source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.security;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  *  http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import javax.inject.Inject;
  23 import javax.servlet.http.HttpServletRequest;
  24
  25 import org.codehaus.plexus.redback.authentication.AuthenticationException;
  26 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
  27 import org.codehaus.plexus.redback.authorization.AuthorizationException;
  28 import org.codehaus.plexus.redback.authorization.AuthorizationResult;
  29 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
  30 import org.codehaus.plexus.redback.policy.AccountLockedException;
  31 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
  32 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
  33 import org.codehaus.plexus.redback.system.SecuritySession;
  34 import org.codehaus.plexus.redback.system.SecuritySystem;
  35 import org.codehaus.plexus.redback.users.User;
  36 import org.codehaus.plexus.redback.users.UserNotFoundException;
  37 import org.slf4j.Logger;
  38 import org.slf4j.LoggerFactory;
  39 import org.springframework.stereotype.Service;
  40
  41 /**
  42  *
  43  */
  44 @Service("servletAuthenticator")
  45 public class ArchivaServletAuthenticator
  46     implements ServletAuthenticator
  47 {
  48     private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
  49
  50     /**
  51      * plexus.requirement
  52      */
  53     @Inject
  54     private SecuritySystem securitySystem;
  55
  56     public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
  57         throws AuthenticationException, AccountLockedException, MustChangePasswordException
  58     {
  59         if ( result != null && !result.isAuthenticated() )
  60         {
  61             throw new AuthenticationException( "User Credentials Invalid" );
  62         }
  63
  64         return true;
  65     }
  66
  67     public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
  68                                  String permission )
  69         throws AuthorizationException, UnauthorizedException
  70     {
  71         // TODO: also check for permission to proxy the resource when MRM-579 is implemented
  72
  73         AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
  74
  75         if ( !authzResult.isAuthorized() )
  76         {
  77             if ( authzResult.getException() != null )
  78             {
  79                 log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission
  80                     + ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() );
  81
  82                 throw new UnauthorizedException( "Access denied for repository " + repositoryId );
  83             }
  84             throw new UnauthorizedException( "User account is locked" );
  85         }
  86
  87         return true;
  88     }
  89
  90     public boolean isAuthorized( String principal, String repoId, String permission )
  91         throws UnauthorizedException
  92     {
  93         try
  94         {
  95             User user = securitySystem.getUserManager().findUser( principal );
  96             if ( user == null )
  97             {
  98                 throw new UnauthorizedException( "The security system had an internal error - please check your system logs" );
  99             }
 100             if ( user.isLocked() )
 101             {
 102                 throw new UnauthorizedException( "User account is locked." );
 103             }
 104
 105             AuthenticationResult authn = new AuthenticationResult( true, principal, null );
 106             SecuritySession securitySession = new DefaultSecuritySession( authn, user );
 107
 108             return securitySystem.isAuthorized( securitySession, permission, repoId );
 109         }
 110         catch ( UserNotFoundException e )
 111         {
 112             throw new UnauthorizedException( e.getMessage() );
 113         }
 114         catch ( AuthorizationException e )
 115         {
 116             throw new UnauthorizedException( e.getMessage() );
 117         }
 118     }
 119
 120
 121     public SecuritySystem getSecuritySystem()
 122     {
 123         return securitySystem;
 124     }
 125
 126     public void setSecuritySystem( SecuritySystem securitySystem )
 127     {
 128         this.securitySystem = securitySystem;
 129     }
 130 }