mirrors
/
archiva
mirror of https://github.com/apache/archiva.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 70 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2313 Commits
73 Branches
Tree: fa61616ee3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fa61616ee3'
${ noResults }
archiva/archiva-modules/archiva-web/archiva-webapp/src/main/java/org/apache/maven/archiva/web/rss/RssFeedServlet.java

RssFeedServlet.java 13KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342 
  1. package org.apache.maven.archiva.web.rss;

  2. 

  3. /*

  4.  * Licensed to the Apache Software Foundation (ASF) under one

  5.  * or more contributor license agreements.  See the NOTICE file

  6.  * distributed with this work for additional information

  7.  * regarding copyright ownership.  The ASF licenses this file

  8.  * to you under the Apache License, Version 2.0 (the

  9.  * "License"); you may not use this file except in compliance

  10.  * with the License.  You may obtain a copy of the License at

  11.  *

  12.  *  http://www.apache.org/licenses/LICENSE-2.0

  13.  *

  14.  * Unless required by applicable law or agreed to in writing,

  15.  * software distributed under the License is distributed on an

  16.  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

  17.  * KIND, either express or implied.  See the License for the

  18.  * specific language governing permissions and limitations

  19.  * under the License.

  20.  */

  21. 

  22. import java.io.IOException;

  23. import java.util.ArrayList;

  24. import java.util.Collections;

  25. import java.util.HashMap;

  26. import java.util.List;

  27. import java.util.Map;

  28. 

  29. import javax.servlet.ServletException;

  30. import javax.servlet.http.HttpServlet;

  31. import javax.servlet.http.HttpServletRequest;

  32. import javax.servlet.http.HttpServletResponse;

  33. 

  34. import org.apache.archiva.rss.processor.RssFeedProcessor;

  35. import org.apache.commons.codec.Decoder;

  36. import org.apache.commons.codec.DecoderException;

  37. import org.apache.commons.codec.binary.Base64;

  38. import org.apache.commons.lang.StringUtils;

  39. import org.apache.maven.archiva.database.ArchivaDatabaseException;

  40. import org.apache.maven.archiva.security.AccessDeniedException;

  41. import org.apache.maven.archiva.security.ArchivaRoleConstants;

  42. import org.apache.maven.archiva.security.ArchivaSecurityException;

  43. import org.apache.maven.archiva.security.ArchivaXworkUser;

  44. import org.apache.maven.archiva.security.PrincipalNotFoundException;

  45. import org.apache.maven.archiva.security.ServletAuthenticator;

  46. import org.apache.maven.archiva.security.UserRepositories;

  47. import org.codehaus.plexus.redback.authentication.AuthenticationException;

  48. import org.codehaus.plexus.redback.authentication.AuthenticationResult;

  49. import org.codehaus.plexus.redback.authorization.AuthorizationException;

  50. import org.codehaus.plexus.redback.authorization.UnauthorizedException;

  51. import org.codehaus.plexus.redback.policy.AccountLockedException;

  52. import org.codehaus.plexus.redback.policy.MustChangePasswordException;

  53. import org.codehaus.plexus.redback.system.SecuritySession;

  54. import org.codehaus.plexus.redback.users.UserNotFoundException;

  55. import org.codehaus.plexus.redback.struts2.filter.authentication.HttpAuthenticator;

  56. import org.codehaus.plexus.spring.PlexusToSpringUtils;

  57. import org.slf4j.Logger;

  58. import org.slf4j.LoggerFactory;

  59. import org.springframework.web.context.WebApplicationContext;

  60. import org.springframework.web.context.support.WebApplicationContextUtils;

  61. 

  62. import com.sun.syndication.feed.synd.SyndFeed;

  63. import com.sun.syndication.io.FeedException;

  64. import com.sun.syndication.io.SyndFeedOutput;

  65. 

  66. /**

  67.  * Servlet for handling rss feed requests.

  68.  * 

  69.  * @author <a href="mailto:oching@apache.org">Maria Odea Ching</a>

  70.  * @version

  71.  */

  72. public class RssFeedServlet

  73.     extends HttpServlet

  74. {

  75.     public static final String MIME_TYPE = "application/rss+xml; charset=UTF-8";

  76. 

  77.     private static final String COULD_NOT_GENERATE_FEED_ERROR = "Could not generate feed";

  78. 

  79.     private static final String COULD_NOT_AUTHENTICATE_USER = "Could not authenticate user";

  80. 

  81.     private static final String USER_NOT_AUTHORIZED = "User not authorized to access feed.";

  82. 

  83.     private Logger log = LoggerFactory.getLogger( RssFeedServlet.class );

  84. 

  85.     private RssFeedProcessor processor;

  86. 

  87.     private WebApplicationContext wac;

  88. 

  89.     private UserRepositories userRepositories;

  90. 

  91.     private ServletAuthenticator servletAuth;

  92. 

  93.     private HttpAuthenticator httpAuth;

  94.     

  95.     private ArchivaXworkUser archivaXworkUser;

  96. 

  97.     public void init( javax.servlet.ServletConfig servletConfig )

  98.         throws ServletException

  99.     {

  100.         super.init( servletConfig );

  101.         wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() );

  102.         userRepositories =

  103.             (UserRepositories) wac.getBean( PlexusToSpringUtils.buildSpringId( UserRepositories.class.getName() ) );

  104.         servletAuth =

  105.             (ServletAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( ServletAuthenticator.class.getName() ) );

  106.         httpAuth =

  107.             (HttpAuthenticator) wac.getBean( PlexusToSpringUtils.buildSpringId( HttpAuthenticator.ROLE, "basic" ) );

  108.         archivaXworkUser = (ArchivaXworkUser) wac.getBean( PlexusToSpringUtils.buildSpringId( ArchivaXworkUser.class ) );

  109.     }

  110. 

  111.     public void doGet( HttpServletRequest req, HttpServletResponse res )

  112.         throws ServletException, IOException

  113.     {

  114.         String repoId = null;

  115.         String groupId = null;

  116.         String artifactId = null;

  117.         

  118.         String url = StringUtils.removeEnd( req.getRequestURL().toString(), "/" );          

  119.         if( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) > 0 )

  120.         {

  121.             artifactId = StringUtils.substringAfterLast( url, "/" );

  122.             groupId = StringUtils.substringBeforeLast( StringUtils.substringAfter( url, "feeds/" ), "/");

  123.             groupId = StringUtils.replaceChars( groupId, '/', '.' );

  124.         }

  125.         else if( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) == 0 )

  126.         {

  127.             repoId = StringUtils.substringAfterLast( url, "/" );

  128.         }

  129.         else

  130.         {

  131.             res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Invalid request url." );

  132.             return;

  133.         }        

  134.         

  135.         try

  136.         {

  137.             Map<String, String> map = new HashMap<String, String>();

  138.             SyndFeed feed = null;

  139.             

  140.             if ( isAllowed( req, repoId, groupId, artifactId ) )

  141.             {

  142.                 if ( repoId != null )

  143.                 {

  144.                     // new artifacts in repo feed request

  145.                     processor =

  146.                         (RssFeedProcessor) wac.getBean( PlexusToSpringUtils.buildSpringId(

  147.                                                                                            RssFeedProcessor.class.getName(),

  148.                                                                                            "new-artifacts" ) );

  149.                     map.put( RssFeedProcessor.KEY_REPO_ID, repoId );

  150.                 }

  151.                 else if ( ( groupId != null ) && ( artifactId != null ) )

  152.                 {

  153.                     // new versions of artifact feed request

  154.                     processor =

  155.                         (RssFeedProcessor) wac.getBean( PlexusToSpringUtils.buildSpringId(

  156.                                                                                            RssFeedProcessor.class.getName(),

  157.                                                                                            "new-versions" ) );

  158.                     map.put( RssFeedProcessor.KEY_GROUP_ID, groupId );

  159.                     map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId );

  160.                 }

  161.             }

  162.             else

  163.             {

  164.                 res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );

  165.                 return;

  166.             }

  167. 

  168.             feed = processor.process( map );            

  169.             if( feed == null )

  170.             {

  171.                 res.sendError( HttpServletResponse.SC_NO_CONTENT, "No information available." );

  172.                 return;

  173.             }

  174.             

  175.             res.setContentType( MIME_TYPE );

  176.                         

  177.             if ( repoId != null )

  178.             {   

  179.                 feed.setLink( req.getRequestURL().toString() );

  180.             }

  181.             else if ( ( groupId != null ) && ( artifactId != null ) )

  182.             {

  183.                 feed.setLink( req.getRequestURL().toString() );                

  184.             }

  185. 

  186.             SyndFeedOutput output = new SyndFeedOutput();

  187.             output.output( feed, res.getWriter() );

  188.         }

  189.         catch ( ArchivaDatabaseException e )

  190.         {

  191.             log.debug( COULD_NOT_GENERATE_FEED_ERROR, e );

  192.             res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, COULD_NOT_GENERATE_FEED_ERROR );

  193.         }

  194.         catch ( UserNotFoundException unfe )

  195.         {

  196.             log.debug( COULD_NOT_AUTHENTICATE_USER, unfe );

  197.             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );

  198.         }

  199.         catch ( AccountLockedException acce )

  200.         {            

  201.             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );

  202.         }

  203.         catch ( AuthenticationException authe )

  204.         {   

  205.             log.debug( COULD_NOT_AUTHENTICATE_USER, authe );

  206.             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );

  207.         }

  208.         catch ( FeedException ex )

  209.         {

  210.             log.debug( COULD_NOT_GENERATE_FEED_ERROR, ex );

  211.             res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, COULD_NOT_GENERATE_FEED_ERROR );

  212.         }

  213.         catch ( MustChangePasswordException e )

  214.         {            

  215.             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );

  216.         }

  217.         catch ( UnauthorizedException e )

  218.         {

  219.             log.debug( e.getMessage() );

  220.             if ( repoId != null )

  221.             {

  222.                 res.setHeader("WWW-Authenticate", "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" );

  223.             }

  224.             else

  225.             {

  226.                 res.setHeader("WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId );

  227.             }

  228.             

  229.             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );

  230.         }

  231.     }

  232. 

  233.     /**

  234.      * Basic authentication.

  235.      * 

  236.      * @param req

  237.      * @param repositoryId TODO

  238.      * @param groupId TODO

  239.      * @param artifactId TODO

  240.      * @return

  241.      */

  242.     private boolean isAllowed( HttpServletRequest req, String repositoryId, String groupId, String artifactId )

  243.         throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException,

  244.         UnauthorizedException

  245.     {

  246.         String auth = req.getHeader( "Authorization" );

  247.         List<String> repoIds = new ArrayList<String>();

  248. 

  249.         if ( repositoryId != null )

  250.         {

  251.             repoIds.add( repositoryId );

  252.         }

  253.         else if ( artifactId != null && groupId != null )

  254.         {

  255.             if ( auth != null )

  256.             {

  257.                 if ( !auth.toUpperCase().startsWith( "BASIC " ) )

  258.                 {

  259.                     return false;

  260.                 }

  261. 

  262.                 Decoder dec = new Base64();

  263.                 String usernamePassword = "";

  264. 

  265.                 try

  266.                 {

  267.                     usernamePassword = new String( (byte[]) dec.decode( auth.substring( 6 ).getBytes() ) );

  268.                 }

  269.                 catch ( DecoderException ie )

  270.                 {

  271.                     log.warn( "Error decoding username and password.", ie.getMessage() );

  272.                 }

  273. 

  274.                 if ( usernamePassword == null || usernamePassword.trim().equals( "" ) )

  275.                 {

  276.                     repoIds = getObservableRepos( archivaXworkUser.getGuest() );

  277.                 }

  278.                 else

  279.                 {

  280.                     String[] userCredentials = usernamePassword.split( ":" );

  281.                     repoIds = getObservableRepos( userCredentials[0] );

  282.                 }

  283.             }

  284.             else

  285.             {

  286.                 repoIds = getObservableRepos( archivaXworkUser.getGuest() );

  287.             }

  288.         }

  289.         else

  290.         {

  291.             return false;

  292.         }

  293. 

  294.         for ( String repoId : repoIds )

  295.         {

  296.             try

  297.             {

  298.                 AuthenticationResult result = httpAuth.getAuthenticationResult( req, null );

  299.                 SecuritySession securitySession = httpAuth.getSecuritySession();

  300. 

  301.                 if ( servletAuth.isAuthenticated( req, result ) &&

  302.                     servletAuth.isAuthorized( req, securitySession, repoId, false ) )

  303.                 {

  304.                     return true;

  305.                 }

  306.             }

  307.             catch ( AuthorizationException e )

  308.             {

  309.                 

  310.             }

  311.             catch ( UnauthorizedException e )

  312.             {

  313.              

  314.             }

  315.         }

  316. 

  317.         throw new UnauthorizedException( "Access denied." );

  318.     }

  319. 

  320.     private List<String> getObservableRepos( String principal )

  321.     {

  322.         try

  323.         {

  324.             return userRepositories.getObservableRepositoryIds( principal );

  325.         }

  326.         catch ( PrincipalNotFoundException e )

  327.         {

  328.             log.warn( e.getMessage(), e );

  329.         }

  330.         catch ( AccessDeniedException e )

  331.         {

  332.             log.warn( e.getMessage(), e );

  333.         }

  334.         catch ( ArchivaSecurityException e )

  335.         {

  336.             log.warn( e.getMessage(), e );

  337.         }

  338. 

  339.         return Collections.emptyList();

  340.     }

  341. 

  342. }