-remove archiva-security dependency to xwork-integration git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@655233 13f79535-47bb-0310-9956-ffa450edef68tags/archiva-r676265
@@ -117,20 +117,5 @@ | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-xwork-integration</artifactId> | |||
<exclusions> | |||
<exclusion> | |||
<groupId>org.codehaus.plexus</groupId> | |||
<artifactId>plexus-container-default</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.apache.derby</groupId> | |||
<artifactId>derby</artifactId> | |||
<scope>provided</scope> | |||
</dependency> | |||
</dependencies> | |||
</project> |
@@ -30,7 +30,6 @@ import org.codehaus.plexus.redback.policy.AccountLockedException; | |||
import org.codehaus.plexus.redback.policy.MustChangePasswordException; | |||
import org.codehaus.plexus.redback.system.SecuritySession; | |||
import org.codehaus.plexus.redback.system.SecuritySystem; | |||
import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; | |||
import org.slf4j.Logger; | |||
import org.slf4j.LoggerFactory; | |||
@@ -42,44 +41,36 @@ public class ArchivaServletAuthenticator | |||
implements ServletAuthenticator | |||
{ | |||
private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class ); | |||
/** | |||
* @plexus.requirement role-hint="basic" | |||
*/ | |||
private HttpAuthenticator httpAuth; | |||
/** | |||
* @plexus.requirement | |||
*/ | |||
private SecuritySystem securitySystem; | |||
public boolean isAuthenticated( HttpServletRequest request, String repositoryId ) | |||
throws AuthenticationException, AccountLockedException, MustChangePasswordException | |||
{ | |||
AuthenticationResult result = httpAuth.getAuthenticationResult( request, null ); | |||
public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result, String repositoryId ) | |||
throws AuthenticationException, AccountLockedException, MustChangePasswordException | |||
{ | |||
if ( result != null && !result.isAuthenticated() ) | |||
{ | |||
throw new AuthenticationException( "User Credentials Invalid" ); | |||
} | |||
throw new AuthenticationException( "User Credentials Invalid" ); | |||
} | |||
return true; | |||
} | |||
public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest ) | |||
public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, | |||
boolean isWriteRequest ) | |||
throws AuthorizationException | |||
{ | |||
SecuritySession securitySession = httpAuth.getSecuritySession(); | |||
{ | |||
String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS; | |||
if ( isWriteRequest ) | |||
{ | |||
permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD; | |||
} | |||
AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId ); | |||
if ( !authzResult.isAuthorized() ) | |||
{ | |||
if ( authzResult.getException() != null ) | |||
@@ -87,9 +78,9 @@ public class ArchivaServletAuthenticator | |||
log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest + | |||
",permission=" + permission + ",repo=" + repositoryId + "] : " + | |||
authzResult.getException().getMessage() ); | |||
} | |||
} | |||
} | |||
return true; | |||
} | |||
} | |||
} |
@@ -22,20 +22,21 @@ package org.apache.maven.archiva.security; | |||
import javax.servlet.http.HttpServletRequest; | |||
import org.codehaus.plexus.redback.authentication.AuthenticationException; | |||
import org.codehaus.plexus.redback.authentication.AuthenticationResult; | |||
import org.codehaus.plexus.redback.authorization.AuthorizationException; | |||
import org.codehaus.plexus.redback.policy.AccountLockedException; | |||
import org.codehaus.plexus.redback.policy.MustChangePasswordException; | |||
import org.codehaus.plexus.redback.system.SecuritySession; | |||
/** | |||
* | |||
* @author <a href="mailto:oching@apache.org">Maria Odea Ching</a> | |||
* @version | |||
* @version | |||
*/ | |||
public interface ServletAuthenticator | |||
{ | |||
public boolean isAuthenticated( HttpServletRequest request, String repositoryId ) | |||
public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result, String repositoryId ) | |||
throws AuthenticationException, AccountLockedException, MustChangePasswordException; | |||
public boolean isAuthorized( HttpServletRequest request, String repositoryId, boolean isWriteRequest ) | |||
throws AuthorizationException; | |||
public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, | |||
boolean isWriteRequest ) throws AuthorizationException; | |||
} |
@@ -42,10 +42,13 @@ import org.apache.maven.archiva.security.PrincipalNotFoundException; | |||
import org.apache.maven.archiva.security.ServletAuthenticator; | |||
import org.apache.maven.archiva.security.UserRepositories; | |||
import org.codehaus.plexus.redback.authentication.AuthenticationException; | |||
import org.codehaus.plexus.redback.authentication.AuthenticationResult; | |||
import org.codehaus.plexus.redback.authorization.AuthorizationException; | |||
import org.codehaus.plexus.redback.policy.AccountLockedException; | |||
import org.codehaus.plexus.redback.policy.MustChangePasswordException; | |||
import org.codehaus.plexus.redback.system.SecuritySession; | |||
import org.codehaus.plexus.redback.users.UserNotFoundException; | |||
import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; | |||
import org.codehaus.plexus.spring.PlexusToSpringUtils; | |||
import org.slf4j.Logger; | |||
import org.slf4j.LoggerFactory; | |||
@@ -83,19 +86,19 @@ public class RssFeedServlet | |||
private ServletAuthenticator servletAuth; | |||
private HttpAuthenticator httpAuth; | |||
public void init( javax.servlet.ServletConfig servletConfig ) | |||
throws ServletException | |||
{ | |||
super.init( servletConfig ); | |||
wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() ); | |||
// securitySystem = | |||
// (SecuritySystem) wac.getBean( PlexusToSpringUtils.buildSpringId( SecuritySystem.class.getName() ) ); | |||
userRepositories = | |||
(UserRepositories) wac.getBean( PlexusToSpringUtils.buildSpringId( UserRepositories.class.getName() ) ); | |||
// httpAuth = | |||
// (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) ); | |||
servletAuth = | |||
(ServletAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( ServletAuthenticator.class.getName() ) ); | |||
httpAuth = | |||
(HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) ); | |||
} | |||
public void doGet( HttpServletRequest req, HttpServletResponse res ) | |||
@@ -246,7 +249,11 @@ public class RssFeedServlet | |||
{ | |||
try | |||
{ | |||
if ( servletAuth.isAuthenticated( req, repoId ) && servletAuth.isAuthorized( req, repoId, false ) ) | |||
AuthenticationResult result = httpAuth.getAuthenticationResult( req, null ); | |||
SecuritySession securitySession = httpAuth.getSecuritySession(); | |||
if ( servletAuth.isAuthenticated( req, result, repoId ) && | |||
servletAuth.isAuthorized( req, securitySession, repoId, false ) ) | |||
{ | |||
return true; | |||
} | |||
@@ -282,65 +289,4 @@ public class RssFeedServlet | |||
return Collections.emptyList(); | |||
} | |||
/* | |||
private boolean isAuthenticated( HttpServletRequest request, String repositoryId ) | |||
{ | |||
try | |||
{ | |||
AuthenticationResult result = httpAuth.getAuthenticationResult( request, null ); | |||
if ( result != null && !result.isAuthenticated() ) | |||
{ | |||
log.error( "User credentials is invalid." ); | |||
return false; | |||
} | |||
} | |||
catch ( AuthenticationException e ) | |||
{ | |||
log.error( "User is not authenticated." ); | |||
return false; | |||
} | |||
catch ( AccountLockedException e ) | |||
{ | |||
log.error( "User account is locked." ); | |||
return false; | |||
} | |||
catch ( MustChangePasswordException e ) | |||
{ | |||
log.error( "Password must be changed." ); | |||
return false; | |||
} | |||
return true; | |||
} | |||
private boolean isAuthorized( HttpServletRequest request, String repositoryId ) | |||
{ | |||
SecuritySession securitySession = httpAuth.getSecuritySession(); | |||
try | |||
{ | |||
String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS; | |||
AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId ); | |||
if ( !authzResult.isAuthorized() ) | |||
{ | |||
if ( authzResult.getException() != null ) | |||
{ | |||
log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission + | |||
",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() ); | |||
} | |||
return false; | |||
} | |||
} | |||
catch ( AuthorizationException e ) | |||
{ | |||
log.error( "Error in authorization : " + e.getMessage() ); | |||
return false; | |||
} | |||
return true; | |||
} | |||
*/ | |||
} |
@@ -101,6 +101,16 @@ | |||
<groupId>joda-time</groupId> | |||
<artifactId>joda-time</artifactId> | |||
</dependency> | |||
<dependency> | |||
<groupId>org.codehaus.plexus.redback</groupId> | |||
<artifactId>redback-xwork-integration</artifactId> | |||
<exclusions> | |||
<exclusion> | |||
<groupId>org.codehaus.plexus</groupId> | |||
<artifactId>plexus-container-default</artifactId> | |||
</exclusion> | |||
</exclusions> | |||
</dependency> | |||
</dependencies> | |||
<!-- Required by it.could classes --> |
@@ -27,8 +27,11 @@ import org.apache.maven.archiva.webdav.util.WebdavMethodUtil; | |||
import org.apache.maven.archiva.webdav.util.RepositoryPathUtil; | |||
import org.apache.maven.archiva.security.ServletAuthenticator; | |||
import org.codehaus.plexus.redback.authentication.AuthenticationException; | |||
import org.codehaus.plexus.redback.authentication.AuthenticationResult; | |||
import org.codehaus.plexus.redback.policy.MustChangePasswordException; | |||
import org.codehaus.plexus.redback.policy.AccountLockedException; | |||
import org.codehaus.plexus.redback.system.SecuritySession; | |||
import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator; | |||
import org.codehaus.plexus.redback.authorization.AuthorizationException; | |||
import org.codehaus.plexus.spring.PlexusToSpringUtils; | |||
import org.springframework.web.context.WebApplicationContext; | |||
@@ -45,10 +48,14 @@ public class ArchivaDavSessionProvider implements DavSessionProvider | |||
private Logger log = LoggerFactory.getLogger(ArchivaDavSessionProvider.class); | |||
private ServletAuthenticator servletAuth; | |||
private HttpAuthenticator httpAuth; | |||
public ArchivaDavSessionProvider(WebApplicationContext applicationContext) | |||
{ | |||
servletAuth = (ServletAuthenticator) applicationContext.getBean( PlexusToSpringUtils.buildSpringId( ServletAuthenticator.class.getName() ) ); | |||
httpAuth = | |||
(HttpAuthenticator) applicationContext.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) ); | |||
} | |||
public boolean attachSession(WebdavRequest request) throws DavException | |||
@@ -57,8 +64,11 @@ public class ArchivaDavSessionProvider implements DavSessionProvider | |||
try | |||
{ | |||
return servletAuth.isAuthenticated(request, repositoryId) && | |||
servletAuth.isAuthorized(request, repositoryId, WebdavMethodUtil.isWriteMethod( request.getMethod() ) ); | |||
AuthenticationResult result = httpAuth.getAuthenticationResult( request, null ); | |||
SecuritySession securitySession = httpAuth.getSecuritySession(); | |||
return servletAuth.isAuthenticated(request, result, repositoryId) && | |||
servletAuth.isAuthorized(request, securitySession, repositoryId, WebdavMethodUtil.isWriteMethod( request.getMethod() ) ); | |||
} | |||
catch ( AuthenticationException e ) | |||
{ |