From: Maria Odea B. Ching Date: Sun, 11 May 2008 03:22:48 +0000 (+0000) Subject: [MRM-773] X-Git-Tag: archiva-r676265~149 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=0ad838b41047759369c23fa6ddb8e9f4b15367d0;p=archiva.git [MRM-773] -remove archiva-security dependency to xwork-integration git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@655233 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/archiva-modules/archiva-web/archiva-security/pom.xml b/archiva-modules/archiva-web/archiva-security/pom.xml index e4ae7fc31..ff409d8ef 100644 --- a/archiva-modules/archiva-web/archiva-security/pom.xml +++ b/archiva-modules/archiva-web/archiva-security/pom.xml @@ -117,20 +117,5 @@ - - org.codehaus.plexus.redback - redback-xwork-integration - - - org.codehaus.plexus - plexus-container-default - - - - - org.apache.derby - derby - provided - diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java index c3420d3ea..21dcc3e80 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java @@ -30,7 +30,6 @@ import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.system.SecuritySession; import org.codehaus.plexus.redback.system.SecuritySystem; -import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -42,44 +41,36 @@ public class ArchivaServletAuthenticator implements ServletAuthenticator { private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class ); - - /** - * @plexus.requirement role-hint="basic" - */ - private HttpAuthenticator httpAuth; /** * @plexus.requirement */ private SecuritySystem securitySystem; - - public boolean isAuthenticated( HttpServletRequest request, String repositoryId ) - throws AuthenticationException, AccountLockedException, MustChangePasswordException - { - AuthenticationResult result = httpAuth.getAuthenticationResult( request, null ); - + + public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result, String repositoryId ) + throws AuthenticationException, AccountLockedException, MustChangePasswordException + { if ( result != null && !result.isAuthenticated() ) { - throw new AuthenticationException( "User Credentials Invalid" ); - } + throw new AuthenticationException( "User Credentials Invalid" ); + } return true; } - public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest ) + public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, + boolean isWriteRequest ) throws AuthorizationException - { - SecuritySession securitySession = httpAuth.getSecuritySession(); - + { String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS; if ( isWriteRequest ) { permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD; } - + AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId ); - + if ( !authzResult.isAuthorized() ) { if ( authzResult.getException() != null ) @@ -87,9 +78,9 @@ public class ArchivaServletAuthenticator log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest + ",permission=" + permission + ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() ); - } + } } return true; - } + } } diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java index 11530c094..4c78235ea 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java @@ -22,20 +22,21 @@ package org.apache.maven.archiva.security; import javax.servlet.http.HttpServletRequest; import org.codehaus.plexus.redback.authentication.AuthenticationException; +import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.authorization.AuthorizationException; import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; +import org.codehaus.plexus.redback.system.SecuritySession; /** - * * @author Maria Odea Ching - * @version + * @version */ public interface ServletAuthenticator { - public boolean isAuthenticated( HttpServletRequest request, String repositoryId ) + public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result, String repositoryId ) throws AuthenticationException, AccountLockedException, MustChangePasswordException; - - public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest ) - throws AuthorizationException; + + public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, + boolean isWriteRequest ) throws AuthorizationException; } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java index d26a2bc60..c3af4ceb2 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java @@ -42,10 +42,13 @@ import org.apache.maven.archiva.security.PrincipalNotFoundException; import org.apache.maven.archiva.security.ServletAuthenticator; import org.apache.maven.archiva.security.UserRepositories; import org.codehaus.plexus.redback.authentication.AuthenticationException; +import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.authorization.AuthorizationException; import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; +import org.codehaus.plexus.redback.system.SecuritySession; import org.codehaus.plexus.redback.users.UserNotFoundException; +import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; import org.codehaus.plexus.spring.PlexusToSpringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -83,19 +86,19 @@ public class RssFeedServlet private ServletAuthenticator servletAuth; + private HttpAuthenticator httpAuth; + public void init( javax.servlet.ServletConfig servletConfig ) throws ServletException { super.init( servletConfig ); wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() ); - // securitySystem = - // (SecuritySystem) wac.getBean( PlexusToSpringUtils.buildSpringId( SecuritySystem.class.getName() ) ); userRepositories = (UserRepositories) wac.getBean( PlexusToSpringUtils.buildSpringId( UserRepositories.class.getName() ) ); - // httpAuth = - // (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) ); servletAuth = (ServletAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( ServletAuthenticator.class.getName() ) ); + httpAuth = + (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) ); } public void doGet( HttpServletRequest req, HttpServletResponse res ) @@ -246,7 +249,11 @@ public class RssFeedServlet { try { - if ( servletAuth.isAuthenticated( req, repoId ) && servletAuth.isAuthorized( req, repoId, false ) ) + AuthenticationResult result = httpAuth.getAuthenticationResult( req, null ); + SecuritySession securitySession = httpAuth.getSecuritySession(); + + if ( servletAuth.isAuthenticated( req, result, repoId ) && + servletAuth.isAuthorized( req, securitySession, repoId, false ) ) { return true; } @@ -282,65 +289,4 @@ public class RssFeedServlet return Collections.emptyList(); } - /* - private boolean isAuthenticated( HttpServletRequest request, String repositoryId ) - { - try - { - AuthenticationResult result = httpAuth.getAuthenticationResult( request, null ); - - if ( result != null && !result.isAuthenticated() ) - { - log.error( "User credentials is invalid." ); - return false; - } - } - catch ( AuthenticationException e ) - { - log.error( "User is not authenticated." ); - return false; - } - catch ( AccountLockedException e ) - { - log.error( "User account is locked." ); - return false; - } - catch ( MustChangePasswordException e ) - { - log.error( "Password must be changed." ); - return false; - } - - return true; - } - - private boolean isAuthorized( HttpServletRequest request, String repositoryId ) - { - SecuritySession securitySession = httpAuth.getSecuritySession(); - - try - { - String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS; - - AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId ); - - if ( !authzResult.isAuthorized() ) - { - if ( authzResult.getException() != null ) - { - log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission + - ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() ); - } - return false; - } - } - catch ( AuthorizationException e ) - { - log.error( "Error in authorization : " + e.getMessage() ); - return false; - } - - return true; - } - */ } diff --git a/archiva-modules/archiva-web/archiva-webdav/pom.xml b/archiva-modules/archiva-web/archiva-webdav/pom.xml index 147cff7c1..ed8b416fe 100644 --- a/archiva-modules/archiva-web/archiva-webdav/pom.xml +++ b/archiva-modules/archiva-web/archiva-webdav/pom.xml @@ -101,6 +101,16 @@ joda-time joda-time + + org.codehaus.plexus.redback + redback-xwork-integration + + + org.codehaus.plexus + plexus-container-default + + + diff --git a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java index 5325354e8..ed78e4fd6 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java @@ -27,8 +27,11 @@ import org.apache.maven.archiva.webdav.util.WebdavMethodUtil; import org.apache.maven.archiva.webdav.util.RepositoryPathUtil; import org.apache.maven.archiva.security.ServletAuthenticator; import org.codehaus.plexus.redback.authentication.AuthenticationException; +import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.policy.AccountLockedException; +import org.codehaus.plexus.redback.system.SecuritySession; +import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; import org.codehaus.plexus.redback.authorization.AuthorizationException; import org.codehaus.plexus.spring.PlexusToSpringUtils; import org.springframework.web.context.WebApplicationContext; @@ -45,10 +48,14 @@ public class ArchivaDavSessionProvider implements DavSessionProvider private Logger log = LoggerFactory.getLogger(ArchivaDavSessionProvider.class); private ServletAuthenticator servletAuth; + + private HttpAuthenticator httpAuth; public ArchivaDavSessionProvider(WebApplicationContext applicationContext) { servletAuth = (ServletAuthenticator) applicationContext.getBean( PlexusToSpringUtils.buildSpringId( ServletAuthenticator.class.getName() ) ); + httpAuth = + (HttpAuthenticator) applicationContext.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) ); } public boolean attachSession(WebdavRequest request) throws DavException @@ -57,8 +64,11 @@ public class ArchivaDavSessionProvider implements DavSessionProvider try { - return servletAuth.isAuthenticated(request, repositoryId) && - servletAuth.isAuthorized(request, repositoryId, WebdavMethodUtil.isWriteMethod( request.getMethod() ) ); + AuthenticationResult result = httpAuth.getAuthenticationResult( request, null ); + SecuritySession securitySession = httpAuth.getSecuritySession(); + + return servletAuth.isAuthenticated(request, result, repositoryId) && + servletAuth.isAuthorized(request, securitySession, repositoryId, WebdavMethodUtil.isWriteMethod( request.getMethod() ) ); } catch ( AuthenticationException e ) {