source.dussan.org Git - archiva.git/blob

   1 package org.apache.maven.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import javax.servlet.http.HttpServletRequest;
  23
  24 import org.apache.maven.archiva.security.ArchivaRoleConstants;
  25 import org.codehaus.plexus.redback.authentication.AuthenticationException;
  26 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  27 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  28 import org.codehaus.plexus.redback.authorization.AuthorizationResult;
  29 import org.codehaus.plexus.redback.policy.AccountLockedException;
  30 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
  31 import org.codehaus.plexus.redback.system.SecuritySession;
  32 import org.codehaus.plexus.redback.system.SecuritySystem;
  33 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
  34 import org.slf4j.Logger;
  35 import org.slf4j.LoggerFactory;
  36
  37 /**
  38  * @version
  39  * @plexus.component role="org.apache.maven.archiva.security.ServletAuthenticator" role-hint="default"
  40  */
  41 public class ArchivaServletAuthenticator
  42     implements ServletAuthenticator
  43 {
  44     private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
  45
  46     /**
  47      * @plexus.requirement role-hint="basic"
  48      */
  49     private HttpAuthenticator httpAuth;
  50
  51     /**
  52      * @plexus.requirement
  53      */
  54     private SecuritySystem securitySystem;
  55
  56     public boolean isAuthenticated( HttpServletRequest request, String repositoryId )
  57         throws AuthenticationException, AccountLockedException, MustChangePasswordException
  58     {
  59         AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
  60
  61         if ( result != null && !result.isAuthenticated() )
  62         {
  63             throw new AuthenticationException( "User Credentials Invalid" );
  64         }
  65
  66         return true;
  67     }
  68
  69     public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest )
  70         throws AuthorizationException
  71     {
  72         SecuritySession securitySession = httpAuth.getSecuritySession();
  73
  74         String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
  75
  76         if ( isWriteRequest )
  77         {
  78             permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
  79         }
  80
  81         AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
  82
  83         if ( !authzResult.isAuthorized() )
  84         {
  85             if ( authzResult.getException() != null )
  86             {
  87                 log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
  88                     ",permission=" + permission + ",repo=" + repositoryId + "] : " +
  89                     authzResult.getException().getMessage() );
  90             }
  91         }
  92
  93         return true;
  94     }
  95 }