diff options
author | Maria Odea B. Ching <oching@apache.org> | 2009-08-13 07:16:35 +0000 |
---|---|---|
committer | Maria Odea B. Ching <oching@apache.org> | 2009-08-13 07:16:35 +0000 |
commit | 8b3037bfdcb777f02fd75505e61d4706f903834d (patch) | |
tree | f25abc1df559303dc2f47a02ecad3b82d884fa35 /archiva-modules/archiva-web | |
parent | d150a6ed98445bdaa6fa1ac8e511658193a02057 (diff) | |
download | archiva-8b3037bfdcb777f02fd75505e61d4706f903834d.tar.gz archiva-8b3037bfdcb777f02fd75505e61d4706f903834d.zip |
[MRM-1232] Unable to get artifacts from repositories which requires Repository Manager role using repository group
o if at least one unauthorizeddavexception exists in the compiled errors from the repositories in the group, send back a 401 error to force maven to send
attach credentials to the request
o added tests
git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@803795 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-modules/archiva-web')
2 files changed, 400 insertions, 12 deletions
diff --git a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java index a7e853224..7d912ab35 100644 --- a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java +++ b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactory.java @@ -336,13 +336,12 @@ public class ArchivaDavResourceFactory String activePrincipal, List<String> resourcesInAbsolutePath ) throws DavException { - DavResource resource = null; - DavException storedException = null; + DavResource resource = null; + List<DavException> storedExceptions = new ArrayList<DavException>(); for ( String repositoryId : repositories ) { ManagedRepositoryContent managedRepository = null; - try { managedRepository = repositoryFactory.getManagedRepositoryContent( repositoryId ); @@ -373,16 +372,25 @@ public class ArchivaDavResourceFactory resourcesInAbsolutePath.add( new File( managedRepository.getRepoRoot(), logicalResource ).getAbsolutePath() ); } catch ( DavException e ) - { - storedException = e; + { + storedExceptions.add( e ); } } if ( resource == null ) - { - if ( storedException != null ) - { - throw storedException; + { + if ( !storedExceptions.isEmpty() ) + { + // MRM-1232 + for( DavException e : storedExceptions ) + { + if( 401 == e.getErrorCode() ) + { + throw e; + } + } + + throw new DavException( HttpServletResponse.SC_NOT_FOUND ); } else { @@ -404,8 +412,7 @@ public class ArchivaDavResourceFactory { path = path.substring( 1 ); } - LogicalResource logicalResource = new LogicalResource( path ); - + LogicalResource logicalResource = new LogicalResource( path ); File resourceFile = new File( managedRepository.getRepoRoot(), path ); resource = new ArchivaDavResource( resourceFile.getAbsolutePath(), path, @@ -915,7 +922,7 @@ public class ArchivaDavResourceFactory return resource; } - private String getActivePrincipal( DavServletRequest request ) + protected String getActivePrincipal( DavServletRequest request ) { User sessionUser = httpAuth.getSessionUser( request.getSession() ); return sessionUser != null ? sessionUser.getUsername() : UserManager.GUEST_USERNAME; @@ -1035,4 +1042,19 @@ public class ArchivaDavResourceFactory { this.scheduler = scheduler; } + + public void setArchivaConfiguration( ArchivaConfiguration archivaConfiguration ) + { + this.archivaConfiguration = archivaConfiguration; + } + + public void setRepositoryFactory( RepositoryContentFactory repositoryFactory ) + { + this.repositoryFactory = repositoryFactory; + } + + public void setRepositoryRequest( RepositoryRequest repositoryRequest ) + { + this.repositoryRequest = repositoryRequest; + } } diff --git a/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactoryTest.java b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactoryTest.java new file mode 100644 index 000000000..d96ce80e2 --- /dev/null +++ b/archiva-modules/archiva-web/archiva-webdav/src/test/java/org/apache/maven/archiva/webdav/ArchivaDavResourceFactoryTest.java @@ -0,0 +1,366 @@ +package org.apache.maven.archiva.webdav; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import java.io.File; +import java.util.ArrayList; +import java.util.List; + +import org.apache.jackrabbit.webdav.DavException; +import org.apache.jackrabbit.webdav.DavResourceLocator; +import org.apache.jackrabbit.webdav.DavServletRequest; +import org.apache.jackrabbit.webdav.DavServletResponse; +import org.apache.maven.archiva.configuration.ArchivaConfiguration; +import org.apache.maven.archiva.configuration.Configuration; +import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration; +import org.apache.maven.archiva.configuration.RepositoryGroupConfiguration; +import org.apache.maven.archiva.repository.ManagedRepositoryContent; +import org.apache.maven.archiva.repository.RepositoryContentFactory; +import org.apache.maven.archiva.repository.content.ManagedDefaultRepositoryContent; +import org.apache.maven.archiva.repository.content.RepositoryRequest; +import org.codehaus.plexus.spring.PlexusInSpringTestCase; +import org.easymock.MockControl; +import org.easymock.classextension.MockClassControl; + +/** + * ArchivaDavResourceFactoryTest + */ +public class ArchivaDavResourceFactoryTest + extends PlexusInSpringTestCase +{ + private static final String RELEASES_REPO = "releases"; + + private static final String INTERNAL_REPO = "internal"; + + private static final String LOCAL_MIRROR_REPO = "local-mirror"; + + private static final String LOCAL_REPO_GROUP = "local"; + + private OverridingArchivaDavResourceFactory resourceFactory; + + private MockControl requestControl; + + private DavServletRequest request; + + private MockControl repoRequestControl; + + private RepositoryRequest repoRequest; + + private DavServletResponse response; + + private MockControl archivaConfigurationControl; + + private ArchivaConfiguration archivaConfiguration; + + private Configuration config; + + private MockControl repoContentFactoryControl; + + private RepositoryContentFactory repoFactory; + + public void setUp() + throws Exception + { + super.setUp(); + + requestControl = MockControl.createControl( DavServletRequest.class ); + + request = (DavServletRequest) requestControl.getMock(); + + archivaConfigurationControl = MockControl.createControl( ArchivaConfiguration.class ); + + archivaConfiguration = (ArchivaConfiguration) archivaConfigurationControl.getMock(); + + config = new Configuration(); + config.addManagedRepository( createManagedRepository( + RELEASES_REPO, + new File( getBasedir(), "target/test-classes/releases" ).getPath() ) ); + config.addManagedRepository( createManagedRepository( + INTERNAL_REPO, + new File( getBasedir(), "target/test-classes/internal" ).getPath() ) ); + + RepositoryGroupConfiguration repoGroupConfig = new RepositoryGroupConfiguration(); + repoGroupConfig.setId( LOCAL_REPO_GROUP ); + repoGroupConfig.addRepository( RELEASES_REPO ); + repoGroupConfig.addRepository( INTERNAL_REPO ); + + config.addRepositoryGroup( repoGroupConfig ); + + repoContentFactoryControl = MockClassControl.createControl( RepositoryContentFactory.class ); + repoFactory = (RepositoryContentFactory) repoContentFactoryControl.getMock(); + + repoRequestControl = MockClassControl.createControl( RepositoryRequest.class ); + repoRequest = (RepositoryRequest) repoRequestControl.getMock(); + + resourceFactory = new OverridingArchivaDavResourceFactory(); + resourceFactory.setArchivaConfiguration( archivaConfiguration ); + resourceFactory.setRepositoryFactory( repoFactory ); + resourceFactory.setRepositoryRequest( repoRequest ); + } + + private ManagedRepositoryConfiguration createManagedRepository( String id, String location ) + { + ManagedRepositoryConfiguration repoConfig = new ManagedRepositoryConfiguration(); + repoConfig.setId( id ); + repoConfig.setName( id ); + repoConfig.setLocation( location ); + + return repoConfig; + } + + private ManagedRepositoryContent createManagedRepositoryContent( String repoId ) + { + ManagedRepositoryContent repoContent = new ManagedDefaultRepositoryContent(); + repoContent.setRepository( config.findManagedRepositoryById( repoId ) ); + + return repoContent; + } + + public void tearDown() + throws Exception + { + super.tearDown(); + } + + // MRM-1232 - Unable to get artifacts from repositories which requires Repository Manager role using repository group + public void testRepositoryGroupFirstRepositoryRequiresAuthentication() + throws Exception + { + DavResourceLocator locator = + new ArchivaDavResourceLocator( "", "/org/apache/archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar", + LOCAL_REPO_GROUP, new ArchivaDavLocatorFactory() ); + + ManagedRepositoryContent internalRepo = createManagedRepositoryContent( INTERNAL_REPO ); + + try + { + archivaConfigurationControl.expectAndReturn( archivaConfiguration.getConfiguration(), config ); + requestControl.expectAndReturn( request.getMethod(), "GET", 2 ); + repoContentFactoryControl.expectAndReturn( repoFactory.getManagedRepositoryContent( RELEASES_REPO ), + createManagedRepositoryContent( RELEASES_REPO ) ); + requestControl.expectAndReturn( request.getRemoteAddr(), "http://localhost:8080", 2 ); + requestControl.expectAndReturn( request.getDavSession(), new ArchivaDavSession(), 2 ); + repoRequestControl.expectAndReturn( + repoRequest.isSupportFile( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + false ); + repoRequestControl.expectAndReturn( + repoRequest.isDefault( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + false ); + repoRequestControl.expectAndReturn( + repoRequest.toArtifactReference( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + null ); + repoRequestControl.expectAndReturn( + repoRequest.toNativePath( + "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar", + internalRepo ), + new File( + config.findManagedRepositoryById( INTERNAL_REPO ).getLocation(), + "target/test-classes/internal/org/apache/archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ).getPath() ); + repoContentFactoryControl.expectAndReturn( repoFactory.getManagedRepositoryContent( INTERNAL_REPO ), + internalRepo ); + + archivaConfigurationControl.replay(); + requestControl.replay(); + repoContentFactoryControl.replay(); + repoRequestControl.replay(); + + resourceFactory.createResource( locator, request, response ); + + archivaConfigurationControl.verify(); + requestControl.verify(); + repoContentFactoryControl.verify(); + repoRequestControl.verify(); + + fail( "A DavException with 401 error code should have been thrown." ); + } + catch ( DavException e ) + { + assertEquals( 401, e.getErrorCode() ); + } + } + + public void testRepositoryGroupLastRepositoryRequiresAuthentication() + throws Exception + { + DavResourceLocator locator = + new ArchivaDavResourceLocator( "", "/org/apache/archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar", + LOCAL_REPO_GROUP, new ArchivaDavLocatorFactory() ); + + List<RepositoryGroupConfiguration> repoGroups = new ArrayList<RepositoryGroupConfiguration>(); + RepositoryGroupConfiguration repoGroup = new RepositoryGroupConfiguration(); + repoGroup.setId( LOCAL_REPO_GROUP ); + repoGroup.addRepository( INTERNAL_REPO ); + repoGroup.addRepository( RELEASES_REPO ); + + repoGroups.add( repoGroup ); + + config.setRepositoryGroups( repoGroups ); + + ManagedRepositoryContent internalRepo = createManagedRepositoryContent( INTERNAL_REPO ); + + try + { + archivaConfigurationControl.expectAndReturn( archivaConfiguration.getConfiguration(), config ); + requestControl.expectAndReturn( request.getMethod(), "GET", 2 ); + repoContentFactoryControl.expectAndReturn( repoFactory.getManagedRepositoryContent( INTERNAL_REPO ), + internalRepo ); + repoContentFactoryControl.expectAndReturn( repoFactory.getManagedRepositoryContent( RELEASES_REPO ), + createManagedRepositoryContent( RELEASES_REPO ) ); + requestControl.expectAndReturn( request.getRemoteAddr(), "http://localhost:8080", 2 ); + requestControl.expectAndReturn( request.getDavSession(), new ArchivaDavSession(), 2 ); + repoRequestControl.expectAndReturn( + repoRequest.isSupportFile( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + false ); + repoRequestControl.expectAndReturn( + repoRequest.isDefault( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + false ); + repoRequestControl.expectAndReturn( + repoRequest.toArtifactReference( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + null ); + repoRequestControl.expectAndReturn( + repoRequest.toNativePath( + "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar", + internalRepo ), + new File( + config.findManagedRepositoryById( INTERNAL_REPO ).getLocation(), + "target/test-classes/internal/org/apache/archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ).getPath() ); + + archivaConfigurationControl.replay(); + requestControl.replay(); + repoContentFactoryControl.replay(); + repoRequestControl.replay(); + + resourceFactory.createResource( locator, request, response ); + + archivaConfigurationControl.verify(); + requestControl.verify(); + repoContentFactoryControl.verify(); + repoRequestControl.verify(); + + fail( "A DavException with 401 error code should have been thrown." ); + } + catch ( DavException e ) + { + assertEquals( 401, e.getErrorCode() ); + } + } + + public void testRepositoryGroupArtifactDoesNotExistInAnyOfTheReposAuthenticationDisabled() + throws Exception + { + DavResourceLocator locator = + new ArchivaDavResourceLocator( "", "/org/apache/archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar", + LOCAL_REPO_GROUP, new ArchivaDavLocatorFactory() ); + + config.addManagedRepository( createManagedRepository( LOCAL_MIRROR_REPO, + new File( getBasedir(), + "target/test-classes/local-mirror" ).getPath() ) ); + + List<RepositoryGroupConfiguration> repoGroups = new ArrayList<RepositoryGroupConfiguration>(); + RepositoryGroupConfiguration repoGroup = new RepositoryGroupConfiguration(); + repoGroup.setId( LOCAL_REPO_GROUP ); + repoGroup.addRepository( INTERNAL_REPO ); + repoGroup.addRepository( LOCAL_MIRROR_REPO ); + + repoGroups.add( repoGroup ); + + config.setRepositoryGroups( repoGroups ); + + ManagedRepositoryContent internalRepo = createManagedRepositoryContent( INTERNAL_REPO ); + ManagedRepositoryContent localMirrorRepo = createManagedRepositoryContent( LOCAL_MIRROR_REPO ); + + try + { + archivaConfigurationControl.expectAndReturn( archivaConfiguration.getConfiguration(), config ); + requestControl.expectAndReturn( request.getMethod(), "GET", 4 ); + repoContentFactoryControl.expectAndReturn( repoFactory.getManagedRepositoryContent( INTERNAL_REPO ), + internalRepo ); + repoContentFactoryControl.expectAndReturn( repoFactory.getManagedRepositoryContent( LOCAL_MIRROR_REPO ), + localMirrorRepo ); + requestControl.expectAndReturn( request.getRemoteAddr(), "http://localhost:8080", 4 ); + requestControl.expectAndReturn( request.getDavSession(), new ArchivaDavSession(), 4 ); + repoRequestControl.expectAndReturn( + repoRequest.isSupportFile( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + false, 2 ); + repoRequestControl.expectAndReturn( + repoRequest.isDefault( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + false, 2 ); + repoRequestControl.expectAndReturn( + repoRequest.toArtifactReference( "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ), + null, 2 ); + repoRequestControl.expectAndReturn( + repoRequest.toNativePath( + "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar", + internalRepo ), + new File( + config.findManagedRepositoryById( INTERNAL_REPO ).getLocation(), + "target/test-classes/internal/org/apache/archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ).getPath() ); + + repoRequestControl.expectAndReturn( + repoRequest.toNativePath( + "archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar", + localMirrorRepo ), + new File( + config.findManagedRepositoryById( LOCAL_MIRROR_REPO ).getLocation(), + "target/test-classes/internal/org/apache/archiva/archiva/1.2-SNAPSHOT/archiva-1.2-SNAPSHOT.jar" ).getPath() ); + + archivaConfigurationControl.replay(); + requestControl.replay(); + repoContentFactoryControl.replay(); + repoRequestControl.replay(); + + resourceFactory.createResource( locator, request, response ); + + archivaConfigurationControl.verify(); + requestControl.verify(); + repoContentFactoryControl.verify(); + repoRequestControl.verify(); + + fail( "A DavException with 404 error code should have been thrown." ); + } + catch ( DavException e ) + { + assertEquals( 404, e.getErrorCode() ); + } + } + + class OverridingArchivaDavResourceFactory + extends ArchivaDavResourceFactory + { + protected boolean isAuthorized( DavServletRequest request, String repositoryId ) + throws DavException + { + if ( RELEASES_REPO.equals( repositoryId ) ) + { + throw new UnauthorizedDavException( repositoryId, + "You are not authenticated and authorized to access any repository." ); + } + else + { + return true; + } + } + + protected String getActivePrincipal( DavServletRequest request ) + { + return "guest"; + } + } +} |