source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.webdav;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import org.apache.archiva.admin.model.RepositoryAdminException;
  23 import org.apache.archiva.admin.model.beans.ManagedRepository;
  24 import org.apache.archiva.admin.model.beans.RemoteRepository;
  25 import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
  26 import org.apache.archiva.admin.model.remote.RemoteRepositoryAdmin;
  27 import org.apache.archiva.audit.Auditable;
  28 import org.apache.archiva.common.filelock.FileLockManager;
  29 import org.apache.archiva.common.plexusbridge.PlexusSisuBridge;
  30 import org.apache.archiva.common.plexusbridge.PlexusSisuBridgeException;
  31 import org.apache.archiva.common.utils.PathUtil;
  32 import org.apache.archiva.common.utils.VersionUtil;
  33 import org.apache.archiva.configuration.ArchivaConfiguration;
  34 import org.apache.archiva.configuration.RepositoryGroupConfiguration;
  35 import org.apache.archiva.indexer.merger.IndexMerger;
  36 import org.apache.archiva.indexer.merger.IndexMergerException;
  37 import org.apache.archiva.indexer.merger.IndexMergerRequest;
  38 import org.apache.archiva.indexer.merger.MergedRemoteIndexesTask;
  39 import org.apache.archiva.indexer.merger.MergedRemoteIndexesTaskRequest;
  40 import org.apache.archiva.indexer.merger.TemporaryGroupIndex;
  41 import org.apache.archiva.indexer.search.RepositorySearch;
  42 import org.apache.archiva.maven2.metadata.MavenMetadataReader;
  43 import org.apache.archiva.metadata.model.facets.AuditEvent;
  44 import org.apache.archiva.metadata.repository.storage.RelocationException;
  45 import org.apache.archiva.metadata.repository.storage.RepositoryStorage;
  46 import org.apache.archiva.model.ArchivaRepositoryMetadata;
  47 import org.apache.archiva.model.ArtifactReference;
  48 import org.apache.archiva.policies.ProxyDownloadException;
  49 import org.apache.archiva.proxy.model.RepositoryProxyConnectors;
  50 import org.apache.archiva.redback.authentication.AuthenticationException;
  51 import org.apache.archiva.redback.authentication.AuthenticationResult;
  52 import org.apache.archiva.redback.authorization.AuthorizationException;
  53 import org.apache.archiva.redback.authorization.UnauthorizedException;
  54 import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
  55 import org.apache.archiva.redback.policy.AccountLockedException;
  56 import org.apache.archiva.redback.policy.MustChangePasswordException;
  57 import org.apache.archiva.redback.system.SecuritySession;
  58 import org.apache.archiva.redback.users.User;
  59 import org.apache.archiva.redback.users.UserManager;
  60 import org.apache.archiva.repository.ManagedRepositoryContent;
  61 import org.apache.archiva.repository.RepositoryContentFactory;
  62 import org.apache.archiva.repository.RepositoryException;
  63 import org.apache.archiva.repository.RepositoryNotFoundException;
  64 import org.apache.archiva.repository.content.maven2.RepositoryRequest;
  65 import org.apache.archiva.repository.events.AuditListener;
  66 import org.apache.archiva.repository.layout.LayoutException;
  67 import org.apache.archiva.repository.metadata.MetadataTools;
  68 import org.apache.archiva.repository.metadata.RepositoryMetadataException;
  69 import org.apache.archiva.repository.metadata.RepositoryMetadataMerge;
  70 import org.apache.archiva.repository.metadata.RepositoryMetadataWriter;
  71 import org.apache.archiva.scheduler.repository.model.RepositoryArchivaTaskScheduler;
  72 import org.apache.archiva.security.ServletAuthenticator;
  73 import org.apache.archiva.webdav.util.MimeTypes;
  74 import org.apache.archiva.webdav.util.TemporaryGroupIndexSessionCleaner;
  75 import org.apache.archiva.webdav.util.WebdavMethodUtil;
  76 import org.apache.archiva.xml.XMLException;
  77 import org.apache.commons.io.FileUtils;
  78 import org.apache.commons.io.FilenameUtils;
  79 import org.apache.commons.lang.StringUtils;
  80 import org.apache.commons.lang.SystemUtils;
  81 import org.apache.jackrabbit.webdav.DavException;
  82 import org.apache.jackrabbit.webdav.DavResource;
  83 import org.apache.jackrabbit.webdav.DavResourceFactory;
  84 import org.apache.jackrabbit.webdav.DavResourceLocator;
  85 import org.apache.jackrabbit.webdav.DavServletRequest;
  86 import org.apache.jackrabbit.webdav.DavServletResponse;
  87 import org.apache.jackrabbit.webdav.DavSession;
  88 import org.apache.jackrabbit.webdav.lock.LockManager;
  89 import org.apache.jackrabbit.webdav.lock.SimpleLockManager;
  90 import org.apache.maven.index.context.IndexingContext;
  91 import org.codehaus.plexus.digest.ChecksumFile;
  92 import org.codehaus.plexus.digest.Digester;
  93 import org.codehaus.plexus.digest.DigesterException;
  94 import org.slf4j.Logger;
  95 import org.slf4j.LoggerFactory;
  96 import org.slf4j.MarkerFactory;
  97 import org.springframework.context.ApplicationContext;
  98 import org.springframework.stereotype.Service;
  99
 100 import javax.annotation.PostConstruct;
 101 import javax.inject.Inject;
 102 import javax.inject.Named;
 103 import javax.servlet.http.HttpServletResponse;
 104 import javax.servlet.http.HttpSession;
 105 import java.io.File;
 106 import java.io.IOException;
 107 import java.nio.file.Files;
 108 import java.util.ArrayList;
 109 import java.util.Date;
 110 import java.util.HashMap;
 111 import java.util.HashSet;
 112 import java.util.List;
 113 import java.util.Map;
 114 import java.util.Set;
 115
 116 /**
 117  *
 118  */
 119 @Service( "davResourceFactory#archiva" )
 120 public class ArchivaDavResourceFactory
 121     implements DavResourceFactory, Auditable
 122 {
 123     private static final String PROXIED_SUFFIX = " (proxied)";
 124
 125     private static final String HTTP_PUT_METHOD = "PUT";
 126
 127     private Logger log = LoggerFactory.getLogger( ArchivaDavResourceFactory.class );
 128
 129     @Inject
 130     private List<AuditListener> auditListeners = new ArrayList<>();
 131
 132     @Inject
 133     private RepositoryContentFactory repositoryFactory;
 134
 135     private RepositoryRequest repositoryRequest;
 136
 137     @Inject
 138     @Named( value = "repositoryProxyConnectors#default" )
 139     private RepositoryProxyConnectors connectors;
 140
 141     @Inject
 142     private MetadataTools metadataTools;
 143
 144     @Inject
 145     private MimeTypes mimeTypes;
 146
 147     private ArchivaConfiguration archivaConfiguration;
 148
 149     @Inject
 150     private ServletAuthenticator servletAuth;
 151
 152     @Inject
 153     @Named( value = "httpAuthenticator#basic" )
 154     private HttpAuthenticator httpAuth;
 155
 156     @Inject
 157     private RemoteRepositoryAdmin remoteRepositoryAdmin;
 158
 159     @Inject
 160     private ManagedRepositoryAdmin managedRepositoryAdmin;
 161
 162     @Inject
 163     private IndexMerger indexMerger;
 164
 165     @Inject
 166     private RepositorySearch repositorySearch;
 167
 168     /**
 169      * Lock Manager - use simple implementation from JackRabbit
 170      */
 171     private final LockManager lockManager = new SimpleLockManager();
 172
 173     private ChecksumFile checksum;
 174
 175     private Digester digestSha1;
 176
 177     private Digester digestMd5;
 178
 179     @Inject
 180     @Named( value = "archivaTaskScheduler#repository" )
 181     private RepositoryArchivaTaskScheduler scheduler;
 182
 183     @Inject
 184     @Named( value = "fileLockManager#default" )
 185     private FileLockManager fileLockManager;
 186
 187     private ApplicationContext applicationContext;
 188
 189     @Inject
 190     public ArchivaDavResourceFactory( ApplicationContext applicationContext, PlexusSisuBridge plexusSisuBridge,
 191                                       ArchivaConfiguration archivaConfiguration )
 192         throws PlexusSisuBridgeException
 193     {
 194         this.archivaConfiguration = archivaConfiguration;
 195         this.applicationContext = applicationContext;
 196         this.checksum = plexusSisuBridge.lookup( ChecksumFile.class );
 197
 198         this.digestMd5 = plexusSisuBridge.lookup( Digester.class, "md5" );
 199         this.digestSha1 = plexusSisuBridge.lookup( Digester.class, "sha1" );
 200
 201         // TODO remove this hard dependency on maven !!
 202         repositoryRequest = new RepositoryRequest( );
 203     }
 204
 205     @PostConstruct
 206     public void initialize()
 207     {
 208         // no op
 209     }
 210
 211     @Override
 212     public DavResource createResource( final DavResourceLocator locator, final DavServletRequest request,
 213                                        final DavServletResponse response )
 214         throws DavException
 215     {
 216         ArchivaDavResourceLocator archivaLocator = checkLocatorIsInstanceOfRepositoryLocator( locator );
 217
 218         RepositoryGroupConfiguration repoGroupConfig =
 219             archivaConfiguration.getConfiguration().getRepositoryGroupsAsMap().get( archivaLocator.getRepositoryId() );
 220
 221         String activePrincipal = getActivePrincipal( request );
 222
 223         List<String> resourcesInAbsolutePath = new ArrayList<>();
 224
 225         boolean readMethod = WebdavMethodUtil.isReadMethod( request.getMethod() );
 226         DavResource resource;
 227         if ( repoGroupConfig != null )
 228         {
 229             if ( !readMethod )
 230             {
 231                 throw new DavException( HttpServletResponse.SC_METHOD_NOT_ALLOWED,
 232                                         "Write method not allowed for repository groups." );
 233             }
 234
 235             log.debug( "Repository group '{}' accessed by '{}", repoGroupConfig.getId(), activePrincipal );
 236
 237             // handle browse requests for virtual repos
 238             if ( getLogicalResource( archivaLocator, null, true ).endsWith( "/" ) )
 239             {
 240                 try
 241                 {
 242                     DavResource davResource =
 243                         getResourceFromGroup( request, repoGroupConfig.getRepositories(), archivaLocator,
 244                                               repoGroupConfig );
 245
 246                     setHeaders( response, locator, davResource, true );
 247
 248                     return davResource;
 249
 250                 }
 251                 catch ( RepositoryAdminException e )
 252                 {
 253                     throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
 254                 }
 255             }
 256             else
 257             {
 258                 // make a copy to avoid potential concurrent modifications (eg. by configuration)
 259                 // TODO: ultimately, locking might be more efficient than copying in this fashion since updates are
 260                 //  infrequent
 261                 List<String> repositories = new ArrayList<>( repoGroupConfig.getRepositories() );
 262                 resource = processRepositoryGroup( request, archivaLocator, repositories, activePrincipal,
 263                                                    resourcesInAbsolutePath, repoGroupConfig );
 264             }
 265         }
 266         else
 267         {
 268
 269             try
 270             {
 271                 RemoteRepository remoteRepository =
 272                     remoteRepositoryAdmin.getRemoteRepository( archivaLocator.getRepositoryId() );
 273
 274                 if ( remoteRepository != null )
 275                 {
 276                     String logicalResource = getLogicalResource( archivaLocator, null, false );
 277                     IndexingContext indexingContext = remoteRepositoryAdmin.createIndexContext( remoteRepository );
 278                     File resourceFile = StringUtils.equals( logicalResource, "/" )
 279                         ? new File( indexingContext.getIndexDirectoryFile().getParent() )
 280                         : new File( indexingContext.getIndexDirectoryFile().getParent(), logicalResource );
 281                     resource = new ArchivaDavResource( resourceFile.getAbsolutePath(), //
 282                                                        locator.getResourcePath(), //
 283                                                        null, //
 284                                                        request.getRemoteAddr(), //
 285                                                        activePrincipal, //
 286                                                        request.getDavSession(), //
 287                                                        archivaLocator, //
 288                                                        this, //
 289                                                        mimeTypes, //
 290                                                        auditListeners, //
 291                                                        scheduler, //
 292                                                        fileLockManager );
 293                     setHeaders( response, locator, resource, false );
 294                     return resource;
 295                 }
 296             }
 297             catch ( RepositoryAdminException e )
 298             {
 299                 log.debug( "RepositoryException remote repository with d'{}' not found, msg: {}",
 300                            archivaLocator.getRepositoryId(), e.getMessage() );
 301             }
 302
 303             ManagedRepositoryContent managedRepositoryContent = null;
 304
 305             try
 306             {
 307                 managedRepositoryContent =
 308                     repositoryFactory.getManagedRepositoryContent( archivaLocator.getRepositoryId() );
 309             }
 310             catch ( RepositoryNotFoundException e )
 311             {
 312                 throw new DavException( HttpServletResponse.SC_NOT_FOUND,
 313                                         "Invalid repository: " + archivaLocator.getRepositoryId() );
 314             }
 315             catch ( RepositoryException e )
 316             {
 317                 throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
 318             }
 319
 320             log.debug( "Managed repository '{}' accessed by '{}'", managedRepositoryContent.getId(), activePrincipal );
 321
 322             try
 323             {
 324                 resource = processRepository( request, archivaLocator, activePrincipal, managedRepositoryContent,
 325                                               managedRepositoryAdmin.getManagedRepository(
 326                                                   archivaLocator.getRepositoryId() ) );
 327
 328                 String logicalResource = getLogicalResource( archivaLocator, null, false );
 329                 resourcesInAbsolutePath.add(
 330                     new File( managedRepositoryContent.getRepoRoot(), logicalResource ).getAbsolutePath() );
 331
 332             }
 333             catch ( RepositoryAdminException e )
 334             {
 335                 throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
 336             }
 337         }
 338
 339         String requestedResource = request.getRequestURI();
 340
 341         // MRM-872 : merge all available metadata
 342         // merge metadata only when requested via the repo group
 343         if ( ( repositoryRequest.isMetadata( requestedResource ) || repositoryRequest.isMetadataSupportFile(
 344             requestedResource ) ) && repoGroupConfig != null )
 345         {
 346             // this should only be at the project level not version level!
 347             if ( isProjectReference( requestedResource ) )
 348             {
 349
 350                 ArchivaDavResource res = (ArchivaDavResource) resource;
 351                 String filePath =
 352                     StringUtils.substringBeforeLast( res.getLocalResource().getAbsolutePath().replace( '\\', '/' ),
 353                                                      "/" );
 354                 filePath = filePath + "/maven-metadata-" + repoGroupConfig.getId() + ".xml";
 355
 356                 // for MRM-872 handle checksums of the merged metadata files
 357                 if ( repositoryRequest.isSupportFile( requestedResource ) )
 358                 {
 359                     File metadataChecksum =
 360                         new File( filePath + "." + StringUtils.substringAfterLast( requestedResource, "." ) );
 361
 362                     if ( metadataChecksum.exists() )
 363                     {
 364                         LogicalResource logicalResource =
 365                             new LogicalResource( getLogicalResource( archivaLocator, null, false ) );
 366
 367                         resource =
 368                             new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(), null,
 369                                                     request.getRemoteAddr(), activePrincipal, request.getDavSession(),
 370                                                     archivaLocator, this, mimeTypes, auditListeners, scheduler,
 371                                                     fileLockManager );
 372                     }
 373                 }
 374                 else
 375                 {
 376                     if ( resourcesInAbsolutePath != null && resourcesInAbsolutePath.size() > 1 )
 377                     {
 378                         // merge the metadata of all repos under group
 379                         ArchivaRepositoryMetadata mergedMetadata = new ArchivaRepositoryMetadata();
 380                         for ( String resourceAbsPath : resourcesInAbsolutePath )
 381                         {
 382                             try
 383                             {
 384                                 File metadataFile = new File( resourceAbsPath );
 385                                 ArchivaRepositoryMetadata repoMetadata = MavenMetadataReader.read( metadataFile );
 386                                 mergedMetadata = RepositoryMetadataMerge.merge( mergedMetadata, repoMetadata );
 387                             }
 388                             catch ( XMLException e )
 389                             {
 390                                 throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 391                                                         "Error occurred while reading metadata file." );
 392                             }
 393                             catch ( RepositoryMetadataException r )
 394                             {
 395                                 throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 396                                                         "Error occurred while merging metadata file." );
 397                             }
 398                         }
 399
 400                         try
 401                         {
 402                             File resourceFile = writeMergedMetadataToFile( mergedMetadata, filePath );
 403
 404                             LogicalResource logicalResource =
 405                                 new LogicalResource( getLogicalResource( archivaLocator, null, false ) );
 406
 407                             resource =
 408                                 new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), null,
 409                                                         request.getRemoteAddr(), activePrincipal,
 410                                                         request.getDavSession(), archivaLocator, this, mimeTypes,
 411                                                         auditListeners, scheduler, fileLockManager );
 412                         }
 413                         catch ( RepositoryMetadataException r )
 414                         {
 415                             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 416                                                     "Error occurred while writing metadata file." );
 417                         }
 418                         catch ( IOException ie )
 419                         {
 420                             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 421                                                     "Error occurred while generating checksum files." );
 422                         }
 423                         catch ( DigesterException de )
 424                         {
 425                             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 426                                                     "Error occurred while generating checksum files."
 427                                                         + de.getMessage() );
 428                         }
 429                     }
 430                 }
 431             }
 432         }
 433
 434         setHeaders( response, locator, resource, false );
 435
 436         // compatibility with MRM-440 to ensure browsing the repository works ok
 437         if ( resource.isCollection() && !request.getRequestURI().endsWith( "/" ) )
 438         {
 439             throw new BrowserRedirectException( resource.getHref() );
 440         }
 441         resource.addLockManager( lockManager );
 442         return resource;
 443     }
 444
 445     private DavResource processRepositoryGroup( final DavServletRequest request,
 446                                                 ArchivaDavResourceLocator archivaLocator, List<String> repositories,
 447                                                 String activePrincipal, List<String> resourcesInAbsolutePath,
 448                                                 RepositoryGroupConfiguration repoGroupConfig )
 449         throws DavException
 450     {
 451         DavResource resource = null;
 452         List<DavException> storedExceptions = new ArrayList<>();
 453
 454         String pathInfo = StringUtils.removeEnd( request.getPathInfo(), "/" );
 455
 456         String rootPath = StringUtils.substringBeforeLast( pathInfo, "/" );
 457
 458         if ( StringUtils.endsWith( rootPath, repoGroupConfig.getMergedIndexPath() ) )
 459         {
 460             // we are in the case of index file request
 461             String requestedFileName = StringUtils.substringAfterLast( pathInfo, "/" );
 462             File temporaryIndexDirectory =
 463                 buildMergedIndexDirectory( repositories, activePrincipal, request, repoGroupConfig );
 464
 465             File resourceFile = new File( temporaryIndexDirectory, requestedFileName );
 466             resource = new ArchivaDavResource( resourceFile.getAbsolutePath(), requestedFileName, null,
 467                                                request.getRemoteAddr(), activePrincipal, request.getDavSession(),
 468                                                archivaLocator, this, mimeTypes, auditListeners, scheduler,
 469                                                fileLockManager );
 470
 471         }
 472         else
 473         {
 474             for ( String repositoryId : repositories )
 475             {
 476                 ManagedRepositoryContent managedRepositoryContent;
 477                 try
 478                 {
 479                     managedRepositoryContent = repositoryFactory.getManagedRepositoryContent( repositoryId );
 480                 }
 481                 catch ( RepositoryNotFoundException e )
 482                 {
 483                     throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
 484                 }
 485                 catch ( RepositoryException e )
 486                 {
 487                     throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
 488                 }
 489
 490                 try
 491                 {
 492                     ManagedRepository managedRepository = managedRepositoryAdmin.getManagedRepository( repositoryId );
 493                     DavResource updatedResource =
 494                         processRepository( request, archivaLocator, activePrincipal, managedRepositoryContent,
 495                                            managedRepository );
 496                     if ( resource == null )
 497                     {
 498                         resource = updatedResource;
 499                     }
 500
 501                     String logicalResource = getLogicalResource( archivaLocator, null, false );
 502                     if ( logicalResource.endsWith( "/" ) )
 503                     {
 504                         logicalResource = logicalResource.substring( 1 );
 505                     }
 506                     resourcesInAbsolutePath.add(
 507                         new File( managedRepositoryContent.getRepoRoot(), logicalResource ).getAbsolutePath() );
 508                 }
 509                 catch ( DavException e )
 510                 {
 511                     storedExceptions.add( e );
 512                 }
 513                 catch ( RepositoryAdminException e )
 514                 {
 515                     storedExceptions.add( new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e ) );
 516                 }
 517             }
 518         }
 519         if ( resource == null )
 520         {
 521             if ( !storedExceptions.isEmpty() )
 522             {
 523                 // MRM-1232
 524                 for ( DavException e : storedExceptions )
 525                 {
 526                     if ( 401 == e.getErrorCode() )
 527                     {
 528                         throw e;
 529                     }
 530                 }
 531
 532                 throw new DavException( HttpServletResponse.SC_NOT_FOUND );
 533             }
 534             else
 535             {
 536                 throw new DavException( HttpServletResponse.SC_NOT_FOUND );
 537             }
 538         }
 539         return resource;
 540     }
 541
 542     private String getLogicalResource( ArchivaDavResourceLocator archivaLocator, ManagedRepository managedRepository,
 543                                        boolean useOrigResourcePath )
 544     {
 545         // FIXME remove this hack
 546         // but currently managedRepository can be null in case of group
 547         String layout = managedRepository == null ? new ManagedRepository().getLayout() : managedRepository.getLayout();
 548         RepositoryStorage repositoryStorage =
 549             this.applicationContext.getBean( "repositoryStorage#" + layout, RepositoryStorage.class );
 550         String path = repositoryStorage.getFilePath(
 551             useOrigResourcePath ? archivaLocator.getOrigResourcePath() : archivaLocator.getResourcePath(),
 552             managedRepository );
 553         log.debug( "found path {} for resourcePath: '{}' with managedRepo '{}' and layout '{}'", path,
 554                    archivaLocator.getResourcePath(), managedRepository == null ? "null" : managedRepository.getId(),
 555                    layout );
 556         return path;
 557     }
 558
 559     private String evaluatePathWithVersion( ArchivaDavResourceLocator archivaLocator, //
 560                                             ManagedRepositoryContent managedRepositoryContent, //
 561                                             String contextPath )
 562         throws DavException
 563     {
 564         String layout = managedRepositoryContent.getRepository() == null
 565             ? new ManagedRepository().getLayout()
 566             : managedRepositoryContent.getRepository().getLayout();
 567         RepositoryStorage repositoryStorage =
 568             this.applicationContext.getBean( "repositoryStorage#" + layout, RepositoryStorage.class );
 569         try
 570         {
 571             return repositoryStorage.getFilePathWithVersion( archivaLocator.getResourcePath(), //
 572                                                              managedRepositoryContent );
 573         }
 574         catch ( RelocationException e )
 575         {
 576             String path = e.getPath();
 577             log.debug( "Relocation to {}", path );
 578
 579             throw new BrowserRedirectException( addHrefPrefix( contextPath, path ), e.getRelocationType() );
 580         }
 581         catch ( XMLException e )
 582         {
 583             log.error( e.getMessage(), e );
 584             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
 585         }
 586     }
 587
 588     private DavResource processRepository( final DavServletRequest request, ArchivaDavResourceLocator archivaLocator,
 589                                            String activePrincipal, ManagedRepositoryContent managedRepositoryContent,
 590                                            ManagedRepository managedRepository )
 591         throws DavException
 592     {
 593         DavResource resource = null;
 594         if ( isAuthorized( request, managedRepositoryContent.getId() ) )
 595         {
 596             boolean readMethod = WebdavMethodUtil.isReadMethod( request.getMethod() );
 597             // Maven Centric part ask evaluation if -SNAPSHOT
 598             // MRM-1846 test if read method to prevent issue with maven 2.2.1 and uniqueVersion false
 599
 600             String path = readMethod
 601                 ? evaluatePathWithVersion( archivaLocator, managedRepositoryContent, request.getContextPath() )
 602                 : getLogicalResource( archivaLocator, managedRepository, false );
 603             if ( path.startsWith( "/" ) )
 604             {
 605                 path = path.substring( 1 );
 606             }
 607             LogicalResource logicalResource = new LogicalResource( path );
 608             File resourceFile = new File( managedRepositoryContent.getRepoRoot(), path );
 609             resource =
 610                 new ArchivaDavResource( resourceFile.getAbsolutePath(), path, managedRepositoryContent.getRepository(),
 611                                         request.getRemoteAddr(), activePrincipal, request.getDavSession(),
 612                                         archivaLocator, this, mimeTypes, auditListeners, scheduler, fileLockManager );
 613
 614             if ( WebdavMethodUtil.isReadMethod( request.getMethod() ) )
 615             {
 616                 if ( archivaLocator.getHref( false ).endsWith( "/" ) && !resourceFile.isDirectory() )
 617                 {
 618                     // force a resource not found
 619                     throw new DavException( HttpServletResponse.SC_NOT_FOUND, "Resource does not exist" );
 620                 }
 621                 else
 622                 {
 623                     if ( !resource.isCollection() )
 624                     {
 625                         boolean previouslyExisted = resourceFile.exists();
 626
 627                         boolean fromProxy = fetchContentFromProxies( managedRepositoryContent, request, logicalResource );
 628
 629                         // At this point the incoming request can either be in default or
 630                         // legacy layout format.
 631                         try
 632                         {
 633                             // Perform an adjustment of the resource to the managed
 634                             // repository expected path.
 635                             String localResourcePath =
 636                                 repositoryRequest.toNativePath( logicalResource.getPath(), managedRepositoryContent );
 637                             resourceFile = new File( managedRepositoryContent.getRepoRoot(), localResourcePath );
 638                             resource =
 639                                 new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
 640                                                         managedRepositoryContent.getRepository(),
 641                                                         request.getRemoteAddr(), activePrincipal,
 642                                                         request.getDavSession(), archivaLocator, this, mimeTypes,
 643                                                         auditListeners, scheduler, fileLockManager );
 644                         }
 645                         catch ( LayoutException e )
 646                         {
 647                             if ( !resourceFile.exists() )
 648                             {
 649                                 throw new DavException( HttpServletResponse.SC_NOT_FOUND, e );
 650                             }
 651                         }
 652
 653                         if ( fromProxy )
 654                         {
 655                             String action = ( previouslyExisted ? AuditEvent.MODIFY_FILE : AuditEvent.CREATE_FILE )
 656                                 + PROXIED_SUFFIX;
 657
 658                             log.debug( "Proxied artifact '{}' in repository '{}' (current user '{}')",
 659                                        resourceFile.getName(), managedRepositoryContent.getId(), activePrincipal );
 660
 661                             triggerAuditEvent( request.getRemoteAddr(), archivaLocator.getRepositoryId(),
 662                                                logicalResource.getPath(), action, activePrincipal );
 663                         }
 664
 665                         if ( !resourceFile.exists() )
 666                         {
 667                             throw new DavException( HttpServletResponse.SC_NOT_FOUND, "Resource does not exist" );
 668                         }
 669                     }
 670                 }
 671             }
 672
 673             if ( request.getMethod().equals( HTTP_PUT_METHOD ) )
 674             {
 675                 String resourcePath = logicalResource.getPath();
 676
 677                 // check if target repo is enabled for releases
 678                 // we suppose that release-artifacts can be deployed only to repos enabled for releases
 679                 if ( managedRepositoryContent.getRepository().isReleases() && !repositoryRequest.isMetadata(
 680                     resourcePath ) && !repositoryRequest.isSupportFile( resourcePath ) )
 681                 {
 682                     ArtifactReference artifact = null;
 683                     try
 684                     {
 685                         artifact = managedRepositoryContent.toArtifactReference( resourcePath );
 686
 687                         if ( !VersionUtil.isSnapshot( artifact.getVersion() ) )
 688                         {
 689                             // check if artifact already exists and if artifact re-deployment to the repository is allowed
 690                             if ( managedRepositoryContent.hasContent( artifact )
 691                                 && managedRepositoryContent.getRepository().isBlockRedeployments() )
 692                             {
 693                                 log.warn( "Overwriting released artifacts in repository '{}' is not allowed.",
 694                                           managedRepositoryContent.getId() );
 695                                 throw new DavException( HttpServletResponse.SC_CONFLICT,
 696                                                         "Overwriting released artifacts is not allowed." );
 697                             }
 698                         }
 699                     }
 700                     catch ( LayoutException e )
 701                     {
 702                         log.warn( "Artifact path '{}' is invalid.", resourcePath );
 703                     }
 704                 }
 705
 706                 /*
 707                  * Create parent directories that don't exist when writing a file This actually makes this
 708                  * implementation not compliant to the WebDAV RFC - but we have enough knowledge about how the
 709                  * collection is being used to do this reasonably and some versions of Maven's WebDAV don't correctly
 710                  * create the collections themselves.
 711                  */
 712
 713                 File rootDirectory = new File( managedRepositoryContent.getRepoRoot() );
 714                 File destDir = new File( rootDirectory, logicalResource.getPath() ).getParentFile();
 715
 716                 if ( !destDir.exists() )
 717                 {
 718                     destDir.mkdirs();
 719                     String relPath = PathUtil.getRelative( rootDirectory.getAbsolutePath(), destDir );
 720
 721                     log.debug( "Creating destination directory '{}' (current user '{}')", destDir.getName(),
 722                                activePrincipal );
 723
 724                     triggerAuditEvent( request.getRemoteAddr(), managedRepositoryContent.getId(), relPath,
 725                                        AuditEvent.CREATE_DIR, activePrincipal );
 726                 }
 727             }
 728         }
 729         return resource;
 730     }
 731
 732     @Override
 733     public DavResource createResource( final DavResourceLocator locator, final DavSession davSession )
 734         throws DavException
 735     {
 736         ArchivaDavResourceLocator archivaLocator = checkLocatorIsInstanceOfRepositoryLocator( locator );
 737
 738         ManagedRepositoryContent managedRepositoryContent;
 739         try
 740         {
 741             managedRepositoryContent =
 742                 repositoryFactory.getManagedRepositoryContent( archivaLocator.getRepositoryId() );
 743         }
 744         catch ( RepositoryNotFoundException e )
 745         {
 746             throw new DavException( HttpServletResponse.SC_NOT_FOUND,
 747                                     "Invalid repository: " + archivaLocator.getRepositoryId() );
 748         }
 749         catch ( RepositoryException e )
 750         {
 751             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
 752         }
 753
 754         DavResource resource = null;
 755         try
 756         {
 757             String logicalResource = getLogicalResource( archivaLocator, managedRepositoryAdmin.getManagedRepository(
 758                 archivaLocator.getRepositoryId() ), false );
 759             if ( logicalResource.startsWith( "/" ) )
 760             {
 761                 logicalResource = logicalResource.substring( 1 );
 762             }
 763             File resourceFile = new File( managedRepositoryContent.getRepoRoot(), logicalResource );
 764             resource = new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource,
 765                                                managedRepositoryContent.getRepository(), davSession, archivaLocator,
 766                                                this, mimeTypes, auditListeners, scheduler, fileLockManager );
 767
 768             resource.addLockManager( lockManager );
 769         }
 770         catch ( RepositoryAdminException e )
 771         {
 772             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
 773         }
 774         return resource;
 775     }
 776
 777     private boolean fetchContentFromProxies( ManagedRepositoryContent managedRepository, DavServletRequest request,
 778                                              LogicalResource resource )
 779         throws DavException
 780     {
 781         String path = resource.getPath();
 782         if ( repositoryRequest.isSupportFile( path ) )
 783         {
 784             File proxiedFile = connectors.fetchFromProxies( managedRepository, path );
 785
 786             return ( proxiedFile != null );
 787         }
 788
 789         // Is it a Metadata resource?
 790         if ( repositoryRequest.isDefault( path ) && repositoryRequest.isMetadata( path ) )
 791         {
 792             return connectors.fetchMetadataFromProxies( managedRepository, path ).isModified();
 793         }
 794
 795         // Is it an Archetype Catalog?
 796         if ( repositoryRequest.isArchetypeCatalog( path ) )
 797         {
 798             // FIXME we must implement a merge of remote archetype catalog from remote servers.
 799             File proxiedFile = connectors.fetchFromProxies( managedRepository, path );
 800
 801             return ( proxiedFile != null );
 802         }
 803
 804         // Not any of the above? Then it's gotta be an artifact reference.
 805         try
 806         {
 807             // Get the artifact reference in a layout neutral way.
 808             ArtifactReference artifact = repositoryRequest.toArtifactReference( path );
 809
 810             if ( artifact != null )
 811             {
 812                 String repositoryLayout = managedRepository.getRepository().getLayout();
 813
 814                 RepositoryStorage repositoryStorage =
 815                     this.applicationContext.getBean( "repositoryStorage#" + repositoryLayout, RepositoryStorage.class );
 816                 repositoryStorage.applyServerSideRelocation( managedRepository, artifact );
 817
 818                 File proxiedFile = connectors.fetchFromProxies( managedRepository, artifact );
 819
 820                 resource.setPath( managedRepository.toPath( artifact ) );
 821
 822                 log.debug( "Proxied artifact '{}:{}:{}'", artifact.getGroupId(), artifact.getArtifactId(),
 823                            artifact.getVersion() );
 824
 825                 return ( proxiedFile != null );
 826             }
 827         }
 828         catch ( LayoutException e )
 829         {
 830             /* eat it */
 831         }
 832         catch ( ProxyDownloadException e )
 833         {
 834             log.error( e.getMessage(), e );
 835             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 836                                     "Unable to fetch artifact resource." );
 837         }
 838         return false;
 839     }
 840
 841     // TODO: remove?
 842
 843     private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action,
 844                                     String principal )
 845     {
 846         AuditEvent event = new AuditEvent( repositoryId, principal, resource, action );
 847         event.setRemoteIP( remoteIP );
 848
 849         for ( AuditListener listener : auditListeners )
 850         {
 851             listener.auditEvent( event );
 852         }
 853     }
 854
 855     @Override
 856     public void addAuditListener( AuditListener listener )
 857     {
 858         this.auditListeners.add( listener );
 859     }
 860
 861     @Override
 862     public void clearAuditListeners()
 863     {
 864         this.auditListeners.clear();
 865     }
 866
 867     @Override
 868     public void removeAuditListener( AuditListener listener )
 869     {
 870         this.auditListeners.remove( listener );
 871     }
 872
 873     private void setHeaders( DavServletResponse response, DavResourceLocator locator, DavResource resource,
 874                              boolean group )
 875     {
 876         // [MRM-503] - Metadata file need Pragma:no-cache response
 877         // header.
 878         if ( locator.getResourcePath().endsWith( "/maven-metadata.xml" ) || ( resource instanceof ArchivaDavResource
 879             && ( ArchivaDavResource.class.cast( resource ).getLocalResource().isDirectory() ) ) )
 880         {
 881             response.setHeader( "Pragma", "no-cache" );
 882             response.setHeader( "Cache-Control", "no-cache" );
 883             response.setDateHeader( "Last-Modified", new Date().getTime() );
 884         }
 885         // if the resource is a directory don't cache it as new groupId deployed will be available
 886         // without need of refreshing browser
 887         else if ( locator.getResourcePath().endsWith( "/maven-metadata.xml" ) || (
 888             resource instanceof ArchivaVirtualDavResource && ( new File(
 889                 ArchivaVirtualDavResource.class.cast( resource ).getLogicalResource() ).isDirectory() ) ) )
 890         {
 891             response.setHeader( "Pragma", "no-cache" );
 892             response.setHeader( "Cache-Control", "no-cache" );
 893             response.setDateHeader( "Last-Modified", new Date().getTime() );
 894         }
 895         else if ( group )
 896         {
 897             if ( resource instanceof ArchivaVirtualDavResource )
 898             {
 899                 //MRM-1854 here we have a directory so force "Last-Modified"
 900                 response.setDateHeader( "Last-Modified", new Date().getTime() );
 901             }
 902         }
 903         else
 904         {
 905             // We need to specify this so connecting wagons can work correctly
 906             response.setDateHeader( "Last-Modified", resource.getModificationTime() );
 907         }
 908         // TODO: [MRM-524] determine http caching options for other types of files (artifacts, sha1, md5, snapshots)
 909     }
 910
 911     private ArchivaDavResourceLocator checkLocatorIsInstanceOfRepositoryLocator( DavResourceLocator locator )
 912         throws DavException
 913     {
 914         if ( !( locator instanceof ArchivaDavResourceLocator ) )
 915         {
 916             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
 917                                     "Locator does not implement RepositoryLocator" );
 918         }
 919
 920         // Hidden paths
 921         if ( locator.getResourcePath().startsWith( ArchivaDavResource.HIDDEN_PATH_PREFIX ) )
 922         {
 923             throw new DavException( HttpServletResponse.SC_NOT_FOUND );
 924         }
 925
 926         ArchivaDavResourceLocator archivaLocator = (ArchivaDavResourceLocator) locator;
 927
 928         // MRM-419 - Windows Webdav support. Should not 404 if there is no content.
 929         if ( StringUtils.isEmpty( archivaLocator.getRepositoryId() ) )
 930         {
 931             throw new DavException( HttpServletResponse.SC_NO_CONTENT );
 932         }
 933         return archivaLocator;
 934     }
 935
 936     private String addHrefPrefix( String contextPath, String path ) {
 937         String prefix = archivaConfiguration.getConfiguration().getWebapp().getUi().getApplicationUrl();
 938         if (prefix == null || prefix.isEmpty()) {
 939             prefix = contextPath;
 940         }
 941         return prefix + ( StringUtils.startsWith( path, "/" ) ? "" :
 942                         ( StringUtils.endsWith( prefix, "/" ) ? "" : "/" ) )
 943                       + path;
 944     }
 945
 946     private static class LogicalResource
 947     {
 948         private String path;
 949
 950         public LogicalResource( String path )
 951         {
 952             this.path = path;
 953         }
 954
 955         public String getPath()
 956         {
 957             return path;
 958         }
 959
 960         public void setPath( String path )
 961         {
 962             this.path = path;
 963         }
 964     }
 965
 966     protected boolean isAuthorized( DavServletRequest request, String repositoryId )
 967         throws DavException
 968     {
 969         try
 970         {
 971             AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
 972             SecuritySession securitySession = httpAuth.getSecuritySession( request.getSession( true ) );
 973
 974             return servletAuth.isAuthenticated( request, result ) //
 975                 && servletAuth.isAuthorized( request, securitySession, repositoryId, //
 976                                              WebdavMethodUtil.getMethodPermission( request.getMethod() ) );
 977         }
 978         catch ( AuthenticationException e )
 979         {
 980             // safety check for MRM-911
 981             String guest = UserManager.GUEST_USERNAME;
 982             try
 983             {
 984                 if ( servletAuth.isAuthorized( guest,
 985                                                ( (ArchivaDavResourceLocator) request.getRequestLocator() ).getRepositoryId(),
 986                                                WebdavMethodUtil.getMethodPermission( request.getMethod() ) ) )
 987                 {
 988                     return true;
 989                 }
 990             }
 991             catch ( UnauthorizedException ae )
 992             {
 993                 throw new UnauthorizedDavException( repositoryId,
 994                                                     "You are not authenticated and authorized to access any repository." );
 995             }
 996
 997             throw new UnauthorizedDavException( repositoryId, "You are not authenticated" );
 998         }
 999         catch ( MustChangePasswordException e )
1000         {
1001             throw new UnauthorizedDavException( repositoryId, "You must change your password." );
1002         }
1003         catch ( AccountLockedException e )
1004         {
1005             throw new UnauthorizedDavException( repositoryId, "User account is locked." );
1006         }
1007         catch ( AuthorizationException e )
1008         {
1009             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
1010                                     "Fatal Authorization Subsystem Error." );
1011         }
1012         catch ( UnauthorizedException e )
1013         {
1014             throw new UnauthorizedDavException( repositoryId, e.getMessage() );
1015         }
1016     }
1017
1018     private DavResource getResourceFromGroup( DavServletRequest request, List<String> repositories,
1019                                               ArchivaDavResourceLocator locator,
1020                                               RepositoryGroupConfiguration repositoryGroupConfiguration )
1021         throws DavException, RepositoryAdminException
1022     {
1023         if ( repositoryGroupConfiguration.getRepositories() == null
1024             || repositoryGroupConfiguration.getRepositories().isEmpty() )
1025         {
1026             File file =
1027                 new File( System.getProperty( "appserver.base" ), "groups/" + repositoryGroupConfiguration.getId() );
1028
1029             return new ArchivaDavResource( file.getPath(), "groups/" + repositoryGroupConfiguration.getId(), null,
1030                                            request.getDavSession(), locator, this, mimeTypes, auditListeners, scheduler,
1031                                            fileLockManager );
1032         }
1033         List<File> mergedRepositoryContents = new ArrayList<>();
1034         // multiple repo types so we guess they are all the same type
1035         // so use the first one
1036         // FIXME add a method with group in the repository storage
1037         String firstRepoId = repositoryGroupConfiguration.getRepositories().get( 0 );
1038
1039         String path = getLogicalResource( locator, managedRepositoryAdmin.getManagedRepository( firstRepoId ), false );
1040         if ( path.startsWith( "/" ) )
1041         {
1042             path = path.substring( 1 );
1043         }
1044         LogicalResource logicalResource = new LogicalResource( path );
1045
1046         // flow:
1047         // if the current user logged in has permission to any of the repositories, allow user to
1048         // browse the repo group but displaying only the repositories which the user has permission to access.
1049         // otherwise, prompt for authentication.
1050
1051         String activePrincipal = getActivePrincipal( request );
1052
1053         boolean allow = isAllowedToContinue( request, repositories, activePrincipal );
1054
1055         // remove last /
1056         String pathInfo = StringUtils.removeEnd( request.getPathInfo(), "/" );
1057
1058         if ( allow )
1059         {
1060
1061             if ( StringUtils.endsWith( pathInfo, repositoryGroupConfiguration.getMergedIndexPath() ) )
1062             {
1063                 File mergedRepoDir =
1064                     buildMergedIndexDirectory( repositories, activePrincipal, request, repositoryGroupConfiguration );
1065                 mergedRepositoryContents.add( mergedRepoDir );
1066             }
1067             else
1068             {
1069                 if ( StringUtils.equalsIgnoreCase( pathInfo, "/" + repositoryGroupConfiguration.getId() ) )
1070                 {
1071                     File tmpDirectory = new File( SystemUtils.getJavaIoTmpDir(),
1072                                                   repositoryGroupConfiguration.getId() + "/"
1073                                                       + repositoryGroupConfiguration.getMergedIndexPath() );
1074                     if ( !tmpDirectory.exists() )
1075                     {
1076                         synchronized ( tmpDirectory.getAbsolutePath() )
1077                         {
1078                             if ( !tmpDirectory.exists() )
1079                             {
1080                                 tmpDirectory.mkdirs();
1081                             }
1082                         }
1083                     }
1084                     mergedRepositoryContents.add( tmpDirectory.getParentFile() );
1085                 }
1086                 for ( String repository : repositories )
1087                 {
1088                     ManagedRepositoryContent managedRepository = null;
1089
1090                     try
1091                     {
1092                         managedRepository = repositoryFactory.getManagedRepositoryContent( repository );
1093                     }
1094                     catch ( RepositoryNotFoundException e )
1095                     {
1096                         throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
1097                                                 "Invalid managed repository <" + repository + ">: " + e.getMessage() );
1098                     }
1099                     catch ( RepositoryException e )
1100                     {
1101                         throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
1102                                                 "Invalid managed repository <" + repository + ">: " + e.getMessage() );
1103                     }
1104
1105                     File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
1106                     if ( resourceFile.exists() )
1107                     {
1108                         // in case of group displaying index directory doesn't have sense !!
1109                         String repoIndexDirectory = managedRepository.getRepository().getIndexDirectory();
1110                         if ( StringUtils.isNotEmpty( repoIndexDirectory ) )
1111                         {
1112                             if ( !new File( repoIndexDirectory ).isAbsolute() )
1113                             {
1114                                 repoIndexDirectory = new File( managedRepository.getRepository().getLocation(),
1115                                                                StringUtils.isEmpty( repoIndexDirectory )
1116                                                                    ? ".indexer"
1117                                                                    : repoIndexDirectory ).getAbsolutePath();
1118                             }
1119                         }
1120                         if ( StringUtils.isEmpty( repoIndexDirectory ) )
1121                         {
1122                             repoIndexDirectory = new File( managedRepository.getRepository().getLocation(),
1123                                                            ".indexer" ).getAbsolutePath();
1124                         }
1125
1126                         if ( !StringUtils.equals( FilenameUtils.normalize( repoIndexDirectory ),
1127                                                   FilenameUtils.normalize( resourceFile.getAbsolutePath() ) ) )
1128                         {
1129                             // for prompted authentication
1130                             if ( httpAuth.getSecuritySession( request.getSession( true ) ) != null )
1131                             {
1132                                 try
1133                                 {
1134                                     if ( isAuthorized( request, repository ) )
1135                                     {
1136                                         mergedRepositoryContents.add( resourceFile );
1137                                         log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal );
1138                                     }
1139                                 }
1140                                 catch ( DavException e )
1141                                 {
1142                                     // TODO: review exception handling
1143
1144                                     log.debug( "Skipping repository '{}' for user '{}': {}", managedRepository,
1145                                                activePrincipal, e.getMessage() );
1146
1147                                 }
1148
1149                             }
1150                             else
1151                             {
1152                                 // for the current user logged in
1153                                 try
1154                                 {
1155                                     if ( servletAuth.isAuthorized( activePrincipal, repository,
1156                                                                    WebdavMethodUtil.getMethodPermission(
1157                                                                        request.getMethod() ) ) )
1158                                     {
1159                                         mergedRepositoryContents.add( resourceFile );
1160                                         log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal );
1161                                     }
1162                                 }
1163                                 catch ( UnauthorizedException e )
1164                                 {
1165                                     // TODO: review exception handling
1166
1167                                     log.debug( "Skipping repository '{}' for user '{}': {}", managedRepository,
1168                                                activePrincipal, e.getMessage() );
1169
1170                                 }
1171                             }
1172                         }
1173                     }
1174                 }
1175             }
1176         }
1177         else
1178         {
1179             throw new UnauthorizedDavException( locator.getRepositoryId(), "User not authorized." );
1180         }
1181
1182         ArchivaVirtualDavResource resource =
1183             new ArchivaVirtualDavResource( mergedRepositoryContents, logicalResource.getPath(), mimeTypes, locator,
1184                                            this );
1185
1186         // compatibility with MRM-440 to ensure browsing the repository group works ok
1187         if ( resource.isCollection() && !request.getRequestURI().endsWith( "/" ) )
1188         {
1189             throw new BrowserRedirectException( resource.getHref() );
1190         }
1191
1192         return resource;
1193     }
1194
1195     protected String getActivePrincipal( DavServletRequest request )
1196     {
1197         User sessionUser = httpAuth.getSessionUser( request.getSession() );
1198         return sessionUser != null ? sessionUser.getUsername() : UserManager.GUEST_USERNAME;
1199     }
1200
1201     /**
1202      * Check if the current user is authorized to access any of the repos
1203      *
1204      * @param request
1205      * @param repositories
1206      * @param activePrincipal
1207      * @return
1208      */
1209     private boolean isAllowedToContinue( DavServletRequest request, List<String> repositories, String activePrincipal )
1210     {
1211         // when no repositories configured it's impossible to browse nothing !
1212         // at least make possible to see nothing :-)
1213         if ( repositories == null || repositories.isEmpty() )
1214         {
1215             return true;
1216         }
1217
1218         boolean allow = false;
1219
1220         // if securitySession != null, it means that the user was prompted for authentication
1221         if ( httpAuth.getSecuritySession( request.getSession() ) != null )
1222         {
1223             for ( String repository : repositories )
1224             {
1225                 try
1226                 {
1227                     if ( isAuthorized( request, repository ) )
1228                     {
1229                         allow = true;
1230                         break;
1231                     }
1232                 }
1233                 catch ( DavException e )
1234                 {
1235                     continue;
1236                 }
1237             }
1238         }
1239         else
1240         {
1241             for ( String repository : repositories )
1242             {
1243                 try
1244                 {
1245                     if ( servletAuth.isAuthorized( activePrincipal, repository,
1246                                                    WebdavMethodUtil.getMethodPermission( request.getMethod() ) ) )
1247                     {
1248                         allow = true;
1249                         break;
1250                     }
1251                 }
1252                 catch ( UnauthorizedException e )
1253                 {
1254                     continue;
1255                 }
1256             }
1257         }
1258
1259         return allow;
1260     }
1261
1262     private File writeMergedMetadataToFile( ArchivaRepositoryMetadata mergedMetadata, String outputFilename )
1263         throws RepositoryMetadataException, DigesterException, IOException
1264     {
1265         File outputFile = new File( outputFilename );
1266         if ( outputFile.exists() )
1267         {
1268             FileUtils.deleteQuietly( outputFile );
1269         }
1270
1271         outputFile.getParentFile().mkdirs();
1272         RepositoryMetadataWriter.write( mergedMetadata, outputFile );
1273
1274         createChecksumFile( outputFilename, digestSha1 );
1275         createChecksumFile( outputFilename, digestMd5 );
1276
1277         return outputFile;
1278     }
1279
1280     private void createChecksumFile( String path, Digester digester )
1281         throws DigesterException, IOException
1282     {
1283         File checksumFile = new File( path + digester.getFilenameExtension() );
1284         if ( !checksumFile.exists() )
1285         {
1286             FileUtils.deleteQuietly( checksumFile );
1287             checksum.createChecksum( new File( path ), digester );
1288         }
1289         else if ( !checksumFile.isFile() )
1290         {
1291             log.error( "Checksum file is not a file." );
1292         }
1293     }
1294
1295     private boolean isProjectReference( String requestedResource )
1296     {
1297         try
1298         {
1299             metadataTools.toVersionedReference( requestedResource );
1300             return false;
1301         }
1302         catch ( RepositoryMetadataException re )
1303         {
1304             return true;
1305         }
1306     }
1307
1308     protected File buildMergedIndexDirectory( List<String> repositories, String activePrincipal,
1309                                               DavServletRequest request,
1310                                               RepositoryGroupConfiguration repositoryGroupConfiguration )
1311         throws DavException
1312     {
1313
1314         try
1315         {
1316             HttpSession session = request.getSession();
1317
1318             Map<String, TemporaryGroupIndex> temporaryGroupIndexMap =
1319                 (Map<String, TemporaryGroupIndex>) session.getAttribute(
1320                     TemporaryGroupIndexSessionCleaner.TEMPORARY_INDEX_SESSION_KEY );
1321             if ( temporaryGroupIndexMap == null )
1322             {
1323                 temporaryGroupIndexMap = new HashMap<>();
1324             }
1325
1326             TemporaryGroupIndex tmp = temporaryGroupIndexMap.get( repositoryGroupConfiguration.getId() );
1327
1328             if ( tmp != null && tmp.getDirectory() != null && tmp.getDirectory().exists() )
1329             {
1330                 if ( System.currentTimeMillis() - tmp.getCreationTime() > (
1331                     repositoryGroupConfiguration.getMergedIndexTtl() * 60 * 1000 ) )
1332                 {
1333                     log.debug( MarkerFactory.getMarker( "group.merged.index" ),
1334                                "tmp group index '{}' is too old so delete it", repositoryGroupConfiguration.getId() );
1335                     indexMerger.cleanTemporaryGroupIndex( tmp );
1336                 }
1337                 else
1338                 {
1339                     log.debug( MarkerFactory.getMarker( "group.merged.index" ),
1340                                "merged index for group '{}' found in cache", repositoryGroupConfiguration.getId() );
1341                     return tmp.getDirectory();
1342                 }
1343             }
1344
1345             Set<String> authzRepos = new HashSet<String>();
1346
1347             String permission = WebdavMethodUtil.getMethodPermission( request.getMethod() );
1348
1349             for ( String repository : repositories )
1350             {
1351                 try
1352                 {
1353                     if ( servletAuth.isAuthorized( activePrincipal, repository, permission ) )
1354                     {
1355                         authzRepos.add( repository );
1356                         authzRepos.addAll( this.repositorySearch.getRemoteIndexingContextIds( repository ) );
1357                     }
1358                 }
1359                 catch ( UnauthorizedException e )
1360                 {
1361                     // TODO: review exception handling
1362
1363                     log.debug( "Skipping repository '{}' for user '{}': {}", repository, activePrincipal,
1364                                e.getMessage() );
1365                 }
1366             }
1367             log.info( "generate temporary merged index for repository group '{}' for repositories '{}'",
1368                       repositoryGroupConfiguration.getId(), authzRepos );
1369
1370             File tempRepoFile = Files.createTempDirectory( "temp" ).toFile();
1371             tempRepoFile.deleteOnExit();
1372
1373             IndexMergerRequest indexMergerRequest =
1374                 new IndexMergerRequest( authzRepos, true, repositoryGroupConfiguration.getId(),
1375                                         repositoryGroupConfiguration.getMergedIndexPath(),
1376                                         repositoryGroupConfiguration.getMergedIndexTtl() ).mergedIndexDirectory(
1377                     tempRepoFile ).temporary( true );
1378
1379             MergedRemoteIndexesTaskRequest taskRequest =
1380                 new MergedRemoteIndexesTaskRequest( indexMergerRequest, indexMerger );
1381
1382             MergedRemoteIndexesTask job = new MergedRemoteIndexesTask( taskRequest );
1383
1384             IndexingContext indexingContext = job.execute().getIndexingContext();
1385
1386             File mergedRepoDir = indexingContext.getIndexDirectoryFile();
1387             TemporaryGroupIndex temporaryGroupIndex =
1388                 new TemporaryGroupIndex( mergedRepoDir, indexingContext.getId(), repositoryGroupConfiguration.getId(),
1389                                          repositoryGroupConfiguration.getMergedIndexTtl() ) //
1390                     .setCreationTime( new Date().getTime() );
1391             temporaryGroupIndexMap.put( repositoryGroupConfiguration.getId(), temporaryGroupIndex );
1392             session.setAttribute( TemporaryGroupIndexSessionCleaner.TEMPORARY_INDEX_SESSION_KEY,
1393                                   temporaryGroupIndexMap );
1394             return mergedRepoDir;
1395         }
1396         catch ( RepositoryAdminException e )
1397         {
1398             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
1399         }
1400         catch ( IndexMergerException e )
1401         {
1402             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
1403         }
1404         catch ( IOException e )
1405         {
1406             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e );
1407         }
1408     }
1409
1410
1411     public void setServletAuth( ServletAuthenticator servletAuth )
1412     {
1413         this.servletAuth = servletAuth;
1414     }
1415
1416     public void setHttpAuth( HttpAuthenticator httpAuth )
1417     {
1418         this.httpAuth = httpAuth;
1419     }
1420
1421     public void setScheduler( RepositoryArchivaTaskScheduler scheduler )
1422     {
1423         this.scheduler = scheduler;
1424     }
1425
1426     public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration )
1427     {
1428         this.archivaConfiguration = archivaConfiguration;
1429     }
1430
1431     public void setRepositoryFactory( RepositoryContentFactory repositoryFactory )
1432     {
1433         this.repositoryFactory = repositoryFactory;
1434     }
1435
1436     public void setRepositoryRequest( RepositoryRequest repositoryRequest )
1437     {
1438         this.repositoryRequest = repositoryRequest;
1439     }
1440
1441     public void setConnectors( RepositoryProxyConnectors connectors )
1442     {
1443         this.connectors = connectors;
1444     }
1445
1446     public RemoteRepositoryAdmin getRemoteRepositoryAdmin()
1447     {
1448         return remoteRepositoryAdmin;
1449     }
1450
1451     public void setRemoteRepositoryAdmin( RemoteRepositoryAdmin remoteRepositoryAdmin )
1452     {
1453         this.remoteRepositoryAdmin = remoteRepositoryAdmin;
1454     }
1455
1456     public ManagedRepositoryAdmin getManagedRepositoryAdmin()
1457     {
1458         return managedRepositoryAdmin;
1459     }
1460
1461     public void setManagedRepositoryAdmin( ManagedRepositoryAdmin managedRepositoryAdmin )
1462     {
1463         this.managedRepositoryAdmin = managedRepositoryAdmin;
1464     }
1465 }