</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>org.codehaus.plexus.redback</groupId>
- <artifactId>redback-xwork-integration</artifactId>
- <exclusions>
- <exclusion>
- <groupId>org.codehaus.plexus</groupId>
- <artifactId>plexus-container-default</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.derby</groupId>
- <artifactId>derby</artifactId>
- <scope>provided</scope>
- </dependency>
</dependencies>
</project>
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
-import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
implements ServletAuthenticator
{
private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
-
- /**
- * @plexus.requirement role-hint="basic"
- */
- private HttpAuthenticator httpAuth;
/**
* @plexus.requirement
*/
private SecuritySystem securitySystem;
-
- public boolean isAuthenticated( HttpServletRequest request, String repositoryId )
- throws AuthenticationException, AccountLockedException, MustChangePasswordException
- {
- AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
-
+
+ public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result, String repositoryId )
+ throws AuthenticationException, AccountLockedException, MustChangePasswordException
+ {
if ( result != null && !result.isAuthenticated() )
{
- throw new AuthenticationException( "User Credentials Invalid" );
- }
+ throw new AuthenticationException( "User Credentials Invalid" );
+ }
return true;
}
- public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest )
+ public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
+ boolean isWriteRequest )
throws AuthorizationException
- {
- SecuritySession securitySession = httpAuth.getSecuritySession();
-
+ {
String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
if ( isWriteRequest )
{
permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
}
-
+
AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
-
+
if ( !authzResult.isAuthorized() )
{
if ( authzResult.getException() != null )
log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
",permission=" + permission + ",repo=" + repositoryId + "] : " +
authzResult.getException().getMessage() );
- }
+ }
}
return true;
- }
+ }
}
import javax.servlet.http.HttpServletRequest;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+import org.codehaus.plexus.redback.system.SecuritySession;
/**
- *
* @author <a href="mailto:oching@apache.org">Maria Odea Ching</a>
- * @version
+ * @version
*/
public interface ServletAuthenticator
{
- public boolean isAuthenticated( HttpServletRequest request, String repositoryId )
+ public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result, String repositoryId )
throws AuthenticationException, AccountLockedException, MustChangePasswordException;
-
- public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest )
- throws AuthorizationException;
+
+ public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
+ boolean isWriteRequest ) throws AuthorizationException;
}
import org.apache.maven.archiva.security.ServletAuthenticator;
import org.apache.maven.archiva.security.UserRepositories;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
import org.codehaus.plexus.spring.PlexusToSpringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private ServletAuthenticator servletAuth;
+ private HttpAuthenticator httpAuth;
+
public void init( javax.servlet.ServletConfig servletConfig )
throws ServletException
{
super.init( servletConfig );
wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() );
- // securitySystem =
- // (SecuritySystem) wac.getBean( PlexusToSpringUtils.buildSpringId( SecuritySystem.class.getName() ) );
userRepositories =
(UserRepositories) wac.getBean( PlexusToSpringUtils.buildSpringId( UserRepositories.class.getName() ) );
- // httpAuth =
- // (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) );
servletAuth =
(ServletAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( ServletAuthenticator.class.getName() ) );
+ httpAuth =
+ (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) );
}
public void doGet( HttpServletRequest req, HttpServletResponse res )
{
try
{
- if ( servletAuth.isAuthenticated( req, repoId ) && servletAuth.isAuthorized( req, repoId, false ) )
+ AuthenticationResult result = httpAuth.getAuthenticationResult( req, null );
+ SecuritySession securitySession = httpAuth.getSecuritySession();
+
+ if ( servletAuth.isAuthenticated( req, result, repoId ) &&
+ servletAuth.isAuthorized( req, securitySession, repoId, false ) )
{
return true;
}
return Collections.emptyList();
}
- /*
- private boolean isAuthenticated( HttpServletRequest request, String repositoryId )
- {
- try
- {
- AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
-
- if ( result != null && !result.isAuthenticated() )
- {
- log.error( "User credentials is invalid." );
- return false;
- }
- }
- catch ( AuthenticationException e )
- {
- log.error( "User is not authenticated." );
- return false;
- }
- catch ( AccountLockedException e )
- {
- log.error( "User account is locked." );
- return false;
- }
- catch ( MustChangePasswordException e )
- {
- log.error( "Password must be changed." );
- return false;
- }
-
- return true;
- }
-
- private boolean isAuthorized( HttpServletRequest request, String repositoryId )
- {
- SecuritySession securitySession = httpAuth.getSecuritySession();
-
- try
- {
- String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
-
- AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
-
- if ( !authzResult.isAuthorized() )
- {
- if ( authzResult.getException() != null )
- {
- log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission +
- ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() );
- }
- return false;
- }
- }
- catch ( AuthorizationException e )
- {
- log.error( "Error in authorization : " + e.getMessage() );
- return false;
- }
-
- return true;
- }
- */
}
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.codehaus.plexus.redback</groupId>
+ <artifactId>redback-xwork-integration</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-container-default</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
<!-- Required by it.could classes -->
import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
import org.apache.maven.archiva.security.ServletAuthenticator;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.spring.PlexusToSpringUtils;
import org.springframework.web.context.WebApplicationContext;
private Logger log = LoggerFactory.getLogger(ArchivaDavSessionProvider.class);
private ServletAuthenticator servletAuth;
+
+ private HttpAuthenticator httpAuth;
public ArchivaDavSessionProvider(WebApplicationContext applicationContext)
{
servletAuth = (ServletAuthenticator) applicationContext.getBean( PlexusToSpringUtils.buildSpringId( ServletAuthenticator.class.getName() ) );
+ httpAuth =
+ (HttpAuthenticator) applicationContext.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) );
}
public boolean attachSession(WebdavRequest request) throws DavException
try
{
- return servletAuth.isAuthenticated(request, repositoryId) &&
- servletAuth.isAuthorized(request, repositoryId, WebdavMethodUtil.isWriteMethod( request.getMethod() ) );
+ AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
+ SecuritySession securitySession = httpAuth.getSecuritySession();
+
+ return servletAuth.isAuthenticated(request, result, repositoryId) &&
+ servletAuth.isAuthorized(request, securitySession, repositoryId, WebdavMethodUtil.isWriteMethod( request.getMethod() ) );
}
catch ( AuthenticationException e )
{
projects / archiva.git / commitdiff