--- /dev/null
+package org.apache.archiva.web.rss;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import com.sun.syndication.feed.synd.SyndFeed;
+import com.sun.syndication.io.FeedException;
+import com.sun.syndication.io.SyndFeedOutput;
+import org.apache.archiva.metadata.repository.RepositorySession;
+import org.apache.archiva.metadata.repository.RepositorySessionFactory;
+import org.apache.archiva.rss.processor.RssFeedProcessor;
+import org.apache.commons.codec.Decoder;
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang.StringUtils;
+import org.apache.maven.archiva.security.AccessDeniedException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.apache.maven.archiva.security.ArchivaSecurityException;
+import org.apache.maven.archiva.security.PrincipalNotFoundException;
+import org.apache.maven.archiva.security.ServletAuthenticator;
+import org.apache.maven.archiva.security.UserRepositories;
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.users.UserManager;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Servlet for handling rss feed requests.
+ */
+public class RssFeedServlet
+ extends HttpServlet
+{
+ public static final String MIME_TYPE = "application/rss+xml; charset=UTF-8";
+
+ private static final String COULD_NOT_GENERATE_FEED_ERROR = "Could not generate feed";
+
+ private static final String COULD_NOT_AUTHENTICATE_USER = "Could not authenticate user";
+
+ private static final String USER_NOT_AUTHORIZED = "User not authorized to access feed.";
+
+ private Logger log = LoggerFactory.getLogger( RssFeedServlet.class );
+
+ private RssFeedProcessor processor;
+
+ private WebApplicationContext wac;
+
+ private UserRepositories userRepositories;
+
+ private ServletAuthenticator servletAuth;
+
+ private HttpAuthenticator httpAuth;
+
+ private RepositorySessionFactory repositorySessionFactory;
+
+ public void init( javax.servlet.ServletConfig servletConfig )
+ throws ServletException
+ {
+ super.init( servletConfig );
+ wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() );
+ userRepositories = wac.getBean( UserRepositories.class );
+ servletAuth = wac.getBean( ServletAuthenticator.class );
+ httpAuth = wac.getBean( "httpAuthenticator#basic", HttpAuthenticator.class );
+ // TODO: what if there are other types?
+ repositorySessionFactory = wac.getBean( "repositorySessionFactory", RepositorySessionFactory.class );
+ }
+
+ public void doGet( HttpServletRequest req, HttpServletResponse res )
+ throws ServletException, IOException
+ {
+ String repoId = null;
+ String groupId = null;
+ String artifactId = null;
+
+ String url = StringUtils.removeEnd( req.getRequestURL().toString(), "/" );
+ if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) > 0 )
+ {
+ artifactId = StringUtils.substringAfterLast( url, "/" );
+ groupId = StringUtils.substringBeforeLast( StringUtils.substringAfter( url, "feeds/" ), "/" );
+ groupId = StringUtils.replaceChars( groupId, '/', '.' );
+ }
+ else if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) == 0 )
+ {
+ repoId = StringUtils.substringAfterLast( url, "/" );
+ }
+ else
+ {
+ res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Invalid request url." );
+ return;
+ }
+
+ try
+ {
+ Map<String, String> map = new HashMap<String, String>();
+ SyndFeed feed = null;
+
+ if ( isAllowed( req, repoId, groupId, artifactId ) )
+ {
+ if ( repoId != null )
+ {
+ // new artifacts in repo feed request
+ processor = wac.getBean( "rssFeedProcessor#new-artifacts", RssFeedProcessor.class );
+ map.put( RssFeedProcessor.KEY_REPO_ID, repoId );
+ }
+ else if ( ( groupId != null ) && ( artifactId != null ) )
+ {
+ // TODO: this only works for guest - we could pass in the list of repos
+ // new versions of artifact feed request
+ processor = wac.getBean( "rssFeedProcessor#new-versions", RssFeedProcessor.class );
+ map.put( RssFeedProcessor.KEY_GROUP_ID, groupId );
+ map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId );
+ }
+ }
+ else
+ {
+ res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
+ return;
+ }
+
+ RepositorySession repositorySession = repositorySessionFactory.createSession();
+ try
+ {
+ feed = processor.process( map, repositorySession.getRepository() );
+ }
+ finally
+ {
+ repositorySession.close();
+ }
+ if ( feed == null )
+ {
+ res.sendError( HttpServletResponse.SC_NO_CONTENT, "No information available." );
+ return;
+ }
+
+ res.setContentType( MIME_TYPE );
+
+ if ( repoId != null )
+ {
+ feed.setLink( req.getRequestURL().toString() );
+ }
+ else if ( ( groupId != null ) && ( artifactId != null ) )
+ {
+ feed.setLink( req.getRequestURL().toString() );
+ }
+
+ SyndFeedOutput output = new SyndFeedOutput();
+ output.output( feed, res.getWriter() );
+ }
+ catch ( UserNotFoundException unfe )
+ {
+ log.debug( COULD_NOT_AUTHENTICATE_USER, unfe );
+ res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
+ }
+ catch ( AccountLockedException acce )
+ {
+ res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
+ }
+ catch ( AuthenticationException authe )
+ {
+ log.debug( COULD_NOT_AUTHENTICATE_USER, authe );
+ res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
+ }
+ catch ( FeedException ex )
+ {
+ log.debug( COULD_NOT_GENERATE_FEED_ERROR, ex );
+ res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, COULD_NOT_GENERATE_FEED_ERROR );
+ }
+ catch ( MustChangePasswordException e )
+ {
+ res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
+ }
+ catch ( UnauthorizedException e )
+ {
+ log.debug( e.getMessage() );
+ if ( repoId != null )
+ {
+ res.setHeader( "WWW-Authenticate",
+ "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" );
+ }
+ else
+ {
+ res.setHeader( "WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId );
+ }
+
+ res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
+ }
+ }
+
+ /**
+ * Basic authentication.
+ *
+ * @param req
+ * @param repositoryId TODO
+ * @param groupId TODO
+ * @param artifactId TODO
+ * @return
+ */
+ private boolean isAllowed( HttpServletRequest req, String repositoryId, String groupId, String artifactId )
+ throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException,
+ UnauthorizedException
+ {
+ String auth = req.getHeader( "Authorization" );
+ List<String> repoIds = new ArrayList<String>();
+
+ if ( repositoryId != null )
+ {
+ repoIds.add( repositoryId );
+ }
+ else if ( artifactId != null && groupId != null )
+ {
+ if ( auth != null )
+ {
+ if ( !auth.toUpperCase().startsWith( "BASIC " ) )
+ {
+ return false;
+ }
+
+ Decoder dec = new Base64();
+ String usernamePassword = "";
+
+ try
+ {
+ usernamePassword = new String( (byte[]) dec.decode( auth.substring( 6 ).getBytes() ) );
+ }
+ catch ( DecoderException ie )
+ {
+ log.warn( "Error decoding username and password.", ie.getMessage() );
+ }
+
+ if ( usernamePassword == null || usernamePassword.trim().equals( "" ) )
+ {
+ repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
+ }
+ else
+ {
+ String[] userCredentials = usernamePassword.split( ":" );
+ repoIds = getObservableRepos( userCredentials[0] );
+ }
+ }
+ else
+ {
+ repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
+ }
+ }
+ else
+ {
+ return false;
+ }
+
+ for ( String repoId : repoIds )
+ {
+ try
+ {
+ AuthenticationResult result = httpAuth.getAuthenticationResult( req, null );
+ SecuritySession securitySession = httpAuth.getSecuritySession( req.getSession( true ) );
+
+ if ( servletAuth.isAuthenticated( req, result ) && servletAuth.isAuthorized( req, securitySession,
+ repoId,
+ ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) )
+ {
+ return true;
+ }
+ }
+ catch ( AuthorizationException e )
+ {
+
+ }
+ catch ( UnauthorizedException e )
+ {
+
+ }
+ }
+
+ throw new UnauthorizedException( "Access denied." );
+ }
+
+ private List<String> getObservableRepos( String principal )
+ {
+ try
+ {
+ return userRepositories.getObservableRepositoryIds( principal );
+ }
+ catch ( PrincipalNotFoundException e )
+ {
+ log.warn( e.getMessage(), e );
+ }
+ catch ( AccessDeniedException e )
+ {
+ log.warn( e.getMessage(), e );
+ }
+ catch ( ArchivaSecurityException e )
+ {
+ log.warn( e.getMessage(), e );
+ }
+
+ return Collections.emptyList();
+ }
+
+}
+++ /dev/null
-package org.apache.maven.archiva.web.rss;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import com.sun.syndication.feed.synd.SyndFeed;
-import com.sun.syndication.io.FeedException;
-import com.sun.syndication.io.SyndFeedOutput;
-import org.apache.archiva.metadata.repository.RepositorySession;
-import org.apache.archiva.metadata.repository.RepositorySessionFactory;
-import org.apache.archiva.rss.processor.RssFeedProcessor;
-import org.apache.commons.codec.Decoder;
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.StringUtils;
-import org.apache.maven.archiva.security.AccessDeniedException;
-import org.apache.maven.archiva.security.ArchivaRoleConstants;
-import org.apache.maven.archiva.security.ArchivaSecurityException;
-import org.apache.maven.archiva.security.PrincipalNotFoundException;
-import org.apache.maven.archiva.security.ServletAuthenticator;
-import org.apache.maven.archiva.security.UserRepositories;
-import org.codehaus.plexus.redback.authentication.AuthenticationException;
-import org.codehaus.plexus.redback.authentication.AuthenticationResult;
-import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.authorization.UnauthorizedException;
-import org.codehaus.plexus.redback.policy.AccountLockedException;
-import org.codehaus.plexus.redback.policy.MustChangePasswordException;
-import org.codehaus.plexus.redback.system.SecuritySession;
-import org.codehaus.plexus.redback.users.UserManager;
-import org.codehaus.plexus.redback.users.UserNotFoundException;
-import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * Servlet for handling rss feed requests.
- */
-public class RssFeedServlet
- extends HttpServlet
-{
- public static final String MIME_TYPE = "application/rss+xml; charset=UTF-8";
-
- private static final String COULD_NOT_GENERATE_FEED_ERROR = "Could not generate feed";
-
- private static final String COULD_NOT_AUTHENTICATE_USER = "Could not authenticate user";
-
- private static final String USER_NOT_AUTHORIZED = "User not authorized to access feed.";
-
- private Logger log = LoggerFactory.getLogger( RssFeedServlet.class );
-
- private RssFeedProcessor processor;
-
- private WebApplicationContext wac;
-
- private UserRepositories userRepositories;
-
- private ServletAuthenticator servletAuth;
-
- private HttpAuthenticator httpAuth;
-
- private RepositorySessionFactory repositorySessionFactory;
-
- public void init( javax.servlet.ServletConfig servletConfig )
- throws ServletException
- {
- super.init( servletConfig );
- wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() );
- userRepositories = wac.getBean( UserRepositories.class );
- servletAuth = wac.getBean( ServletAuthenticator.class );
- httpAuth = wac.getBean( "httpAuthenticator#basic", HttpAuthenticator.class );
- // TODO: what if there are other types?
- repositorySessionFactory = wac.getBean( "repositorySessionFactory", RepositorySessionFactory.class );
- }
-
- public void doGet( HttpServletRequest req, HttpServletResponse res )
- throws ServletException, IOException
- {
- String repoId = null;
- String groupId = null;
- String artifactId = null;
-
- String url = StringUtils.removeEnd( req.getRequestURL().toString(), "/" );
- if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) > 0 )
- {
- artifactId = StringUtils.substringAfterLast( url, "/" );
- groupId = StringUtils.substringBeforeLast( StringUtils.substringAfter( url, "feeds/" ), "/" );
- groupId = StringUtils.replaceChars( groupId, '/', '.' );
- }
- else if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) == 0 )
- {
- repoId = StringUtils.substringAfterLast( url, "/" );
- }
- else
- {
- res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Invalid request url." );
- return;
- }
-
- try
- {
- Map<String, String> map = new HashMap<String, String>();
- SyndFeed feed = null;
-
- if ( isAllowed( req, repoId, groupId, artifactId ) )
- {
- if ( repoId != null )
- {
- // new artifacts in repo feed request
- processor = wac.getBean( "rssFeedProcessor#new-artifacts", RssFeedProcessor.class );
- map.put( RssFeedProcessor.KEY_REPO_ID, repoId );
- }
- else if ( ( groupId != null ) && ( artifactId != null ) )
- {
- // TODO: this only works for guest - we could pass in the list of repos
- // new versions of artifact feed request
- processor = wac.getBean( "rssFeedProcessor#new-versions", RssFeedProcessor.class );
- map.put( RssFeedProcessor.KEY_GROUP_ID, groupId );
- map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId );
- }
- }
- else
- {
- res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
- return;
- }
-
- RepositorySession repositorySession = repositorySessionFactory.createSession();
- try
- {
- feed = processor.process( map, repositorySession.getRepository() );
- }
- finally
- {
- repositorySession.close();
- }
- if ( feed == null )
- {
- res.sendError( HttpServletResponse.SC_NO_CONTENT, "No information available." );
- return;
- }
-
- res.setContentType( MIME_TYPE );
-
- if ( repoId != null )
- {
- feed.setLink( req.getRequestURL().toString() );
- }
- else if ( ( groupId != null ) && ( artifactId != null ) )
- {
- feed.setLink( req.getRequestURL().toString() );
- }
-
- SyndFeedOutput output = new SyndFeedOutput();
- output.output( feed, res.getWriter() );
- }
- catch ( UserNotFoundException unfe )
- {
- log.debug( COULD_NOT_AUTHENTICATE_USER, unfe );
- res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
- }
- catch ( AccountLockedException acce )
- {
- res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
- }
- catch ( AuthenticationException authe )
- {
- log.debug( COULD_NOT_AUTHENTICATE_USER, authe );
- res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
- }
- catch ( FeedException ex )
- {
- log.debug( COULD_NOT_GENERATE_FEED_ERROR, ex );
- res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, COULD_NOT_GENERATE_FEED_ERROR );
- }
- catch ( MustChangePasswordException e )
- {
- res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
- }
- catch ( UnauthorizedException e )
- {
- log.debug( e.getMessage() );
- if ( repoId != null )
- {
- res.setHeader( "WWW-Authenticate",
- "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" );
- }
- else
- {
- res.setHeader( "WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId );
- }
-
- res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
- }
- }
-
- /**
- * Basic authentication.
- *
- * @param req
- * @param repositoryId TODO
- * @param groupId TODO
- * @param artifactId TODO
- * @return
- */
- private boolean isAllowed( HttpServletRequest req, String repositoryId, String groupId, String artifactId )
- throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException,
- UnauthorizedException
- {
- String auth = req.getHeader( "Authorization" );
- List<String> repoIds = new ArrayList<String>();
-
- if ( repositoryId != null )
- {
- repoIds.add( repositoryId );
- }
- else if ( artifactId != null && groupId != null )
- {
- if ( auth != null )
- {
- if ( !auth.toUpperCase().startsWith( "BASIC " ) )
- {
- return false;
- }
-
- Decoder dec = new Base64();
- String usernamePassword = "";
-
- try
- {
- usernamePassword = new String( (byte[]) dec.decode( auth.substring( 6 ).getBytes() ) );
- }
- catch ( DecoderException ie )
- {
- log.warn( "Error decoding username and password.", ie.getMessage() );
- }
-
- if ( usernamePassword == null || usernamePassword.trim().equals( "" ) )
- {
- repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
- }
- else
- {
- String[] userCredentials = usernamePassword.split( ":" );
- repoIds = getObservableRepos( userCredentials[0] );
- }
- }
- else
- {
- repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
- }
- }
- else
- {
- return false;
- }
-
- for ( String repoId : repoIds )
- {
- try
- {
- AuthenticationResult result = httpAuth.getAuthenticationResult( req, null );
- SecuritySession securitySession = httpAuth.getSecuritySession( req.getSession( true ) );
-
- if ( servletAuth.isAuthenticated( req, result ) && servletAuth.isAuthorized( req, securitySession,
- repoId,
- ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) )
- {
- return true;
- }
- }
- catch ( AuthorizationException e )
- {
-
- }
- catch ( UnauthorizedException e )
- {
-
- }
- }
-
- throw new UnauthorizedException( "Access denied." );
- }
-
- private List<String> getObservableRepos( String principal )
- {
- try
- {
- return userRepositories.getObservableRepositoryIds( principal );
- }
- catch ( PrincipalNotFoundException e )
- {
- log.warn( e.getMessage(), e );
- }
- catch ( AccessDeniedException e )
- {
- log.warn( e.getMessage(), e );
- }
- catch ( ArchivaSecurityException e )
- {
- log.warn( e.getMessage(), e );
- }
-
- return Collections.emptyList();
- }
-
-}
<servlet>
<servlet-name>RssFeedServlet</servlet-name>
<servlet-class>
- org.apache.maven.archiva.web.rss.RssFeedServlet
- </servlet-class>
+ org.apache.archiva.web.rss.RssFeedServlet
+ </servlet-class>
</servlet>
<servlet-mapping>
--- /dev/null
+package org.apache.archiva.web.rss;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import com.meterware.httpunit.GetMethodWebRequest;
+import com.meterware.httpunit.HttpException;
+import com.meterware.httpunit.WebRequest;
+import com.meterware.httpunit.WebResponse;
+import com.meterware.servletunit.ServletRunner;
+import com.meterware.servletunit.ServletUnitClient;
+import junit.framework.TestCase;
+import org.apache.commons.codec.Encoder;
+import org.apache.commons.codec.binary.Base64;
+import sun.misc.BASE64Encoder;
+
+import java.io.File;
+import javax.servlet.http.HttpServletResponse;
+
+public class RssFeedServletTest
+ extends TestCase
+{
+ private ServletRunner sr;
+
+ private ServletUnitClient client;
+
+ public void setUp()
+ throws Exception
+ {
+ sr = new ServletRunner( new File( "src/test/webapp/WEB-INF/feedServletTest-web.xml" ) );
+ client = sr.newClient();
+ }
+
+ public void testRetrieveServlet()
+ throws Exception
+ {
+ RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
+ "http://localhost/feeds/test-repo" ).getServlet();
+ assertNotNull( servlet );
+ }
+
+ public void testRequestNewArtifactsInRepo()
+ throws Exception
+ {
+ RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
+ "http://localhost/feeds/test-repo" ).getServlet();
+ assertNotNull( servlet );
+
+ WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/test-repo" );
+
+ BASE64Encoder encoder = new BASE64Encoder();
+ String userPass = "user1:password1";
+ String encodedUserPass = encoder.encode( userPass.getBytes() );
+ request.setHeaderField( "Authorization", "BASIC " + encodedUserPass );
+
+ WebResponse response = client.getResponse( request );
+ assertEquals( RssFeedServlet.MIME_TYPE, response.getHeaderField( "CONTENT-TYPE" ) );
+ assertNotNull( "Should have recieved a response", response );
+ assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() );
+ }
+
+ public void testRequestNewVersionsOfArtifact()
+ throws Exception
+ {
+ RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
+ "http://localhost/feeds/org/apache/archiva/artifact-two" ).getServlet();
+ assertNotNull( servlet );
+
+ WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/org/apache/archiva/artifact-two" );
+
+ BASE64Encoder encoder = new BASE64Encoder();
+ String userPass = "user1:password1";
+ String encodedUserPass = encoder.encode( userPass.getBytes() );
+ request.setHeaderField( "Authorization", "BASIC " + encodedUserPass );
+
+ WebResponse response = client.getResponse( request );
+ assertEquals( RssFeedServlet.MIME_TYPE, response.getHeaderField( "CONTENT-TYPE" ) );
+ assertNotNull( "Should have recieved a response", response );
+ assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() );
+ }
+
+ public void XXX_testInvalidRequest()
+ throws Exception
+ {
+ RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
+ "http://localhost/feeds?invalid_param=xxx" ).getServlet();
+ assertNotNull( servlet );
+
+ try
+ {
+ WebResponse resp = client.getResponse( "http://localhost/feeds?invalid_param=xxx" );
+ assertEquals( HttpServletResponse.SC_BAD_REQUEST, resp.getResponseCode() );
+ }
+ catch ( HttpException he )
+ {
+ assertEquals( "Should have been a bad request response code.", HttpServletResponse.SC_BAD_REQUEST,
+ he.getResponseCode() );
+ }
+ }
+
+ public void XXX_testInvalidAuthenticationRequest()
+ throws Exception
+ {
+ RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
+ "http://localhost/feeds/unauthorized-repo" ).getServlet();
+ assertNotNull( servlet );
+
+ WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/unauthorized-repo" );
+
+ Encoder encoder = new Base64();
+ String userPass = "unauthUser:unauthPass";
+ String encodedUserPass = new String( (byte[]) encoder.encode( userPass.getBytes() ) );
+ request.setHeaderField( "Authorization", "BASIC " + encodedUserPass );
+
+ try
+ {
+ WebResponse resp = client.getResponse( request );
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, resp.getResponseCode() );
+ }
+ catch ( HttpException he )
+ {
+ assertEquals( "Should have been a unauthorized response.", HttpServletResponse.SC_UNAUTHORIZED,
+ he.getResponseCode() );
+ }
+ }
+
+ public void XXX_testUnauthorizedRequest()
+ throws Exception
+ {
+ RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
+ "http://localhost/feeds/unauthorized-repo" ).getServlet();
+ assertNotNull( servlet );
+
+ WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/unauthorized-repo" );
+
+ BASE64Encoder encoder = new BASE64Encoder();
+ String userPass = "user1:password1";
+ String encodedUserPass = encoder.encode( userPass.getBytes() );
+ request.setHeaderField( "Authorization", "BASIC " + encodedUserPass );
+
+ try
+ {
+ WebResponse resp = client.getResponse( request );
+ assertEquals( HttpServletResponse.SC_UNAUTHORIZED, resp.getResponseCode() );
+ }
+ catch ( HttpException he )
+ {
+ assertEquals( "Should have been a unauthorized response.", HttpServletResponse.SC_UNAUTHORIZED,
+ he.getResponseCode() );
+ }
+ }
+
+ @Override
+ protected void tearDown()
+ throws Exception
+ {
+ if ( client != null )
+ {
+ client.clearContents();
+ }
+
+ if ( sr != null )
+ {
+ sr.shutDown();
+ }
+
+ super.tearDown();
+ }
+
+}
--- /dev/null
+package org.apache.archiva.web.rss;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.AuthorizationResult;
+import org.codehaus.plexus.redback.keys.KeyManager;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
+import org.codehaus.plexus.redback.system.DefaultSecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserManager;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.codehaus.plexus.redback.users.jdo.JdoUser;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * SecuritySystem stub used for testing.
+ *
+ * @version $Id$
+ */
+public class SecuritySystemStub
+ implements SecuritySystem
+{
+ Map<String, String> users = new HashMap<String, String>();
+
+ List<String> repoIds = new ArrayList<String>();
+
+ public SecuritySystemStub()
+ {
+ users.put( "user1", "password1" );
+ users.put( "user2", "password2" );
+ users.put( "user3", "password3" );
+
+ repoIds.add( "test-repo" );
+ }
+
+ public SecuritySession authenticate( AuthenticationDataSource source )
+ throws AuthenticationException, UserNotFoundException, AccountLockedException
+ {
+ AuthenticationResult result = null;
+ SecuritySession session = null;
+
+ if ( users.get( source.getPrincipal() ) != null )
+ {
+ result = new AuthenticationResult( true, source.getPrincipal(), null );
+
+ User user = new JdoUser();
+ user.setUsername( source.getPrincipal() );
+ user.setPassword( users.get( source.getPrincipal() ) );
+
+ session = new DefaultSecuritySession( result, user );
+ }
+ else
+ {
+ result = new AuthenticationResult( false, source.getPrincipal(), null );
+ session = new DefaultSecuritySession( result );
+ }
+ return session;
+ }
+
+ public AuthorizationResult authorize( SecuritySession arg0, Object arg1 )
+ throws AuthorizationException
+ {
+ return null;
+ }
+
+ public AuthorizationResult authorize( SecuritySession arg0, Object arg1, Object arg2 )
+ throws AuthorizationException
+ {
+ AuthorizationResult result = new AuthorizationResult( true, arg1, null );
+
+ return result;
+ }
+
+ public String getAuthenticatorId()
+ {
+ return null;
+ }
+
+ public String getAuthorizerId()
+ {
+ return null;
+ }
+
+ public KeyManager getKeyManager()
+ {
+ return null;
+ }
+
+ public UserSecurityPolicy getPolicy()
+ {
+ return null;
+ }
+
+ public String getUserManagementId()
+ {
+ return null;
+ }
+
+ public UserManager getUserManager()
+ {
+ return null;
+ }
+
+ public boolean isAuthenticated( AuthenticationDataSource arg0 )
+ throws AuthenticationException, UserNotFoundException, AccountLockedException
+ {
+ return false;
+ }
+
+ public boolean isAuthorized( SecuritySession arg0, Object arg1 )
+ throws AuthorizationException
+ {
+ return false;
+ }
+
+ public boolean isAuthorized( SecuritySession arg0, Object arg1, Object arg2 )
+ throws AuthorizationException
+ {
+ if ( repoIds.contains( arg2 ) )
+ {
+ return true;
+ }
+
+ return false;
+ }
+
+}
+++ /dev/null
-package org.apache.maven.archiva.web.rss;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import com.meterware.httpunit.GetMethodWebRequest;
-import com.meterware.httpunit.HttpException;
-import com.meterware.httpunit.WebRequest;
-import com.meterware.httpunit.WebResponse;
-import com.meterware.servletunit.ServletRunner;
-import com.meterware.servletunit.ServletUnitClient;
-import junit.framework.TestCase;
-import org.apache.commons.codec.Encoder;
-import org.apache.commons.codec.binary.Base64;
-import sun.misc.BASE64Encoder;
-
-import java.io.File;
-import javax.servlet.http.HttpServletResponse;
-
-public class RssFeedServletTest
- extends TestCase
-{
- private ServletRunner sr;
-
- private ServletUnitClient client;
-
- public void setUp()
- throws Exception
- {
- sr = new ServletRunner( new File( "src/test/webapp/WEB-INF/feedServletTest-web.xml" ) );
- client = sr.newClient();
- }
-
- public void testRetrieveServlet()
- throws Exception
- {
- RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
- "http://localhost/feeds/test-repo" ).getServlet();
- assertNotNull( servlet );
- }
-
- public void testRequestNewArtifactsInRepo()
- throws Exception
- {
- RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
- "http://localhost/feeds/test-repo" ).getServlet();
- assertNotNull( servlet );
-
- WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/test-repo" );
-
- BASE64Encoder encoder = new BASE64Encoder();
- String userPass = "user1:password1";
- String encodedUserPass = encoder.encode( userPass.getBytes() );
- request.setHeaderField( "Authorization", "BASIC " + encodedUserPass );
-
- WebResponse response = client.getResponse( request );
- assertEquals( RssFeedServlet.MIME_TYPE, response.getHeaderField( "CONTENT-TYPE" ) );
- assertNotNull( "Should have recieved a response", response );
- assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() );
- }
-
- public void testRequestNewVersionsOfArtifact()
- throws Exception
- {
- RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
- "http://localhost/feeds/org/apache/archiva/artifact-two" ).getServlet();
- assertNotNull( servlet );
-
- WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/org/apache/archiva/artifact-two" );
-
- BASE64Encoder encoder = new BASE64Encoder();
- String userPass = "user1:password1";
- String encodedUserPass = encoder.encode( userPass.getBytes() );
- request.setHeaderField( "Authorization", "BASIC " + encodedUserPass );
-
- WebResponse response = client.getResponse( request );
- assertEquals( RssFeedServlet.MIME_TYPE, response.getHeaderField( "CONTENT-TYPE" ) );
- assertNotNull( "Should have recieved a response", response );
- assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() );
- }
-
- public void XXX_testInvalidRequest()
- throws Exception
- {
- RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
- "http://localhost/feeds?invalid_param=xxx" ).getServlet();
- assertNotNull( servlet );
-
- try
- {
- WebResponse resp = client.getResponse( "http://localhost/feeds?invalid_param=xxx" );
- assertEquals( HttpServletResponse.SC_BAD_REQUEST, resp.getResponseCode() );
- }
- catch ( HttpException he )
- {
- assertEquals( "Should have been a bad request response code.", HttpServletResponse.SC_BAD_REQUEST,
- he.getResponseCode() );
- }
- }
-
- public void XXX_testInvalidAuthenticationRequest()
- throws Exception
- {
- RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
- "http://localhost/feeds/unauthorized-repo" ).getServlet();
- assertNotNull( servlet );
-
- WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/unauthorized-repo" );
-
- Encoder encoder = new Base64();
- String userPass = "unauthUser:unauthPass";
- String encodedUserPass = new String( (byte[]) encoder.encode( userPass.getBytes() ) );
- request.setHeaderField( "Authorization", "BASIC " + encodedUserPass );
-
- try
- {
- WebResponse resp = client.getResponse( request );
- assertEquals( HttpServletResponse.SC_UNAUTHORIZED, resp.getResponseCode() );
- }
- catch ( HttpException he )
- {
- assertEquals( "Should have been a unauthorized response.", HttpServletResponse.SC_UNAUTHORIZED,
- he.getResponseCode() );
- }
- }
-
- public void XXX_testUnauthorizedRequest()
- throws Exception
- {
- RssFeedServlet servlet = (RssFeedServlet) client.newInvocation(
- "http://localhost/feeds/unauthorized-repo" ).getServlet();
- assertNotNull( servlet );
-
- WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/unauthorized-repo" );
-
- BASE64Encoder encoder = new BASE64Encoder();
- String userPass = "user1:password1";
- String encodedUserPass = encoder.encode( userPass.getBytes() );
- request.setHeaderField( "Authorization", "BASIC " + encodedUserPass );
-
- try
- {
- WebResponse resp = client.getResponse( request );
- assertEquals( HttpServletResponse.SC_UNAUTHORIZED, resp.getResponseCode() );
- }
- catch ( HttpException he )
- {
- assertEquals( "Should have been a unauthorized response.", HttpServletResponse.SC_UNAUTHORIZED,
- he.getResponseCode() );
- }
- }
-
- @Override
- protected void tearDown()
- throws Exception
- {
- if ( client != null )
- {
- client.clearContents();
- }
-
- if ( sr != null )
- {
- sr.shutDown();
- }
-
- super.tearDown();
- }
-
-}
+++ /dev/null
-package org.apache.maven.archiva.web.rss;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.codehaus.plexus.redback.authentication.AuthenticationDataSource;
-import org.codehaus.plexus.redback.authentication.AuthenticationException;
-import org.codehaus.plexus.redback.authentication.AuthenticationResult;
-import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.authorization.AuthorizationResult;
-import org.codehaus.plexus.redback.keys.KeyManager;
-import org.codehaus.plexus.redback.policy.AccountLockedException;
-import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
-import org.codehaus.plexus.redback.system.DefaultSecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySystem;
-import org.codehaus.plexus.redback.users.User;
-import org.codehaus.plexus.redback.users.UserManager;
-import org.codehaus.plexus.redback.users.UserNotFoundException;
-import org.codehaus.plexus.redback.users.jdo.JdoUser;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-/**
- * SecuritySystem stub used for testing.
- *
- * @version $Id$
- */
-public class SecuritySystemStub
- implements SecuritySystem
-{
- Map<String, String> users = new HashMap<String, String>();
-
- List<String> repoIds = new ArrayList<String>();
-
- public SecuritySystemStub()
- {
- users.put( "user1", "password1" );
- users.put( "user2", "password2" );
- users.put( "user3", "password3" );
-
- repoIds.add( "test-repo" );
- }
-
- public SecuritySession authenticate( AuthenticationDataSource source )
- throws AuthenticationException, UserNotFoundException, AccountLockedException
- {
- AuthenticationResult result = null;
- SecuritySession session = null;
-
- if ( users.get( source.getPrincipal() ) != null )
- {
- result = new AuthenticationResult( true, source.getPrincipal(), null );
-
- User user = new JdoUser();
- user.setUsername( source.getPrincipal() );
- user.setPassword( users.get( source.getPrincipal() ) );
-
- session = new DefaultSecuritySession( result, user );
- }
- else
- {
- result = new AuthenticationResult( false, source.getPrincipal(), null );
- session = new DefaultSecuritySession( result );
- }
- return session;
- }
-
- public AuthorizationResult authorize( SecuritySession arg0, Object arg1 )
- throws AuthorizationException
- {
- return null;
- }
-
- public AuthorizationResult authorize( SecuritySession arg0, Object arg1, Object arg2 )
- throws AuthorizationException
- {
- AuthorizationResult result = new AuthorizationResult( true, arg1, null );
-
- return result;
- }
-
- public String getAuthenticatorId()
- {
- return null;
- }
-
- public String getAuthorizerId()
- {
- return null;
- }
-
- public KeyManager getKeyManager()
- {
- return null;
- }
-
- public UserSecurityPolicy getPolicy()
- {
- return null;
- }
-
- public String getUserManagementId()
- {
- return null;
- }
-
- public UserManager getUserManager()
- {
- return null;
- }
-
- public boolean isAuthenticated( AuthenticationDataSource arg0 )
- throws AuthenticationException, UserNotFoundException, AccountLockedException
- {
- return false;
- }
-
- public boolean isAuthorized( SecuritySession arg0, Object arg1 )
- throws AuthorizationException
- {
- return false;
- }
-
- public boolean isAuthorized( SecuritySession arg0, Object arg1, Object arg2 )
- throws AuthorizationException
- {
- if ( repoIds.contains( arg2 ) )
- {
- return true;
- }
-
- return false;
- }
-
-}
<alias name="userRepositories#test" alias="userRepositories"/>
- <bean name="securitySystem#test" class="org.apache.maven.archiva.web.rss.SecuritySystemStub"/>
+ <bean name="securitySystem#test" class="org.apache.archiva.web.rss.SecuritySystemStub"/>
<alias name="securitySystem#test" alias="securitySystem"/>
<servlet>
<servlet-name>RssFeedServlet</servlet-name>
- <servlet-class>org.apache.maven.archiva.web.rss.RssFeedServlet</servlet-class>
+ <servlet-class>org.apache.archiva.web.rss.RssFeedServlet</servlet-class>
</servlet>
<servlet-mapping>