aboutsummaryrefslogtreecommitdiffstats
path: root/archiva-modules/archiva-web/archiva-xmlrpc
diff options
context:
space:
mode:
authorOlivier Lamy <olamy@apache.org>2011-09-27 20:40:36 +0000
committerOlivier Lamy <olamy@apache.org>2011-09-27 20:40:36 +0000
commit3c247ba1f84b06996d88d44ab7868b32bba726a1 (patch)
tree22c99e7807988bfcf32e55644fce56e23472e5c7 /archiva-modules/archiva-web/archiva-xmlrpc
parentb3a0ceb37d42b28d6e6e163b06f23c583b11bdce (diff)
downloadarchiva-3c247ba1f84b06996d88d44ab7868b32bba726a1.tar.gz
archiva-3c247ba1f84b06996d88d44ab7868b32bba726a1.zip
add a lot of missing eol-style native
git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1176606 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-modules/archiva-web/archiva-xmlrpc')
-rw-r--r--archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java310
-rw-r--r--archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java480
-rw-r--r--archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java60
3 files changed, 425 insertions, 425 deletions
diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java
index e3358e934..b3224d182 100644
--- a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java
+++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/main/java/org/apache/archiva/web/xmlrpc/security/XmlRpcAuthenticator.java
@@ -1,155 +1,155 @@
-package org.apache.archiva.web.xmlrpc.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import java.util.List;
-
-import org.apache.archiva.security.ArchivaRoleConstants;
-import org.apache.archiva.security.ArchivaSecurityException;
-import org.apache.archiva.security.UserRepositories;
-import org.apache.xmlrpc.XmlRpcException;
-import org.apache.xmlrpc.XmlRpcRequest;
-import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
-import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler;
-import org.codehaus.plexus.redback.authentication.AuthenticationException;
-import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
-import org.codehaus.plexus.redback.authorization.AuthorizationException;
-import org.codehaus.plexus.redback.authorization.AuthorizationResult;
-import org.codehaus.plexus.redback.policy.PolicyViolationException;
-import org.codehaus.plexus.redback.system.SecuritySession;
-import org.codehaus.plexus.redback.system.SecuritySystem;
-import org.codehaus.plexus.redback.users.UserNotFoundException;
-
-/**
- * XmlRpcAuthenticator
- *
- * Custom authentication and authorization handler for xmlrpc requests.
- *
- * @version $Id
- */
-public class XmlRpcAuthenticator
- implements AuthenticationHandler
-{
- private final SecuritySystem securitySystem;
-
- private UserRepositories userRepositories;
-
- private String username;
-
- public XmlRpcAuthenticator( SecuritySystem securitySystem, UserRepositories userRepositories )
- {
- this.securitySystem = securitySystem;
- this.userRepositories = userRepositories;
- }
-
- public boolean isAuthorized( XmlRpcRequest pRequest )
- throws XmlRpcException
- {
- if ( pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl )
- {
- XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl) pRequest.getConfig();
- username = config.getBasicUserName();
- SecuritySession session =
- authenticate( new PasswordBasedAuthenticationDataSource( username,
- config.getBasicPassword() ) );
-
- String method = pRequest.getMethodName();
- AuthorizationResult result = authorize( session, method, username );
-
- return result.isAuthorized();
- }
-
- throw new XmlRpcException( "Unsupported transport (must be http)" );
- }
-
- private SecuritySession authenticate( PasswordBasedAuthenticationDataSource authenticationDataSource )
- throws XmlRpcException
- {
- try
- {
- return securitySystem.authenticate( authenticationDataSource );
- }
- catch ( PolicyViolationException e )
- {
- throw new XmlRpcException( 401, e.getMessage(), e );
- }
- catch ( AuthenticationException e )
- {
- throw new XmlRpcException( 401, e.getMessage(), e );
- }
- catch ( UserNotFoundException e )
- {
- throw new XmlRpcException( 401, e.getMessage(), e );
- }
- }
-
- private AuthorizationResult authorize( SecuritySession session, String methodName, String username )
- throws XmlRpcException
- {
- try
- {
- // sample attempt at simplifying authorization checking of requested service method
- if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION.contains( methodName ) )
- {
- return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
- }
- else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER.contains( methodName ) )
- {
- return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_RUN_INDEXER );
- }
- else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_REPOSITORY_ACCESS.contains( methodName ) )
- {
- try
- {
- List<String> observableRepos = userRepositories.getObservableRepositoryIds( username );
- if( observableRepos != null && observableRepos.size() > 1 )
- {
- return new AuthorizationResult( true, username, null );
- }
- else
- {
- return new AuthorizationResult( false, username, null );
- }
- }
- catch ( ArchivaSecurityException e )
- {
- throw new XmlRpcException( 401, e.getMessage() );
- }
- }
- else if ( methodName.equals( ServiceMethodsPermissionsMapping.PING ) )
- {
- return new AuthorizationResult( true, username, null );
- }
- else
- {
- return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE );
- }
- }
- catch ( AuthorizationException e )
- {
- throw new XmlRpcException( 401, e.getMessage(), e );
- }
- }
-
- public String getActiveUser()
- {
- return username;
- }
-}
+package org.apache.archiva.web.xmlrpc.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.util.List;
+
+import org.apache.archiva.security.ArchivaRoleConstants;
+import org.apache.archiva.security.ArchivaSecurityException;
+import org.apache.archiva.security.UserRepositories;
+import org.apache.xmlrpc.XmlRpcException;
+import org.apache.xmlrpc.XmlRpcRequest;
+import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
+import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler;
+import org.codehaus.plexus.redback.authentication.AuthenticationException;
+import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.AuthorizationResult;
+import org.codehaus.plexus.redback.policy.PolicyViolationException;
+import org.codehaus.plexus.redback.system.SecuritySession;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+
+/**
+ * XmlRpcAuthenticator
+ *
+ * Custom authentication and authorization handler for xmlrpc requests.
+ *
+ * @version $Id
+ */
+public class XmlRpcAuthenticator
+ implements AuthenticationHandler
+{
+ private final SecuritySystem securitySystem;
+
+ private UserRepositories userRepositories;
+
+ private String username;
+
+ public XmlRpcAuthenticator( SecuritySystem securitySystem, UserRepositories userRepositories )
+ {
+ this.securitySystem = securitySystem;
+ this.userRepositories = userRepositories;
+ }
+
+ public boolean isAuthorized( XmlRpcRequest pRequest )
+ throws XmlRpcException
+ {
+ if ( pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl )
+ {
+ XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl) pRequest.getConfig();
+ username = config.getBasicUserName();
+ SecuritySession session =
+ authenticate( new PasswordBasedAuthenticationDataSource( username,
+ config.getBasicPassword() ) );
+
+ String method = pRequest.getMethodName();
+ AuthorizationResult result = authorize( session, method, username );
+
+ return result.isAuthorized();
+ }
+
+ throw new XmlRpcException( "Unsupported transport (must be http)" );
+ }
+
+ private SecuritySession authenticate( PasswordBasedAuthenticationDataSource authenticationDataSource )
+ throws XmlRpcException
+ {
+ try
+ {
+ return securitySystem.authenticate( authenticationDataSource );
+ }
+ catch ( PolicyViolationException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage(), e );
+ }
+ catch ( AuthenticationException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage(), e );
+ }
+ catch ( UserNotFoundException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage(), e );
+ }
+ }
+
+ private AuthorizationResult authorize( SecuritySession session, String methodName, String username )
+ throws XmlRpcException
+ {
+ try
+ {
+ // sample attempt at simplifying authorization checking of requested service method
+ if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION.contains( methodName ) )
+ {
+ return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
+ }
+ else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER.contains( methodName ) )
+ {
+ return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_RUN_INDEXER );
+ }
+ else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_REPOSITORY_ACCESS.contains( methodName ) )
+ {
+ try
+ {
+ List<String> observableRepos = userRepositories.getObservableRepositoryIds( username );
+ if( observableRepos != null && observableRepos.size() > 1 )
+ {
+ return new AuthorizationResult( true, username, null );
+ }
+ else
+ {
+ return new AuthorizationResult( false, username, null );
+ }
+ }
+ catch ( ArchivaSecurityException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage() );
+ }
+ }
+ else if ( methodName.equals( ServiceMethodsPermissionsMapping.PING ) )
+ {
+ return new AuthorizationResult( true, username, null );
+ }
+ else
+ {
+ return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE );
+ }
+ }
+ catch ( AuthorizationException e )
+ {
+ throw new XmlRpcException( 401, e.getMessage(), e );
+ }
+ }
+
+ public String getActiveUser()
+ {
+ return username;
+ }
+}
diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java
index eda25e213..c6c039793 100644
--- a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java
+++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-security/src/test/java/org/apache/archiva/xmlrpc/security/XmlRpcAuthenticatorTest.java
@@ -1,240 +1,240 @@
-package org.apache.archiva.xmlrpc.security;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.web.xmlrpc.security.XmlRpcAuthenticator;
-import org.apache.archiva.security.ArchivaRoleConstants;
-import org.apache.xmlrpc.XmlRpcRequest;
-import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
-import org.codehaus.plexus.redback.role.RoleManager;
-import org.codehaus.plexus.redback.system.SecuritySystem;
-import org.codehaus.plexus.redback.users.User;
-import org.codehaus.plexus.redback.users.UserManager;
-import org.codehaus.plexus.redback.users.UserNotFoundException;
-import org.easymock.MockControl;
-import org.easymock.classextension.MockClassControl;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-
-/**
- * XmlRpcAuthenticatorTest
- *
- * @version $Id XmlRpcAuthenticatorTest.java
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class XmlRpcAuthenticatorTest
- extends TestCase
-{
- protected static final String USER_GUEST = "guest";
-
- protected static final String USER_ADMIN = "admin";
-
- protected static final String USER_ALPACA = "alpaca";
-
- private static final String PASSWORD = "password123";
-
- @Inject
- @Named( value = "securitySystem#testable" )
- protected SecuritySystem securitySystem;
-
-
- @Inject
- @Named( value = "roleManager#testable" )
- protected RoleManager roleManager;
-
- private MockControl xmlRpcRequestControl;
-
- private XmlRpcRequest xmlRpcRequest;
-
- private XmlRpcAuthenticator authenticator;
-
- private MockControl configControl;
-
- private XmlRpcHttpRequestConfigImpl config;
-
- @Before
- public void setUp()
- throws Exception
- {
- super.setUp();
-
- //securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" );
- //roleManager = (RoleManager) lookup( RoleManager.class, "default" );
-
- // Some basic asserts.
- assertNotNull( securitySystem );
- assertNotNull( roleManager );
-
- // Setup Admin User.
- User adminUser = createUser( USER_ADMIN, "Admin User", null );
- roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
-
- // Setup Guest User.
- User guestUser = createUser( USER_GUEST, "Guest User", null );
- roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );
-
- configControl = MockClassControl.createControl( XmlRpcHttpRequestConfigImpl.class );
- config = (XmlRpcHttpRequestConfigImpl) configControl.getMock();
-
- xmlRpcRequestControl = MockControl.createControl( XmlRpcRequest.class );
- xmlRpcRequest = (XmlRpcRequest) xmlRpcRequestControl.getMock();
-
- authenticator = new XmlRpcAuthenticator( securitySystem, null );
- }
-
- private User createUser( String principal, String fullname, String password )
- throws UserNotFoundException
- {
- UserManager userManager = securitySystem.getUserManager();
-
- User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );
- securitySystem.getPolicy().setEnabled( false );
- userManager.addUser( user );
- securitySystem.getPolicy().setEnabled( true );
-
- user.setPassword( password );
- userManager.updateUser( user );
-
- return user;
- }
-
- @Test
- public void testIsAuthorizedUserExistsButNotAuthorized()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );
-
- UserManager userManager = securitySystem.getUserManager();
- try
- {
- User user = userManager.findUser( USER_ALPACA );
- assertEquals( USER_ALPACA, user.getPrincipal() );
- }
- catch ( UserNotFoundException e )
- {
- fail( "User should exist in the database." );
- }
-
- xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
-
- configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
-
- configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
-
- xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
- "AdministrationService.getAllManagedRepositories" );
-
- xmlRpcRequestControl.replay();
- configControl.replay();
-
- boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
-
- xmlRpcRequestControl.verify();
- configControl.verify();
-
- assertFalse( isAuthorized );
- }
-
- @Test
- public void testIsAuthorizedUserExistsAndAuthorized()
- throws Exception
- {
- createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );
-
- UserManager userManager = securitySystem.getUserManager();
- try
- {
- User user = userManager.findUser( USER_ALPACA );
- assertEquals( USER_ALPACA, user.getPrincipal() );
- }
- catch ( UserNotFoundException e )
- {
- fail( "User should exist in the database." );
- }
-
- //TODO cannot assign global repo manager role - it says role does not exist :|
-
- //roleManager.assignRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, USER_ALPACA );
-
- xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
-
- configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
-
- configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
-
- xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
- "AdministrationService.getAllManagedRepositories" );
-
- xmlRpcRequestControl.replay();
- configControl.replay();
-
- @SuppressWarnings( "unused" ) boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
- // TODO: broken or bad test?
- // assertTrue( isAuthorized );
-
- xmlRpcRequestControl.verify();
- configControl.verify();
-
- userManager.deleteUser( USER_ALPACA );
- }
-
- @Test
- public void testIsAuthorizedUserDoesNotExist()
- throws Exception
- {
- UserManager userManager = securitySystem.getUserManager();
- try
- {
- userManager.findUser( USER_ALPACA );
- fail( "User should not exist in the database." );
- }
- catch ( UserNotFoundException e )
- {
- assertEquals( "Unable to find user 'alpaca'", e.getMessage() );
- }
-
- xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
-
- configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
-
- configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
-
- xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
- "AdministrationService.getAllManagedRepositories" );
-
- xmlRpcRequestControl.replay();
- configControl.replay();
-
- boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
-
- xmlRpcRequestControl.verify();
- configControl.verify();
-
- assertFalse( isAuthorized );
- }
-}
+package org.apache.archiva.xmlrpc.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.web.xmlrpc.security.XmlRpcAuthenticator;
+import org.apache.archiva.security.ArchivaRoleConstants;
+import org.apache.xmlrpc.XmlRpcRequest;
+import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl;
+import org.codehaus.plexus.redback.role.RoleManager;
+import org.codehaus.plexus.redback.system.SecuritySystem;
+import org.codehaus.plexus.redback.users.User;
+import org.codehaus.plexus.redback.users.UserManager;
+import org.codehaus.plexus.redback.users.UserNotFoundException;
+import org.easymock.MockControl;
+import org.easymock.classextension.MockClassControl;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+
+/**
+ * XmlRpcAuthenticatorTest
+ *
+ * @version $Id XmlRpcAuthenticatorTest.java
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public class XmlRpcAuthenticatorTest
+ extends TestCase
+{
+ protected static final String USER_GUEST = "guest";
+
+ protected static final String USER_ADMIN = "admin";
+
+ protected static final String USER_ALPACA = "alpaca";
+
+ private static final String PASSWORD = "password123";
+
+ @Inject
+ @Named( value = "securitySystem#testable" )
+ protected SecuritySystem securitySystem;
+
+
+ @Inject
+ @Named( value = "roleManager#testable" )
+ protected RoleManager roleManager;
+
+ private MockControl xmlRpcRequestControl;
+
+ private XmlRpcRequest xmlRpcRequest;
+
+ private XmlRpcAuthenticator authenticator;
+
+ private MockControl configControl;
+
+ private XmlRpcHttpRequestConfigImpl config;
+
+ @Before
+ public void setUp()
+ throws Exception
+ {
+ super.setUp();
+
+ //securitySystem = (SecuritySystem) lookup( SecuritySystem.class, "testable" );
+ //roleManager = (RoleManager) lookup( RoleManager.class, "default" );
+
+ // Some basic asserts.
+ assertNotNull( securitySystem );
+ assertNotNull( roleManager );
+
+ // Setup Admin User.
+ User adminUser = createUser( USER_ADMIN, "Admin User", null );
+ roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_SYSTEM_ADMIN, adminUser.getPrincipal().toString() );
+
+ // Setup Guest User.
+ User guestUser = createUser( USER_GUEST, "Guest User", null );
+ roleManager.assignRole( ArchivaRoleConstants.TEMPLATE_GUEST, guestUser.getPrincipal().toString() );
+
+ configControl = MockClassControl.createControl( XmlRpcHttpRequestConfigImpl.class );
+ config = (XmlRpcHttpRequestConfigImpl) configControl.getMock();
+
+ xmlRpcRequestControl = MockControl.createControl( XmlRpcRequest.class );
+ xmlRpcRequest = (XmlRpcRequest) xmlRpcRequestControl.getMock();
+
+ authenticator = new XmlRpcAuthenticator( securitySystem, null );
+ }
+
+ private User createUser( String principal, String fullname, String password )
+ throws UserNotFoundException
+ {
+ UserManager userManager = securitySystem.getUserManager();
+
+ User user = userManager.createUser( principal, fullname, principal + "@testable.archiva.apache.org" );
+ securitySystem.getPolicy().setEnabled( false );
+ userManager.addUser( user );
+ securitySystem.getPolicy().setEnabled( true );
+
+ user.setPassword( password );
+ userManager.updateUser( user );
+
+ return user;
+ }
+
+ @Test
+ public void testIsAuthorizedUserExistsButNotAuthorized()
+ throws Exception
+ {
+ createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );
+
+ UserManager userManager = securitySystem.getUserManager();
+ try
+ {
+ User user = userManager.findUser( USER_ALPACA );
+ assertEquals( USER_ALPACA, user.getPrincipal() );
+ }
+ catch ( UserNotFoundException e )
+ {
+ fail( "User should exist in the database." );
+ }
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
+
+ configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
+
+ configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+ "AdministrationService.getAllManagedRepositories" );
+
+ xmlRpcRequestControl.replay();
+ configControl.replay();
+
+ boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
+
+ xmlRpcRequestControl.verify();
+ configControl.verify();
+
+ assertFalse( isAuthorized );
+ }
+
+ @Test
+ public void testIsAuthorizedUserExistsAndAuthorized()
+ throws Exception
+ {
+ createUser( USER_ALPACA, "Al 'Archiva' Paca", PASSWORD );
+
+ UserManager userManager = securitySystem.getUserManager();
+ try
+ {
+ User user = userManager.findUser( USER_ALPACA );
+ assertEquals( USER_ALPACA, user.getPrincipal() );
+ }
+ catch ( UserNotFoundException e )
+ {
+ fail( "User should exist in the database." );
+ }
+
+ //TODO cannot assign global repo manager role - it says role does not exist :|
+
+ //roleManager.assignRole( ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE, USER_ALPACA );
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
+
+ configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
+
+ configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+ "AdministrationService.getAllManagedRepositories" );
+
+ xmlRpcRequestControl.replay();
+ configControl.replay();
+
+ @SuppressWarnings( "unused" ) boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
+ // TODO: broken or bad test?
+ // assertTrue( isAuthorized );
+
+ xmlRpcRequestControl.verify();
+ configControl.verify();
+
+ userManager.deleteUser( USER_ALPACA );
+ }
+
+ @Test
+ public void testIsAuthorizedUserDoesNotExist()
+ throws Exception
+ {
+ UserManager userManager = securitySystem.getUserManager();
+ try
+ {
+ userManager.findUser( USER_ALPACA );
+ fail( "User should not exist in the database." );
+ }
+ catch ( UserNotFoundException e )
+ {
+ assertEquals( "Unable to find user 'alpaca'", e.getMessage() );
+ }
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getConfig(), config, 2 );
+
+ configControl.expectAndReturn( config.getBasicUserName(), USER_ALPACA );
+
+ configControl.expectAndReturn( config.getBasicPassword(), PASSWORD );
+
+ xmlRpcRequestControl.expectAndReturn( xmlRpcRequest.getMethodName(),
+ "AdministrationService.getAllManagedRepositories" );
+
+ xmlRpcRequestControl.replay();
+ configControl.replay();
+
+ boolean isAuthorized = authenticator.isAuthorized( xmlRpcRequest );
+
+ xmlRpcRequestControl.verify();
+ configControl.verify();
+
+ assertFalse( isAuthorized );
+ }
+}
diff --git a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java
index 14b0d2870..e79ab3006 100644
--- a/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java
+++ b/archiva-modules/archiva-web/archiva-xmlrpc/archiva-xmlrpc-services/src/main/java/org/apache/archiva/web/xmlrpc/services/PingServiceImpl.java
@@ -1,30 +1,30 @@
-package org.apache.archiva.web.xmlrpc.services;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.web.xmlrpc.api.PingService;
-
-public class PingServiceImpl implements PingService
-{
- public String ping()
- {
- return "pong";
- }
-}
+package org.apache.archiva.web.xmlrpc.services;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.web.xmlrpc.api.PingService;
+
+public class PingServiceImpl implements PingService
+{
+ public String ping()
+ {
+ return "pong";
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-01 17:26:01 +0000