source.dussan.org Git - archiva.git/blob

   1 package org.apache.maven.archiva.webdav;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.jackrabbit.webdav.DavSessionProvider;
  23 import org.apache.jackrabbit.webdav.WebdavRequest;
  24 import org.apache.jackrabbit.webdav.DavException;
  25 import org.apache.jackrabbit.webdav.DavServletRequest;
  26 import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
  27 import org.apache.maven.archiva.security.ArchivaXworkUser;
  28 import org.apache.maven.archiva.security.ServletAuthenticator;
  29 import org.codehaus.plexus.redback.authentication.AuthenticationException;
  30 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  31 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
  32 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
  33 import org.codehaus.plexus.redback.policy.AccountLockedException;
  34 import org.codehaus.plexus.redback.struts2.filter.authentication.HttpAuthenticator;
  35 import org.slf4j.Logger;
  36 import org.slf4j.LoggerFactory;
  37
  38 /**
  39  * @author <a href="mailto:james@atlassian.com">James William Dumay</a>
  40  */
  41 public class ArchivaDavSessionProvider
  42     implements DavSessionProvider
  43 {
  44     private Logger log = LoggerFactory.getLogger( ArchivaDavSessionProvider.class );
  45
  46     private ServletAuthenticator servletAuth;
  47
  48     private HttpAuthenticator httpAuth;
  49
  50     private ArchivaXworkUser archivaXworkUser;
  51
  52     public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator httpAuth, ArchivaXworkUser archivaXworkUser )
  53     {
  54         this.servletAuth = servletAuth;
  55         this.httpAuth = httpAuth;
  56         this.archivaXworkUser = archivaXworkUser;
  57     }
  58
  59     public boolean attachSession( WebdavRequest request )
  60         throws DavException
  61     {
  62         final String repositoryId = RepositoryPathUtil.getRepositoryName( removeContextPath( request ) );
  63
  64         try
  65         {
  66             AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
  67
  68             //Create a dav session
  69             request.setDavSession(new ArchivaDavSession());
  70
  71             return servletAuth.isAuthenticated( request, result );
  72         }
  73         catch ( AuthenticationException e )
  74         {
  75             // safety check for MRM-911
  76             String guest = archivaXworkUser.getGuest();
  77             try
  78             {
  79                 if( servletAuth.isAuthorized( guest,
  80                       ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId() ) )
  81                 {
  82                     request.setDavSession(new ArchivaDavSession());
  83                     return true;
  84                 }
  85             }
  86             catch ( UnauthorizedException ae )
  87             {
  88                 throw new UnauthorizedDavException( repositoryId,
  89                     "You are not authenticated and authorized to access any repository." );
  90             }
  91
  92             throw new UnauthorizedDavException( repositoryId, "You are not authenticated." );
  93         }
  94         catch ( MustChangePasswordException e )
  95         {
  96             throw new UnauthorizedDavException( repositoryId, "You must change your password." );
  97         }
  98         catch ( AccountLockedException e )
  99         {
 100             throw new UnauthorizedDavException( repositoryId, "User account is locked." );
 101         }
 102     }
 103
 104     public void releaseSession( WebdavRequest request )
 105     {
 106         request.setDavSession(null);
 107     }
 108
 109     private String removeContextPath( final DavServletRequest request )
 110     {
 111         String path = request.getRequestURI();
 112         String ctx = request.getContextPath();
 113         if ( path.startsWith( ctx ) )
 114         {
 115             path = path.substring( ctx.length() );
 116         }
 117         return path;
 118     }
 119 }