]> source.dussan.org Git - archiva.git/blob
f12b28378bc33c705a1ca8b8bd362bcf08e4ee31
[archiva.git] /
1 package org.apache.archiva.web.xmlrpc.security;\r
2 \r
3 /*\r
4  * Licensed to the Apache Software Foundation (ASF) under one\r
5  * or more contributor license agreements.  See the NOTICE file\r
6  * distributed with this work for additional information\r
7  * regarding copyright ownership.  The ASF licenses this file\r
8  * to you under the Apache License, Version 2.0 (the\r
9  * "License"); you may not use this file except in compliance\r
10  * with the License.  You may obtain a copy of the License at\r
11  *\r
12  *  http://www.apache.org/licenses/LICENSE-2.0\r
13  *\r
14  * Unless required by applicable law or agreed to in writing,\r
15  * software distributed under the License is distributed on an\r
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r
17  * KIND, either express or implied.  See the License for the\r
18  * specific language governing permissions and limitations\r
19  * under the License.\r
20  */\r
21 \r
22 import org.apache.maven.archiva.security.ArchivaRoleConstants;\r
23 import org.apache.xmlrpc.XmlRpcException;\r
24 import org.apache.xmlrpc.XmlRpcRequest;\r
25 import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;\r
26 import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler;\r
27 import org.codehaus.plexus.redback.authentication.AuthenticationException;\r
28 import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;\r
29 import org.codehaus.plexus.redback.authorization.AuthorizationException;\r
30 import org.codehaus.plexus.redback.authorization.AuthorizationResult;\r
31 import org.codehaus.plexus.redback.policy.AccountLockedException;\r
32 import org.codehaus.plexus.redback.system.SecuritySession;\r
33 import org.codehaus.plexus.redback.system.SecuritySystem;\r
34 import org.codehaus.plexus.redback.users.UserNotFoundException;\r
35 \r
36 public class XmlRpcAuthenticator\r
37     implements AuthenticationHandler\r
38 {\r
39     private final SecuritySystem securitySystem;\r
40 \r
41     public XmlRpcAuthenticator( SecuritySystem securitySystem )\r
42     {\r
43         this.securitySystem = securitySystem;\r
44     }\r
45 \r
46     public boolean isAuthorized( XmlRpcRequest pRequest )\r
47         throws XmlRpcException\r
48     {\r
49         if ( pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl )\r
50         {\r
51             XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl) pRequest.getConfig();\r
52             SecuritySession session =\r
53                 authenticate( new PasswordBasedAuthenticationDataSource( config.getBasicUserName(),\r
54                                                                          config.getBasicPassword() ) );\r
55             AuthorizationResult result = authorize( session );\r
56             return result.isAuthorized();\r
57         }\r
58 \r
59         throw new XmlRpcException( "Unsupported transport (must be http)" );\r
60     }\r
61 \r
62     private SecuritySession authenticate( PasswordBasedAuthenticationDataSource authenticationDataSource )\r
63         throws XmlRpcException\r
64     {\r
65         try\r
66         {\r
67             return securitySystem.authenticate( authenticationDataSource );\r
68         }\r
69         catch ( AccountLockedException e )\r
70         {\r
71             throw new XmlRpcException( 401, e.getMessage(), e );\r
72         }\r
73         catch ( AuthenticationException e )\r
74         {\r
75             throw new XmlRpcException( 401, e.getMessage(), e );\r
76         }\r
77         catch ( UserNotFoundException e )\r
78         {\r
79             throw new XmlRpcException( 401, e.getMessage(), e );\r
80         }\r
81     }\r
82 \r
83     private AuthorizationResult authorize( SecuritySession session )\r
84         throws XmlRpcException\r
85     {\r
86         try\r
87         {\r
88             //TODO authorization/permissions should be checked depending on the service being accessed\r
89             \r
90             return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE );\r
91         }\r
92         catch ( AuthorizationException e )\r
93         {\r
94             throw new XmlRpcException( 401, e.getMessage(), e );\r
95         }\r
96     }\r
97 }\r