1 package org.apache.archiva.web.rss;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import com.sun.syndication.feed.synd.SyndFeed;
23 import com.sun.syndication.io.FeedException;
24 import com.sun.syndication.io.SyndFeedOutput;
25 import org.apache.archiva.metadata.repository.RepositorySession;
26 import org.apache.archiva.metadata.repository.RepositorySessionFactory;
27 import org.apache.archiva.redback.authentication.AuthenticationException;
28 import org.apache.archiva.redback.users.UserManager;
29 import org.apache.archiva.redback.users.UserNotFoundException;
30 import org.apache.archiva.rss.processor.RssFeedProcessor;
31 import org.apache.archiva.security.AccessDeniedException;
32 import org.apache.archiva.security.ArchivaSecurityException;
33 import org.apache.archiva.security.PrincipalNotFoundException;
34 import org.apache.archiva.security.ServletAuthenticator;
35 import org.apache.archiva.security.UserRepositories;
36 import org.apache.archiva.security.common.ArchivaRoleConstants;
37 import org.apache.commons.codec.Decoder;
38 import org.apache.commons.codec.DecoderException;
39 import org.apache.commons.codec.binary.Base64;
40 import org.apache.commons.lang.StringUtils;
41 import org.apache.archiva.redback.authentication.AuthenticationResult;
42 import org.apache.archiva.redback.authorization.AuthorizationException;
43 import org.apache.archiva.redback.authorization.UnauthorizedException;
44 import org.codehaus.plexus.redback.policy.AccountLockedException;
45 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
46 import org.codehaus.plexus.redback.system.SecuritySession;
47 import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
48 import org.slf4j.Logger;
49 import org.slf4j.LoggerFactory;
50 import org.springframework.web.context.WebApplicationContext;
51 import org.springframework.web.context.support.WebApplicationContextUtils;
53 import javax.servlet.ServletException;
54 import javax.servlet.http.HttpServlet;
55 import javax.servlet.http.HttpServletRequest;
56 import javax.servlet.http.HttpServletResponse;
57 import java.io.IOException;
58 import java.util.ArrayList;
59 import java.util.Collections;
60 import java.util.HashMap;
61 import java.util.List;
65 * Servlet for handling rss feed requests.
67 public class RssFeedServlet
70 public static final String MIME_TYPE = "application/rss+xml; charset=UTF-8";
72 private static final String COULD_NOT_GENERATE_FEED_ERROR = "Could not generate feed";
74 private static final String COULD_NOT_AUTHENTICATE_USER = "Could not authenticate user";
76 private static final String USER_NOT_AUTHORIZED = "User not authorized to access feed.";
78 private Logger log = LoggerFactory.getLogger( RssFeedServlet.class );
80 private RssFeedProcessor processor;
82 private WebApplicationContext wac;
84 private UserRepositories userRepositories;
86 private ServletAuthenticator servletAuth;
88 private HttpAuthenticator httpAuth;
90 private RepositorySessionFactory repositorySessionFactory;
92 public void init( javax.servlet.ServletConfig servletConfig )
93 throws ServletException
95 super.init( servletConfig );
96 wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() );
97 userRepositories = wac.getBean( UserRepositories.class );
98 servletAuth = wac.getBean( ServletAuthenticator.class );
99 httpAuth = wac.getBean( "httpAuthenticator#basic", HttpAuthenticator.class );
100 // TODO: what if there are other types?
101 repositorySessionFactory = wac.getBean( "repositorySessionFactory", RepositorySessionFactory.class );
104 public void doGet( HttpServletRequest req, HttpServletResponse res )
105 throws ServletException, IOException
107 String repoId = null;
108 String groupId = null;
109 String artifactId = null;
111 String url = StringUtils.removeEnd( req.getRequestURL().toString(), "/" );
112 if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) > 0 )
114 artifactId = StringUtils.substringAfterLast( url, "/" );
115 groupId = StringUtils.substringBeforeLast( StringUtils.substringAfter( url, "feeds/" ), "/" );
116 groupId = StringUtils.replaceChars( groupId, '/', '.' );
118 else if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) == 0 )
120 repoId = StringUtils.substringAfterLast( url, "/" );
124 res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Invalid request url." );
130 Map<String, String> map = new HashMap<String, String>();
131 SyndFeed feed = null;
133 if ( isAllowed( req, repoId, groupId, artifactId ) )
135 if ( repoId != null )
137 // new artifacts in repo feed request
138 processor = wac.getBean( "rssFeedProcessor#new-artifacts", RssFeedProcessor.class );
139 map.put( RssFeedProcessor.KEY_REPO_ID, repoId );
141 else if ( ( groupId != null ) && ( artifactId != null ) )
143 // TODO: this only works for guest - we could pass in the list of repos
144 // new versions of artifact feed request
145 processor = wac.getBean( "rssFeedProcessor#new-versions", RssFeedProcessor.class );
146 map.put( RssFeedProcessor.KEY_GROUP_ID, groupId );
147 map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId );
152 res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
156 RepositorySession repositorySession = repositorySessionFactory.createSession();
159 feed = processor.process( map, repositorySession.getRepository() );
163 repositorySession.close();
167 res.sendError( HttpServletResponse.SC_NO_CONTENT, "No information available." );
171 res.setContentType( MIME_TYPE );
173 if ( repoId != null )
175 feed.setLink( req.getRequestURL().toString() );
177 else if ( ( groupId != null ) && ( artifactId != null ) )
179 feed.setLink( req.getRequestURL().toString() );
182 SyndFeedOutput output = new SyndFeedOutput();
183 output.output( feed, res.getWriter() );
185 catch ( UserNotFoundException unfe )
187 log.debug( COULD_NOT_AUTHENTICATE_USER, unfe );
188 res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
190 catch ( AccountLockedException acce )
192 res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
194 catch ( AuthenticationException authe )
196 log.debug( COULD_NOT_AUTHENTICATE_USER, authe );
197 res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
199 catch ( FeedException ex )
201 log.debug( COULD_NOT_GENERATE_FEED_ERROR, ex );
202 res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, COULD_NOT_GENERATE_FEED_ERROR );
204 catch ( MustChangePasswordException e )
206 res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
208 catch ( UnauthorizedException e )
210 log.debug( e.getMessage() );
211 if ( repoId != null )
213 res.setHeader( "WWW-Authenticate",
214 "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" );
218 res.setHeader( "WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId );
221 res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
226 * Basic authentication.
229 * @param repositoryId TODO
230 * @param groupId TODO
231 * @param artifactId TODO
234 private boolean isAllowed( HttpServletRequest req, String repositoryId, String groupId, String artifactId )
235 throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException,
236 UnauthorizedException
238 String auth = req.getHeader( "Authorization" );
239 List<String> repoIds = new ArrayList<String>();
241 if ( repositoryId != null )
243 repoIds.add( repositoryId );
245 else if ( artifactId != null && groupId != null )
249 if ( !auth.toUpperCase().startsWith( "BASIC " ) )
254 Decoder dec = new Base64();
255 String usernamePassword = "";
259 usernamePassword = new String( (byte[]) dec.decode( auth.substring( 6 ).getBytes() ) );
261 catch ( DecoderException ie )
263 log.warn( "Error decoding username and password.", ie.getMessage() );
266 if ( usernamePassword == null || usernamePassword.trim().equals( "" ) )
268 repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
272 String[] userCredentials = usernamePassword.split( ":" );
273 repoIds = getObservableRepos( userCredentials[0] );
278 repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
286 for ( String repoId : repoIds )
290 AuthenticationResult result = httpAuth.getAuthenticationResult( req, null );
291 SecuritySession securitySession = httpAuth.getSecuritySession( req.getSession( true ) );
293 if ( servletAuth.isAuthenticated( req, result ) && servletAuth.isAuthorized( req, securitySession,
295 ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) )
300 catch ( AuthorizationException e )
304 catch ( UnauthorizedException e )
310 throw new UnauthorizedException( "Access denied." );
313 private List<String> getObservableRepos( String principal )
317 return userRepositories.getObservableRepositoryIds( principal );
319 catch ( PrincipalNotFoundException e )
321 log.warn( e.getMessage(), e );
323 catch ( AccessDeniedException e )
325 log.warn( e.getMessage(), e );
327 catch ( ArchivaSecurityException e )
329 log.warn( e.getMessage(), e );
332 return Collections.emptyList();