4 files changed, 43 insertions, 12 deletions

diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
index 018992009..8af0c0cf3 100644
--- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
+++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaServletAuthenticator.java
@@ -26,6 +26,7 @@ import org.codehaus.plexus.redback.authentication.AuthenticationException;
 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
 import org.codehaus.plexus.redback.authorization.AuthorizationException;
 import org.codehaus.plexus.redback.authorization.AuthorizationResult;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
 import org.codehaus.plexus.redback.system.SecuritySession;
@@ -43,7 +44,7 @@ public class ArchivaServletAuthenticator
     private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
 
     /**
-     * @plexus.requirement 
+     * @plexus.requirement
      */
     private SecuritySystem securitySystem;
 
@@ -60,7 +61,7 @@ public class ArchivaServletAuthenticator
 
     public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
                                  boolean isWriteRequest )
-        throws AuthorizationException
+        throws AuthorizationException, UnauthorizedException
     {
         String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
 
@@ -74,13 +75,14 @@ public class ArchivaServletAuthenticator
         if ( !authzResult.isAuthorized() )
         {
             if ( authzResult.getException() != null )
-            {                
+            {
                 log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
                     ",permission=" + permission + ",repo=" + repositoryId + "] : " +
                     authzResult.getException().getMessage() );
-                
-                return false;
+
+                throw new UnauthorizedException( "Access denied for repository " + repositoryId );
             }
+            throw new UnauthorizedException( "User account is locked" );
         }
 
         return true;
diff --git a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
index 4c78235ea..e13c2d3e4 100644
--- a/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
+++ b/archiva-modules/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/ServletAuthenticator.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.codehaus.plexus.redback.authentication.AuthenticationException;
 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
 import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
 import org.codehaus.plexus.redback.system.SecuritySession;
@@ -38,5 +39,5 @@ public interface ServletAuthenticator
         throws AuthenticationException, AccountLockedException, MustChangePasswordException;
 
     public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
-        boolean isWriteRequest ) throws AuthorizationException;
+        boolean isWriteRequest ) throws AuthorizationException, UnauthorizedException;
 }
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
index f66d154c9..c3b295da5 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java
@@ -44,6 +44,7 @@ import org.apache.maven.archiva.security.UserRepositories;
 import org.codehaus.plexus.redback.authentication.AuthenticationException;
 import org.codehaus.plexus.redback.authentication.AuthenticationResult;
 import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
 import org.codehaus.plexus.redback.system.SecuritySession;
@@ -104,14 +105,15 @@ public class RssFeedServlet
     public void doGet( HttpServletRequest req, HttpServletResponse res )
         throws ServletException, IOException
     {
+        String repoId = req.getParameter( "repoId" );
+        String groupId = req.getParameter( "groupId" );
+        String artifactId = req.getParameter( "artifactId" );
+        
         try
         {
             Map<String, String> map = new HashMap<String, String>();
             SyndFeed feed = null;
-            String repoId = req.getParameter( "repoId" );
-            String groupId = req.getParameter( "groupId" );
-            String artifactId = req.getParameter( "artifactId" );
-
+        
             if ( ( repoId == null ) && ( groupId == null && artifactId == null ) )
             {
                 res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Required fields not found in request." );
@@ -173,6 +175,7 @@ public class RssFeedServlet
         }
         catch ( AuthenticationException authe )
         {
+            authe.printStackTrace();
             log.error( COULD_NOT_AUTHENTICATE_USER, authe );
             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
         }
@@ -186,6 +189,20 @@ public class RssFeedServlet
             log.error( COULD_NOT_AUTHENTICATE_USER, e );
             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
         }
+        catch ( UnauthorizedException e )
+        {
+            log.error( e.getMessage() );
+            if ( repoId != null )
+            {
+                res.setHeader("WWW-Authenticate", "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" );
+            }
+            else
+            {
+                res.setHeader("WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId );
+            }
+            
+            res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
+        }
     }
 
     /**
@@ -195,7 +212,8 @@ public class RssFeedServlet
      * @return
      */
     private boolean isAllowed( HttpServletRequest req )
-        throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException
+        throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException,
+        UnauthorizedException
     {
         String auth = req.getHeader( "Authorization" );
         List<String> repoIds = new ArrayList<String>();
@@ -262,9 +280,13 @@ public class RssFeedServlet
             {
                 log.error( "Fatal Authorization Subsystem Error." );
             }
+            catch ( UnauthorizedException e )
+            {
+                log.error( e.getMessage() );
+            }
         }
 
-        return false;
+        throw new UnauthorizedException( "Access denied." );
     }
 
     private List<String> getObservableRepos( String principal )
diff --git a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
index ed78e4fd6..1ec63dfc6 100644
--- a/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
+++ b/archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/maven/archiva/webdav/ArchivaDavSessionProvider.java
@@ -33,6 +33,7 @@ import org.codehaus.plexus.redback.policy.AccountLockedException;
 import org.codehaus.plexus.redback.system.SecuritySession;
 import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
 import org.codehaus.plexus.redback.authorization.AuthorizationException;
+import org.codehaus.plexus.redback.authorization.UnauthorizedException;
 import org.codehaus.plexus.spring.PlexusToSpringUtils;
 import org.springframework.web.context.WebApplicationContext;
 import org.slf4j.Logger;
@@ -90,6 +91,11 @@ public class ArchivaDavSessionProvider implements DavSessionProvider
             log.error( "Fatal Authorization Subsystem Error." );
             throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Fatal Authorization Subsystem Error." );
         }
+        catch ( UnauthorizedException e )
+        {
+            log.error( e.getMessage() );
+            throw new UnauthorizedDavException(repositoryId, e.getMessage() );
+        }
     }
 
     public void releaseSession(WebdavRequest webdavRequest)