mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
Browse Source

check first if the request is .indexer browsing to not iterate over repositories (ie normal process) 

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1197905 13f79535-47bb-0310-9956-ffa450edef68
tags/archiva-1.4-M2
Olivier Lamy 12 years ago
parent
1c437a85fb
commit
f0a3cbb416
1 changed files with 116 additions and 105 deletions
Split View Show Diff Stats
  1. 116
    105
      archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/archiva/webdav/ArchivaDavResourceFactory.java

+ 116
- 105
archiva-modules/archiva-web/archiva-webdav/src/main/java/org/apache/archiva/webdav/ArchivaDavResourceFactory.java View File

@@ -92,6 +92,7 @@ import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
@@ -939,143 +940,120 @@ public class ArchivaDavResourceFactory

if ( allow )
{
for ( String repository : repositories )
{
ManagedRepositoryContent managedRepository = null;

// remove last /
String pathInfo = StringUtils.removeEnd( request.getPathInfo(), "/" );
if ( StringUtils.endsWith( pathInfo, "/.indexer" ) )
{
try
{
managedRepository = repositoryFactory.getManagedRepositoryContent( repository );
File mergedRepoDir = buildMergedIndexDirectory( repositories, activePrincipal, request );
mergedRepositoryContents.add( mergedRepoDir );

}
catch ( RepositoryNotFoundException e )
catch ( RepositoryAdminException e )
{
throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
"Invalid managed repository <" + repository + ">: " + e.getMessage() );
throw new DavException( 500, e );
}
catch ( RepositoryException e )
catch ( IndexMergerException e )
{
throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
"Invalid managed repository <" + repository + ">: " + e.getMessage() );
throw new DavException( 500, e );
}

File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
if ( resourceFile.exists() )
}
else
{
for ( String repository : repositories )
{
// in case of group displaying index directory doesn't have sense !!
String repoIndexDirectory = managedRepository.getRepository().getIndexDirectory();
if ( StringUtils.isNotEmpty( repoIndexDirectory ) )
ManagedRepositoryContent managedRepository = null;
try
{
if ( !new File( repoIndexDirectory ).isAbsolute() )
{
repoIndexDirectory = new File( managedRepository.getRepository().getLocation(),
StringUtils.isEmpty( repoIndexDirectory )
? ".indexer"
: repoIndexDirectory ).getAbsolutePath();
}
managedRepository = repositoryFactory.getManagedRepositoryContent( repository );
}
catch ( RepositoryNotFoundException e )
{
throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
"Invalid managed repository <" + repository + ">: " + e.getMessage() );
}
if ( StringUtils.isEmpty( repoIndexDirectory ) )
catch ( RepositoryException e )
{
repoIndexDirectory =
new File( managedRepository.getRepository().getLocation(), ".indexer" ).getAbsolutePath();
throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
"Invalid managed repository <" + repository + ">: " + e.getMessage() );
}

if ( !StringUtils.equals( FilenameUtils.normalize( repoIndexDirectory ),
FilenameUtils.normalize( resourceFile.getAbsolutePath() ) ) )
File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() );
if ( resourceFile.exists() )
{
// for prompted authentication
if ( httpAuth.getSecuritySession( request.getSession( true ) ) != null )
// in case of group displaying index directory doesn't have sense !!
String repoIndexDirectory = managedRepository.getRepository().getIndexDirectory();
if ( StringUtils.isNotEmpty( repoIndexDirectory ) )
{
try
if ( !new File( repoIndexDirectory ).isAbsolute() )
{
if ( isAuthorized( request, repository ) )
{
mergedRepositoryContents.add( resourceFile );
log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal );
}
}
catch ( DavException e )
{
// TODO: review exception handling
if ( log.isDebugEnabled() )
{
log.debug(
"Skipping repository '" + managedRepository + "' for user '" + activePrincipal
+ "': " + e.getMessage() );
}
repoIndexDirectory = new File( managedRepository.getRepository().getLocation(),
StringUtils.isEmpty( repoIndexDirectory )
? ".indexer"
: repoIndexDirectory ).getAbsolutePath();
}

}
else
if ( StringUtils.isEmpty( repoIndexDirectory ) )
{
// for the current user logged in
try
repoIndexDirectory = new File( managedRepository.getRepository().getLocation(),
".indexer" ).getAbsolutePath();
}

if ( !StringUtils.equals( FilenameUtils.normalize( repoIndexDirectory ),
FilenameUtils.normalize( resourceFile.getAbsolutePath() ) ) )
{
// for prompted authentication
if ( httpAuth.getSecuritySession( request.getSession( true ) ) != null )
{
if ( servletAuth.isAuthorized( activePrincipal, repository,
WebdavMethodUtil.getMethodPermission(
request.getMethod() ) ) )
try
{
mergedRepositoryContents.add( resourceFile );
log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal );
if ( isAuthorized( request, repository ) )
{
mergedRepositoryContents.add( resourceFile );
log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal );
}
}
}
catch ( UnauthorizedException e )
{
// TODO: review exception handling
if ( log.isDebugEnabled() )
catch ( DavException e )
{
log.debug(
"Skipping repository '" + managedRepository + "' for user '" + activePrincipal
+ "': " + e.getMessage() );
// TODO: review exception handling
if ( log.isDebugEnabled() )
{
log.debug( "Skipping repository '" + managedRepository + "' for user '"
+ activePrincipal + "': " + e.getMessage() );
}
}

}
}
}
}
}
// remove last /
String pathInfo = StringUtils.removeEnd( request.getPathInfo(), "/" );
if ( StringUtils.endsWith( path, ".indexer" ) )
{
try
{
Set<String> authzRepos = new HashSet<String>();
for ( String repository : repositories )
{
try
{
if ( servletAuth.isAuthorized( activePrincipal, repository,
WebdavMethodUtil.getMethodPermission(
request.getMethod() ) ) )
{
authzRepos.add( repository );
authzRepos.addAll( this.repositorySearch.getRemoteIndexingContextIds( repository ) );
}
}
catch ( UnauthorizedException e )
{
// TODO: review exception handling
if ( log.isDebugEnabled() )
else
{
log.debug(
"Skipping repository '" + repository + "' for user '" + activePrincipal + "': "
+ e.getMessage() );
// for the current user logged in
try
{
if ( servletAuth.isAuthorized( activePrincipal, repository,
WebdavMethodUtil.getMethodPermission(
request.getMethod() ) ) )
{
mergedRepositoryContents.add( resourceFile );
log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal );
}
}
catch ( UnauthorizedException e )
{
// TODO: review exception handling
if ( log.isDebugEnabled() )
{
log.debug( "Skipping repository '" + managedRepository + "' for user '"
+ activePrincipal + "': " + e.getMessage() );
}
}
}
}
}

File mergedRepoDir = indexMerger.buildMergedIndex( authzRepos, true );
mergedRepositoryContents.add( mergedRepoDir );

}
catch ( RepositoryAdminException e )
{
throw new DavException( 500, e );
}
catch ( IndexMergerException e )
{
throw new DavException( 500, e );
}

}
}
else
@@ -1202,6 +1180,39 @@ public class ArchivaDavResourceFactory
}
}

protected File buildMergedIndexDirectory( List<String> repositories, String activePrincipal,
DavServletRequest request )
throws RepositoryAdminException, IndexMergerException
{

Set<String> authzRepos = new HashSet<String>();
for ( String repository : repositories )
{
try
{
if ( servletAuth.isAuthorized( activePrincipal, repository,
WebdavMethodUtil.getMethodPermission( request.getMethod() ) ) )
{
authzRepos.add( repository );
authzRepos.addAll( this.repositorySearch.getRemoteIndexingContextIds( repository ) );
}
}
catch ( UnauthorizedException e )
{
// TODO: review exception handling
if ( log.isDebugEnabled() )
{
log.debug( "Skipping repository '" + repository + "' for user '" + activePrincipal + "': "
+ e.getMessage() );
}
}
}

File mergedRepoDir = indexMerger.buildMergedIndex( authzRepos, true );
return mergedRepoDir;
}


public void setServletAuth( ServletAuthenticator servletAuth )
{
this.servletAuth = servletAuth;

Write Preview
Loading…
Cancel
Save