From 98c5172b794bb9f5d995cf2e36f9aeda3dd5d97d Mon Sep 17 00:00:00 2001 From: "Maria Odea B. Ching" Date: Sun, 11 May 2008 07:30:52 +0000 Subject: [PATCH] [MRM-773] set response header to 'authenticate' if no username and password were supplied git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@655274 13f79535-47bb-0310-9956-ffa450edef68 --- .../security/ArchivaServletAuthenticator.java | 12 ++++--- .../security/ServletAuthenticator.java | 3 +- .../maven/archiva/web/rss/RssFeedServlet.java | 34 +++++++++++++++---- .../webdav/ArchivaDavSessionProvider.java | 6 ++++ 4 files changed, 43 insertions(+), 12 deletions(-) diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java index 018992009..8af0c0cf3 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java @@ -26,6 +26,7 @@ import org.codehaus.plexus.redback.authentication.AuthenticationException; import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.authorization.AuthorizationException; import org.codehaus.plexus.redback.authorization.AuthorizationResult; +import org.codehaus.plexus.redback.authorization.UnauthorizedException; import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.system.SecuritySession; @@ -43,7 +44,7 @@ public class ArchivaServletAuthenticator private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class ); /** - * @plexus.requirement + * @plexus.requirement */ private SecuritySystem securitySystem; @@ -60,7 +61,7 @@ public class ArchivaServletAuthenticator public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, boolean isWriteRequest ) - throws AuthorizationException + throws AuthorizationException, UnauthorizedException { String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS; @@ -74,13 +75,14 @@ public class ArchivaServletAuthenticator if ( !authzResult.isAuthorized() ) { if ( authzResult.getException() != null ) - { + { log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest + ",permission=" + permission + ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() ); - - return false; + + throw new UnauthorizedException( "Access denied for repository " + repositoryId ); } + throw new UnauthorizedException( "User account is locked" ); } return true; diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java index 4c78235ea..e13c2d3e4 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java @@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest; import org.codehaus.plexus.redback.authentication.AuthenticationException; import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.authorization.AuthorizationException; +import org.codehaus.plexus.redback.authorization.UnauthorizedException; import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.system.SecuritySession; @@ -38,5 +39,5 @@ public interface ServletAuthenticator throws AuthenticationException, AccountLockedException, MustChangePasswordException; public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, - boolean isWriteRequest ) throws AuthorizationException; + boolean isWriteRequest ) throws AuthorizationException, UnauthorizedException; } diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java index f66d154c9..c3b295da5 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java @@ -44,6 +44,7 @@ import org.apache.maven.archiva.security.UserRepositories; import org.codehaus.plexus.redback.authentication.AuthenticationException; import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.authorization.AuthorizationException; +import org.codehaus.plexus.redback.authorization.UnauthorizedException; import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.system.SecuritySession; @@ -104,14 +105,15 @@ public class RssFeedServlet public void doGet( HttpServletRequest req, HttpServletResponse res ) throws ServletException, IOException { + String repoId = req.getParameter( "repoId" ); + String groupId = req.getParameter( "groupId" ); + String artifactId = req.getParameter( "artifactId" ); + try { Map map = new HashMap(); SyndFeed feed = null; - String repoId = req.getParameter( "repoId" ); - String groupId = req.getParameter( "groupId" ); - String artifactId = req.getParameter( "artifactId" ); - + if ( ( repoId == null ) && ( groupId == null && artifactId == null ) ) { res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Required fields not found in request." ); @@ -173,6 +175,7 @@ public class RssFeedServlet } catch ( AuthenticationException authe ) { + authe.printStackTrace(); log.error( COULD_NOT_AUTHENTICATE_USER, authe ); res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); } @@ -186,6 +189,20 @@ public class RssFeedServlet log.error( COULD_NOT_AUTHENTICATE_USER, e ); res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER ); } + catch ( UnauthorizedException e ) + { + log.error( e.getMessage() ); + if ( repoId != null ) + { + res.setHeader("WWW-Authenticate", "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" ); + } + else + { + res.setHeader("WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId ); + } + + res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED ); + } } /** @@ -195,7 +212,8 @@ public class RssFeedServlet * @return */ private boolean isAllowed( HttpServletRequest req ) - throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException + throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException, + UnauthorizedException { String auth = req.getHeader( "Authorization" ); List repoIds = new ArrayList(); @@ -262,9 +280,13 @@ public class RssFeedServlet { log.error( "Fatal Authorization Subsystem Error." ); } + catch ( UnauthorizedException e ) + { + log.error( e.getMessage() ); + } } - return false; + throw new UnauthorizedException( "Access denied." ); } private List getObservableRepos( String principal ) diff --git a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java index ed78e4fd6..1ec63dfc6 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java @@ -33,6 +33,7 @@ import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.system.SecuritySession; import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; import org.codehaus.plexus.redback.authorization.AuthorizationException; +import org.codehaus.plexus.redback.authorization.UnauthorizedException; import org.codehaus.plexus.spring.PlexusToSpringUtils; import org.springframework.web.context.WebApplicationContext; import org.slf4j.Logger; @@ -90,6 +91,11 @@ public class ArchivaDavSessionProvider implements DavSessionProvider log.error( "Fatal Authorization Subsystem Error." ); throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Fatal Authorization Subsystem Error." ); } + catch ( UnauthorizedException e ) + { + log.error( e.getMessage() ); + throw new UnauthorizedDavException(repositoryId, e.getMessage() ); + } } public void releaseSession(WebdavRequest webdavRequest) -- 2.39.5