From cfdd2e9a66c83323a3e5c631a446192edbb73f20 Mon Sep 17 00:00:00 2001 From: "Maria Odea B. Ching" Date: Wed, 10 Sep 2008 03:46:03 +0000 Subject: [PATCH] [MRM-911] -check first if guest is enabled for the repository before failing the authentication git-svn-id: https://svn.apache.org/repos/asf/archiva/branches@693694 13f79535-47bb-0310-9956-ffa450edef68 --- .../security/ArchivaServletAuthenticator.java | 2 +- .../security/ServletAuthenticator.java | 2 +- .../webdav/ArchivaDavResourceFactory.java | 20 ++++++++++++-- .../webdav/ArchivaDavSessionProvider.java | 26 +++++++++++++++++-- .../archiva/webdav/RepositoryServlet.java | 5 +++- .../webdav/ArchivaDavSessionProviderTest.java | 4 +-- .../UnauthenticatedDavSessionProvider.java | 2 +- 7 files changed, 51 insertions(+), 10 deletions(-) diff --git a/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java b/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java index 4e8c040b7..31d1245c9 100644 --- a/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java +++ b/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java @@ -93,7 +93,7 @@ public class ArchivaServletAuthenticator return true; } - public boolean isAuthorizedToAccessVirtualRepository( String principal, String repoId ) + public boolean isAuthorized( String principal, String repoId ) throws UnauthorizedException { try diff --git a/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java b/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java index fb39b4bca..2edda8120 100644 --- a/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java +++ b/archiva-1.1.x/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java @@ -41,6 +41,6 @@ public interface ServletAuthenticator public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, boolean isWriteRequest ) throws AuthorizationException, UnauthorizedException; - public boolean isAuthorizedToAccessVirtualRepository( String principal, String repoId ) + public boolean isAuthorized( String principal, String repoId ) throws UnauthorizedException; } diff --git a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java index c959cc059..5132b0366 100644 --- a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java +++ b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java @@ -772,6 +772,22 @@ public class ArchivaDavResourceFactory } catch ( AuthenticationException e ) { + // safety check for MRM-911 + String guest = archivaXworkUser.getGuest(); + try + { + if( servletAuth.isAuthorized( guest, + ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId() ) ) + { + return true; + } + } + catch ( UnauthorizedException ae ) + { + throw new UnauthorizedDavException( repositoryId, + "You are not authenticated and authorized to access any repository." ); + } + throw new UnauthorizedDavException( repositoryId, "You are not authenticated" ); } catch ( MustChangePasswordException e ) @@ -840,7 +856,7 @@ public class ArchivaDavResourceFactory // for the current user logged in try { - if( servletAuth.isAuthorizedToAccessVirtualRepository( activePrincipal, repository ) ) + if( servletAuth.isAuthorized( activePrincipal, repository ) ) { getResource( locator, mergedRepositoryContents, logicalResource, repository ); } @@ -936,7 +952,7 @@ public class ArchivaDavResourceFactory { try { - if( servletAuth.isAuthorizedToAccessVirtualRepository( activePrincipal, repository ) ) + if( servletAuth.isAuthorized( activePrincipal, repository ) ) { allow = true; break; diff --git a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java index ad96939d1..2c5a39d35 100644 --- a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java +++ b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java @@ -24,9 +24,11 @@ import org.apache.jackrabbit.webdav.WebdavRequest; import org.apache.jackrabbit.webdav.DavException; import org.apache.jackrabbit.webdav.DavServletRequest; import org.apache.maven.archiva.webdav.util.RepositoryPathUtil; +import org.apache.maven.archiva.security.ArchivaXworkUser; import org.apache.maven.archiva.security.ServletAuthenticator; import org.codehaus.plexus.redback.authentication.AuthenticationException; import org.codehaus.plexus.redback.authentication.AuthenticationResult; +import org.codehaus.plexus.redback.authorization.UnauthorizedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; @@ -45,10 +47,13 @@ public class ArchivaDavSessionProvider private HttpAuthenticator httpAuth; - public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator httpAuth ) + private ArchivaXworkUser archivaXworkUser; + + public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator httpAuth, ArchivaXworkUser archivaXworkUser ) { this.servletAuth = servletAuth; this.httpAuth = httpAuth; + this.archivaXworkUser = archivaXworkUser; } public boolean attachSession( WebdavRequest request ) @@ -67,7 +72,24 @@ public class ArchivaDavSessionProvider } catch ( AuthenticationException e ) { - throw new UnauthorizedDavException( repositoryId, "You are not authenticated" ); + // safety check for MRM-911 + String guest = archivaXworkUser.getGuest(); + try + { + if( servletAuth.isAuthorized( guest, + ( ( ArchivaDavResourceLocator ) request.getRequestLocator() ).getRepositoryId() ) ) + { + request.setDavSession(new ArchivaDavSession()); + return true; + } + } + catch ( UnauthorizedException ae ) + { + throw new UnauthorizedDavException( repositoryId, + "You are not authenticated and authorized to access any repository." ); + } + + throw new UnauthorizedDavException( repositoryId, "You are not authenticated." ); } catch ( MustChangePasswordException e ) { diff --git a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java index ca9aa5aed..a73e72d5e 100644 --- a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java +++ b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/RepositoryServlet.java @@ -44,6 +44,7 @@ import org.apache.maven.archiva.configuration.ArchivaConfiguration; import org.apache.maven.archiva.configuration.ConfigurationEvent; import org.apache.maven.archiva.configuration.ConfigurationListener; import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; +import org.apache.maven.archiva.security.ArchivaXworkUser; import org.apache.maven.archiva.security.ServletAuthenticator; import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; import org.codehaus.plexus.spring.PlexusToSpringUtils; @@ -195,7 +196,9 @@ public class RepositoryServlet HttpAuthenticator httpAuth = (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) ); - sessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth ); + ArchivaXworkUser archivaXworkUser = + (ArchivaXworkUser) wac.getBean( PlexusToSpringUtils.buildSpringId( ArchivaXworkUser.class.getName() ) ); + sessionProvider = new ArchivaDavSessionProvider( servletAuth, httpAuth, archivaXworkUser ); } public void configurationEvent( ConfigurationEvent event ) diff --git a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java index 2a53bf99d..e882c5ad6 100644 --- a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java +++ b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProviderTest.java @@ -59,7 +59,7 @@ public class ArchivaDavSessionProviderTest extends TestCase throws Exception { super.setUp(); - sessionProvider = new ArchivaDavSessionProvider(new ServletAuthenticatorMock(), new HttpAuthenticatorMock()); + sessionProvider = new ArchivaDavSessionProvider(new ServletAuthenticatorMock(), new HttpAuthenticatorMock(), null); request = new WebdavRequestImpl(new HttpServletRequestMock(), null); } @@ -362,7 +362,7 @@ public class ArchivaDavSessionProviderTest extends TestCase return true; } - public boolean isAuthorizedToAccessVirtualRepository(String arg0, String arg1) + public boolean isAuthorized(String arg0, String arg1) throws UnauthorizedException { return true; diff --git a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java index 13082cf4d..082d62dfc 100644 --- a/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java +++ b/archiva-1.1.x/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/UnauthenticatedDavSessionProvider.java @@ -29,7 +29,7 @@ public class UnauthenticatedDavSessionProvider extends ArchivaDavSessionProvider { public UnauthenticatedDavSessionProvider() { - super(null, null); + super(null, null, null); } @Override -- 2.39.5