1 package org.apache.maven.archiva.webdav;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import org.apache.jackrabbit.webdav.DavSessionProvider;
23 import org.apache.jackrabbit.webdav.WebdavRequest;
24 import org.apache.jackrabbit.webdav.DavException;
25 import org.apache.jackrabbit.webdav.DavServletRequest;
26 import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
27 import org.apache.maven.archiva.security.ArchivaXworkUser;
28 import org.apache.maven.archiva.security.ServletAuthenticator;
29 import org.codehaus.plexus.redback.authentication.AuthenticationException;
30 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
31 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
32 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
33 import org.codehaus.plexus.redback.policy.AccountLockedException;
34 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
35 import org.slf4j.Logger;
36 import org.slf4j.LoggerFactory;
39 * @author <a href="mailto:james@atlassian.com">James William Dumay</a>
41 public class ArchivaDavSessionProvider
42 implements DavSessionProvider
44 private Logger log = LoggerFactory.getLogger( ArchivaDavSessionProvider.class );
46 private ServletAuthenticator servletAuth;
48 private HttpAuthenticator httpAuth;
50 private ArchivaXworkUser archivaXworkUser;
52 public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator httpAuth, ArchivaXworkUser archivaXworkUser )
54 this.servletAuth = servletAuth;
55 this.httpAuth = httpAuth;
56 this.archivaXworkUser = archivaXworkUser;
59 public boolean attachSession( WebdavRequest request )
62 final String repositoryId = RepositoryPathUtil.getRepositoryName( removeContextPath( request ) );
66 AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
68 //Create a dav session
69 request.setDavSession(new ArchivaDavSession());
71 return servletAuth.isAuthenticated( request, result );
73 catch ( AuthenticationException e )
75 // safety check for MRM-911
76 String guest = archivaXworkUser.getGuest();
79 if( servletAuth.isAuthorized( guest,
80 ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId() ) )
82 request.setDavSession(new ArchivaDavSession());
86 catch ( UnauthorizedException ae )
88 throw new UnauthorizedDavException( repositoryId,
89 "You are not authenticated and authorized to access any repository." );
92 throw new UnauthorizedDavException( repositoryId, "You are not authenticated." );
94 catch ( MustChangePasswordException e )
96 throw new UnauthorizedDavException( repositoryId, "You must change your password." );
98 catch ( AccountLockedException e )
100 throw new UnauthorizedDavException( repositoryId, "User account is locked." );
104 public void releaseSession( WebdavRequest request )
106 request.setDavSession(null);
109 private String removeContextPath( final DavServletRequest request )
111 String path = request.getRequestURI();
112 String ctx = request.getContextPath();
113 if ( path.startsWith( ctx ) )
115 path = path.substring( ctx.length() );