]> source.dussan.org Git - archiva.git/blob
8d00acb7e1ccb228db69430ef0aa2c8fe69ed909
[archiva.git] /
1 package org.apache.archiva.security;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  *  http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import javax.inject.Inject;
23 import javax.servlet.http.HttpServletRequest;
24
25 import org.codehaus.plexus.redback.authentication.AuthenticationException;
26 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
27 import org.codehaus.plexus.redback.authorization.AuthorizationException;
28 import org.codehaus.plexus.redback.authorization.AuthorizationResult;
29 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
30 import org.codehaus.plexus.redback.policy.AccountLockedException;
31 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
32 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
33 import org.codehaus.plexus.redback.system.SecuritySession;
34 import org.codehaus.plexus.redback.system.SecuritySystem;
35 import org.codehaus.plexus.redback.users.User;
36 import org.codehaus.plexus.redback.users.UserNotFoundException;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39 import org.springframework.stereotype.Service;
40
41 /**
42  * @version
43  * plexus.component role="org.apache.archiva.security.ServletAuthenticator" role-hint="default"
44  */
45 @Service("servletAuthenticator")
46 public class ArchivaServletAuthenticator
47     implements ServletAuthenticator
48 {
49     private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
50
51     /**
52      * plexus.requirement
53      */
54     @Inject
55     private SecuritySystem securitySystem;
56
57     public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
58         throws AuthenticationException, AccountLockedException, MustChangePasswordException
59     {
60         if ( result != null && !result.isAuthenticated() )
61         {
62             throw new AuthenticationException( "User Credentials Invalid" );
63         }
64
65         return true;
66     }
67
68     public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
69                                  String permission )
70         throws AuthorizationException, UnauthorizedException
71     {
72         // TODO: also check for permission to proxy the resource when MRM-579 is implemented
73
74         AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
75
76         if ( !authzResult.isAuthorized() )
77         {
78             if ( authzResult.getException() != null )
79             {
80                 log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission
81                     + ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() );
82
83                 throw new UnauthorizedException( "Access denied for repository " + repositoryId );
84             }
85             throw new UnauthorizedException( "User account is locked" );
86         }
87
88         return true;
89     }
90
91     public boolean isAuthorized( String principal, String repoId, String permission )
92         throws UnauthorizedException
93     {
94         try
95         {
96             User user = securitySystem.getUserManager().findUser( principal );
97             if ( user == null )
98             {
99                 throw new UnauthorizedException( "The security system had an internal error - please check your system logs" );
100             }
101             if ( user.isLocked() )
102             {
103                 throw new UnauthorizedException( "User account is locked." );
104             }
105
106             AuthenticationResult authn = new AuthenticationResult( true, principal, null );
107             SecuritySession securitySession = new DefaultSecuritySession( authn, user );
108
109             return securitySystem.isAuthorized( securitySession, permission, repoId );
110         }
111         catch ( UserNotFoundException e )
112         {
113             throw new UnauthorizedException( e.getMessage() );
114         }
115         catch ( AuthorizationException e )
116         {
117             throw new UnauthorizedException( e.getMessage() );
118         }
119     }
120
121
122     public SecuritySystem getSecuritySystem()
123     {
124         return securitySystem;
125     }
126
127     public void setSecuritySystem( SecuritySystem securitySystem )
128     {
129         this.securitySystem = securitySystem;
130     }
131 }