[MRM-773]

-move servlet authentication code to archiva-security


git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@655027 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 156 insertions, 0 deletions

diff --git a/archiva-modules/archiva-web/archiva-security/pom.xml b/archiva-modules/archiva-web/archiva-security/pom.xml
index 53536b883..e4ae7fc31 100644
--- a/archiva-modules/archiva-web/archiva-security/pom.xml
+++ b/archiva-modules/archiva-web/archiva-security/pom.xml
@@ -33,6 +33,11 @@
       <artifactId>archiva-configuration</artifactId>
     </dependency>
     <dependency>
+      <groupId>javax.servlet</groupId>
+      <artifactId>servlet-api</artifactId>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
       <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-spring</artifactId>
       <scope>test</scope>
@@ -112,5 +117,20 @@
         </exclusion>
       </exclusions>
     </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus.redback</groupId>
+      <artifactId>redback-xwork-integration</artifactId>
+      <exclusions>
+        <exclusion>
+          <groupId>org.codehaus.plexus</groupId>
+          <artifactId>plexus-container-default</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency> 
+    <dependency>
+      <groupId>org.apache.derby</groupId>
+      <artifactId>derby</artifactId>
+      <scope>provided</scope>
+    </dependency>   
   </dependencies>
 </project>
diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
new file mode 100644
index 000000000..c3420d3ea
--- /dev/null
+++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
@@ -0,0 +1,95 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.AuthenticationResult;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.AuthorizationResult;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * @version
+ * @plexus.component role="org.apache.maven.archiva.security.ServletAuthenticator" role-hint="default"
+ */
+public class ArchivaServletAuthenticator
+    implements ServletAuthenticator
+{
+    private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
+    
+    /**
+     * @plexus.requirement role-hint="basic"
+     */
+    private HttpAuthenticator httpAuth;
+
+    /**
+     * @plexus.requirement 
+     */
+    private SecuritySystem securitySystem;
+   
+    public boolean isAuthenticated( HttpServletRequest request, String repositoryId )
+        throws AuthenticationException, AccountLockedException, MustChangePasswordException   
+    {        
+        AuthenticationResult result = httpAuth.getAuthenticationResult( request, null );
+        
+        if ( result != null && !result.isAuthenticated() )
+        {
+            throw new AuthenticationException( "User Credentials Invalid" );            
+        }        
+
+        return true;
+    }
+
+    public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest )
+        throws AuthorizationException
+    {           
+        SecuritySession securitySession = httpAuth.getSecuritySession();
+        
+        String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
+
+        if ( isWriteRequest )
+        {
+            permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
+        }
+        
+        AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
+        
+        if ( !authzResult.isAuthorized() )
+        {
+            if ( authzResult.getException() != null )
+            {
+                log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
+                    ",permission=" + permission + ",repo=" + repositoryId + "] : " +
+                    authzResult.getException().getMessage() );
+            }            
+        }
+
+        return true;
+    }    
+}
diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
new file mode 100644
index 000000000..11530c094
--- /dev/null
+++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
@@ -0,0 +1,41 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.policy.AccountLockedException;
+import org.codehaus.plexus.redback.policy.MustChangePasswordException;
+
+/**
+ * 
+ * @author <a href="mailto:oching@apache.org">Maria Odea Ching</a>
+ * @version 
+ */
+public interface ServletAuthenticator
+{
+    public boolean isAuthenticated( HttpServletRequest request, String repositoryId )
+        throws AuthenticationException, AccountLockedException, MustChangePasswordException;
+    
+    public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest )
+        throws AuthorizationException;
+}