]> source.dussan.org Git - archiva.git/commitdiff
[MRM-1101] restore proper tracking of principal in DAV for audit logging
authorBrett Porter <brett@apache.org>
Wed, 11 Mar 2009 16:53:17 +0000 (16:53 +0000)
committerBrett Porter <brett@apache.org>
Wed, 11 Mar 2009 16:53:17 +0000 (16:53 +0000)
git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@752519 13f79535-47bb-0310-9956-ffa450edef68

archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java
archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java
archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java
archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java
archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java
archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java
archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml
archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml

index 29f7498f1797e1d0dd6987afd713b13c89daa858..88b3f628e0c06c9a79ff7db85085e0214c8f1954 100644 (file)
@@ -25,7 +25,6 @@ import org.codehaus.plexus.redback.system.SecuritySession;
 import org.codehaus.plexus.redback.system.SecuritySystemConstants;
 import org.codehaus.plexus.redback.users.User;
 import org.codehaus.plexus.redback.users.UserManager;
-import org.codehaus.plexus.registry.Registry;
 
 /**
  * ArchivaXworkUser
@@ -37,35 +36,20 @@ public class ArchivaXworkUser
 {
     public String getActivePrincipal( Map<String, Object> sessionMap )
     {
-        if ( sessionMap == null )
-        {
-            return getGuest();
-        }
-
         SecuritySession securitySession =
             (SecuritySession) sessionMap.get( SecuritySystemConstants.SECURITY_SESSION_KEY );
 
         if ( securitySession == null )
         {
-            securitySession = (SecuritySession) sessionMap.get( SecuritySession.ROLE );
-        }
-
-        if ( securitySession == null )
-        {
-            return getGuest();
+            return UserManager.GUEST_USERNAME;
         }
 
         User user = securitySession.getUser();
         if ( user == null )
         {
-            return getGuest();
+            return UserManager.GUEST_USERNAME;
         }
 
         return (String) user.getPrincipal();
     }
-
-    public String getGuest()
-    {
-        return UserManager.GUEST_USERNAME;
-    }
 }
index 9b589d7914475b15df589d65bca5579cada6d235..b81b7a5fa9a1bda777dd0913f8244a58ea08bb81 100644 (file)
@@ -33,6 +33,7 @@ import org.codehaus.plexus.redback.rbac.RBACManager;
 import org.codehaus.plexus.redback.rbac.RbacManagerException;
 import org.codehaus.plexus.redback.rbac.UserAssignment;
 import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
+import org.codehaus.plexus.redback.users.UserManager;
 import org.codehaus.plexus.registry.Registry;
 import org.codehaus.plexus.registry.RegistryListener;
 import org.slf4j.Logger;
@@ -88,7 +89,7 @@ public class SecurityStartup
         {
             String repoId = repoConfig.getId();
 
-            String principal = archivaXworkUser.getGuest();
+            String principal = UserManager.GUEST_USERNAME;
 
             try
             {
index e1967c06e54a006b171576763945cceef72aec76..7e16bea22fe485ce26e4843355f73b686715526e 100644 (file)
@@ -50,6 +50,7 @@ import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
 import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.users.UserManager;
 import org.codehaus.plexus.redback.users.UserNotFoundException;
 import org.codehaus.plexus.spring.PlexusToSpringUtils;
 import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
@@ -271,7 +272,7 @@ public class RssFeedServlet
 
                 if ( usernamePassword == null || usernamePassword.trim().equals( "" ) )
                 {
-                    repoIds = getObservableRepos( archivaXworkUser.getGuest() );
+                    repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
                 }
                 else
                 {
@@ -281,7 +282,7 @@ public class RssFeedServlet
             }
             else
             {
-                repoIds = getObservableRepos( archivaXworkUser.getGuest() );
+                repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
             }
         }
         else
index 46fd357530ba73fac98d3dadf17009375e4ed7d9..267c1b7de1811aaec12e57fb66970399ff2ab86c 100644 (file)
@@ -37,6 +37,7 @@ import org.codehaus.plexus.redback.rbac.UserAssignment;
 import org.codehaus.plexus.redback.role.RoleManager;
 import org.codehaus.plexus.redback.role.RoleManagerException;
 import org.codehaus.plexus.redback.system.check.EnvironmentCheck;
+import org.codehaus.plexus.redback.users.UserManager;
 import org.codehaus.plexus.registry.Registry;
 import org.codehaus.plexus.registry.RegistryListener;
 import org.slf4j.Logger;
@@ -188,7 +189,7 @@ public class SecuritySynchronization
         {
             String repoId = repoConfig.getId();
 
-            String principal = archivaXworkUser.getGuest();
+            String principal = UserManager.GUEST_USERNAME;
 
             try
             {
index fec4bb8e9ff7fb765790b398474b053436f49d37..f715960e4c1cb5556b2a8906601a3eb4bd7e6ec1 100644 (file)
@@ -57,15 +57,12 @@ import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
 import org.apache.maven.archiva.repository.audit.AuditEvent;
 import org.apache.maven.archiva.repository.audit.AuditListener;
 import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
-import org.apache.maven.archiva.security.ArchivaXworkUser;
 import org.apache.maven.archiva.webdav.util.IndexWriter;
 import org.apache.maven.archiva.webdav.util.MimeTypes;
 import org.joda.time.DateTime;
 import org.joda.time.format.DateTimeFormatter;
 import org.joda.time.format.ISODateTimeFormat;
 
-import com.opensymphony.xwork2.ActionContext;
-
 /**
  */
 public class ArchivaDavResource
@@ -96,22 +93,21 @@ public class ArchivaDavResource
     private final MimeTypes mimeTypes;
 
     private List<AuditListener> auditListeners;
-    
-    private ArchivaXworkUser archivaXworkUser;
 
+    private String principal;
+    
        public static final String COMPLIANCE_CLASS = "1, 2";
 
     public ArchivaDavResource( String localResource, String logicalResource, ManagedRepositoryConfiguration repository,
                                DavSession session, ArchivaDavResourceLocator locator, DavResourceFactory factory,
                                MimeTypes mimeTypes, List<AuditListener> auditListeners,
-                               RepositoryContentConsumers consumers, ArchivaXworkUser archivaXworkUser )
+                               RepositoryContentConsumers consumers )
     {
         this.localResource = new File( localResource ); 
         this.logicalResource = logicalResource;
         this.locator = locator;
         this.factory = factory;
         this.session = session;
-        this.archivaXworkUser = archivaXworkUser;
         
         // TODO: push into locator as well as moving any references out of the resource factory
         this.repository = repository;
@@ -123,14 +119,15 @@ public class ArchivaDavResource
     }
 
     public ArchivaDavResource( String localResource, String logicalResource, ManagedRepositoryConfiguration repository,
-                               String remoteAddr, DavSession session, ArchivaDavResourceLocator locator,
+                               String remoteAddr, String principal, DavSession session, ArchivaDavResourceLocator locator,
                                DavResourceFactory factory, MimeTypes mimeTypes, List<AuditListener> auditListeners,
-                               RepositoryContentConsumers consumers, ArchivaXworkUser archivaXworkUser )
+                               RepositoryContentConsumers consumers )
     {
         this( localResource, logicalResource, repository, session, locator, factory, mimeTypes, auditListeners,
-              consumers, archivaXworkUser );
+              consumers );
 
         this.remoteAddr = remoteAddr;
+        this.principal = principal;
     }
 
     public String getComplianceClass()
@@ -618,8 +615,7 @@ public class ArchivaDavResource
 
     private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action )
     {
-        String activePrincipal = archivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() );
-        AuditEvent event = new AuditEvent( repositoryId, activePrincipal, resource, action );
+        AuditEvent event = new AuditEvent( repositoryId, principal, resource, action );
         event.setRemoteIP( remoteIP );
 
         for ( AuditListener listener : auditListeners )
index 466573f47112ca4944f3b2012568b53c52e7eabe..16279f3e2e2e6b55aa78e74679833dd3aeb97bfe 100644 (file)
@@ -24,9 +24,7 @@ import java.io.FileNotFoundException;
 import java.io.FileReader;
 import java.io.IOException;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 import javax.servlet.http.HttpServletResponse;
 
@@ -64,7 +62,6 @@ import org.apache.maven.archiva.repository.metadata.RepositoryMetadataMerge;
 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader;
 import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter;
 import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
-import org.apache.maven.archiva.security.ArchivaXworkUser;
 import org.apache.maven.archiva.security.ServletAuthenticator;
 import org.apache.maven.archiva.webdav.util.MimeTypes;
 import org.apache.maven.archiva.webdav.util.RepositoryPathUtil;
@@ -84,13 +81,13 @@ import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
 import org.codehaus.plexus.redback.system.SecuritySession;
 import org.codehaus.plexus.redback.system.SecuritySystemConstants;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserManager;
 import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
 import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.opensymphony.xwork2.ActionContext;
-
 /**
  * @plexus.component role="org.apache.maven.archiva.webdav.ArchivaDavResourceFactory"
  */
@@ -172,11 +169,6 @@ public class ArchivaDavResourceFactory
      * @plexus.requirement role-hint="md5";
      */
     private Digester digestMd5;
-    
-    /**
-     * @plexus.requirement
-     */
-    private ArchivaXworkUser archivaXworkUser;
         
     public DavResource createResource( final DavResourceLocator locator, final DavServletRequest request,
                                        final DavServletResponse response )
@@ -317,10 +309,13 @@ public class ArchivaDavResourceFactory
                         LogicalResource logicalResource =
                             new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
                                         
+                        String activePrincipal = getActivePrincipal( request );
+
                         ArchivaDavResource metadataChecksumResource =
-                            new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(), null,
-                                                    request.getRemoteAddr(), request.getDavSession(), archivaLocator, this,
-                                                    mimeTypes, auditListeners, consumers, archivaXworkUser );
+                            new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(),
+                                                    null, request.getRemoteAddr(), activePrincipal,
+                                                    request.getDavSession(), archivaLocator, this, mimeTypes,
+                                                    auditListeners, consumers );
                         availableResources.add( 0, metadataChecksumResource );
                     }
                 }
@@ -349,10 +344,12 @@ public class ArchivaDavResourceFactory
                         LogicalResource logicalResource =
                             new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) );
                                         
+                        String activePrincipal = getActivePrincipal( request );
+
                         ArchivaDavResource metadataResource =
                             new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), null,
-                                                    request.getRemoteAddr(), request.getDavSession(), archivaLocator, this,
-                                                    mimeTypes, auditListeners, consumers, archivaXworkUser );
+                                                    request.getRemoteAddr(), activePrincipal, request.getDavSession(),
+                                                    archivaLocator, this, mimeTypes, auditListeners, consumers );
                         availableResources.add( 0, metadataResource );
                     }
                     catch ( RepositoryMetadataException r )
@@ -401,7 +398,7 @@ public class ArchivaDavResourceFactory
             resource =
                 new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource,
                                         managedRepository.getRepository(), davSession, archivaLocator, this, mimeTypes,
-                                        auditListeners, consumers, archivaXworkUser );
+                                        auditListeners, consumers );
         }
         resource.addLockManager(lockManager);
         return resource;
@@ -423,10 +420,12 @@ public class ArchivaDavResourceFactory
             }
         }
 
+        String activePrincipal = getActivePrincipal( request );
+
         ArchivaDavResource resource =
             new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
-                                    managedRepository.getRepository(), request.getRemoteAddr(),
-                                    request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers, archivaXworkUser );
+                                    managedRepository.getRepository(), request.getRemoteAddr(), activePrincipal,
+                                    request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
 
         if ( !resource.isCollection() )
         {
@@ -458,7 +457,8 @@ public class ArchivaDavResourceFactory
             {
                 String repositoryId = locator.getRepositoryId();
                 String event = ( previouslyExisted ? AuditEvent.MODIFY_FILE : AuditEvent.CREATE_FILE ) + PROXIED_SUFFIX;
-                triggerAuditEvent( request.getRemoteAddr(), repositoryId, logicalResource.getPath(), event );
+                triggerAuditEvent( request.getRemoteAddr(), repositoryId, logicalResource.getPath(), event,
+                                   activePrincipal );
             }
 
             if ( !resourceFile.exists() )
@@ -470,8 +470,8 @@ public class ArchivaDavResourceFactory
                 resource =
                     new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
                                             managedRepository.getRepository(), request.getRemoteAddr(),
-                                            request.getDavSession(), locator, this, mimeTypes, auditListeners,
-                                            consumers, archivaXworkUser );
+                                            activePrincipal, request.getDavSession(), locator, this, mimeTypes,
+                                            auditListeners, consumers );
             }
         }
         return resource;
@@ -490,18 +490,21 @@ public class ArchivaDavResourceFactory
         File rootDirectory = new File( managedRepository.getRepoRoot() );
         File destDir = new File( rootDirectory, logicalResource.getPath() ).getParentFile();
         
+        String activePrincipal = getActivePrincipal( request );
+
         if ( request.getMethod().equals(HTTP_PUT_METHOD) && !destDir.exists() )
         {
             destDir.mkdirs();
             String relPath = PathUtil.getRelative( rootDirectory.getAbsolutePath(), destDir );
-            triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR );
+            triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR,
+                               activePrincipal );
         }
         
         File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );        
                 
         return new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(),
-                                       managedRepository.getRepository(), request.getRemoteAddr(),
-                                       request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers, archivaXworkUser );
+                                       managedRepository.getRepository(), request.getRemoteAddr(), activePrincipal,
+                                       request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers );
     }
 
     private boolean fetchContentFromProxies( ManagedRepositoryContent managedRepository, DavServletRequest request,
@@ -638,10 +641,10 @@ public class ArchivaDavResourceFactory
     }
 
     // TODO: remove?
-    private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action )
+    private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action,
+                                    String principal )
     {
-        String activePrincipal = archivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() );
-        AuditEvent event = new AuditEvent( repositoryId, activePrincipal, resource, action );
+        AuditEvent event = new AuditEvent( repositoryId, principal, resource, action );
         event.setRemoteIP( remoteIP );
 
         for ( AuditListener listener : auditListeners )
@@ -749,7 +752,7 @@ public class ArchivaDavResourceFactory
             boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
             
             // safety check for MRM-911            
-            String guest = archivaXworkUser.getGuest();
+            String guest = UserManager.GUEST_USERNAME;
             try
             {
                 if( servletAuth.isAuthorized( guest, 
@@ -797,15 +800,8 @@ public class ArchivaDavResourceFactory
         // browse the repo group but displaying only the repositories which the user has permission to access.
         // otherwise, prompt for authentication.
 
-        // put the current session in the session map which will be passed to ArchivaXworkUser
-        Map<String, Object> sessionMap = new HashMap<String, Object>();
-        if( request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) != null )
-        {
-            sessionMap.put( SecuritySystemConstants.SECURITY_SESSION_KEY,
-                            request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) );
-        }
-
-        String activePrincipal = archivaXworkUser.getActivePrincipal( sessionMap );
+        String activePrincipal = getActivePrincipal( request );
+        
         boolean allow = isAllowedToContinue( request, repositories, activePrincipal );
 
         if( allow )
@@ -863,6 +859,12 @@ public class ArchivaDavResourceFactory
         return resource;
     }
 
+    private String getActivePrincipal( DavServletRequest request )
+    {
+        User sessionUser = httpAuth.getSessionUser( request.getSession() );
+        return sessionUser != null ? sessionUser.getUsername() : UserManager.GUEST_USERNAME;
+    }
+
     private void getResource( ArchivaDavResourceLocator locator, List<File> mergedRepositoryContents,
                               LogicalResource logicalResource, String repository )
         throws DavException
index 144e32e0c6a6cc3097aa60a5904ce03e7c29f724..bb1c6d67a86cf6bc4811df11463ad6d44e9f8003 100644 (file)
@@ -32,6 +32,7 @@ import org.codehaus.plexus.redback.authentication.AuthenticationResult;
 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+import org.codehaus.plexus.redback.users.UserManager;
 import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -75,7 +76,7 @@ public class ArchivaDavSessionProvider
             boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() );
             
             // safety check for MRM-911            
-            String guest = archivaXworkUser.getGuest();
+            String guest = UserManager.GUEST_USERNAME;
             try
             {
                 if( servletAuth.isAuthorized( guest, 
index 28fb955884b0edfba1754a9e6917ed1f88756b47..511cbeb12d6362f0eecc4a742d097ebe1741be98 100644 (file)
@@ -37,7 +37,6 @@ import org.apache.jackrabbit.webdav.lock.SimpleLockManager;
 import org.apache.jackrabbit.webdav.lock.Type;
 import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
 import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers;
-import org.apache.maven.archiva.security.ArchivaXworkUser;
 import org.apache.maven.archiva.webdav.util.MimeTypes;
 import org.codehaus.plexus.spring.PlexusInSpringTestCase;
 import org.codehaus.plexus.spring.PlexusToSpringUtils;
@@ -68,8 +67,6 @@ public class DavResourceTest extends PlexusInSpringTestCase
 
     private ManagedRepositoryConfiguration repository = new ManagedRepositoryConfiguration();
     
-    private ArchivaXworkUser archivaXworkUser;
-
     @Override
     protected void setUp()
         throws Exception
@@ -87,7 +84,6 @@ public class DavResourceTest extends PlexusInSpringTestCase
         lockManager = new SimpleLockManager();
         resource.addLockManager(lockManager);
         consumers = (RepositoryContentConsumers)getApplicationContext().getBean("repositoryContentConsumers");
-        archivaXworkUser = (ArchivaXworkUser) getApplicationContext().getBean( PlexusToSpringUtils.buildSpringId( ArchivaXworkUser.class ) );
     }
 
     @Override
@@ -102,7 +98,7 @@ public class DavResourceTest extends PlexusInSpringTestCase
     private DavResource getDavResource(String logicalPath, File file)
     {
         return new ArchivaDavResource( file.getAbsolutePath(), logicalPath, repository, session, resourceLocator,
-                                       resourceFactory, mimeTypes, Collections.emptyList(), consumers, archivaXworkUser );
+                                       resourceFactory, mimeTypes, Collections.emptyList(), consumers );
     }
     
     public void testDeleteNonExistantResourceShould404()
@@ -303,7 +299,7 @@ public class DavResourceTest extends PlexusInSpringTestCase
 
         public DavResource createResource(DavResourceLocator locator, DavSession session) throws DavException {
             return new ArchivaDavResource( baseDir.getAbsolutePath(), "/", repository, session, resourceLocator,
-                                           resourceFactory, mimeTypes, Collections.emptyList(), consumers, archivaXworkUser );
+                                           resourceFactory, mimeTypes, Collections.emptyList(), consumers );
         }
     }
 }
index 15049a487644dffb60422f06eaad5af48cd24394..4d29198a67c15c176d2c88ff3fb7308d4f01f4b8 100644 (file)
@@ -39,6 +39,7 @@ import org.codehaus.plexus.redback.authentication.AuthenticationResult;
 import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.redback.system.DefaultSecuritySession;
 import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.users.memory.SimpleUser;
 import org.codehaus.plexus.spring.PlexusInSpringTestCase;
 import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator;
 import org.codehaus.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
@@ -263,6 +264,8 @@ public class RepositoryServletSecurityTest
         servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, result ),
                                            new AuthenticationException( "Authentication error" ) );
         
+        httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), null );
+        
         // check if guest has write access
         servletAuth.isAuthorized( "guest", "internal", true );
         servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER );
@@ -354,6 +357,7 @@ public class RepositoryServletSecurityTest
         SecuritySession session = new DefaultSecuritySession();
         httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
         httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
+        httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() );
         servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
         servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
 
@@ -401,6 +405,7 @@ public class RepositoryServletSecurityTest
         SecuritySession session = new DefaultSecuritySession();
         httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
         httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
+        httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), null );
         servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
         servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
 
@@ -481,6 +486,7 @@ public class RepositoryServletSecurityTest
         SecuritySession session = new DefaultSecuritySession();
         httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result );
         httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session );
+        httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() );
         servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true );
         servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true );
         
index 2dbdc4889bbfcf6534e08381282b353a6cba90ff..7317210efa2284eccb81b7009f8a895b96f9b4a7 100644 (file)
           <role-hint>md5</role-hint>
           <field-name>digestMd5</field-name>
         </requirement>
-        <requirement>
-          <role>org.apache.maven.archiva.security.ArchivaXworkUser</role>
-          <field-name>archivaXworkUser</field-name>
-        </requirement>        
       </requirements>
     </component>
   </components>
index a175b1abc46e9785ff69460e27d70526f220868a..8392c87c0d2b5eec9f18b67a5f975cf87f987cc4 100644 (file)
           <role-hint>md5</role-hint>
           <field-name>digestMd5</field-name>
         </requirement>
-        <requirement>
-          <role>org.apache.maven.archiva.security.ArchivaXworkUser</role>
-          <field-name>archivaXworkUser</field-name>
-        </requirement>        
       </requirements>
     </component>
   </components>