]> source.dussan.org Git - archiva.git/blob
201bb828d04b8593dfbb4caeee3676502bc51f1c
[archiva.git] /
1 package org.apache.maven.archiva.webdav;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  *  http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import java.io.File;
23 import java.io.FileNotFoundException;
24 import java.io.FileReader;
25 import java.io.IOException;
26 import java.util.ArrayList;
27 import java.util.List;
28
29 import javax.servlet.http.HttpServletResponse;
30
31 import org.apache.commons.io.FileUtils;
32 import org.apache.commons.lang.StringUtils;
33 import org.apache.jackrabbit.webdav.DavException;
34 import org.apache.jackrabbit.webdav.DavResource;
35 import org.apache.jackrabbit.webdav.DavResourceFactory;
36 import org.apache.jackrabbit.webdav.DavResourceLocator;
37 import org.apache.jackrabbit.webdav.DavServletRequest;
38 import org.apache.jackrabbit.webdav.DavServletResponse;
39 import org.apache.jackrabbit.webdav.DavSession;
40 import org.apache.jackrabbit.webdav.lock.LockManager;
41 import org.apache.jackrabbit.webdav.lock.SimpleLockManager;
42 import org.apache.maven.archiva.common.utils.PathUtil;
43 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
44 import org.apache.maven.archiva.configuration.RepositoryGroupConfiguration;
45 import org.apache.maven.archiva.model.ArchivaRepositoryMetadata;
46 import org.apache.maven.archiva.model.ArtifactReference;
47 import org.apache.maven.archiva.policies.ProxyDownloadException;
48 import org.apache.maven.archiva.proxy.RepositoryProxyConnectors;
49 import org.apache.maven.archiva.repository.ManagedRepositoryContent;
50 import org.apache.maven.archiva.repository.RepositoryContentFactory;
51 import org.apache.maven.archiva.repository.RepositoryException;
52 import org.apache.maven.archiva.repository.RepositoryNotFoundException;
53 import org.apache.maven.archiva.repository.audit.AuditEvent;
54 import org.apache.maven.archiva.repository.audit.AuditListener;
55 import org.apache.maven.archiva.repository.audit.Auditable;
56 import org.apache.maven.archiva.repository.content.RepositoryRequest;
57 import org.apache.maven.archiva.repository.layout.LayoutException;
58 import org.apache.maven.archiva.repository.metadata.MetadataTools;
59 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataException;
60 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataMerge;
61 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
62 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
63 import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
64 import org.apache.maven.archiva.security.ServletAuthenticator;
65 import org.apache.maven.archiva.webdav.util.MimeTypes;
66 import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
67 import org.apache.maven.archiva.webdav.util.WebdavMethodUtil;
68 import org.apache.maven.model.DistributionManagement;
69 import org.apache.maven.model.Model;
70 import org.apache.maven.model.Relocation;
71 import org.apache.maven.model.io.xpp3.MavenXpp3Reader;
72 import org.codehaus.plexus.digest.ChecksumFile;
73 import org.codehaus.plexus.digest.Digester;
74 import org.codehaus.plexus.digest.DigesterException;
75 import org.codehaus.plexus.redback.authentication.AuthenticationException;
76 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
77 import org.codehaus.plexus.redback.authorization.AuthorizationException;
78 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
79 import org.codehaus.plexus.redback.policy.AccountLockedException;
80 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
81 import org.codehaus.plexus.redback.system.SecuritySession;
82 import org.codehaus.plexus.redback.users.User;
83 import org.codehaus.plexus.redback.users.UserManager;
84 import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
85 import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
86 import org.slf4j.Logger;
87 import org.slf4j.LoggerFactory;
88
89 /**
90  * @plexus.component role="org.apache.maven.archiva.webdav.ArchivaDavResourceFactory"
91  */
92 public class ArchivaDavResourceFactory
93     implements DavResourceFactory, Auditable
94 {   
95     private static final String PROXIED_SUFFIX = " (proxied)";
96
97     private static final String HTTP_PUT_METHOD = "PUT";
98
99     private Logger log = LoggerFactory.getLogger( ArchivaDavResourceFactory.class );
100
101     /**
102      * @plexus.requirement role="org.apache.maven.archiva.repository.audit.AuditListener"
103      */
104     private List<AuditListener> auditListeners = new ArrayList<AuditListener>();
105
106     /**
107      * @plexus.requirement
108      */
109     private RepositoryContentFactory repositoryFactory;
110
111     /**
112      * @plexus.requirement
113      */
114     private RepositoryRequest repositoryRequest;
115
116     /**
117      * @plexus.requirement role-hint="default"
118      */
119     private RepositoryProxyConnectors connectors;
120
121     /**
122      * @plexus.requirement
123      */
124     private MetadataTools metadataTools;
125
126     /**
127      * @plexus.requirement
128      */
129     private MimeTypes mimeTypes;
130
131     /**
132      * @plexus.requirement
133      */
134     private ArchivaConfiguration archivaConfiguration;
135
136     /**
137      * @plexus.requirement
138      */
139     private ServletAuthenticator servletAuth;
140
141     /**
142      * @plexus.requirement role-hint="basic"
143      */
144     private HttpAuthenticator httpAuth;
145
146     /**
147      * Lock Manager - use simple implementation from JackRabbit
148      */
149     private final LockManager lockManager = new SimpleLockManager();
150
151     /** 
152      * @plexus.requirement 
153      */
154     private RepositoryContentConsumers consumers;
155     
156     /**
157      * @plexus.requirement
158      */
159     private ChecksumFile checksum;
160         
161     /**
162      * @plexus.requirement role-hint="sha1"
163      */
164     private Digester digestSha1;
165
166     /**
167      * @plexus.requirement role-hint="md5";
168      */
169     private Digester digestMd5;
170         
171     public DavResource createResource( final DavResourceLocator locator, final DavServletRequest request,
172                                        final DavServletResponse response )
173         throws DavException
174     {
175         checkLocatorIsInstanceOfRepositoryLocator( locator );
176         ArchivaDavResourceLocator archivaLocator = (ArchivaDavResourceLocator) locator;
177         
178         RepositoryGroupConfiguration repoGroupConfig =
179             archivaConfiguration.getConfiguration().getRepositoryGroupsAsMap().get( archivaLocator.getRepositoryId() );
180         List<String> repositories = new ArrayList<String>();
181
182         boolean isGet = WebdavMethodUtil.isReadMethod( request.getMethod() );
183         boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
184         
185         if ( repoGroupConfig != null )
186         {
187             if( WebdavMethodUtil.isWriteMethod( request.getMethod() ) )
188             {
189                 throw new DavException( HttpServletResponse.SC_METHOD_NOT_ALLOWED,
190                                         "Write method not allowed for repository groups." );
191             }
192             repositories.addAll( repoGroupConfig.getRepositories() );
193
194             // handle browse requests for virtual repos
195             if ( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ).endsWith( "/" ) )
196             {
197                 return getResource( request, repositories, archivaLocator );
198             }
199         }
200         else
201         {
202             repositories.add( archivaLocator.getRepositoryId() );
203         }
204
205         //MRM-419 - Windows Webdav support. Should not 404 if there is no content.
206         if (StringUtils.isEmpty(archivaLocator.getRepositoryId()))
207         {
208             throw new DavException(HttpServletResponse.SC_NO_CONTENT);
209         }
210
211         List<DavResource> availableResources = new ArrayList<DavResource>();
212         List<String> resourcesInAbsolutePath = new ArrayList<String>();
213         DavException e = null;
214         
215         for ( String repositoryId : repositories )
216         {
217             ManagedRepositoryContent managedRepository = null;
218
219             try
220             {
221                 managedRepository = getManagedRepository( repositoryId );                
222             }
223             catch ( DavException de )
224             {
225                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, "Invalid managed repository <" +
226                     repositoryId + ">" );
227             }
228             
229             DavResource resource = null;
230             
231             if ( !locator.getResourcePath().startsWith( ArchivaDavResource.HIDDEN_PATH_PREFIX ) )
232             {                
233                 if ( managedRepository != null )
234                 {
235                     try
236                     {
237                         if( isAuthorized( request, repositoryId ) )
238                         {   
239                             LogicalResource logicalResource =
240                                 new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
241
242                             if ( isGet )
243                             {
244                                 resource = doGet( managedRepository, request, archivaLocator, logicalResource );
245                             }
246
247                             if ( isPut )
248                             {
249                                 resource = doPut( managedRepository, request, archivaLocator, logicalResource );                                
250                             }
251                         }
252                     }
253                     catch ( DavException de ) 
254                     {                        
255                         e = de;
256                         continue;
257                     }
258
259                     if( resource == null )
260                     {
261                         e = new DavException( HttpServletResponse.SC_NOT_FOUND, "Resource does not exist" );
262                     }
263                     else
264                     {                           
265                         availableResources.add( resource );
266
267                         String logicalResource = RepositoryPathUtil.getLogicalResource( locator.getResourcePath() );
268                         resourcesInAbsolutePath.add( managedRepository.getRepoRoot() + logicalResource );                        
269                     }
270                 }
271                 else
272                 {
273                     e = new DavException( HttpServletResponse.SC_NOT_FOUND, "Repository does not exist" );
274                 }
275             }
276         }        
277         
278         if ( availableResources.isEmpty() )
279         {
280             throw e;
281         }
282         
283         String requestedResource = request.getRequestURI();
284         
285         // MRM-872 : merge all available metadata
286         // merge metadata only when requested via the repo group        
287         if ( ( repositoryRequest.isMetadata( requestedResource ) || ( requestedResource.endsWith( "metadata.xml.sha1" ) || requestedResource.endsWith( "metadata.xml.md5" ) ) ) &&
288             repoGroupConfig != null )
289         {   
290             // this should only be at the project level not version level!
291             if( isProjectReference( requestedResource ) )
292             {
293                 String artifactId = StringUtils.substringBeforeLast( requestedResource.replace( '\\', '/' ), "/" );
294                 artifactId = StringUtils.substringAfterLast( artifactId, "/" );
295                 
296                 ArchivaDavResource res = ( ArchivaDavResource ) availableResources.get( 0 );
297                 String filePath = StringUtils.substringBeforeLast( res.getLocalResource().getAbsolutePath().replace( '\\', '/' ), "/" );                                
298                 filePath = filePath + "/maven-metadata-" + repoGroupConfig.getId() + ".xml";
299                 
300                 // for MRM-872 handle checksums of the merged metadata files 
301                 if( repositoryRequest.isSupportFile( requestedResource ) )
302                 {
303                     File metadataChecksum = new File( filePath + "." 
304                               + StringUtils.substringAfterLast( requestedResource, "." ) );                    
305                     if( metadataChecksum.exists() )
306                     {
307                         LogicalResource logicalResource =
308                             new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
309                                         
310                         String activePrincipal = getActivePrincipal( request );
311
312                         ArchivaDavResource metadataChecksumResource =
313                             new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(),
314                                                     null, request.getRemoteAddr(), activePrincipal,
315                                                     request.getDavSession(), archivaLocator, this, mimeTypes,
316                                                     auditListeners, consumers );
317                         availableResources.add( 0, metadataChecksumResource );
318                     }
319                 }
320                 else
321                 {   // merge the metadata of all repos under group
322                     ArchivaRepositoryMetadata mergedMetadata = new ArchivaRepositoryMetadata();
323                     for ( String resourceAbsPath : resourcesInAbsolutePath )    
324                     {   
325                         try
326                         {   
327                             File metadataFile = new File( resourceAbsPath );
328                             ArchivaRepositoryMetadata repoMetadata = RepositoryMetadataReader.read( metadataFile );
329                             mergedMetadata = RepositoryMetadataMerge.merge( mergedMetadata, repoMetadata );
330                         }
331                         catch ( RepositoryMetadataException r )
332                         {
333                             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
334                                                     "Error occurred while reading metadata file." );
335                         }                
336                     }        
337                     
338                     try
339                     {   
340                         File resourceFile = writeMergedMetadataToFile( mergedMetadata, filePath );   
341                         
342                         LogicalResource logicalResource =
343                             new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
344                                         
345                         String activePrincipal = getActivePrincipal( request );
346
347                         ArchivaDavResource metadataResource =
348                             new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), null,
349                                                     request.getRemoteAddr(), activePrincipal, request.getDavSession(),
350                                                     archivaLocator, this, mimeTypes, auditListeners, consumers );
351                         availableResources.add( 0, metadataResource );
352                     }
353                     catch ( RepositoryMetadataException r )
354                     {                
355                         throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
356                                                 "Error occurred while writing metadata file." );
357                     }
358                     catch ( IOException ie )
359                     {
360                         throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
361                             "Error occurred while generating checksum files." );
362                     }
363                     catch ( DigesterException de )
364                     {
365                         throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
366                             "Error occurred while generating checksum files." );
367                     }
368                 }
369             }
370         }
371                 
372         DavResource resource = availableResources.get( 0 );               
373         setHeaders(response, locator, resource );
374
375         // compatibility with MRM-440 to ensure browsing the repository works ok
376         if ( resource.isCollection() && !request.getRequestURI().endsWith("/" ) )
377         {
378             throw new BrowserRedirectException( resource.getHref() );
379         }
380         resource.addLockManager(lockManager);
381         return resource;
382     }
383
384     public DavResource createResource( final DavResourceLocator locator, final DavSession davSession )
385         throws DavException
386     {
387         checkLocatorIsInstanceOfRepositoryLocator( locator );
388         ArchivaDavResourceLocator archivaLocator = (ArchivaDavResourceLocator) locator;
389
390         DavResource resource = null;
391         if ( !locator.getResourcePath().startsWith( ArchivaDavResource.HIDDEN_PATH_PREFIX ) )
392         {
393             ManagedRepositoryContent managedRepository = getManagedRepository( archivaLocator.getRepositoryId() );
394             String logicalResource = RepositoryPathUtil.getLogicalResource( locator.getResourcePath() );
395             File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource );
396             resource =
397                 new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource,
398                                         managedRepository.getRepository(), davSession, archivaLocator, this, mimeTypes,
399                                         auditListeners, consumers );
400         }
401         resource.addLockManager(lockManager);
402         return resource;
403     }
404
405     private DavResource doGet( ManagedRepositoryContent managedRepository, DavServletRequest request,
406                                ArchivaDavResourceLocator locator, LogicalResource logicalResource )
407         throws DavException
408     {
409         File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
410         
411         //MRM-893, dont send back a file when user intentionally wants a directory
412         if ( locator.getHref( false ).endsWith( "/" ) )
413         {
414             if ( ! resourceFile.isDirectory() )
415             {
416                 //force a resource not found 
417                 return null;
418             }
419         }
420
421         String activePrincipal = getActivePrincipal( request );
422
423         ArchivaDavResource resource =
424             new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
425                                     managedRepository.getRepository(), request.getRemoteAddr(), activePrincipal,
426                                     request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
427
428         if ( !resource.isCollection() )
429         {
430             boolean previouslyExisted = resourceFile.exists();
431
432             // At this point the incoming request can either be in default or
433             // legacy layout format.
434             boolean fromProxy = fetchContentFromProxies( managedRepository, request, logicalResource );
435
436             try
437             {
438                 // Perform an adjustment of the resource to the managed
439                 // repository expected path.
440                 String localResourcePath =
441                     repositoryRequest.toNativePath( logicalResource.getPath(), managedRepository );
442                 resourceFile = new File( managedRepository.getRepoRoot(), localResourcePath );
443             }
444             catch ( LayoutException e )
445             {
446                 if ( previouslyExisted )
447                 {
448                     return resource;
449                 }
450                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, e );
451             }
452
453             // Attempt to fetch the resource from any defined proxy.
454             if ( fromProxy )
455             {
456                 String repositoryId = locator.getRepositoryId();
457                 String event = ( previouslyExisted ? AuditEvent.MODIFY_FILE : AuditEvent.CREATE_FILE ) + PROXIED_SUFFIX;
458                 triggerAuditEvent( request.getRemoteAddr(), repositoryId, logicalResource.getPath(), event,
459                                    activePrincipal );
460             }
461
462             if ( !resourceFile.exists() )
463             {
464                 resource = null;
465             }
466             else
467             {
468                 resource =
469                     new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
470                                             managedRepository.getRepository(), request.getRemoteAddr(),
471                                             activePrincipal, request.getDavSession(), locator, this, mimeTypes,
472                                             auditListeners, consumers );
473             }
474         }
475         return resource;
476     }
477
478     private DavResource doPut( ManagedRepositoryContent managedRepository, DavServletRequest request,
479                                ArchivaDavResourceLocator locator, LogicalResource logicalResource )
480         throws DavException
481     {
482         /*
483          * Create parent directories that don't exist when writing a file This actually makes this implementation not
484          * compliant to the WebDAV RFC - but we have enough knowledge about how the collection is being used to do this
485          * reasonably and some versions of Maven's WebDAV don't correctly create the collections themselves.
486          */
487
488         File rootDirectory = new File( managedRepository.getRepoRoot() );
489         File destDir = new File( rootDirectory, logicalResource.getPath() ).getParentFile();
490         
491         String activePrincipal = getActivePrincipal( request );
492
493         if ( request.getMethod().equals(HTTP_PUT_METHOD) && !destDir.exists() )
494         {
495             destDir.mkdirs();
496             String relPath = PathUtil.getRelative( rootDirectory.getAbsolutePath(), destDir );
497             triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR,
498                                activePrincipal );
499         }
500         
501         File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );        
502                 
503         return new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
504                                        managedRepository.getRepository(), request.getRemoteAddr(), activePrincipal,
505                                        request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
506     }
507
508     private boolean fetchContentFromProxies( ManagedRepositoryContent managedRepository, DavServletRequest request,
509                                              LogicalResource resource )
510         throws DavException
511     {
512         if ( repositoryRequest.isSupportFile( resource.getPath() ) )
513         {
514             File proxiedFile = connectors.fetchFromProxies( managedRepository, resource.getPath() );
515
516             return ( proxiedFile != null );
517         }
518
519         // Is it a Metadata resource?
520         if ( repositoryRequest.isDefault( resource.getPath() ) && repositoryRequest.isMetadata( resource.getPath() ) )
521         {
522             return connectors.fetchMetatadaFromProxies(managedRepository, resource.getPath()) != null;
523         }
524
525         // Not any of the above? Then it's gotta be an artifact reference.
526         try
527         {
528             // Get the artifact reference in a layout neutral way.
529             ArtifactReference artifact = repositoryRequest.toArtifactReference( resource.getPath() );
530
531             if ( artifact != null )
532             {
533                 applyServerSideRelocation( managedRepository, artifact );
534
535                 File proxiedFile = connectors.fetchFromProxies( managedRepository, artifact );
536
537                 resource.setPath( managedRepository.toPath( artifact ) );
538
539                 return ( proxiedFile != null );
540             }
541         }
542         catch ( LayoutException e )
543         {
544             /* eat it */
545         }
546         catch ( ProxyDownloadException e )
547         {
548             log.error( e.getMessage(), e );
549             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Unable to fetch artifact resource." );
550         }
551         return false;
552     }
553
554     /**
555      * A relocation capable client will request the POM prior to the artifact, and will then read meta-data and do
556      * client side relocation. A simplier client (like maven 1) will only request the artifact and not use the
557      * metadatas.
558      * <p>
559      * For such clients, archiva does server-side relocation by reading itself the &lt;relocation&gt; element in
560      * metadatas and serving the expected artifact.
561      */
562     protected void applyServerSideRelocation( ManagedRepositoryContent managedRepository, ArtifactReference artifact )
563         throws ProxyDownloadException
564     {
565         if ( "pom".equals( artifact.getType() ) )
566         {
567             return;
568         }
569
570         // Build the artifact POM reference
571         ArtifactReference pomReference = new ArtifactReference();
572         pomReference.setGroupId( artifact.getGroupId() );
573         pomReference.setArtifactId( artifact.getArtifactId() );
574         pomReference.setVersion( artifact.getVersion() );
575         pomReference.setType( "pom" );
576
577         // Get the artifact POM from proxied repositories if needed
578         connectors.fetchFromProxies( managedRepository, pomReference );
579
580         // Open and read the POM from the managed repo
581         File pom = managedRepository.toFile( pomReference );
582
583         if ( !pom.exists() )
584         {
585             return;
586         }
587
588         try
589         {
590             // MavenXpp3Reader leaves the file open, so we need to close it ourselves.
591             FileReader reader = new FileReader( pom );
592             Model model = null;
593             try
594             {
595                 model = new MavenXpp3Reader().read( reader );
596             }
597             finally
598             {
599                 if (reader != null)
600                 {
601                     reader.close();
602                 }
603             }
604
605             DistributionManagement dist = model.getDistributionManagement();
606             if ( dist != null )
607             {
608                 Relocation relocation = dist.getRelocation();
609                 if ( relocation != null )
610                 {
611                     // artifact is relocated : update the repositoryPath
612                     if ( relocation.getGroupId() != null )
613                     {
614                         artifact.setGroupId( relocation.getGroupId() );
615                     }
616                     if ( relocation.getArtifactId() != null )
617                     {
618                         artifact.setArtifactId( relocation.getArtifactId() );
619                     }
620                     if ( relocation.getVersion() != null )
621                     {
622                         artifact.setVersion( relocation.getVersion() );
623                     }
624                 }
625             }
626         }
627         catch ( FileNotFoundException e )
628         {
629             // Artifact has no POM in repo : ignore
630         }
631         catch ( IOException e )
632         {
633             // Unable to read POM : ignore.
634         }
635         catch ( XmlPullParserException e )
636         {
637             // Invalid POM : ignore
638         }
639     }
640
641     // TODO: remove?
642     private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action,
643                                     String principal )
644     {
645         AuditEvent event = new AuditEvent( repositoryId, principal, resource, action );
646         event.setRemoteIP( remoteIP );
647
648         for ( AuditListener listener : auditListeners )
649         {
650             listener.auditEvent( event );
651         }
652     }
653
654     public void addAuditListener( AuditListener listener )
655     {
656         this.auditListeners.add( listener );
657     }
658
659     public void clearAuditListeners()
660     {
661         this.auditListeners.clear();
662     }
663
664     public void removeAuditListener( AuditListener listener )
665     {
666         this.auditListeners.remove( listener );
667     }
668
669     private void setHeaders( DavServletResponse response, DavResourceLocator locator, DavResource resource )
670     {
671         // [MRM-503] - Metadata file need Pragma:no-cache response
672         // header.
673         if ( locator.getResourcePath().endsWith( "/maven-metadata.xml" ) )
674         {
675             response.addHeader( "Pragma", "no-cache" );
676             response.addHeader( "Cache-Control", "no-cache" );
677         }
678
679         //We need to specify this so connecting wagons can work correctly
680         response.addDateHeader("last-modified", resource.getModificationTime());
681
682         // TODO: [MRM-524] determine http caching options for other types of files (artifacts, sha1, md5, snapshots)
683     }
684
685     private ManagedRepositoryContent getManagedRepository( String respositoryId )
686         throws DavException
687     {
688         if ( respositoryId != null )
689         {
690             try
691             {
692                 return repositoryFactory.getManagedRepositoryContent( respositoryId );
693             }
694             catch ( RepositoryNotFoundException e )
695             {
696                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, e );
697             }
698             catch ( RepositoryException e )
699             {
700                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, e );
701             }
702         }
703         return null;
704     }
705
706     private void checkLocatorIsInstanceOfRepositoryLocator( DavResourceLocator locator )
707         throws DavException
708     {
709         if ( !( locator instanceof RepositoryLocator ) )
710         {
711             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
712                                     "Locator does not implement RepositoryLocator" );
713         }
714     }
715
716     class LogicalResource
717     {
718         private String path;
719
720         public LogicalResource( String path )
721         {
722             this.path = path;
723         }
724
725         public String getPath()
726         {
727             return path;
728         }
729
730         public void setPath( String path )
731         {
732             this.path = path;
733         }
734     }
735
736     protected boolean isAuthorized( DavServletRequest request, String repositoryId )
737         throws DavException
738     {   
739         try
740         {     
741             AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
742             SecuritySession securitySession = httpAuth.getSecuritySession( request.getSession( true ) );
743
744             return servletAuth.isAuthenticated( request, result ) &&
745                 servletAuth.isAuthorized( request, securitySession, repositoryId,
746                                           WebdavMethodUtil.isWriteMethod( request.getMethod() ) );
747         }
748         catch ( AuthenticationException e )
749         {            
750             boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
751             
752             // safety check for MRM-911            
753             String guest = UserManager.GUEST_USERNAME;
754             try
755             {
756                 if( servletAuth.isAuthorized( guest, 
757                       ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId(), isPut ) )
758                 {   
759                     return true;
760                 }
761             }
762             catch ( UnauthorizedException ae )
763             {
764                 throw new UnauthorizedDavException( repositoryId,
765                         "You are not authenticated and authorized to access any repository." );
766             }
767                         
768             throw new UnauthorizedDavException( repositoryId, "You are not authenticated" );
769         }
770         catch ( MustChangePasswordException e )
771         {
772             throw new UnauthorizedDavException( repositoryId, "You must change your password." );
773         }
774         catch ( AccountLockedException e )
775         {
776             throw new UnauthorizedDavException( repositoryId, "User account is locked." );
777         }
778         catch ( AuthorizationException e )
779         {
780             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
781                                     "Fatal Authorization Subsystem Error." );
782         }
783         catch ( UnauthorizedException e )
784         {
785             throw new UnauthorizedDavException( repositoryId, e.getMessage() );
786         }
787     }
788
789     private DavResource getResource( DavServletRequest request, List<String> repositories, ArchivaDavResourceLocator locator )
790         throws DavException
791     {
792         List<File> mergedRepositoryContents = new ArrayList<File>();
793         LogicalResource logicalResource =
794             new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
795
796         // flow:
797         // if the current user logged in has permission to any of the repositories, allow user to
798         // browse the repo group but displaying only the repositories which the user has permission to access.
799         // otherwise, prompt for authentication.
800
801         String activePrincipal = getActivePrincipal( request );
802         
803         boolean allow = isAllowedToContinue( request, repositories, activePrincipal );
804
805         if( allow )
806         {
807             boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
808             
809             for( String repository : repositories )
810             {
811                 // for prompted authentication
812                 if( httpAuth.getSecuritySession( request.getSession( true ) ) != null )
813                 {
814                     try
815                     {
816                         if( isAuthorized( request, repository ) )
817                         {
818                             getResource( locator, mergedRepositoryContents, logicalResource, repository );
819                         }
820                     }
821                     catch ( DavException e )
822                     {
823                         continue;
824                     }
825                 }
826                 else
827                 {
828                     // for the current user logged in
829                     try
830                     {
831                         if( servletAuth.isAuthorized( activePrincipal, repository, isPut ) )
832                         {
833                             getResource( locator, mergedRepositoryContents, logicalResource, repository );
834                         }
835                     }
836                     catch ( UnauthorizedException e )
837                     {
838                         continue;
839                     }
840                 }
841             }
842         }
843         else
844         {
845             throw new UnauthorizedDavException( locator.getRepositoryId(), "User not authorized." );
846         }
847
848         ArchivaVirtualDavResource resource =
849             new ArchivaVirtualDavResource( mergedRepositoryContents, logicalResource.getPath(), mimeTypes, locator, this );
850
851         // compatibility with MRM-440 to ensure browsing the repository group works ok
852         if ( resource.isCollection() && !request.getRequestURI().endsWith("/" ) )
853         {
854             throw new BrowserRedirectException( resource.getHref() );
855         }
856
857         return resource;
858     }
859
860     private String getActivePrincipal( DavServletRequest request )
861     {
862         User sessionUser = httpAuth.getSessionUser( request.getSession() );
863         return sessionUser != null ? sessionUser.getUsername() : UserManager.GUEST_USERNAME;
864     }
865
866     private void getResource( ArchivaDavResourceLocator locator, List<File> mergedRepositoryContents,
867                               LogicalResource logicalResource, String repository )
868         throws DavException
869     {
870         ManagedRepositoryContent managedRepository = null;
871
872         try
873         {
874             managedRepository = getManagedRepository( repository );
875         }
876         catch ( DavException de )
877         {
878             throw new DavException( HttpServletResponse.SC_NOT_FOUND, "Invalid managed repository <" +
879                 repository + ">" );
880         }
881
882         if ( !locator.getResourcePath().startsWith( ArchivaVirtualDavResource.HIDDEN_PATH_PREFIX ) )
883         {
884             if( managedRepository != null )
885             {
886                 File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
887                 if( resourceFile.exists() )
888                 {
889                     mergedRepositoryContents.add( resourceFile );
890                 }
891             }
892         }
893     }
894
895     /**
896      * Check if the current user is authorized to access any of the repos
897      *
898      * @param request
899      * @param repositories
900      * @param activePrincipal
901      * @return
902      */
903     private boolean isAllowedToContinue( DavServletRequest request, List<String> repositories, String activePrincipal )
904     {
905         boolean allow = false;
906
907
908         // if securitySession != null, it means that the user was prompted for authentication
909         if( httpAuth.getSecuritySession( request.getSession() ) != null )
910         {
911             for( String repository : repositories )
912             {
913                 try
914                 {
915                     if( isAuthorized( request, repository ) )
916                     {
917                         allow = true;
918                         break;
919                     }
920                 }
921                 catch( DavException e )
922                 {
923                     continue;
924                 }
925             }
926         }
927         else
928         {
929             boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
930             for( String repository : repositories )
931             {
932                 try
933                 {   
934                     if( servletAuth.isAuthorized( activePrincipal, repository, isPut ) )
935                     {
936                         allow = true;
937                         break;
938                     }
939                 }
940                 catch ( UnauthorizedException e )
941                 {
942                     continue;
943                 }
944             }
945         }
946
947         return allow;
948     }
949
950     private File writeMergedMetadataToFile( ArchivaRepositoryMetadata mergedMetadata, String outputFilename )
951         throws RepositoryMetadataException, DigesterException, IOException
952     {  
953         File outputFile = new File( outputFilename );        
954         if( outputFile.exists() )
955         {
956             FileUtils.deleteQuietly( outputFile );
957         }
958         
959         outputFile.getParentFile().mkdirs();
960         RepositoryMetadataWriter.write( mergedMetadata, outputFile );
961         
962         createChecksumFile( outputFilename, digestSha1 );
963         createChecksumFile( outputFilename, digestMd5 );
964         
965         return outputFile;
966     }
967     
968     private void createChecksumFile( String path, Digester digester )
969         throws DigesterException, IOException
970     {   
971         File checksumFile = new File( path + digester.getFilenameExtension() );        
972         if ( !checksumFile.exists() )
973         {
974             FileUtils.deleteQuietly( checksumFile );
975             checksum.createChecksum( new File( path ), digester );            
976         }
977         else if ( !checksumFile.isFile() )
978         {
979             log.error( "Checksum file is not a file." );
980         }
981     }
982     
983     private boolean isProjectReference( String requestedResource )
984     {  
985        try
986        {           
987            metadataTools.toVersionedReference( requestedResource );           
988            return false;
989        }
990        catch ( RepositoryMetadataException re )
991        {
992            return true;
993        }
994     }
995     
996     public void setServletAuth( ServletAuthenticator servletAuth )
997     {
998         this.servletAuth = servletAuth;
999     }
1000     
1001     public void setHttpAuth( HttpAuthenticator httpAuth )
1002     {
1003         this.httpAuth = httpAuth;
1004     }
1005 }