|
|
@@ -92,6 +92,7 @@ import javax.annotation.PostConstruct; |
|
|
|
import javax.inject.Inject; |
|
|
|
import javax.inject.Named; |
|
|
|
import javax.servlet.http.HttpServletResponse; |
|
|
|
import javax.servlet.http.HttpSession; |
|
|
|
import java.io.File; |
|
|
|
import java.io.FileNotFoundException; |
|
|
|
import java.io.FileReader; |
|
|
@@ -939,143 +940,120 @@ public class ArchivaDavResourceFactory |
|
|
|
|
|
|
|
if ( allow ) |
|
|
|
{ |
|
|
|
for ( String repository : repositories ) |
|
|
|
{ |
|
|
|
ManagedRepositoryContent managedRepository = null; |
|
|
|
|
|
|
|
// remove last / |
|
|
|
String pathInfo = StringUtils.removeEnd( request.getPathInfo(), "/" ); |
|
|
|
if ( StringUtils.endsWith( pathInfo, "/.indexer" ) ) |
|
|
|
{ |
|
|
|
try |
|
|
|
{ |
|
|
|
managedRepository = repositoryFactory.getManagedRepositoryContent( repository ); |
|
|
|
File mergedRepoDir = buildMergedIndexDirectory( repositories, activePrincipal, request ); |
|
|
|
mergedRepositoryContents.add( mergedRepoDir ); |
|
|
|
|
|
|
|
} |
|
|
|
catch ( RepositoryNotFoundException e ) |
|
|
|
catch ( RepositoryAdminException e ) |
|
|
|
{ |
|
|
|
throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, |
|
|
|
"Invalid managed repository <" + repository + ">: " + e.getMessage() ); |
|
|
|
throw new DavException( 500, e ); |
|
|
|
} |
|
|
|
catch ( RepositoryException e ) |
|
|
|
catch ( IndexMergerException e ) |
|
|
|
{ |
|
|
|
throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, |
|
|
|
"Invalid managed repository <" + repository + ">: " + e.getMessage() ); |
|
|
|
throw new DavException( 500, e ); |
|
|
|
} |
|
|
|
|
|
|
|
File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() ); |
|
|
|
if ( resourceFile.exists() ) |
|
|
|
} |
|
|
|
else |
|
|
|
{ |
|
|
|
for ( String repository : repositories ) |
|
|
|
{ |
|
|
|
// in case of group displaying index directory doesn't have sense !! |
|
|
|
String repoIndexDirectory = managedRepository.getRepository().getIndexDirectory(); |
|
|
|
if ( StringUtils.isNotEmpty( repoIndexDirectory ) ) |
|
|
|
ManagedRepositoryContent managedRepository = null; |
|
|
|
|
|
|
|
try |
|
|
|
{ |
|
|
|
if ( !new File( repoIndexDirectory ).isAbsolute() ) |
|
|
|
{ |
|
|
|
repoIndexDirectory = new File( managedRepository.getRepository().getLocation(), |
|
|
|
StringUtils.isEmpty( repoIndexDirectory ) |
|
|
|
? ".indexer" |
|
|
|
: repoIndexDirectory ).getAbsolutePath(); |
|
|
|
} |
|
|
|
managedRepository = repositoryFactory.getManagedRepositoryContent( repository ); |
|
|
|
} |
|
|
|
catch ( RepositoryNotFoundException e ) |
|
|
|
{ |
|
|
|
throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, |
|
|
|
"Invalid managed repository <" + repository + ">: " + e.getMessage() ); |
|
|
|
} |
|
|
|
if ( StringUtils.isEmpty( repoIndexDirectory ) ) |
|
|
|
catch ( RepositoryException e ) |
|
|
|
{ |
|
|
|
repoIndexDirectory = |
|
|
|
new File( managedRepository.getRepository().getLocation(), ".indexer" ).getAbsolutePath(); |
|
|
|
throw new DavException( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, |
|
|
|
"Invalid managed repository <" + repository + ">: " + e.getMessage() ); |
|
|
|
} |
|
|
|
|
|
|
|
if ( !StringUtils.equals( FilenameUtils.normalize( repoIndexDirectory ), |
|
|
|
FilenameUtils.normalize( resourceFile.getAbsolutePath() ) ) ) |
|
|
|
File resourceFile = new File( managedRepository.getRepoRoot(), logicalResource.getPath() ); |
|
|
|
if ( resourceFile.exists() ) |
|
|
|
{ |
|
|
|
// for prompted authentication |
|
|
|
if ( httpAuth.getSecuritySession( request.getSession( true ) ) != null ) |
|
|
|
// in case of group displaying index directory doesn't have sense !! |
|
|
|
String repoIndexDirectory = managedRepository.getRepository().getIndexDirectory(); |
|
|
|
if ( StringUtils.isNotEmpty( repoIndexDirectory ) ) |
|
|
|
{ |
|
|
|
try |
|
|
|
if ( !new File( repoIndexDirectory ).isAbsolute() ) |
|
|
|
{ |
|
|
|
if ( isAuthorized( request, repository ) ) |
|
|
|
{ |
|
|
|
mergedRepositoryContents.add( resourceFile ); |
|
|
|
log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal ); |
|
|
|
} |
|
|
|
} |
|
|
|
catch ( DavException e ) |
|
|
|
{ |
|
|
|
// TODO: review exception handling |
|
|
|
if ( log.isDebugEnabled() ) |
|
|
|
{ |
|
|
|
log.debug( |
|
|
|
"Skipping repository '" + managedRepository + "' for user '" + activePrincipal |
|
|
|
+ "': " + e.getMessage() ); |
|
|
|
} |
|
|
|
repoIndexDirectory = new File( managedRepository.getRepository().getLocation(), |
|
|
|
StringUtils.isEmpty( repoIndexDirectory ) |
|
|
|
? ".indexer" |
|
|
|
: repoIndexDirectory ).getAbsolutePath(); |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
else |
|
|
|
if ( StringUtils.isEmpty( repoIndexDirectory ) ) |
|
|
|
{ |
|
|
|
// for the current user logged in |
|
|
|
try |
|
|
|
repoIndexDirectory = new File( managedRepository.getRepository().getLocation(), |
|
|
|
".indexer" ).getAbsolutePath(); |
|
|
|
} |
|
|
|
|
|
|
|
if ( !StringUtils.equals( FilenameUtils.normalize( repoIndexDirectory ), |
|
|
|
FilenameUtils.normalize( resourceFile.getAbsolutePath() ) ) ) |
|
|
|
{ |
|
|
|
// for prompted authentication |
|
|
|
if ( httpAuth.getSecuritySession( request.getSession( true ) ) != null ) |
|
|
|
{ |
|
|
|
if ( servletAuth.isAuthorized( activePrincipal, repository, |
|
|
|
WebdavMethodUtil.getMethodPermission( |
|
|
|
request.getMethod() ) ) ) |
|
|
|
try |
|
|
|
{ |
|
|
|
mergedRepositoryContents.add( resourceFile ); |
|
|
|
log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal ); |
|
|
|
if ( isAuthorized( request, repository ) ) |
|
|
|
{ |
|
|
|
mergedRepositoryContents.add( resourceFile ); |
|
|
|
log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal ); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
catch ( UnauthorizedException e ) |
|
|
|
{ |
|
|
|
// TODO: review exception handling |
|
|
|
if ( log.isDebugEnabled() ) |
|
|
|
catch ( DavException e ) |
|
|
|
{ |
|
|
|
log.debug( |
|
|
|
"Skipping repository '" + managedRepository + "' for user '" + activePrincipal |
|
|
|
+ "': " + e.getMessage() ); |
|
|
|
// TODO: review exception handling |
|
|
|
if ( log.isDebugEnabled() ) |
|
|
|
{ |
|
|
|
log.debug( "Skipping repository '" + managedRepository + "' for user '" |
|
|
|
+ activePrincipal + "': " + e.getMessage() ); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
// remove last / |
|
|
|
String pathInfo = StringUtils.removeEnd( request.getPathInfo(), "/" ); |
|
|
|
if ( StringUtils.endsWith( path, ".indexer" ) ) |
|
|
|
{ |
|
|
|
try |
|
|
|
{ |
|
|
|
Set<String> authzRepos = new HashSet<String>(); |
|
|
|
for ( String repository : repositories ) |
|
|
|
{ |
|
|
|
try |
|
|
|
{ |
|
|
|
if ( servletAuth.isAuthorized( activePrincipal, repository, |
|
|
|
WebdavMethodUtil.getMethodPermission( |
|
|
|
request.getMethod() ) ) ) |
|
|
|
{ |
|
|
|
authzRepos.add( repository ); |
|
|
|
authzRepos.addAll( this.repositorySearch.getRemoteIndexingContextIds( repository ) ); |
|
|
|
} |
|
|
|
} |
|
|
|
catch ( UnauthorizedException e ) |
|
|
|
{ |
|
|
|
// TODO: review exception handling |
|
|
|
if ( log.isDebugEnabled() ) |
|
|
|
else |
|
|
|
{ |
|
|
|
log.debug( |
|
|
|
"Skipping repository '" + repository + "' for user '" + activePrincipal + "': " |
|
|
|
+ e.getMessage() ); |
|
|
|
// for the current user logged in |
|
|
|
try |
|
|
|
{ |
|
|
|
if ( servletAuth.isAuthorized( activePrincipal, repository, |
|
|
|
WebdavMethodUtil.getMethodPermission( |
|
|
|
request.getMethod() ) ) ) |
|
|
|
{ |
|
|
|
mergedRepositoryContents.add( resourceFile ); |
|
|
|
log.debug( "Repository '{}' accessed by '{}'", repository, activePrincipal ); |
|
|
|
} |
|
|
|
} |
|
|
|
catch ( UnauthorizedException e ) |
|
|
|
{ |
|
|
|
// TODO: review exception handling |
|
|
|
if ( log.isDebugEnabled() ) |
|
|
|
{ |
|
|
|
log.debug( "Skipping repository '" + managedRepository + "' for user '" |
|
|
|
+ activePrincipal + "': " + e.getMessage() ); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
File mergedRepoDir = indexMerger.buildMergedIndex( authzRepos, true ); |
|
|
|
mergedRepositoryContents.add( mergedRepoDir ); |
|
|
|
|
|
|
|
} |
|
|
|
catch ( RepositoryAdminException e ) |
|
|
|
{ |
|
|
|
throw new DavException( 500, e ); |
|
|
|
} |
|
|
|
catch ( IndexMergerException e ) |
|
|
|
{ |
|
|
|
throw new DavException( 500, e ); |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
else |
|
|
@@ -1202,6 +1180,39 @@ public class ArchivaDavResourceFactory |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
protected File buildMergedIndexDirectory( List<String> repositories, String activePrincipal, |
|
|
|
DavServletRequest request ) |
|
|
|
throws RepositoryAdminException, IndexMergerException |
|
|
|
{ |
|
|
|
|
|
|
|
Set<String> authzRepos = new HashSet<String>(); |
|
|
|
for ( String repository : repositories ) |
|
|
|
{ |
|
|
|
try |
|
|
|
{ |
|
|
|
if ( servletAuth.isAuthorized( activePrincipal, repository, |
|
|
|
WebdavMethodUtil.getMethodPermission( request.getMethod() ) ) ) |
|
|
|
{ |
|
|
|
authzRepos.add( repository ); |
|
|
|
authzRepos.addAll( this.repositorySearch.getRemoteIndexingContextIds( repository ) ); |
|
|
|
} |
|
|
|
} |
|
|
|
catch ( UnauthorizedException e ) |
|
|
|
{ |
|
|
|
// TODO: review exception handling |
|
|
|
if ( log.isDebugEnabled() ) |
|
|
|
{ |
|
|
|
log.debug( "Skipping repository '" + repository + "' for user '" + activePrincipal + "': " |
|
|
|
+ e.getMessage() ); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
File mergedRepoDir = indexMerger.buildMergedIndex( authzRepos, true ); |
|
|
|
return mergedRepoDir; |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
public void setServletAuth( ServletAuthenticator servletAuth ) |
|
|
|
{ |
|
|
|
this.servletAuth = servletAuth; |