34 import org.apache.commons.lang.StringUtils;
  35 import org.apache.jackrabbit.webdav.DavException;
  36 import org.apache.jackrabbit.webdav.DavResource;
  37 import org.apache.jackrabbit.webdav.DavResourceFactory;
  38 import org.apache.jackrabbit.webdav.DavResourceLocator;
  39 import org.apache.jackrabbit.webdav.DavServletRequest;
  40 import org.apache.jackrabbit.webdav.DavServletResponse;
  41 import org.apache.jackrabbit.webdav.DavSession;
  42 import org.apache.jackrabbit.webdav.lock.LockManager;
  43 import org.apache.jackrabbit.webdav.lock.SimpleLockManager;
  44 import org.apache.maven.archiva.common.utils.PathUtil;
  45 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  46 import org.apache.maven.archiva.configuration.RepositoryGroupConfiguration;
  47 import org.apache.maven.archiva.model.ArchivaRepositoryMetadata;
  48 import org.apache.maven.archiva.model.ArtifactReference;
  49 import org.apache.maven.archiva.model.ProjectReference;
  50 import org.apache.maven.archiva.model.VersionedReference;
  51 import org.apache.maven.archiva.policies.ProxyDownloadException;
  52 import org.apache.maven.archiva.proxy.RepositoryProxyConnectors;
  53 import org.apache.maven.archiva.repository.ManagedRepositoryContent;
  54 import org.apache.maven.archiva.repository.RepositoryContentFactory;
  55 import org.apache.maven.archiva.repository.RepositoryException;
  56 import org.apache.maven.archiva.repository.RepositoryNotFoundException;
  57 import org.apache.maven.archiva.repository.audit.AuditEvent;
  58 import org.apache.maven.archiva.repository.audit.AuditListener;
  59 import org.apache.maven.archiva.repository.audit.Auditable;
  60 import org.apache.maven.archiva.repository.content.RepositoryRequest;
  61 import org.apache.maven.archiva.repository.layout.LayoutException;
  62 import org.apache.maven.archiva.repository.metadata.MetadataTools;
  63 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataException;
  64 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataMerge;
  65 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
  66 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
  67 import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
  68 import org.apache.maven.archiva.security.ArchivaXworkUser;
  69 import org.apache.maven.archiva.security.ServletAuthenticator;
  70 import org.apache.maven.archiva.webdav.util.MimeTypes;
  71 import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
  72 import org.apache.maven.archiva.webdav.util.WebdavMethodUtil;
  73 import org.apache.maven.model.DistributionManagement;
  74 import org.apache.maven.model.Model;
  75 import org.apache.maven.model.Relocation;
  76 import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
  77 import org.codehaus.plexus.digest.ChecksumFile;
  78 import org.codehaus.plexus.digest.Digester;
  79 import org.codehaus.plexus.digest.DigesterException;
  80 import org.codehaus.plexus.redback.authentication.AuthenticationException;
  81 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  82 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  83 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
  84 import org.codehaus.plexus.redback.policy.AccountLockedException;
  85 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
  86 import org.codehaus.plexus.redback.system.SecuritySession;
  87 import org.codehaus.plexus.redback.system.SecuritySystemConstants;
  88 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
  89 import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
  90 import org.slf4j.Logger;
  91 import org.slf4j.LoggerFactory;
  92
  93 import com.opensymphony.xwork.ActionContext;
  94
  95 /**
  96  * @author <a href="mailto:james@atlassian.com">James William Dumay</a>
  97  * @plexus.component role="org.apache.maven.archiva.webdav.ArchivaDavResourceFactory"
  98  */
  99 public class ArchivaDavResourceFactory
 100     implements DavResourceFactory, Auditable
 101 {
 102     private static final String PROXIED_SUFFIX = " (proxied)";
 103
 104     private static final String HTTP_PUT_METHOD = "PUT";
 105
 106     private Logger log = LoggerFactory.getLogger( ArchivaDavResourceFactory.class );
 107
 108     /**
 109      * @plexus.requirement role="org.apache.maven.archiva.repository.audit.AuditListener"
 110      */
 111     private List<AuditListener> auditListeners = new ArrayList<AuditListener>();
 112
 113     /**
 114      * @plexus.requirement
 115      */
 116     private RepositoryContentFactory repositoryFactory;
 117
 118     /**
 119      * @plexus.requirement
 120      */
 121     private RepositoryRequest repositoryRequest;
 122
 123     /**
 124      * @plexus.requirement role-hint="default"
 125      */
 126     private RepositoryProxyConnectors connectors;
 127
 128     /**
 129      * @plexus.requirement
 130      */
 131     private MetadataTools metadataTools;
 132
 133     /**
 134      * @plexus.requirement
 135      */
 136     private MimeTypes mimeTypes;
 137
 138     /**
 139      * @plexus.requirement
 140      */
 141     private ArchivaConfiguration archivaConfiguration;
 142
 143     /**
 144      * @plexus.requirement
 145      */
 146     private ServletAuthenticator servletAuth;
 147
 148     /**
 149      * @plexus.requirement role-hint="basic"
 150      */
 151     private HttpAuthenticator httpAuth;
 152
 153     /**
 154      * Lock Manager - use simple implementation from JackRabbit
 155      */
 156     private final LockManager lockManager = new SimpleLockManager();
 157
 158     /**
 159      * @plexus.requirement
 160      */
 161     private RepositoryContentConsumers consumers;
 162
 163     /**
 164      * @plexus.requirement
 165      */
 166     private ChecksumFile checksum;
 167
 168     /**
 169      * @plexus.requirement role-hint="sha1"
 170      */
 171     private Digester digestSha1;
 172
 173     /**
 174      * @plexus.requirement role-hint="md5";
 175      */
 176     private Digester digestMd5;
 177
 178     public DavResource createResource( final DavResourceLocator locator, final DavServletRequest request,
 179                                        final DavServletResponse response )
 180         throws DavException
 181     {
 182         checkLocatorIsInstanceOfRepositoryLocator( locator );
 183         ArchivaDavResourceLocator archivaLocator = (ArchivaDavResourceLocator) locator;
 184
 185         RepositoryGroupConfiguration repoGroupConfig =
 186             archivaConfiguration.getConfiguration().getRepositoryGroupsAsMap().get( archivaLocator.getRepositoryId() );
 187         List<String> repositories = new ArrayList<String>();
 188
 189         boolean isGet = WebdavMethodUtil.isReadMethod( request.getMethod() );
 190         boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
 191
 192         if ( repoGroupConfig != null )
 193         {
 194             if( WebdavMethodUtil.isWriteMethod( request.getMethod() ) )
 195             {
 196                 throw new DavException( HttpServletResponse.SC_METHOD_NOT_ALLOWED,
 197                                         "Write method not allowed for repository groups." );
 198             }
 199             repositories.addAll( repoGroupConfig.getRepositories() );
 200
 201             // handle browse requests for virtual repos
 202             if ( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ).endsWith( "/" ) )
 203             {
 204                 return getResource( request, repositories, archivaLocator );
 205             }
 206         }
 207         else
 208         {
 209             repositories.add( archivaLocator.getRepositoryId() );
 210         }
 211
 212         //MRM-419 - Windows Webdav support. Should not 404 if there is no content.
 213         if (StringUtils.isEmpty(archivaLocator.getRepositoryId()))
 214         {
 215             throw new DavException(HttpServletResponse.SC_NO_CONTENT);
 216         }
 217
 218         List<DavResource> availableResources = new ArrayList<DavResource>();
 219         List<String> resourcesInAbsolutePath = new ArrayList<String>();
 220         DavException e = null;
 221
 222         for ( String repositoryId : repositories )
 223         {
 224             ManagedRepositoryContent managedRepository = null;
 225
 226             try
 227             {
 228                 managedRepository = getManagedRepository( repositoryId );
 229             }
 230             catch ( DavException de )
 231             {
 232                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, "Invalid managed repository <" +
 233                     repositoryId + ">" );
 234             }
 235
 236             DavResource resource = null;
 237
 238             if ( !locator.getResourcePath().startsWith( ArchivaDavResource.HIDDEN_PATH_PREFIX ) )
 239             {
 240                 if ( managedRepository != null )
 241                 {
 242                     try
 243                     {
 244                         if( isAuthorized( request, repositoryId ) )
 245                         {
 246                             LogicalResource logicalResource =
 247                                 new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
 248
 249                             if ( isGet )
 250                             {
 251                                 resource = doGet( managedRepository, request, archivaLocator, logicalResource );
 252                             }
 253
 254                             if ( isPut )
 255                             {
 256                                 resource = doPut( managedRepository, request, archivaLocator, logicalResource );
 257                             }
 258                         }
 259                     }
 260                     catch ( DavException de )
 261                     {
 262                         e = de;
 263                         continue;
 264                     }
 265
 266                     if( resource == null )
 267                     {
 268                         e = new DavException( HttpServletResponse.SC_NOT_FOUND, "Resource does not exist" );
 269                     }
 270                     else
 271                     {
 272                         availableResources.add( resource );
 273
 274                         String logicalResource = RepositoryPathUtil.getLogicalResource( locator.getResourcePath() );
 275                         resourcesInAbsolutePath.add( managedRepository.getRepoRoot() + logicalResource );
 276                     }
 277                 }
 278                 else
 279                 {
 280                     e = new DavException( HttpServletResponse.SC_NOT_FOUND, "Repository does not exist" );
 281                 }
 282             }
 283         }
 284
 285         if ( availableResources.isEmpty() )
 286         {
 287             throw e;
 288         }
 289
 290         String requestedResource = request.getRequestURI();
 291
 292         // MRM-872 : merge all available metadata
 293         // merge metadata only when requested via the repo group
 294         if ( ( repositoryRequest.isMetadata( requestedResource ) || ( requestedResource.endsWith( "metadata.xml.sha1" ) || requestedResource.endsWith( "metadata.xml.md5" ) ) ) &&
 295             repoGroupConfig != null )
 296         {
 297             // this should only be at the project level not version level!
 298             if( isProjectReference( requestedResource ) )
 299             {
 300                 String artifactId = StringUtils.substringBeforeLast( requestedResource.replace( '\\', '/' ), "/" );
 301                 artifactId = StringUtils.substringAfterLast( artifactId, "/" );
 302
 303                 ArchivaDavResource res = ( ArchivaDavResource ) availableResources.get( 0 );
 304                 String filePath = StringUtils.substringBeforeLast( res.getLocalResource().getAbsolutePath().replace( '\\', '/' ), "/" );
 305                 filePath = filePath + "/maven-metadata-" + repoGroupConfig.getId() + ".xml";
 306
 307                 // for MRM-872 handle checksums of the merged metadata files
 308                 if( repositoryRequest.isSupportFile( requestedResource ) )
 309                 {
 310                     File metadataChecksum = new File( filePath + "."
 311                               + StringUtils.substringAfterLast( requestedResource, "." ) );
 312                     if( metadataChecksum.exists() )
 313                     {
 314                         LogicalResource logicalResource =
 315                             new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
 316
 317                         ArchivaDavResource metadataChecksumResource =
 318                             new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(), null,
 319                                                     request.getRemoteAddr(), request.getDavSession(), archivaLocator, this,
 320                                                     mimeTypes, auditListeners, consumers );
 321                         availableResources.add( 0, metadataChecksumResource );
 322                     }
 323                 }
 324                 else
 325                 {   // merge the metadata of all repos under group
 326                     ArchivaRepositoryMetadata mergedMetadata = new ArchivaRepositoryMetadata();
 327                     for ( String resourceAbsPath : resourcesInAbsolutePath )
 328                     {
 329                         try
 330                         {
 331                             File metadataFile = new File( resourceAbsPath );
 332                             ArchivaRepositoryMetadata repoMetadata = RepositoryMetadataReader.read( metadataFile );
 333                             mergedMetadata = RepositoryMetadataMerge.merge( mergedMetadata, repoMetadata );
 334                         }
 335                         catch ( RepositoryMetadataException r )
 336                         {
 337                             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 338                                                     "Error occurred while reading metadata file." );
 339                         }
 340                     }
 341
 342                     try
 343                     {
 344                         File resourceFile = writeMergedMetadataToFile( mergedMetadata, filePath );
 345
 346                         LogicalResource logicalResource =
 347                             new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
 348
 349                         ArchivaDavResource metadataResource =
 350                             new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), null,
 351                                                     request.getRemoteAddr(), request.getDavSession(), archivaLocator, this,
 352                                                     mimeTypes, auditListeners, consumers );
 353                         availableResources.add( 0, metadataResource );
 354                     }
 355                     catch ( RepositoryMetadataException r )
 356                     {
 357                         throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 358                                                 "Error occurred while writing metadata file." );
 359                     }
 360                     catch ( IOException ie )
 361                     {
 362                         throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 363                             "Error occurred while generating checksum files." );
 364                     }
 365                     catch ( DigesterException de )
 366                     {
 367                         throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 368                             "Error occurred while generating checksum files." );
 369                     }
 370                 }
 371             }
 372         }
 373
 374         DavResource resource = availableResources.get( 0 );
 375         setHeaders(response, locator, resource );
 376
 377         // compatibility with MRM-440 to ensure browsing the repository works ok
 378         if ( resource.isCollection() && !request.getRequestURI().endsWith("/" ) )
 379         {
 380             throw new BrowserRedirectException( resource.getHref() );
 381         }
 382         resource.addLockManager(lockManager);
 383         return resource;
 384     }
 385
 386     public DavResource createResource( final DavResourceLocator locator, final DavSession davSession )
 387         throws DavException
 388     {
 389         checkLocatorIsInstanceOfRepositoryLocator( locator );
 390         ArchivaDavResourceLocator archivaLocator = (ArchivaDavResourceLocator) locator;
 391
 392         DavResource resource = null;
 393         if ( !locator.getResourcePath().startsWith( ArchivaDavResource.HIDDEN_PATH_PREFIX ) )
 394         {
 395             ManagedRepositoryContent managedRepository = getManagedRepository( archivaLocator.getRepositoryId() );
 396             String logicalResource = RepositoryPathUtil.getLogicalResource( locator.getResourcePath() );
 397             File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource );
 398             resource =
 399                 new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource,
 400                                         managedRepository.getRepository(), davSession, archivaLocator, this, mimeTypes,
 401                                         auditListeners, consumers );
 402         }
 403         resource.addLockManager(lockManager);
 404         return resource;
 405     }
 406
 407     private DavResource doGet( ManagedRepositoryContent managedRepository, DavServletRequest request,
 408                                ArchivaDavResourceLocator locator, LogicalResource logicalResource )
 409         throws DavException
 410     {
 411         File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
 412
 413         //MRM-893, dont send back a file when user intentionally wants a directory
 414         if ( locator.getHref( false ).endsWith( "/" ) )
 415         {
 416             if ( ! resourceFile.isDirectory() )
 417             {
 418                 //force a resource not found
 419                 return null;
 420             }
 421         }
 422
 423         ArchivaDavResource resource =
 424             new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
 425                                     managedRepository.getRepository(), request.getRemoteAddr(),
 426                                     request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
 427
 428         if ( !resource.isCollection() )
 429         {
 430             boolean previouslyExisted = resourceFile.exists();
 431
 432             // At this point the incoming request can either be in default or
 433             // legacy layout format.
 434             boolean fromProxy = fetchContentFromProxies( managedRepository, request, logicalResource );
 435
 436             try
 437             {
 438                 // Perform an adjustment of the resource to the managed
 439                 // repository expected path.
 440                 String localResourcePath =
 441                     repositoryRequest.toNativePath( logicalResource.getPath(), managedRepository );
 442                 resourceFile = new File( managedRepository.getRepoRoot(), localResourcePath );
 443             }
 444             catch ( LayoutException e )
 445             {
 446                 if ( previouslyExisted )
 447                 {
 448                     return resource;
 449                 }
 450                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, e );
 451             }
 452
 453             // Attempt to fetch the resource from any defined proxy.
 454             if ( fromProxy )
 455             {
 456                 String repositoryId = locator.getRepositoryId();
 457                 String event = ( previouslyExisted ? AuditEvent.MODIFY_FILE : AuditEvent.CREATE_FILE ) + PROXIED_SUFFIX;
 458                 triggerAuditEvent( request.getRemoteAddr(), repositoryId, logicalResource.getPath(), event );
 459             }
 460
 461             if ( !resourceFile.exists() )
 462             {
 463                 resource = null;
 464             }
 465             else
 466             {
 467                 resource =
 468                     new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
 469                                             managedRepository.getRepository(), request.getRemoteAddr(),
 470                                             request.getDavSession(), locator, this, mimeTypes, auditListeners,
 471                                             consumers );
 472             }
 473         }
 474         return resource;
 475     }
 476
 477     private DavResource doPut( ManagedRepositoryContent managedRepository, DavServletRequest request,
 478                                ArchivaDavResourceLocator locator, LogicalResource logicalResource )
 479         throws DavException
 480     {
 481         /*
 482          * Create parent directories that don't exist when writing a file This actually makes this implementation not
 483          * compliant to the WebDAV RFC - but we have enough knowledge about how the collection is being used to do this
 484          * reasonably and some versions of Maven's WebDAV don't correctly create the collections themselves.
 485          */
 486
 487         File rootDirectory = new File( managedRepository.getRepoRoot() );
 488         File destDir = new File( rootDirectory, logicalResource.getPath() ).getParentFile();
 489         if ( request.getMethod().equals(HTTP_PUT_METHOD) && !destDir.exists() )
 490         {
 491             destDir.mkdirs();
 492             String relPath = PathUtil.getRelative( rootDirectory.getAbsolutePath(), destDir );
 493             triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR );
 494         }
 495
 496         File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
 497
 498         return new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
 499                                        managedRepository.getRepository(), request.getRemoteAddr(),
 500                                        request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
 501     }
 502
 503     private boolean fetchContentFromProxies( ManagedRepositoryContent managedRepository, DavServletRequest request,
 504                                              LogicalResource resource )
 505         throws DavException
 506     {
 507         if ( repositoryRequest.isSupportFile( resource.getPath() ) )
 508         {
 509             File proxiedFile = connectors.fetchFromProxies( managedRepository, resource.getPath() );
 510
 511             return ( proxiedFile != null );
 512         }
 513
 514         // Is it a Metadata resource?
 515         if ( repositoryRequest.isDefault( resource.getPath() ) && repositoryRequest.isMetadata( resource.getPath() ) )
 516         {
 517             return fetchMetadataFromProxies( managedRepository, request, resource );
 518         }
 519
 520         // Not any of the above? Then it's gotta be an artifact reference.
 521         try
 522         {
 523             // Get the artifact reference in a layout neutral way.
 524             ArtifactReference artifact = repositoryRequest.toArtifactReference( resource.getPath() );
 525
 526             if ( artifact != null )
 527             {
 528                 applyServerSideRelocation( managedRepository, artifact );
 529
 530                 File proxiedFile = connectors.fetchFromProxies( managedRepository, artifact );
 531
 532                 resource.setPath( managedRepository.toPath( artifact ) );
 533
 534                 return ( proxiedFile != null );
 535             }
 536         }
 537         catch ( LayoutException e )
 538         {
 539             /* eat it */
 540         }
 541         catch ( ProxyDownloadException e )
 542         {
 543             log.error( e.getMessage(), e );
 544             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to fetch artifact resource." );
 545         }
 546         return false;
 547     }
 548
 549     private boolean fetchMetadataFromProxies( ManagedRepositoryContent managedRepository, DavServletRequest request,
 550                                               LogicalResource resource )
 551         throws DavException
 552     {
 553         ProjectReference project;
 554         VersionedReference versioned;
 555
 556         try
 557         {
 558
 559             versioned = metadataTools.toVersionedReference( resource.getPath() );
 560             if ( versioned != null )
 561             {
 562                 connectors.fetchFromProxies( managedRepository, versioned );
 563                 return true;
 564             }
 565         }
 566         catch ( RepositoryMetadataException e )
 567         {
 568             /* eat it */
 569         }
 570
 571         try
 572         {
 573             project = metadataTools.toProjectReference( resource.getPath() );
 574             if ( project != null )
 575             {
 576                 connectors.fetchFromProxies( managedRepository, project );
 577                 return true;
 578             }
 579         }
 580         catch ( RepositoryMetadataException e )
 581         {
 582             /* eat it */
 583         }
 584
 585         return false;
 586     }
 587
 588     /**
 589      * A relocation capable client will request the POM prior to the artifact, and will then read meta-data and do
 590      * client side relocation. A simplier client (like maven 1) will only request the artifact and not use the
 591      * metadatas.
 592      * <p>
 593      * For such clients, archiva does server-side relocation by reading itself the &lt;relocation&gt; element in
 594      * metadatas and serving the expected artifact.
 595      */
 596     protected void applyServerSideRelocation( ManagedRepositoryContent managedRepository, ArtifactReference artifact )
 597         throws ProxyDownloadException
 598     {
 599         if ( "pom".equals( artifact.getType() ) )
 600         {
 601             return;
 602         }
 603
 604         // Build the artifact POM reference
 605         ArtifactReference pomReference = new ArtifactReference();
 606         pomReference.setGroupId( artifact.getGroupId() );
 607         pomReference.setArtifactId( artifact.getArtifactId() );
 608         pomReference.setVersion( artifact.getVersion() );
 609         pomReference.setType( "pom" );
 610
 611         // Get the artifact POM from proxied repositories if needed
 612         connectors.fetchFromProxies( managedRepository, pomReference );
 613
 614         // Open and read the POM from the managed repo
 615         File pom = managedRepository.toFile( pomReference );
 616
 617         if ( !pom.exists() )
 618         {
 619             return;
 620         }
 621
 622         try
 623         {
 624             Model model = new MavenXpp3Reader().read( new FileReader( pom ) );
 625             DistributionManagement dist = model.getDistributionManagement();
 626             if ( dist != null )
 627             {
 628                 Relocation relocation = dist.getRelocation();
 629                 if ( relocation != null )
 630                 {
 631                     // artifact is relocated : update the repositoryPath
 632                     if ( relocation.getGroupId() != null )
 633                     {
 634                         artifact.setGroupId( relocation.getGroupId() );
 635                     }
 636                     if ( relocation.getArtifactId() != null )
 637                     {
 638                         artifact.setArtifactId( relocation.getArtifactId() );
 639                     }
 640                     if ( relocation.getVersion() != null )
 641                     {
 642                         artifact.setVersion( relocation.getVersion() );
 643                     }
 644                 }
 645             }
 646         }
 647         catch ( FileNotFoundException e )
 648         {
 649             // Artifact has no POM in repo : ignore
 650         }
 651         catch ( IOException e )
 652         {
 653             // Unable to read POM : ignore.
 654         }
 655         catch ( XmlPullParserException e )
 656         {
 657             // Invalid POM : ignore
 658         }
 659     }
 660
 661     // TODO: remove?
 662     private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action )
 663     {
 664         String activePrincipal = ArchivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() );
 665         AuditEvent event = new AuditEvent( repositoryId, activePrincipal, resource, action );
 666         event.setRemoteIP( remoteIP );
 667
 668         for ( AuditListener listener : auditListeners )
 669         {
 670             listener.auditEvent( event );
 671         }
 672     }
 673
 674     public void addAuditListener( AuditListener listener )
 675     {
 676         this.auditListeners.add( listener );
 677     }
 678
 679     public void clearAuditListeners()
 680     {
 681         this.auditListeners.clear();
 682     }
 683
 684     public void removeAuditListener( AuditListener listener )
 685     {
 686         this.auditListeners.remove( listener );
 687     }
 688
 689     private void setHeaders( DavServletResponse response, DavResourceLocator locator, DavResource resource )
 690     {
 691         // [MRM-503] - Metadata file need Pragma:no-cache response
 692         // header.
 693         if ( locator.getResourcePath().endsWith( "/maven-metadata.xml" ) )
 694         {
 695             response.addHeader( "Pragma", "no-cache" );
 696             response.addHeader( "Cache-Control", "no-cache" );
 697         }
 698
 699         //We need to specify this so connecting wagons can work correctly
 700         response.addDateHeader("last-modified", resource.getModificationTime());
 701
 702         // TODO: [MRM-524] determine http caching options for other types of files (artifacts, sha1, md5, snapshots)
 703     }
 704
 705     private ManagedRepositoryContent getManagedRepository( String respositoryId )
 706         throws DavException
 707     {
 708         if ( respositoryId != null )
 709         {
 710             try
 711             {
 712                 return repositoryFactory.getManagedRepositoryContent( respositoryId );
 713             }
 714             catch ( RepositoryNotFoundException e )
 715             {
 716                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, e );
 717             }
 718             catch ( RepositoryException e )
 719             {
 720                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, e );
 721             }
 722         }
 723         return null;
 724     }
 725
 726     private void checkLocatorIsInstanceOfRepositoryLocator( DavResourceLocator locator )
 727         throws DavException
 728     {
 729         if ( !( locator instanceof RepositoryLocator ) )
 730         {
 731             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 732                                     "Locator does not implement RepositoryLocator" );
 733         }
 734     }
 735
 736     class LogicalResource
 737     {
 738         private String path;
 739
 740         public LogicalResource( String path )
 741         {
 742             this.path = path;
 743         }
 744
 745         public String getPath()
 746         {
 747             return path;
 748         }
 749
 750         public void setPath( String path )
 751         {
 752             this.path = path;
 753         }
 754     }
 755
 756     protected boolean isAuthorized( DavServletRequest request, String repositoryId )
 757         throws DavException
 758     {
 759         try
 760         {
 761             AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
 762             SecuritySession securitySession = httpAuth.getSecuritySession();
 763
 764             return servletAuth.isAuthenticated( request, result ) &&
 765                 servletAuth.isAuthorized( request, securitySession, repositoryId,
 766                                           WebdavMethodUtil.isWriteMethod( request.getMethod() ) );
 767         }
 768         catch ( AuthenticationException e )
 769         {
 770             throw new UnauthorizedDavException( repositoryId, "You are not authenticated" );
 771         }
 772         catch ( MustChangePasswordException e )
 773         {
 774             throw new UnauthorizedDavException( repositoryId, "You must change your password." );
 775         }
 776         catch ( AccountLockedException e )
 777         {
 778             throw new UnauthorizedDavException( repositoryId, "User account is locked." );
 779         }
 780         catch ( AuthorizationException e )
 781         {
 782             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 783                                     "Fatal Authorization Subsystem Error." );
 784         }
 785         catch ( UnauthorizedException e )
 786         {
 787             throw new UnauthorizedDavException( repositoryId, e.getMessage() );
 788         }
 789     }
 790
 791     private DavResource getResource( DavServletRequest request, List<String> repositories, ArchivaDavResourceLocator locator )
 792         throws DavException
 793     {
 794         List<File> mergedRepositoryContents = new ArrayList<File>();
 795         LogicalResource logicalResource =
 796             new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
 797
 798         // flow:
 799         // if the current user logged in has permission to any of the repositories, allow user to
 800         // browse the repo group but displaying only the repositories which the user has permission to access.
 801         // otherwise, prompt for authentication.
 802
 803         // put the current session in the session map which will be passed to ArchivaXworkUser
 804         Map<String, Object> sessionMap = new HashMap<String, Object>();
 805         if( request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) != null )
 806         {
 807             sessionMap.put( SecuritySystemConstants.SECURITY_SESSION_KEY,
 808                             request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) );
 809         }
 810
 811         String activePrincipal = ArchivaXworkUser.getActivePrincipal( sessionMap );
 812         boolean allow = isAllowedToContinue( request, repositories, activePrincipal );
 813
 814         if( allow )
 815         {
 816             for( String repository : repositories )
 817             {
 818                 // for prompted authentication
 819                 if( httpAuth.getSecuritySession() != null )
 820                 {
 821                     try
 822                     {
 823                         if( isAuthorized( request, repository ) )
 824                         {
 825                             getResource( locator, mergedRepositoryContents, logicalResource, repository );
 826                         }
 827                     }
 828                     catch ( DavException e )
 829                     {
 830                         continue;
 831                     }
 832                 }
 833                 else
 834                 {
 835                     // for the current user logged in
 836                     try
 837                     {
 838                         if( servletAuth.isAuthorizedToAccessVirtualRepository( activePrincipal, repository ) )
 839                         {
 840                             getResource( locator, mergedRepositoryContents, logicalResource, repository );
 841                         }
 842                     }
 843                     catch ( UnauthorizedException e )
 844                     {
 845                         continue;
 846                     }
 847                 }
 848             }
 849         }
 850         else
 851         {
 852             throw new UnauthorizedDavException( locator.getRepositoryId(), "User not authorized." );
 853         }
 854
 855         ArchivaVirtualDavResource resource =
 856             new ArchivaVirtualDavResource( mergedRepositoryContents, logicalResource.getPath(), mimeTypes, locator, this );
 857
 858         // compatibility with MRM-440 to ensure browsing the repository group works ok
 859         if ( resource.isCollection() && !request.getRequestURI().endsWith("/" ) )
 860         {
 861             throw new BrowserRedirectException( resource.getHref() );
 862         }
 863
 864         return resource;
 865     }
 866
 867     private void getResource( ArchivaDavResourceLocator locator, List<File> mergedRepositoryContents,
 868                               LogicalResource logicalResource, String repository )
 869         throws DavException
 870     {
 871         ManagedRepositoryContent managedRepository = null;
 872
 873         try
 874         {
 875             managedRepository = getManagedRepository( repository );
 876         }
 877         catch ( DavException de )
 878         {
 879             throw new DavException( HttpServletResponse.SC_NOT_FOUND, "Invalid managed repository <" +
 880                 repository + ">" );
 881         }
 882
 883         if ( !locator.getResourcePath().startsWith( ArchivaVirtualDavResource.HIDDEN_PATH_PREFIX ) )
 884         {
 885             if( managedRepository != null )
 886             {
 887                 File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
 888                 if( resourceFile.exists() )
 889                 {
 890                     mergedRepositoryContents.add( resourceFile );
 891                 }
 892             }
 893         }
 894     }
 895
 896     /**
 897      * Check if the current user is authorized to access any of the repos
 898      *
 899      * @param request
 900      * @param repositories
 901      * @param activePrincipal
 902      * @return
 903      */
 904     private boolean isAllowedToContinue( DavServletRequest request, List<String> repositories, String activePrincipal )
 905     {
 906         boolean allow = false;
 907
 908
 909         // if securitySession != null, it means that the user was prompted for authentication
 910         if( httpAuth.getSecuritySession() != null )
 911         {
 912             for( String repository : repositories )
 913             {
 914                 try
 915                 {
 916                     if( isAuthorized( request, repository ) )
 917                     {
 918                         allow = true;
 919                         break;
 920                     }
 921                 }
 922                 catch( DavException e )
 923                 {
 924                     continue;
 925                 }
 926             }
 927         }
 928         else
 929         {
 930             for( String repository : repositories )
 931             {
 932                 try
 933                 {
 934                     if( servletAuth.isAuthorizedToAccessVirtualRepository( activePrincipal, repository ) )
 935                     {
 936                         allow = true;
 937                         break;
 938                     }
 939                 }
 940                 catch ( UnauthorizedException e )
 941                 {
 942                     continue;
 943                 }
 944             }
 945         }
 946
 947         return allow;
 948     }
 949
 950     private File writeMergedMetadataToFile( ArchivaRepositoryMetadata mergedMetadata, String outputFilename )
 951         throws RepositoryMetadataException, DigesterException, IOException
 952     {
 953         File outputFile = new File( outputFilename );
 954         if( outputFile.exists() )
 955         {
 956             FileUtils.deleteQuietly( outputFile );
 957         }
 958
 959         outputFile.getParentFile().mkdirs();
 960         RepositoryMetadataWriter.write( mergedMetadata, outputFile );
 961
 962         createChecksumFile( outputFilename, digestSha1 );
 963         createChecksumFile( outputFilename, digestMd5 );
 964
 965         return outputFile;
 966     }
 967
 968     private void createChecksumFile( String path, Digester digester )
 969         throws DigesterException, IOException
 970     {
 971         File checksumFile = new File( path + digester.getFilenameExtension() );
 972         if ( !checksumFile.exists() )
 973         {
 974             FileUtils.deleteQuietly( checksumFile );
 975             checksum.createChecksum( new File( path ), digester );
 976         }
 977         else if ( !checksumFile.isFile() )
 978         {
 979             log.error( "Checksum file is not a file." );
 980         }
 981     }
 982
 983     private boolean isProjectReference( String requestedResource )
 984     {
 985        try
 986        {
 987            VersionedReference versionRef = metadataTools.toVersionedReference( requestedResource );
 988            return false;
 989        }
 990        catch ( RepositoryMetadataException re )
 991        {
 992            return true;
 993        }
 994     }
 995 }