aboutsummaryrefslogtreecommitdiffstats
path: root/archiva-web
diff options
context:
space:
mode:
Diffstat (limited to 'archiva-web')
-rw-r--r--archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java58
-rw-r--r--archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java13
-rw-r--r--archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java169
-rw-r--r--archiva-web/archiva-webapp/src/main/resources/xwork.xml5
-rw-r--r--archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp2
5 files changed, 204 insertions, 43 deletions
diff --git a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
index 88b740b19..0d8c029bb 100644
--- a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
+++ b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/DefaultUserRepositories.java
@@ -36,13 +36,11 @@ import org.codehaus.plexus.redback.users.User;
import org.codehaus.plexus.redback.users.UserNotFoundException;
/**
- * DefaultUserRepositories
- *
+ * DefaultUserRepositories
+ *
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id$
- *
- * @plexus.component role="org.apache.maven.archiva.security.UserRepositories"
- * role-hint="default"
+ * @plexus.component role="org.apache.maven.archiva.security.UserRepositories" role-hint="default"
*/
public class DefaultUserRepositories
implements UserRepositories
@@ -61,12 +59,12 @@ public class DefaultUserRepositories
* @plexus.requirement role-hint="default"
*/
private RoleManager roleManager;
-
+
/**
* @plexus.requirement
*/
private ArchivaConfiguration archivaConfiguration;
-
+
public List<String> getObservableRepositoryIds( String principal )
throws PrincipalNotFoundException, AccessDeniedException, ArchivaSecurityException
{
@@ -79,20 +77,22 @@ public class DefaultUserRepositories
{
throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
}
-
+
AuthenticationResult authn = new AuthenticationResult( true, principal, null );
SecuritySession securitySession = new DefaultSecuritySession( authn, user );
-
+
List<String> repoIds = new ArrayList<String>();
- List<ManagedRepositoryConfiguration> repos = archivaConfiguration.getConfiguration().getManagedRepositories();
-
+ List<ManagedRepositoryConfiguration> repos =
+ archivaConfiguration.getConfiguration().getManagedRepositories();
+
for ( ManagedRepositoryConfiguration repo : repos )
{
try
{
String repoId = repo.getId();
- if ( securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
+ if ( securitySystem.isAuthorized( securitySession,
+ ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, repoId ) )
{
repoIds.add( repoId );
}
@@ -102,7 +102,7 @@ public class DefaultUserRepositories
// swallow.
}
}
-
+
return repoIds;
}
catch ( UserNotFoundException e )
@@ -128,8 +128,38 @@ public class DefaultUserRepositories
}
catch ( RoleManagerException e )
{
- throw new ArchivaSecurityException( "Unable to create roles for configured repositories: " + e.getMessage(),
+ throw new ArchivaSecurityException(
+ "Unable to create roles for configured repositories: " + e.getMessage(),
e );
}
}
+
+ public boolean isAuthorizedToUploadArtifacts( String principal, String repoId )
+ throws PrincipalNotFoundException, ArchivaSecurityException
+ {
+ try
+ {
+ User user = securitySystem.getUserManager().findUser( principal );
+
+ if ( user.isLocked() )
+ {
+ throw new AccessDeniedException( "User " + principal + "(" + user.getFullName() + ") is locked." );
+ }
+
+ AuthenticationResult authn = new AuthenticationResult( true, principal, null );
+ SecuritySession securitySession = new DefaultSecuritySession( authn, user );
+
+ return securitySystem.isAuthorized( securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD,
+ repoId );
+
+ }
+ catch ( UserNotFoundException e )
+ {
+ throw new PrincipalNotFoundException( "Unable to find principal " + principal + "" );
+ }
+ catch ( AuthorizationException e )
+ {
+ throw new ArchivaSecurityException( e.getMessage() );
+ }
+ }
}
diff --git a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
index c448a26b3..4ea6c7f2d 100644
--- a/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
+++ b/archiva-web/archiva-security/src/main/java/org/apache/maven/archiva/security/UserRepositories.java
@@ -49,4 +49,17 @@ public interface UserRepositories
*/
public void createMissingRepositoryRoles( String repoId )
throws ArchivaSecurityException;
+
+ /**
+ * Check if user is authorized to upload artifacts in the repository.
+ *
+ * @param principal
+ * @param repoId
+ * @return
+ * @throws PrincipalNotFoundException
+ * @throws ArchivaSecurityException
+ */
+ public boolean isAuthorizedToUploadArtifacts( String principal, String repoId)
+ throws PrincipalNotFoundException, ArchivaSecurityException;
+
}
diff --git a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
index 6d6d6ac0b..953577c25 100644
--- a/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
+++ b/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/UploadAction.java
@@ -20,14 +20,24 @@ package org.apache.maven.archiva.web.action;
*/
import org.codehaus.plexus.xwork.action.PlexusActionSupport;
-import org.apache.maven.archiva.configuration.Configuration;
-// import org.apache.maven.archiva.configuration.ArchivaConfiguration;
-// import org.apache.maven.archiva.configuration.RepositoryConfiguration;
-// import org.apache.maven.archiva.repository.layout.BidirectionalRepositoryLayoutFactory;
-// import org.apache.maven.archiva.repository.layout.BidirectionalRepositoryLayout;
-// import org.apache.maven.archiva.repository.layout.LayoutException;
-import org.apache.maven.archiva.model.ArchivaArtifact;
+import org.apache.maven.archiva.configuration.ArchivaConfiguration;
+import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
+import org.apache.maven.archiva.model.ArtifactReference;
+import org.apache.maven.archiva.repository.ManagedRepositoryContent;
+import org.apache.maven.archiva.repository.RepositoryContentFactory;
+import org.apache.maven.archiva.repository.RepositoryException;
+import org.apache.maven.archiva.repository.RepositoryNotFoundException;
+import org.apache.maven.archiva.security.ArchivaSecurityException;
+import org.apache.maven.archiva.security.ArchivaUser;
+import org.apache.maven.archiva.security.PrincipalNotFoundException;
+import org.apache.maven.archiva.security.UserRepositories;
+
+import com.opensymphony.xwork.Validateable;
+
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
/**
* Upload an artifact.
@@ -37,8 +47,8 @@ import java.io.File;
*/
public class UploadAction
extends PlexusActionSupport
+ implements Validateable
{
-
private String groupId;
private String artifactId;
@@ -58,13 +68,25 @@ public class UploadAction
private String repositoryId;
/**
- * @plexus.requirement role-hint="default"
+ * @plexus.requirement role-hint="xwork"
*/
- // private ArchivaConfiguration configuration;
+ private ArchivaUser archivaUser;
+
+ /**
+ * @plexus.requirement
+ */
+ private UserRepositories userRepositories;
+
/**
* @plexus.requirement role-hint="default"
*/
- // private BidirectionalRepositoryLayoutFactory layoutFactory;
+ private ArchivaConfiguration configuration;
+
+ /**
+ * @plexus.requirement
+ */
+ private RepositoryContentFactory repositoryFactory;
+
public void setUpload( File file )
{
this.file = file;
@@ -142,25 +164,124 @@ public class UploadAction
public String upload()
{
+ // TODO populate repository id field
+ // TODO form validation
+
getLogger().debug( "upload" );
- return SUCCESS;
+ return INPUT;
}
public String doUpload()
- // throws LayoutException
{
- // TODO: adapt to changes in RepositoryConfiguration from the MRM-462 branch
- // RepositoryConfiguration rc = configuration.getConfiguration().findRepositoryById( repositoryId );
- // String layout = rc.getLayout();
- // String url = rc.getUrl();
- // ArchivaArtifact artifact = new ArchivaArtifact( groupId, artifactId, version, classifier, packaging );
- // BidirectionalRepositoryLayout repositoryLayout = layoutFactory.getLayout( layout );
+ try
+ {
+ ManagedRepositoryConfiguration repoConfig =
+ configuration.getConfiguration().findManagedRepositoryById( repositoryId );
+
+ ArtifactReference artifactReference = new ArtifactReference();
+ artifactReference.setArtifactId( artifactId );
+ artifactReference.setGroupId( groupId );
+ artifactReference.setVersion( version );
+ artifactReference.setClassifier( classifier );
+ artifactReference.setType( packaging );
+
+ ManagedRepositoryContent repository = repositoryFactory.getManagedRepositoryContent( repositoryId );
+
+ String artifactPath = repository.toPath( artifactReference );
+
+ int lastIndex = artifactPath.lastIndexOf( '/' );
+
+ File targetPath = new File( repoConfig.getLocation(), artifactPath.substring( 0, lastIndex ) );
- // output from getLogger().debug(...) not appearing in logs, so...
- // System.out.println( "doUpload, file: " + file.getAbsolutePath() );
- // System.out.println( "doUpload, path: " + repositoryLayout.toPath( artifact ) );
+ if ( !targetPath.exists() )
+ {
+ targetPath.mkdirs();
+ }
- return SUCCESS;
+ copyFile( targetPath, artifactPath.substring( lastIndex + 1 ) );
+
+ // 1. check if user has permission to deploy to the repository
+ // - get writable user repositories (need to add new method
+ // for this in DefaultUserRepositories)
+
+ // 2. if user has write permission:
+ // - get repository path (consider the layout -- default or legacy)
+ // - if the artifact is not a pom, create pom file (use ProjectModel400Writer in archiva-repository-layer)
+ // - create directories in the repository (groupId, artifactId, version)
+ // - re-write uploaded jar file
+ // - write generated pom
+ // - update metadata
+
+ // TODO delete temporary file (upload)
+ // TODO improve action error messages below
+
+ return SUCCESS;
+ }
+ catch ( IOException ie )
+ {
+ addActionError( "Error encountered while uploading file: " + ie.getMessage() );
+ return ERROR;
+ }
+ catch ( RepositoryNotFoundException re )
+ {
+ addActionError( "Target repository cannot be found: " + re.getMessage() );
+ return ERROR;
+ }
+ catch ( RepositoryException rep )
+ {
+ addActionError( "Repository exception: " + rep.getMessage() );
+ return ERROR;
+ }
+ }
+
+ private String getPrincipal()
+ {
+ return archivaUser.getActivePrincipal();
+ }
+
+ private void copyFile( File targetPath, String artifactFilename )
+ throws IOException
+ {
+ FileOutputStream out = new FileOutputStream( new File( targetPath, artifactFilename ) );
+
+ try
+ {
+ FileInputStream input = new FileInputStream( file );
+ int i = 0;
+ while ( ( i = input.read() ) != -1 )
+ {
+ out.write( i );
+ }
+ out.flush();
+ }
+ finally
+ {
+ out.close();
+ }
+ }
+
+ private void generatePom()
+ {
+ // TODO: use ProjectModel400Writer
+ }
+
+ public void validate()
+ {
+ try
+ {
+ // is this enough check for the repository permission?
+ if ( !userRepositories.isAuthorizedToUploadArtifacts( getPrincipal(), repositoryId ) )
+ {
+ addActionError( "User is not authorized to upload in repository " + repositoryId );
+ }
+ }
+ catch ( PrincipalNotFoundException pe )
+ {
+ addActionError( pe.getMessage() );
+ }
+ catch ( ArchivaSecurityException ae )
+ {
+ addActionError( ae.getMessage() );
+ }
}
-
}
diff --git a/archiva-web/archiva-webapp/src/main/resources/xwork.xml b/archiva-web/archiva-webapp/src/main/resources/xwork.xml
index c90ad778e..5413ff590 100644
--- a/archiva-web/archiva-webapp/src/main/resources/xwork.xml
+++ b/archiva-web/archiva-webapp/src/main/resources/xwork.xml
@@ -165,12 +165,9 @@
</action>
<action name="upload" class="uploadAction" method="upload">
- <result>/WEB-INF/jsp/upload.jsp</result>
- </action>
-
- <action name="doUpload" class="uploadAction" method="doUpload">
<interceptor-ref name="fileUpload"/>
<interceptor-ref name="basicStack"/>
+ <result name="input">/WEB-INF/jsp/upload.jsp</result>
<result name="success">/WEB-INF/jsp/upload.jsp</result>
</action>
diff --git a/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp b/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp
index a2818052c..4677e0821 100644
--- a/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp
+++ b/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/jsp/upload.jsp
@@ -32,7 +32,7 @@
<h1>Upload Artifact</h1>
<div id="contentArea">
- <ww:form action="doUpload" method="post" enctype="multipart/form-data">
+ <ww:form action="upload!doUpload" method="post" enctype="multipart/form-data">
<%@ include file="/WEB-INF/jsp/include/uploadForm.jspf" %>
<ww:submit/>
</ww:form>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-01 16:56:29 +0000