source.dussan.org Git - archiva.git/blob

   1 package org.apache.maven.archiva.web.repository;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.maven.archiva.configuration.ArchivaConfiguration;
  23 import org.apache.maven.archiva.configuration.ConfigurationNames;
  24 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
  25 import org.apache.maven.archiva.security.ArchivaRoleConstants;
  26 import org.codehaus.plexus.redback.authentication.AuthenticationException;
  27 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  28 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  29 import org.codehaus.plexus.redback.authorization.AuthorizationResult;
  30 import org.codehaus.plexus.redback.policy.AccountLockedException;
  31 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
  32 import org.codehaus.plexus.redback.system.SecuritySession;
  33 import org.codehaus.plexus.redback.system.SecuritySystem;
  34 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
  35 import org.codehaus.plexus.registry.Registry;
  36 import org.codehaus.plexus.registry.RegistryListener;
  37 import org.codehaus.plexus.webdav.DavServerComponent;
  38 import org.codehaus.plexus.webdav.DavServerException;
  39 import org.codehaus.plexus.webdav.servlet.DavServerRequest;
  40 import org.codehaus.plexus.webdav.servlet.multiplexed.MultiplexedWebDavServlet;
  41 import org.codehaus.plexus.webdav.util.WebdavMethodUtil;
  42
  43 import javax.servlet.ServletConfig;
  44 import javax.servlet.ServletException;
  45 import javax.servlet.http.HttpServletRequest;
  46 import javax.servlet.http.HttpServletResponse;
  47 import java.io.File;
  48 import java.io.IOException;
  49 import java.util.HashMap;
  50 import java.util.Iterator;
  51 import java.util.List;
  52 import java.util.Map;
  53
  54 /**
  55  * RepositoryServlet
  56  *
  57  * @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
  58  * @version $Id$
  59  */
  60 public class RepositoryServlet
  61     extends MultiplexedWebDavServlet
  62     implements RegistryListener
  63 {
  64     /**
  65      * @plexus.requirement
  66      */
  67     private SecuritySystem securitySystem;
  68
  69     /**
  70      * @plexus.requirement role-hint="basic"
  71      */
  72     private HttpAuthenticator httpAuth;
  73
  74     /**
  75      * @plexus.requirement
  76      */
  77     private AuditLog audit;
  78
  79     /**
  80      * @plexus.requirement
  81      */
  82     private ArchivaConfiguration configuration;
  83
  84     private Map<String, ManagedRepositoryConfiguration> repositoryMap =
  85         new HashMap<String, ManagedRepositoryConfiguration>();
  86
  87     public void initComponents()
  88         throws ServletException
  89     {
  90         super.initComponents();
  91
  92         securitySystem = (SecuritySystem) lookup( SecuritySystem.ROLE );
  93         httpAuth = (HttpAuthenticator) lookup( HttpAuthenticator.ROLE, "basic" );
  94         audit = (AuditLog) lookup( AuditLog.ROLE );
  95
  96         configuration = (ArchivaConfiguration) lookup( ArchivaConfiguration.class.getName() );
  97         configuration.addChangeListener( this );
  98
  99         updateRepositoryMap();
 100     }
 101
 102     public void initServers( ServletConfig servletConfig )
 103         throws DavServerException
 104     {
 105         List repositories = configuration.getConfiguration().getManagedRepositories();
 106         Iterator itrepos = repositories.iterator();
 107         while ( itrepos.hasNext() )
 108         {
 109             ManagedRepositoryConfiguration repo = (ManagedRepositoryConfiguration) itrepos.next();
 110
 111             File repoDir = new File( repo.getLocation() );
 112
 113             if ( !repoDir.exists() )
 114             {
 115                 if ( !repoDir.mkdirs() )
 116                 {
 117                     // Skip invalid directories.
 118                     log( "Unable to create missing directory for " + repo.getLocation() );
 119                     continue;
 120                 }
 121             }
 122
 123             DavServerComponent server = createServer( repo.getId(), repoDir, servletConfig );
 124
 125             server.addListener( audit );
 126         }
 127     }
 128
 129     public ManagedRepositoryConfiguration getRepository( DavServerRequest request )
 130     {
 131         // TODO: use sync wrapper instead?
 132         synchronized ( this.repositoryMap )
 133         {
 134             return repositoryMap.get( request.getPrefix() );
 135         }
 136     }
 137
 138     public String getRepositoryName( DavServerRequest request )
 139     {
 140         ManagedRepositoryConfiguration repoConfig = getRepository( request );
 141         if ( repoConfig == null )
 142         {
 143             return "Unknown";
 144         }
 145
 146         return repoConfig.getName();
 147     }
 148
 149     private void updateRepositoryMap()
 150     {
 151         synchronized ( this.repositoryMap )
 152         {
 153             this.repositoryMap.clear();
 154             this.repositoryMap.putAll( configuration.getConfiguration().getManagedRepositoriesAsMap() );
 155         }
 156     }
 157
 158     public boolean isAuthenticated( DavServerRequest davRequest, HttpServletResponse response )
 159         throws ServletException, IOException
 160     {
 161         HttpServletRequest request = davRequest.getRequest();
 162
 163         // Authentication Tests.
 164         try
 165         {
 166             AuthenticationResult result = httpAuth.getAuthenticationResult( request, response );
 167
 168             if ( result != null && !result.isAuthenticated() )
 169             {
 170                 // Must Authenticate.
 171                 httpAuth.challenge( request, response, "Repository " + getRepositoryName( davRequest ),
 172                                     new AuthenticationException( "User Credentials Invalid" ) );
 173                 return false;
 174             }
 175         }
 176         catch ( AuthenticationException e )
 177         {
 178             log( "Fatal Http Authentication Error.", e );
 179             throw new ServletException( "Fatal Http Authentication Error.", e );
 180         }
 181         catch ( AccountLockedException e )
 182         {
 183             httpAuth.challenge( request, response, "Repository " + getRepositoryName( davRequest ),
 184                                 new AuthenticationException( "User account is locked" ) );
 185         }
 186         catch ( MustChangePasswordException e )
 187         {
 188             httpAuth.challenge( request, response, "Repository " + getRepositoryName( davRequest ),
 189                                 new AuthenticationException( "You must change your password." ) );
 190         }
 191
 192         return true;
 193     }
 194
 195     public boolean isAuthorized( DavServerRequest davRequest, HttpServletResponse response )
 196         throws ServletException, IOException
 197     {
 198         // Authorization Tests.
 199         HttpServletRequest request = davRequest.getRequest();
 200
 201         boolean isWriteRequest = WebdavMethodUtil.isWriteMethod( request.getMethod() );
 202
 203         SecuritySession securitySession = httpAuth.getSecuritySession();
 204         try
 205         {
 206             String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
 207
 208             if ( isWriteRequest )
 209             {
 210                 permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
 211             }
 212
 213             AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, davRequest
 214                 .getPrefix() );
 215
 216             if ( !authzResult.isAuthorized() )
 217             {
 218                 if ( authzResult.getException() != null )
 219                 {
 220                     log( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
 221                         ",permission=" + permission + ",repo=" + davRequest.getPrefix() + "] : " +
 222                         authzResult.getException().getMessage() );
 223                 }
 224
 225                 // Issue HTTP Challenge.
 226                 httpAuth.challenge( request, response, "Repository " + getRepositoryName( davRequest ),
 227                                     new AuthenticationException( "Authorization Denied." ) );
 228                 return false;
 229             }
 230         }
 231         catch ( AuthorizationException e )
 232         {
 233             throw new ServletException( "Fatal Authorization Subsystem Error." );
 234         }
 235
 236         return true;
 237     }
 238
 239     public void beforeConfigurationChange( Registry registry, String propertyName, Object propertyValue )
 240     {
 241         // nothing to do
 242     }
 243
 244     public void afterConfigurationChange( Registry registry, String propertyName, Object propertyValue )
 245     {
 246         if ( ConfigurationNames.isManagedRepositories( propertyName ) )
 247         {
 248             // Attempt to reduce the number of times we refresh the repository map.
 249             if ( propertyName.endsWith( ".id" ) || propertyName.endsWith( ".url" ) )
 250             {
 251                 synchronized ( this.repositoryMap )
 252                 {
 253                     updateRepositoryMap();
 254
 255                     getDavManager().removeAllServers();
 256
 257                     try
 258                     {
 259                         initServers( getServletConfig() );
 260                     }
 261                     catch ( DavServerException e )
 262                     {
 263                         log( "Error restarting WebDAV server after configuration change - service disabled: " +
 264                             e.getMessage(), e );
 265                     }
 266                 }
 267             }
 268         }
 269     }
 270 }