From 3d0bdb625516e5e3cfde56e7c489f470d184d2b4 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Mon, 16 Oct 2006 21:16:15 +0000 Subject: [PATCH] * Fix NPE on webdav. * Fix authorization on webdav. * Fix http request context and path info for webdav. git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@464672 13f79535-47bb-0310-9956-ffa450edef68 --- .../servlet/repository/RepositoryAccess.java | 17 +++-- .../servlet/repository/RepositoryMapping.java | 2 +- .../servlet/repository/RepositoryRequest.java | 76 +++++++++++++++++++ 3 files changed, 89 insertions(+), 6 deletions(-) create mode 100644 archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryRequest.java diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java index 91e1e97aa..1eade2b46 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java @@ -114,6 +114,7 @@ public class RepositoryAccess catch ( ConfigurationStoreException e ) { // TODO: should be a more pretty error to user. ;-) + // TODO: can we determine if the incoming request is a real user, or just maven-wagon? throw new ServletException( "Unable to obtain configuration.", e ); } @@ -179,8 +180,6 @@ public class RepositoryAccess permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD; } - permission += "-" + repoconfig.getId(); - boolean isAuthorized = securitySystem.isAuthorized( securitySession, permission, repoconfig.getId() ); if ( !isAuthorized ) @@ -200,10 +199,18 @@ public class RepositoryAccess RepositoryMapping repo = getRepositoryMapping( repoconfig ); - response.setHeader( "Server", - getServletContext().getServerInfo() + " Archiva : " + DAVUtilities.SERVLET_SIGNATURE ); + String serverInfo = ""; + if ( getServletContext() != null ) + { + if ( StringUtils.isNotEmpty( getServletContext().getServerInfo() ) ) + { + serverInfo = getServletContext().getServerInfo(); + } + } + + response.setHeader( "Server", serverInfo + " Archiva : " + DAVUtilities.SERVLET_SIGNATURE ); - DAVTransaction transaction = new DAVTransaction( request, response ); + DAVTransaction transaction = new DAVTransaction( new RepositoryRequest( request, repoconfig.getId() ), response ); try { repo.getDavProcessor().process( transaction ); diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryMapping.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryMapping.java index 3e4123955..587b88359 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryMapping.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryMapping.java @@ -45,7 +45,7 @@ public class RepositoryMapping implements DAVListener this.repositoryConfiguration = repoConfig; File repoDir = new File(repositoryConfiguration.getDirectory()); this.davRepository = new DAVRepository( repoDir ); - this.davProcessor = new DAVProcessor(this.davRepository); + this.davProcessor = new DAVProcessor( this.davRepository ); this.davRepository.addListener(this); } diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryRequest.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryRequest.java new file mode 100644 index 000000000..b3677a29a --- /dev/null +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryRequest.java @@ -0,0 +1,76 @@ +package org.apache.maven.archiva.web.servlet.repository; + +/* + * Copyright 2001-2006 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import it.could.webdav.DAVTransaction; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +/** + * RepositoryRequest + * + * @author Joakim Erdfelt + * @version $Id$ + */ +public class RepositoryRequest + extends HttpServletRequestWrapper +{ + private String repoId; + + public RepositoryRequest( HttpServletRequest request, String repoid ) + { + super( request ); + this.repoId = ""; + + if(repoid != null) { + this.repoId = repoid; + } + } + + /** + * Adjust the path info value to remove reference to repoId. + * This is done to satisfy the needs of {@link DAVTransaction} + */ + public String getPathInfo() + { + String pathInfo = super.getPathInfo(); + + if ( pathInfo == null ) + { + return ""; + } + + if ( ( pathInfo.length() > 1 ) && ( pathInfo.charAt( 0 ) == '/' ) ) + { + pathInfo = pathInfo.substring( 1 ); + } + + if ( pathInfo.startsWith( repoId ) ) + { + pathInfo = pathInfo.substring( repoId.length() ); + } + + return pathInfo; + } + + public String getServletPath() + { + return super.getServletPath() + "/" + this.repoId; + } + +} -- 2.39.5