From: Olivier Lamy Date: Sat, 3 Sep 2011 07:44:31 +0000 (+0000) Subject: start to get RID of org.apache.maven.archiva package : rss package X-Git-Tag: archiva-1.4-M1~417 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=30e0e0a01fe80be1b869616e08cefeedea1d5491;p=archiva.git start to get RID of org.apache.maven.archiva package : rss package git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1164815 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/rss/RssFeedServlet.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/rss/RssFeedServlet.java new file mode 100644 index 000000000..a53251284 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/archiva/web/rss/RssFeedServlet.java @@ -0,0 +1,335 @@ +package org.apache.archiva.web.rss; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import com.sun.syndication.feed.synd.SyndFeed; +import com.sun.syndication.io.FeedException; +import com.sun.syndication.io.SyndFeedOutput; +import org.apache.archiva.metadata.repository.RepositorySession; +import org.apache.archiva.metadata.repository.RepositorySessionFactory; +import org.apache.archiva.rss.processor.RssFeedProcessor; +import org.apache.commons.codec.Decoder; +import org.apache.commons.codec.DecoderException; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang.StringUtils; +import org.apache.maven.archiva.security.AccessDeniedException; +import org.apache.maven.archiva.security.ArchivaRoleConstants; +import org.apache.maven.archiva.security.ArchivaSecurityException; +import org.apache.maven.archiva.security.PrincipalNotFoundException; +import org.apache.maven.archiva.security.ServletAuthenticator; +import org.apache.maven.archiva.security.UserRepositories; +import org.codehaus.plexus.redback.authentication.AuthenticationException; +import org.codehaus.plexus.redback.authentication.AuthenticationResult; +import org.codehaus.plexus.redback.authorization.AuthorizationException; +import org.codehaus.plexus.redback.authorization.UnauthorizedException; +import org.codehaus.plexus.redback.policy.AccountLockedException; +import org.codehaus.plexus.redback.policy.MustChangePasswordException; +import org.codehaus.plexus.redback.system.SecuritySession; +import org.codehaus.plexus.redback.users.UserManager; +import org.codehaus.plexus.redback.users.UserNotFoundException; +import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.web.context.WebApplicationContext; +import org.springframework.web.context.support.WebApplicationContextUtils; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * Servlet for handling rss feed requests. + */ +public class RssFeedServlet + extends HttpServlet +{ + public static final String MIME_TYPE = "application/rss+xml; charset=UTF-8"; + + private static final String COULD_NOT_GENERATE_FEED_ERROR = "Could not generate feed"; + + private static final String COULD_NOT_AUTHENTICATE_USER = "Could not authenticate user"; + + private static final String USER_NOT_AUTHORIZED = "User not authorized to access feed."; + + private Logger log = LoggerFactory.getLogger( RssFeedServlet.class ); + + private RssFeedProcessor processor; + + private WebApplicationContext wac; + + private UserRepositories userRepositories; + + private ServletAuthenticator servletAuth; + + private HttpAuthenticator httpAuth; + + private RepositorySessionFactory repositorySessionFactory; + + public void init( javax.servlet.ServletConfig servletConfig ) + throws ServletException + { + super.init( servletConfig ); + wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() ); + userRepositories = wac.getBean( UserRepositories.class ); + servletAuth = wac.getBean( ServletAuthenticator.class ); + httpAuth = wac.getBean( "httpAuthenticator#basic", HttpAuthenticator.class ); + // TODO: what if there are other types? + repositorySessionFactory = wac.getBean( "repositorySessionFactory", RepositorySessionFactory.class ); + } + + public void doGet( HttpServletRequest req, HttpServletResponse res ) + throws ServletException, IOException + { + String repoId = null; + String groupId = null; + String artifactId = null; + + String url = StringUtils.removeEnd( req.getRequestURL().toString(), "/" ); + if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) > 0 ) + { + artifactId = StringUtils.substringAfterLast( url, "/" ); + groupId = StringUtils.substringBeforeLast( StringUtils.substringAfter( url, "feeds/" ), "/" ); + groupId = StringUtils.replaceChars( groupId, '/', '.' ); + } + else if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) == 0 ) + { + repoId = StringUtils.substringAfterLast( url, "/" ); + } + else + { + res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Invalid request url." ); + return; + } + + try + { + Map map = new HashMap(); + SyndFeed feed = null; + + if ( isAllowed( req, repoId, groupId, artifactId ) ) + { + if ( repoId != null ) + { + // new artifacts in repo feed request + processor = wac.getBean( "rssFeedProcessor#new-artifacts", RssFeedProcessor.class ); + map.put( RssFeedProcessor.KEY_REPO_ID, repoId ); + } + else if ( ( groupId != null ) && ( artifactId != null ) ) + { + // TODO: this only works for guest - we could pass in the list of repos + // new versions of artifact feed request + processor = wac.getBean( "rssFeedProcessor#new-versions", RssFeedProcessor.class ); + map.put( RssFeedProcessor.KEY_GROUP_ID, groupId ); + map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId ); + } + } + else + { + res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED ); + return; + } + + RepositorySession repositorySession = repositorySessionFactory.createSession(); + try + { + feed = processor.process( map, repositorySession.getRepository() ); + } + finally + { + repositorySession.close(); + } + if ( feed == null ) + { + res.sendError( HttpServletResponse.SC_NO_CONTENT, "No information available." ); + return; + } + + res.setContentType( MIME_TYPE ); + + if ( repoId != null ) + { + feed.setLink( req.getRequestURL().toString() ); + } + else if ( ( groupId != null ) && ( artifactId != null ) ) + { + feed.setLink( req.getRequestURL().toString() ); + } + + SyndFeedOutput output = new SyndFeedOutput(); + output.output( feed, res.getWriter() ); + } + catch ( UserNotFoundException unfe ) + { + log.debug( COULD_NOT_AUTHENTICATE_USER, unfe ); + res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); + } + catch ( AccountLockedException acce ) + { + res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); + } + catch ( AuthenticationException authe ) + { + log.debug( COULD_NOT_AUTHENTICATE_USER, authe ); + res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); + } + catch ( FeedException ex ) + { + log.debug( COULD_NOT_GENERATE_FEED_ERROR, ex ); + res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, COULD_NOT_GENERATE_FEED_ERROR ); + } + catch ( MustChangePasswordException e ) + { + res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); + } + catch ( UnauthorizedException e ) + { + log.debug( e.getMessage() ); + if ( repoId != null ) + { + res.setHeader( "WWW-Authenticate", + "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" ); + } + else + { + res.setHeader( "WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId ); + } + + res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED ); + } + } + + /** + * Basic authentication. + * + * @param req + * @param repositoryId TODO + * @param groupId TODO + * @param artifactId TODO + * @return + */ + private boolean isAllowed( HttpServletRequest req, String repositoryId, String groupId, String artifactId ) + throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException, + UnauthorizedException + { + String auth = req.getHeader( "Authorization" ); + List repoIds = new ArrayList(); + + if ( repositoryId != null ) + { + repoIds.add( repositoryId ); + } + else if ( artifactId != null && groupId != null ) + { + if ( auth != null ) + { + if ( !auth.toUpperCase().startsWith( "BASIC " ) ) + { + return false; + } + + Decoder dec = new Base64(); + String usernamePassword = ""; + + try + { + usernamePassword = new String( (byte[]) dec.decode( auth.substring( 6 ).getBytes() ) ); + } + catch ( DecoderException ie ) + { + log.warn( "Error decoding username and password.", ie.getMessage() ); + } + + if ( usernamePassword == null || usernamePassword.trim().equals( "" ) ) + { + repoIds = getObservableRepos( UserManager.GUEST_USERNAME ); + } + else + { + String[] userCredentials = usernamePassword.split( ":" ); + repoIds = getObservableRepos( userCredentials[0] ); + } + } + else + { + repoIds = getObservableRepos( UserManager.GUEST_USERNAME ); + } + } + else + { + return false; + } + + for ( String repoId : repoIds ) + { + try + { + AuthenticationResult result = httpAuth.getAuthenticationResult( req, null ); + SecuritySession securitySession = httpAuth.getSecuritySession( req.getSession( true ) ); + + if ( servletAuth.isAuthenticated( req, result ) && servletAuth.isAuthorized( req, securitySession, + repoId, + ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) + { + return true; + } + } + catch ( AuthorizationException e ) + { + + } + catch ( UnauthorizedException e ) + { + + } + } + + throw new UnauthorizedException( "Access denied." ); + } + + private List getObservableRepos( String principal ) + { + try + { + return userRepositories.getObservableRepositoryIds( principal ); + } + catch ( PrincipalNotFoundException e ) + { + log.warn( e.getMessage(), e ); + } + catch ( AccessDeniedException e ) + { + log.warn( e.getMessage(), e ); + } + catch ( ArchivaSecurityException e ) + { + log.warn( e.getMessage(), e ); + } + + return Collections.emptyList(); + } + +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java deleted file mode 100644 index 07c08e701..000000000 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java +++ /dev/null @@ -1,335 +0,0 @@ -package org.apache.maven.archiva.web.rss; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import com.sun.syndication.feed.synd.SyndFeed; -import com.sun.syndication.io.FeedException; -import com.sun.syndication.io.SyndFeedOutput; -import org.apache.archiva.metadata.repository.RepositorySession; -import org.apache.archiva.metadata.repository.RepositorySessionFactory; -import org.apache.archiva.rss.processor.RssFeedProcessor; -import org.apache.commons.codec.Decoder; -import org.apache.commons.codec.DecoderException; -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang.StringUtils; -import org.apache.maven.archiva.security.AccessDeniedException; -import org.apache.maven.archiva.security.ArchivaRoleConstants; -import org.apache.maven.archiva.security.ArchivaSecurityException; -import org.apache.maven.archiva.security.PrincipalNotFoundException; -import org.apache.maven.archiva.security.ServletAuthenticator; -import org.apache.maven.archiva.security.UserRepositories; -import org.codehaus.plexus.redback.authentication.AuthenticationException; -import org.codehaus.plexus.redback.authentication.AuthenticationResult; -import org.codehaus.plexus.redback.authorization.AuthorizationException; -import org.codehaus.plexus.redback.authorization.UnauthorizedException; -import org.codehaus.plexus.redback.policy.AccountLockedException; -import org.codehaus.plexus.redback.policy.MustChangePasswordException; -import org.codehaus.plexus.redback.system.SecuritySession; -import org.codehaus.plexus.redback.users.UserManager; -import org.codehaus.plexus.redback.users.UserNotFoundException; -import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.WebApplicationContextUtils; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/** - * Servlet for handling rss feed requests. - */ -public class RssFeedServlet - extends HttpServlet -{ - public static final String MIME_TYPE = "application/rss+xml; charset=UTF-8"; - - private static final String COULD_NOT_GENERATE_FEED_ERROR = "Could not generate feed"; - - private static final String COULD_NOT_AUTHENTICATE_USER = "Could not authenticate user"; - - private static final String USER_NOT_AUTHORIZED = "User not authorized to access feed."; - - private Logger log = LoggerFactory.getLogger( RssFeedServlet.class ); - - private RssFeedProcessor processor; - - private WebApplicationContext wac; - - private UserRepositories userRepositories; - - private ServletAuthenticator servletAuth; - - private HttpAuthenticator httpAuth; - - private RepositorySessionFactory repositorySessionFactory; - - public void init( javax.servlet.ServletConfig servletConfig ) - throws ServletException - { - super.init( servletConfig ); - wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() ); - userRepositories = wac.getBean( UserRepositories.class ); - servletAuth = wac.getBean( ServletAuthenticator.class ); - httpAuth = wac.getBean( "httpAuthenticator#basic", HttpAuthenticator.class ); - // TODO: what if there are other types? - repositorySessionFactory = wac.getBean( "repositorySessionFactory", RepositorySessionFactory.class ); - } - - public void doGet( HttpServletRequest req, HttpServletResponse res ) - throws ServletException, IOException - { - String repoId = null; - String groupId = null; - String artifactId = null; - - String url = StringUtils.removeEnd( req.getRequestURL().toString(), "/" ); - if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) > 0 ) - { - artifactId = StringUtils.substringAfterLast( url, "/" ); - groupId = StringUtils.substringBeforeLast( StringUtils.substringAfter( url, "feeds/" ), "/" ); - groupId = StringUtils.replaceChars( groupId, '/', '.' ); - } - else if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) == 0 ) - { - repoId = StringUtils.substringAfterLast( url, "/" ); - } - else - { - res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Invalid request url." ); - return; - } - - try - { - Map map = new HashMap(); - SyndFeed feed = null; - - if ( isAllowed( req, repoId, groupId, artifactId ) ) - { - if ( repoId != null ) - { - // new artifacts in repo feed request - processor = wac.getBean( "rssFeedProcessor#new-artifacts", RssFeedProcessor.class ); - map.put( RssFeedProcessor.KEY_REPO_ID, repoId ); - } - else if ( ( groupId != null ) && ( artifactId != null ) ) - { - // TODO: this only works for guest - we could pass in the list of repos - // new versions of artifact feed request - processor = wac.getBean( "rssFeedProcessor#new-versions", RssFeedProcessor.class ); - map.put( RssFeedProcessor.KEY_GROUP_ID, groupId ); - map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId ); - } - } - else - { - res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED ); - return; - } - - RepositorySession repositorySession = repositorySessionFactory.createSession(); - try - { - feed = processor.process( map, repositorySession.getRepository() ); - } - finally - { - repositorySession.close(); - } - if ( feed == null ) - { - res.sendError( HttpServletResponse.SC_NO_CONTENT, "No information available." ); - return; - } - - res.setContentType( MIME_TYPE ); - - if ( repoId != null ) - { - feed.setLink( req.getRequestURL().toString() ); - } - else if ( ( groupId != null ) && ( artifactId != null ) ) - { - feed.setLink( req.getRequestURL().toString() ); - } - - SyndFeedOutput output = new SyndFeedOutput(); - output.output( feed, res.getWriter() ); - } - catch ( UserNotFoundException unfe ) - { - log.debug( COULD_NOT_AUTHENTICATE_USER, unfe ); - res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); - } - catch ( AccountLockedException acce ) - { - res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); - } - catch ( AuthenticationException authe ) - { - log.debug( COULD_NOT_AUTHENTICATE_USER, authe ); - res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); - } - catch ( FeedException ex ) - { - log.debug( COULD_NOT_GENERATE_FEED_ERROR, ex ); - res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, COULD_NOT_GENERATE_FEED_ERROR ); - } - catch ( MustChangePasswordException e ) - { - res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); - } - catch ( UnauthorizedException e ) - { - log.debug( e.getMessage() ); - if ( repoId != null ) - { - res.setHeader( "WWW-Authenticate", - "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" ); - } - else - { - res.setHeader( "WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId ); - } - - res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED ); - } - } - - /** - * Basic authentication. - * - * @param req - * @param repositoryId TODO - * @param groupId TODO - * @param artifactId TODO - * @return - */ - private boolean isAllowed( HttpServletRequest req, String repositoryId, String groupId, String artifactId ) - throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException, - UnauthorizedException - { - String auth = req.getHeader( "Authorization" ); - List repoIds = new ArrayList(); - - if ( repositoryId != null ) - { - repoIds.add( repositoryId ); - } - else if ( artifactId != null && groupId != null ) - { - if ( auth != null ) - { - if ( !auth.toUpperCase().startsWith( "BASIC " ) ) - { - return false; - } - - Decoder dec = new Base64(); - String usernamePassword = ""; - - try - { - usernamePassword = new String( (byte[]) dec.decode( auth.substring( 6 ).getBytes() ) ); - } - catch ( DecoderException ie ) - { - log.warn( "Error decoding username and password.", ie.getMessage() ); - } - - if ( usernamePassword == null || usernamePassword.trim().equals( "" ) ) - { - repoIds = getObservableRepos( UserManager.GUEST_USERNAME ); - } - else - { - String[] userCredentials = usernamePassword.split( ":" ); - repoIds = getObservableRepos( userCredentials[0] ); - } - } - else - { - repoIds = getObservableRepos( UserManager.GUEST_USERNAME ); - } - } - else - { - return false; - } - - for ( String repoId : repoIds ) - { - try - { - AuthenticationResult result = httpAuth.getAuthenticationResult( req, null ); - SecuritySession securitySession = httpAuth.getSecuritySession( req.getSession( true ) ); - - if ( servletAuth.isAuthenticated( req, result ) && servletAuth.isAuthorized( req, securitySession, - repoId, - ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) ) - { - return true; - } - } - catch ( AuthorizationException e ) - { - - } - catch ( UnauthorizedException e ) - { - - } - } - - throw new UnauthorizedException( "Access denied." ); - } - - private List getObservableRepos( String principal ) - { - try - { - return userRepositories.getObservableRepositoryIds( principal ); - } - catch ( PrincipalNotFoundException e ) - { - log.warn( e.getMessage(), e ); - } - catch ( AccessDeniedException e ) - { - log.warn( e.getMessage(), e ); - } - catch ( ArchivaSecurityException e ) - { - log.warn( e.getMessage(), e ); - } - - return Collections.emptyList(); - } - -} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml index f2cceebe4..95488afd8 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/web.xml @@ -142,8 +142,8 @@ RssFeedServlet - org.apache.maven.archiva.web.rss.RssFeedServlet - + org.apache.archiva.web.rss.RssFeedServlet + diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/archiva/web/rss/RssFeedServletTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/archiva/web/rss/RssFeedServletTest.java new file mode 100644 index 000000000..ac257635b --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/archiva/web/rss/RssFeedServletTest.java @@ -0,0 +1,186 @@ +package org.apache.archiva.web.rss; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import com.meterware.httpunit.GetMethodWebRequest; +import com.meterware.httpunit.HttpException; +import com.meterware.httpunit.WebRequest; +import com.meterware.httpunit.WebResponse; +import com.meterware.servletunit.ServletRunner; +import com.meterware.servletunit.ServletUnitClient; +import junit.framework.TestCase; +import org.apache.commons.codec.Encoder; +import org.apache.commons.codec.binary.Base64; +import sun.misc.BASE64Encoder; + +import java.io.File; +import javax.servlet.http.HttpServletResponse; + +public class RssFeedServletTest + extends TestCase +{ + private ServletRunner sr; + + private ServletUnitClient client; + + public void setUp() + throws Exception + { + sr = new ServletRunner( new File( "src/test/webapp/WEB-INF/feedServletTest-web.xml" ) ); + client = sr.newClient(); + } + + public void testRetrieveServlet() + throws Exception + { + RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( + "http://localhost/feeds/test-repo" ).getServlet(); + assertNotNull( servlet ); + } + + public void testRequestNewArtifactsInRepo() + throws Exception + { + RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( + "http://localhost/feeds/test-repo" ).getServlet(); + assertNotNull( servlet ); + + WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/test-repo" ); + + BASE64Encoder encoder = new BASE64Encoder(); + String userPass = "user1:password1"; + String encodedUserPass = encoder.encode( userPass.getBytes() ); + request.setHeaderField( "Authorization", "BASIC " + encodedUserPass ); + + WebResponse response = client.getResponse( request ); + assertEquals( RssFeedServlet.MIME_TYPE, response.getHeaderField( "CONTENT-TYPE" ) ); + assertNotNull( "Should have recieved a response", response ); + assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() ); + } + + public void testRequestNewVersionsOfArtifact() + throws Exception + { + RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( + "http://localhost/feeds/org/apache/archiva/artifact-two" ).getServlet(); + assertNotNull( servlet ); + + WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/org/apache/archiva/artifact-two" ); + + BASE64Encoder encoder = new BASE64Encoder(); + String userPass = "user1:password1"; + String encodedUserPass = encoder.encode( userPass.getBytes() ); + request.setHeaderField( "Authorization", "BASIC " + encodedUserPass ); + + WebResponse response = client.getResponse( request ); + assertEquals( RssFeedServlet.MIME_TYPE, response.getHeaderField( "CONTENT-TYPE" ) ); + assertNotNull( "Should have recieved a response", response ); + assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() ); + } + + public void XXX_testInvalidRequest() + throws Exception + { + RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( + "http://localhost/feeds?invalid_param=xxx" ).getServlet(); + assertNotNull( servlet ); + + try + { + WebResponse resp = client.getResponse( "http://localhost/feeds?invalid_param=xxx" ); + assertEquals( HttpServletResponse.SC_BAD_REQUEST, resp.getResponseCode() ); + } + catch ( HttpException he ) + { + assertEquals( "Should have been a bad request response code.", HttpServletResponse.SC_BAD_REQUEST, + he.getResponseCode() ); + } + } + + public void XXX_testInvalidAuthenticationRequest() + throws Exception + { + RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( + "http://localhost/feeds/unauthorized-repo" ).getServlet(); + assertNotNull( servlet ); + + WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/unauthorized-repo" ); + + Encoder encoder = new Base64(); + String userPass = "unauthUser:unauthPass"; + String encodedUserPass = new String( (byte[]) encoder.encode( userPass.getBytes() ) ); + request.setHeaderField( "Authorization", "BASIC " + encodedUserPass ); + + try + { + WebResponse resp = client.getResponse( request ); + assertEquals( HttpServletResponse.SC_UNAUTHORIZED, resp.getResponseCode() ); + } + catch ( HttpException he ) + { + assertEquals( "Should have been a unauthorized response.", HttpServletResponse.SC_UNAUTHORIZED, + he.getResponseCode() ); + } + } + + public void XXX_testUnauthorizedRequest() + throws Exception + { + RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( + "http://localhost/feeds/unauthorized-repo" ).getServlet(); + assertNotNull( servlet ); + + WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/unauthorized-repo" ); + + BASE64Encoder encoder = new BASE64Encoder(); + String userPass = "user1:password1"; + String encodedUserPass = encoder.encode( userPass.getBytes() ); + request.setHeaderField( "Authorization", "BASIC " + encodedUserPass ); + + try + { + WebResponse resp = client.getResponse( request ); + assertEquals( HttpServletResponse.SC_UNAUTHORIZED, resp.getResponseCode() ); + } + catch ( HttpException he ) + { + assertEquals( "Should have been a unauthorized response.", HttpServletResponse.SC_UNAUTHORIZED, + he.getResponseCode() ); + } + } + + @Override + protected void tearDown() + throws Exception + { + if ( client != null ) + { + client.clearContents(); + } + + if ( sr != null ) + { + sr.shutDown(); + } + + super.tearDown(); + } + +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/archiva/web/rss/SecuritySystemStub.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/archiva/web/rss/SecuritySystemStub.java new file mode 100644 index 000000000..d9d45208e --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/archiva/web/rss/SecuritySystemStub.java @@ -0,0 +1,155 @@ +package org.apache.archiva.web.rss; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.codehaus.plexus.redback.authentication.AuthenticationDataSource; +import org.codehaus.plexus.redback.authentication.AuthenticationException; +import org.codehaus.plexus.redback.authentication.AuthenticationResult; +import org.codehaus.plexus.redback.authorization.AuthorizationException; +import org.codehaus.plexus.redback.authorization.AuthorizationResult; +import org.codehaus.plexus.redback.keys.KeyManager; +import org.codehaus.plexus.redback.policy.AccountLockedException; +import org.codehaus.plexus.redback.policy.UserSecurityPolicy; +import org.codehaus.plexus.redback.system.DefaultSecuritySession; +import org.codehaus.plexus.redback.system.SecuritySession; +import org.codehaus.plexus.redback.system.SecuritySystem; +import org.codehaus.plexus.redback.users.User; +import org.codehaus.plexus.redback.users.UserManager; +import org.codehaus.plexus.redback.users.UserNotFoundException; +import org.codehaus.plexus.redback.users.jdo.JdoUser; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * SecuritySystem stub used for testing. + * + * @version $Id$ + */ +public class SecuritySystemStub + implements SecuritySystem +{ + Map users = new HashMap(); + + List repoIds = new ArrayList(); + + public SecuritySystemStub() + { + users.put( "user1", "password1" ); + users.put( "user2", "password2" ); + users.put( "user3", "password3" ); + + repoIds.add( "test-repo" ); + } + + public SecuritySession authenticate( AuthenticationDataSource source ) + throws AuthenticationException, UserNotFoundException, AccountLockedException + { + AuthenticationResult result = null; + SecuritySession session = null; + + if ( users.get( source.getPrincipal() ) != null ) + { + result = new AuthenticationResult( true, source.getPrincipal(), null ); + + User user = new JdoUser(); + user.setUsername( source.getPrincipal() ); + user.setPassword( users.get( source.getPrincipal() ) ); + + session = new DefaultSecuritySession( result, user ); + } + else + { + result = new AuthenticationResult( false, source.getPrincipal(), null ); + session = new DefaultSecuritySession( result ); + } + return session; + } + + public AuthorizationResult authorize( SecuritySession arg0, Object arg1 ) + throws AuthorizationException + { + return null; + } + + public AuthorizationResult authorize( SecuritySession arg0, Object arg1, Object arg2 ) + throws AuthorizationException + { + AuthorizationResult result = new AuthorizationResult( true, arg1, null ); + + return result; + } + + public String getAuthenticatorId() + { + return null; + } + + public String getAuthorizerId() + { + return null; + } + + public KeyManager getKeyManager() + { + return null; + } + + public UserSecurityPolicy getPolicy() + { + return null; + } + + public String getUserManagementId() + { + return null; + } + + public UserManager getUserManager() + { + return null; + } + + public boolean isAuthenticated( AuthenticationDataSource arg0 ) + throws AuthenticationException, UserNotFoundException, AccountLockedException + { + return false; + } + + public boolean isAuthorized( SecuritySession arg0, Object arg1 ) + throws AuthorizationException + { + return false; + } + + public boolean isAuthorized( SecuritySession arg0, Object arg1, Object arg2 ) + throws AuthorizationException + { + if ( repoIds.contains( arg2 ) ) + { + return true; + } + + return false; + } + +} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java deleted file mode 100644 index 6caaedc08..000000000 --- a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/RssFeedServletTest.java +++ /dev/null @@ -1,186 +0,0 @@ -package org.apache.maven.archiva.web.rss; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import com.meterware.httpunit.GetMethodWebRequest; -import com.meterware.httpunit.HttpException; -import com.meterware.httpunit.WebRequest; -import com.meterware.httpunit.WebResponse; -import com.meterware.servletunit.ServletRunner; -import com.meterware.servletunit.ServletUnitClient; -import junit.framework.TestCase; -import org.apache.commons.codec.Encoder; -import org.apache.commons.codec.binary.Base64; -import sun.misc.BASE64Encoder; - -import java.io.File; -import javax.servlet.http.HttpServletResponse; - -public class RssFeedServletTest - extends TestCase -{ - private ServletRunner sr; - - private ServletUnitClient client; - - public void setUp() - throws Exception - { - sr = new ServletRunner( new File( "src/test/webapp/WEB-INF/feedServletTest-web.xml" ) ); - client = sr.newClient(); - } - - public void testRetrieveServlet() - throws Exception - { - RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( - "http://localhost/feeds/test-repo" ).getServlet(); - assertNotNull( servlet ); - } - - public void testRequestNewArtifactsInRepo() - throws Exception - { - RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( - "http://localhost/feeds/test-repo" ).getServlet(); - assertNotNull( servlet ); - - WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/test-repo" ); - - BASE64Encoder encoder = new BASE64Encoder(); - String userPass = "user1:password1"; - String encodedUserPass = encoder.encode( userPass.getBytes() ); - request.setHeaderField( "Authorization", "BASIC " + encodedUserPass ); - - WebResponse response = client.getResponse( request ); - assertEquals( RssFeedServlet.MIME_TYPE, response.getHeaderField( "CONTENT-TYPE" ) ); - assertNotNull( "Should have recieved a response", response ); - assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() ); - } - - public void testRequestNewVersionsOfArtifact() - throws Exception - { - RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( - "http://localhost/feeds/org/apache/archiva/artifact-two" ).getServlet(); - assertNotNull( servlet ); - - WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/org/apache/archiva/artifact-two" ); - - BASE64Encoder encoder = new BASE64Encoder(); - String userPass = "user1:password1"; - String encodedUserPass = encoder.encode( userPass.getBytes() ); - request.setHeaderField( "Authorization", "BASIC " + encodedUserPass ); - - WebResponse response = client.getResponse( request ); - assertEquals( RssFeedServlet.MIME_TYPE, response.getHeaderField( "CONTENT-TYPE" ) ); - assertNotNull( "Should have recieved a response", response ); - assertEquals( "Should have been an OK response code.", HttpServletResponse.SC_OK, response.getResponseCode() ); - } - - public void XXX_testInvalidRequest() - throws Exception - { - RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( - "http://localhost/feeds?invalid_param=xxx" ).getServlet(); - assertNotNull( servlet ); - - try - { - WebResponse resp = client.getResponse( "http://localhost/feeds?invalid_param=xxx" ); - assertEquals( HttpServletResponse.SC_BAD_REQUEST, resp.getResponseCode() ); - } - catch ( HttpException he ) - { - assertEquals( "Should have been a bad request response code.", HttpServletResponse.SC_BAD_REQUEST, - he.getResponseCode() ); - } - } - - public void XXX_testInvalidAuthenticationRequest() - throws Exception - { - RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( - "http://localhost/feeds/unauthorized-repo" ).getServlet(); - assertNotNull( servlet ); - - WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/unauthorized-repo" ); - - Encoder encoder = new Base64(); - String userPass = "unauthUser:unauthPass"; - String encodedUserPass = new String( (byte[]) encoder.encode( userPass.getBytes() ) ); - request.setHeaderField( "Authorization", "BASIC " + encodedUserPass ); - - try - { - WebResponse resp = client.getResponse( request ); - assertEquals( HttpServletResponse.SC_UNAUTHORIZED, resp.getResponseCode() ); - } - catch ( HttpException he ) - { - assertEquals( "Should have been a unauthorized response.", HttpServletResponse.SC_UNAUTHORIZED, - he.getResponseCode() ); - } - } - - public void XXX_testUnauthorizedRequest() - throws Exception - { - RssFeedServlet servlet = (RssFeedServlet) client.newInvocation( - "http://localhost/feeds/unauthorized-repo" ).getServlet(); - assertNotNull( servlet ); - - WebRequest request = new GetMethodWebRequest( "http://localhost/feeds/unauthorized-repo" ); - - BASE64Encoder encoder = new BASE64Encoder(); - String userPass = "user1:password1"; - String encodedUserPass = encoder.encode( userPass.getBytes() ); - request.setHeaderField( "Authorization", "BASIC " + encodedUserPass ); - - try - { - WebResponse resp = client.getResponse( request ); - assertEquals( HttpServletResponse.SC_UNAUTHORIZED, resp.getResponseCode() ); - } - catch ( HttpException he ) - { - assertEquals( "Should have been a unauthorized response.", HttpServletResponse.SC_UNAUTHORIZED, - he.getResponseCode() ); - } - } - - @Override - protected void tearDown() - throws Exception - { - if ( client != null ) - { - client.clearContents(); - } - - if ( sr != null ) - { - sr.shutDown(); - } - - super.tearDown(); - } - -} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java b/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java deleted file mode 100644 index 9b4b6bea1..000000000 --- a/archiva-modules/archiva-web/archiva-webapp/src/test/java/org/apache/maven/archiva/web/rss/SecuritySystemStub.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.apache.maven.archiva.web.rss; - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import org.codehaus.plexus.redback.authentication.AuthenticationDataSource; -import org.codehaus.plexus.redback.authentication.AuthenticationException; -import org.codehaus.plexus.redback.authentication.AuthenticationResult; -import org.codehaus.plexus.redback.authorization.AuthorizationException; -import org.codehaus.plexus.redback.authorization.AuthorizationResult; -import org.codehaus.plexus.redback.keys.KeyManager; -import org.codehaus.plexus.redback.policy.AccountLockedException; -import org.codehaus.plexus.redback.policy.UserSecurityPolicy; -import org.codehaus.plexus.redback.system.DefaultSecuritySession; -import org.codehaus.plexus.redback.system.SecuritySession; -import org.codehaus.plexus.redback.system.SecuritySystem; -import org.codehaus.plexus.redback.users.User; -import org.codehaus.plexus.redback.users.UserManager; -import org.codehaus.plexus.redback.users.UserNotFoundException; -import org.codehaus.plexus.redback.users.jdo.JdoUser; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -/** - * SecuritySystem stub used for testing. - * - * @version $Id$ - */ -public class SecuritySystemStub - implements SecuritySystem -{ - Map users = new HashMap(); - - List repoIds = new ArrayList(); - - public SecuritySystemStub() - { - users.put( "user1", "password1" ); - users.put( "user2", "password2" ); - users.put( "user3", "password3" ); - - repoIds.add( "test-repo" ); - } - - public SecuritySession authenticate( AuthenticationDataSource source ) - throws AuthenticationException, UserNotFoundException, AccountLockedException - { - AuthenticationResult result = null; - SecuritySession session = null; - - if ( users.get( source.getPrincipal() ) != null ) - { - result = new AuthenticationResult( true, source.getPrincipal(), null ); - - User user = new JdoUser(); - user.setUsername( source.getPrincipal() ); - user.setPassword( users.get( source.getPrincipal() ) ); - - session = new DefaultSecuritySession( result, user ); - } - else - { - result = new AuthenticationResult( false, source.getPrincipal(), null ); - session = new DefaultSecuritySession( result ); - } - return session; - } - - public AuthorizationResult authorize( SecuritySession arg0, Object arg1 ) - throws AuthorizationException - { - return null; - } - - public AuthorizationResult authorize( SecuritySession arg0, Object arg1, Object arg2 ) - throws AuthorizationException - { - AuthorizationResult result = new AuthorizationResult( true, arg1, null ); - - return result; - } - - public String getAuthenticatorId() - { - return null; - } - - public String getAuthorizerId() - { - return null; - } - - public KeyManager getKeyManager() - { - return null; - } - - public UserSecurityPolicy getPolicy() - { - return null; - } - - public String getUserManagementId() - { - return null; - } - - public UserManager getUserManager() - { - return null; - } - - public boolean isAuthenticated( AuthenticationDataSource arg0 ) - throws AuthenticationException, UserNotFoundException, AccountLockedException - { - return false; - } - - public boolean isAuthorized( SecuritySession arg0, Object arg1 ) - throws AuthorizationException - { - return false; - } - - public boolean isAuthorized( SecuritySession arg0, Object arg1, Object arg2 ) - throws AuthorizationException - { - if ( repoIds.contains( arg2 ) ) - { - return true; - } - - return false; - } - -} diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/resources/spring-context-rss-servlet.xml b/archiva-modules/archiva-web/archiva-webapp/src/test/resources/spring-context-rss-servlet.xml index 3cab95633..949aa6a6d 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/test/resources/spring-context-rss-servlet.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/resources/spring-context-rss-servlet.xml @@ -39,7 +39,7 @@ - + diff --git a/archiva-modules/archiva-web/archiva-webapp/src/test/webapp/WEB-INF/feedServletTest-web.xml b/archiva-modules/archiva-web/archiva-webapp/src/test/webapp/WEB-INF/feedServletTest-web.xml index 69ae36009..8b8b624a9 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/test/webapp/WEB-INF/feedServletTest-web.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/test/webapp/WEB-INF/feedServletTest-web.xml @@ -35,7 +35,7 @@ RssFeedServlet - org.apache.maven.archiva.web.rss.RssFeedServlet + org.apache.archiva.web.rss.RssFeedServlet