From f63959e3aa1694a987c852086df73d205b3ceddc Mon Sep 17 00:00:00 2001 From: Brett Porter Date: Wed, 11 Mar 2009 16:53:17 +0000 Subject: [PATCH] [MRM-1101] restore proper tracking of principal in DAV for audit logging git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@752519 13f79535-47bb-0310-9956-ffa450edef68 --- .../archiva/security/ArchivaXworkUser.java | 20 +---- .../archiva/security/SecurityStartup.java | 3 +- .../maven/archiva/web/rss/RssFeedServlet.java | 5 +- .../web/startup/SecuritySynchronization.java | 3 +- .../archiva/webdav/ArchivaDavResource.java | 20 ++--- .../webdav/ArchivaDavResourceFactory.java | 76 ++++++++++--------- .../webdav/ArchivaDavSessionProvider.java | 3 +- .../maven/archiva/webdav/DavResourceTest.java | 8 +- .../webdav/RepositoryServletSecurityTest.java | 6 ++ .../webdav/RepositoryServletSecurityTest.xml | 4 - .../archiva/webdav/RepositoryServletTest.xml | 4 - 11 files changed, 66 insertions(+), 86 deletions(-) diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java index 29f7498f1..88b3f628e 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaXworkUser.java @@ -25,7 +25,6 @@ import org.codehaus.plexus.redback.system.SecuritySession; import org.codehaus.plexus.redback.system.SecuritySystemConstants; import org.codehaus.plexus.redback.users.User; import org.codehaus.plexus.redback.users.UserManager; -import org.codehaus.plexus.registry.Registry; /** * ArchivaXworkUser @@ -37,35 +36,20 @@ public class ArchivaXworkUser { public String getActivePrincipal( Map sessionMap ) { - if ( sessionMap == null ) - { - return getGuest(); - } - SecuritySession securitySession = (SecuritySession) sessionMap.get( SecuritySystemConstants.SECURITY_SESSION_KEY ); if ( securitySession == null ) { - securitySession = (SecuritySession) sessionMap.get( SecuritySession.ROLE ); - } - - if ( securitySession == null ) - { - return getGuest(); + return UserManager.GUEST_USERNAME; } User user = securitySession.getUser(); if ( user == null ) { - return getGuest(); + return UserManager.GUEST_USERNAME; } return (String) user.getPrincipal(); } - - public String getGuest() - { - return UserManager.GUEST_USERNAME; - } } diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java index 9b589d791..b81b7a5fa 100644 --- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java +++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/SecurityStartup.java @@ -33,6 +33,7 @@ import org.codehaus.plexus.redback.rbac.RBACManager; import org.codehaus.plexus.redback.rbac.RbacManagerException; import org.codehaus.plexus.redback.rbac.UserAssignment; import org.codehaus.plexus.redback.system.check.EnvironmentCheck; +import org.codehaus.plexus.redback.users.UserManager; import org.codehaus.plexus.registry.Registry; import org.codehaus.plexus.registry.RegistryListener; import org.slf4j.Logger; @@ -88,7 +89,7 @@ public class SecurityStartup { String repoId = repoConfig.getId(); - String principal = archivaXworkUser.getGuest(); + String principal = UserManager.GUEST_USERNAME; try { diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java index e1967c06e..7e16bea22 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java @@ -50,6 +50,7 @@ import org.codehaus.plexus.redback.authorization.UnauthorizedException; import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.system.SecuritySession; +import org.codehaus.plexus.redback.users.UserManager; import org.codehaus.plexus.redback.users.UserNotFoundException; import org.codehaus.plexus.spring.PlexusToSpringUtils; import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator; @@ -271,7 +272,7 @@ public class RssFeedServlet if ( usernamePassword == null || usernamePassword.trim().equals( "" ) ) { - repoIds = getObservableRepos( archivaXworkUser.getGuest() ); + repoIds = getObservableRepos( UserManager.GUEST_USERNAME ); } else { @@ -281,7 +282,7 @@ public class RssFeedServlet } else { - repoIds = getObservableRepos( archivaXworkUser.getGuest() ); + repoIds = getObservableRepos( UserManager.GUEST_USERNAME ); } } else diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java index 46fd35753..267c1b7de 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/startup/SecuritySynchronization.java @@ -37,6 +37,7 @@ import org.codehaus.plexus.redback.rbac.UserAssignment; import org.codehaus.plexus.redback.role.RoleManager; import org.codehaus.plexus.redback.role.RoleManagerException; import org.codehaus.plexus.redback.system.check.EnvironmentCheck; +import org.codehaus.plexus.redback.users.UserManager; import org.codehaus.plexus.registry.Registry; import org.codehaus.plexus.registry.RegistryListener; import org.slf4j.Logger; @@ -188,7 +189,7 @@ public class SecuritySynchronization { String repoId = repoConfig.getId(); - String principal = archivaXworkUser.getGuest(); + String principal = UserManager.GUEST_USERNAME; try { diff --git a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java index fec4bb8e9..f715960e4 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResource.java @@ -57,15 +57,12 @@ import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; import org.apache.maven.archiva.repository.audit.AuditEvent; import org.apache.maven.archiva.repository.audit.AuditListener; import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers; -import org.apache.maven.archiva.security.ArchivaXworkUser; import org.apache.maven.archiva.webdav.util.IndexWriter; import org.apache.maven.archiva.webdav.util.MimeTypes; import org.joda.time.DateTime; import org.joda.time.format.DateTimeFormatter; import org.joda.time.format.ISODateTimeFormat; -import com.opensymphony.xwork2.ActionContext; - /** */ public class ArchivaDavResource @@ -96,22 +93,21 @@ public class ArchivaDavResource private final MimeTypes mimeTypes; private List auditListeners; - - private ArchivaXworkUser archivaXworkUser; + private String principal; + public static final String COMPLIANCE_CLASS = "1, 2"; public ArchivaDavResource( String localResource, String logicalResource, ManagedRepositoryConfiguration repository, DavSession session, ArchivaDavResourceLocator locator, DavResourceFactory factory, MimeTypes mimeTypes, List auditListeners, - RepositoryContentConsumers consumers, ArchivaXworkUser archivaXworkUser ) + RepositoryContentConsumers consumers ) { this.localResource = new File( localResource ); this.logicalResource = logicalResource; this.locator = locator; this.factory = factory; this.session = session; - this.archivaXworkUser = archivaXworkUser; // TODO: push into locator as well as moving any references out of the resource factory this.repository = repository; @@ -123,14 +119,15 @@ public class ArchivaDavResource } public ArchivaDavResource( String localResource, String logicalResource, ManagedRepositoryConfiguration repository, - String remoteAddr, DavSession session, ArchivaDavResourceLocator locator, + String remoteAddr, String principal, DavSession session, ArchivaDavResourceLocator locator, DavResourceFactory factory, MimeTypes mimeTypes, List auditListeners, - RepositoryContentConsumers consumers, ArchivaXworkUser archivaXworkUser ) + RepositoryContentConsumers consumers ) { this( localResource, logicalResource, repository, session, locator, factory, mimeTypes, auditListeners, - consumers, archivaXworkUser ); + consumers ); this.remoteAddr = remoteAddr; + this.principal = principal; } public String getComplianceClass() @@ -618,8 +615,7 @@ public class ArchivaDavResource private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action ) { - String activePrincipal = archivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() ); - AuditEvent event = new AuditEvent( repositoryId, activePrincipal, resource, action ); + AuditEvent event = new AuditEvent( repositoryId, principal, resource, action ); event.setRemoteIP( remoteIP ); for ( AuditListener listener : auditListeners ) diff --git a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java index 466573f47..16279f3e2 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java @@ -24,9 +24,7 @@ import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; -import java.util.Map; import javax.servlet.http.HttpServletResponse; @@ -64,7 +62,6 @@ import org.apache.maven.archiva.repository.metadata.RepositoryMetadataMerge; import org.apache.maven.archiva.repository.metadata.RepositoryMetadataReader; import org.apache.maven.archiva.repository.metadata.RepositoryMetadataWriter; import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers; -import org.apache.maven.archiva.security.ArchivaXworkUser; import org.apache.maven.archiva.security.ServletAuthenticator; import org.apache.maven.archiva.webdav.util.MimeTypes; import org.apache.maven.archiva.webdav.util.RepositoryPathUtil; @@ -84,13 +81,13 @@ import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; import org.codehaus.plexus.redback.system.SecuritySession; import org.codehaus.plexus.redback.system.SecuritySystemConstants; +import org.codehaus.plexus.redback.users.User; +import org.codehaus.plexus.redback.users.UserManager; import org.codehaus.plexus.util.xml.pull.XmlPullParserException; import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.opensymphony.xwork2.ActionContext; - /** * @plexus.component role="org.apache.maven.archiva.webdav.ArchivaDavResourceFactory" */ @@ -172,11 +169,6 @@ public class ArchivaDavResourceFactory * @plexus.requirement role-hint="md5"; */ private Digester digestMd5; - - /** - * @plexus.requirement - */ - private ArchivaXworkUser archivaXworkUser; public DavResource createResource( final DavResourceLocator locator, final DavServletRequest request, final DavServletResponse response ) @@ -317,10 +309,13 @@ public class ArchivaDavResourceFactory LogicalResource logicalResource = new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) ); + String activePrincipal = getActivePrincipal( request ); + ArchivaDavResource metadataChecksumResource = - new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(), null, - request.getRemoteAddr(), request.getDavSession(), archivaLocator, this, - mimeTypes, auditListeners, consumers, archivaXworkUser ); + new ArchivaDavResource( metadataChecksum.getAbsolutePath(), logicalResource.getPath(), + null, request.getRemoteAddr(), activePrincipal, + request.getDavSession(), archivaLocator, this, mimeTypes, + auditListeners, consumers ); availableResources.add( 0, metadataChecksumResource ); } } @@ -349,10 +344,12 @@ public class ArchivaDavResourceFactory LogicalResource logicalResource = new LogicalResource( RepositoryPathUtil.getLogicalResource( locator.getResourcePath() ) ); + String activePrincipal = getActivePrincipal( request ); + ArchivaDavResource metadataResource = new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), null, - request.getRemoteAddr(), request.getDavSession(), archivaLocator, this, - mimeTypes, auditListeners, consumers, archivaXworkUser ); + request.getRemoteAddr(), activePrincipal, request.getDavSession(), + archivaLocator, this, mimeTypes, auditListeners, consumers ); availableResources.add( 0, metadataResource ); } catch ( RepositoryMetadataException r ) @@ -401,7 +398,7 @@ public class ArchivaDavResourceFactory resource = new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource, managedRepository.getRepository(), davSession, archivaLocator, this, mimeTypes, - auditListeners, consumers, archivaXworkUser ); + auditListeners, consumers ); } resource.addLockManager(lockManager); return resource; @@ -423,10 +420,12 @@ public class ArchivaDavResourceFactory } } + String activePrincipal = getActivePrincipal( request ); + ArchivaDavResource resource = new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), - managedRepository.getRepository(), request.getRemoteAddr(), - request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers, archivaXworkUser ); + managedRepository.getRepository(), request.getRemoteAddr(), activePrincipal, + request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers ); if ( !resource.isCollection() ) { @@ -458,7 +457,8 @@ public class ArchivaDavResourceFactory { String repositoryId = locator.getRepositoryId(); String event = ( previouslyExisted ? AuditEvent.MODIFY_FILE : AuditEvent.CREATE_FILE ) + PROXIED_SUFFIX; - triggerAuditEvent( request.getRemoteAddr(), repositoryId, logicalResource.getPath(), event ); + triggerAuditEvent( request.getRemoteAddr(), repositoryId, logicalResource.getPath(), event, + activePrincipal ); } if ( !resourceFile.exists() ) @@ -470,8 +470,8 @@ public class ArchivaDavResourceFactory resource = new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), managedRepository.getRepository(), request.getRemoteAddr(), - request.getDavSession(), locator, this, mimeTypes, auditListeners, - consumers, archivaXworkUser ); + activePrincipal, request.getDavSession(), locator, this, mimeTypes, + auditListeners, consumers ); } } return resource; @@ -490,18 +490,21 @@ public class ArchivaDavResourceFactory File rootDirectory = new File( managedRepository.getRepoRoot() ); File destDir = new File( rootDirectory, logicalResource.getPath() ).getParentFile(); + String activePrincipal = getActivePrincipal( request ); + if ( request.getMethod().equals(HTTP_PUT_METHOD) && !destDir.exists() ) { destDir.mkdirs(); String relPath = PathUtil.getRelative( rootDirectory.getAbsolutePath(), destDir ); - triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR ); + triggerAuditEvent( request.getRemoteAddr(), logicalResource.getPath(), relPath, AuditEvent.CREATE_DIR, + activePrincipal ); } File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() ); return new ArchivaDavResource( resourceFile.getAbsolutePath(), logicalResource.getPath(), - managedRepository.getRepository(), request.getRemoteAddr(), - request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers, archivaXworkUser ); + managedRepository.getRepository(), request.getRemoteAddr(), activePrincipal, + request.getDavSession(), locator, this, mimeTypes, auditListeners, consumers ); } private boolean fetchContentFromProxies( ManagedRepositoryContent managedRepository, DavServletRequest request, @@ -638,10 +641,10 @@ public class ArchivaDavResourceFactory } // TODO: remove? - private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action ) + private void triggerAuditEvent( String remoteIP, String repositoryId, String resource, String action, + String principal ) { - String activePrincipal = archivaXworkUser.getActivePrincipal( ActionContext.getContext().getSession() ); - AuditEvent event = new AuditEvent( repositoryId, activePrincipal, resource, action ); + AuditEvent event = new AuditEvent( repositoryId, principal, resource, action ); event.setRemoteIP( remoteIP ); for ( AuditListener listener : auditListeners ) @@ -749,7 +752,7 @@ public class ArchivaDavResourceFactory boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() ); // safety check for MRM-911 - String guest = archivaXworkUser.getGuest(); + String guest = UserManager.GUEST_USERNAME; try { if( servletAuth.isAuthorized( guest, @@ -797,15 +800,8 @@ public class ArchivaDavResourceFactory // browse the repo group but displaying only the repositories which the user has permission to access. // otherwise, prompt for authentication. - // put the current session in the session map which will be passed to ArchivaXworkUser - Map sessionMap = new HashMap(); - if( request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) != null ) - { - sessionMap.put( SecuritySystemConstants.SECURITY_SESSION_KEY, - request.getSession().getAttribute( SecuritySystemConstants.SECURITY_SESSION_KEY ) ); - } - - String activePrincipal = archivaXworkUser.getActivePrincipal( sessionMap ); + String activePrincipal = getActivePrincipal( request ); + boolean allow = isAllowedToContinue( request, repositories, activePrincipal ); if( allow ) @@ -863,6 +859,12 @@ public class ArchivaDavResourceFactory return resource; } + private String getActivePrincipal( DavServletRequest request ) + { + User sessionUser = httpAuth.getSessionUser( request.getSession() ); + return sessionUser != null ? sessionUser.getUsername() : UserManager.GUEST_USERNAME; + } + private void getResource( ArchivaDavResourceLocator locator, List mergedRepositoryContents, LogicalResource logicalResource, String repository ) throws DavException diff --git a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java index 144e32e0c..bb1c6d67a 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java @@ -32,6 +32,7 @@ import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.authorization.UnauthorizedException; import org.codehaus.plexus.redback.policy.AccountLockedException; import org.codehaus.plexus.redback.policy.MustChangePasswordException; +import org.codehaus.plexus.redback.users.UserManager; import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -75,7 +76,7 @@ public class ArchivaDavSessionProvider boolean isPut = WebdavMethodUtil.isWriteMethod( request.getMethod() ); // safety check for MRM-911 - String guest = archivaXworkUser.getGuest(); + String guest = UserManager.GUEST_USERNAME; try { if( servletAuth.isAuthorized( guest, diff --git a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java index 28fb95588..511cbeb12 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/DavResourceTest.java @@ -37,7 +37,6 @@ import org.apache.jackrabbit.webdav.lock.SimpleLockManager; import org.apache.jackrabbit.webdav.lock.Type; import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; import org.apache.maven.archiva.repository.scanner.RepositoryContentConsumers; -import org.apache.maven.archiva.security.ArchivaXworkUser; import org.apache.maven.archiva.webdav.util.MimeTypes; import org.codehaus.plexus.spring.PlexusInSpringTestCase; import org.codehaus.plexus.spring.PlexusToSpringUtils; @@ -68,8 +67,6 @@ public class DavResourceTest extends PlexusInSpringTestCase private ManagedRepositoryConfiguration repository = new ManagedRepositoryConfiguration(); - private ArchivaXworkUser archivaXworkUser; - @Override protected void setUp() throws Exception @@ -87,7 +84,6 @@ public class DavResourceTest extends PlexusInSpringTestCase lockManager = new SimpleLockManager(); resource.addLockManager(lockManager); consumers = (RepositoryContentConsumers)getApplicationContext().getBean("repositoryContentConsumers"); - archivaXworkUser = (ArchivaXworkUser) getApplicationContext().getBean( PlexusToSpringUtils.buildSpringId( ArchivaXworkUser.class ) ); } @Override @@ -102,7 +98,7 @@ public class DavResourceTest extends PlexusInSpringTestCase private DavResource getDavResource(String logicalPath, File file) { return new ArchivaDavResource( file.getAbsolutePath(), logicalPath, repository, session, resourceLocator, - resourceFactory, mimeTypes, Collections.emptyList(), consumers, archivaXworkUser ); + resourceFactory, mimeTypes, Collections.emptyList(), consumers ); } public void testDeleteNonExistantResourceShould404() @@ -303,7 +299,7 @@ public class DavResourceTest extends PlexusInSpringTestCase public DavResource createResource(DavResourceLocator locator, DavSession session) throws DavException { return new ArchivaDavResource( baseDir.getAbsolutePath(), "/", repository, session, resourceLocator, - resourceFactory, mimeTypes, Collections.emptyList(), consumers, archivaXworkUser ); + resourceFactory, mimeTypes, Collections.emptyList(), consumers ); } } } diff --git a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java index 15049a487..4d29198a6 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.java @@ -39,6 +39,7 @@ import org.codehaus.plexus.redback.authentication.AuthenticationResult; import org.codehaus.plexus.redback.authorization.UnauthorizedException; import org.codehaus.plexus.redback.system.DefaultSecuritySession; import org.codehaus.plexus.redback.system.SecuritySession; +import org.codehaus.plexus.redback.users.memory.SimpleUser; import org.codehaus.plexus.spring.PlexusInSpringTestCase; import org.codehaus.redback.integration.filter.authentication.HttpAuthenticator; import org.codehaus.redback.integration.filter.authentication.basic.HttpBasicAuthentication; @@ -263,6 +264,8 @@ public class RepositoryServletSecurityTest servletAuthControl.expectAndThrow( servletAuth.isAuthenticated( null, result ), new AuthenticationException( "Authentication error" ) ); + httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), null ); + // check if guest has write access servletAuth.isAuthorized( "guest", "internal", true ); servletAuthControl.setMatcher( MockControl.EQUALS_MATCHER ); @@ -354,6 +357,7 @@ public class RepositoryServletSecurityTest SecuritySession session = new DefaultSecuritySession(); httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result ); httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session ); + httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() ); servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true ); servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true ); @@ -401,6 +405,7 @@ public class RepositoryServletSecurityTest SecuritySession session = new DefaultSecuritySession(); httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result ); httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session ); + httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), null ); servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true ); servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true ); @@ -481,6 +486,7 @@ public class RepositoryServletSecurityTest SecuritySession session = new DefaultSecuritySession(); httpAuthControl.expectAndReturn( httpAuth.getAuthenticationResult( null, null ), result ); httpAuthControl.expectAndReturn( httpAuth.getSecuritySession( ic.getRequest().getSession( true ) ), session ); + httpAuthControl.expectAndReturn( httpAuth.getSessionUser( ic.getRequest().getSession() ), new SimpleUser() ); servletAuthControl.expectAndReturn( servletAuth.isAuthenticated( null, result ), true ); servletAuthControl.expectAndReturn( servletAuth.isAuthorized( null, session, "internal", true ), true ); diff --git a/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml b/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml index 2dbdc4889..7317210ef 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml +++ b/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletSecurityTest.xml @@ -158,10 +158,6 @@ md5 digestMd5 - - org.apache.maven.archiva.security.ArchivaXworkUser - archivaXworkUser - diff --git a/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml b/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml index a175b1abc..8392c87c0 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml +++ b/archiva-modules/archiva-web/archiva-webdav/src/test/resources/org/apache/maven/archiva/webdav/RepositoryServletTest.xml @@ -158,10 +158,6 @@ md5 digestMd5 - - org.apache.maven.archiva.security.ArchivaXworkUser - archivaXworkUser - -- 2.39.5