From 87bdeaecf66570324748f051326f9ca57b0e43fb Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakime@apache.org>
Date: Fri, 27 Oct 2006 19:21:46 +0000
Subject: [PATCH] * Making authenication optional (if provided, then
 authenticate) * Making authorization denial reason be dumped to log file.

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@468507 13f79535-47bb-0310-9956-ffa450edef68
---
 .../servlet/repository/RepositoryAccess.java  | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
index 3ae46df9c..5635183b7 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
@@ -27,6 +27,7 @@ import org.apache.maven.archiva.web.servlet.AbstractPlexusServlet;
 import org.codehaus.plexus.security.authentication.AuthenticationException;
 import org.codehaus.plexus.security.authentication.AuthenticationResult;
 import org.codehaus.plexus.security.authorization.AuthorizationException;
+import org.codehaus.plexus.security.authorization.AuthorizationResult;
 import org.codehaus.plexus.security.policy.AccountLockedException;
 import org.codehaus.plexus.security.policy.MustChangePasswordException;
 import org.codehaus.plexus.security.system.SecuritySession;
@@ -134,19 +135,18 @@ public class RepositoryAccess
         }
 
         // Authentication Tests.
-
-        AuthenticationResult result;
         try
         {
-            result = httpAuth.getAuthenticationResult( request, response );
+            AuthenticationResult result = httpAuth.getAuthenticationResult( request, response );
 
-            if ( !result.isAuthenticated() )
+            if ( ( result != null ) && !result.isAuthenticated() )
             {
                 // Must Authenticate.
                 httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
                                     new AuthenticationException( "User Credentials Invalid" ) );
                 return;
             }
+
         }
         catch ( AuthenticationException e )
         {
@@ -178,10 +178,16 @@ public class RepositoryAccess
                 permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
             }
             
-            boolean isAuthorized = securitySystem.isAuthorized( securitySession, permission, repoconfig.getId() );
-
-            if ( !isAuthorized )
+            AuthorizationResult authzResult = securitySystem
+                .authorize( securitySession, permission, repoconfig.getId() );
+             
+            if ( !authzResult.isAuthorized() )
             {
+                if ( authzResult.getException() != null )
+                {
+                    getLogger().warn( "Authorization Denied", authzResult.getException() );
+                }
+                
                 // Issue HTTP Challenge.
                 httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
                                     new AuthenticationException( "Authorization Denied." ) );
-- 
2.39.5