This project has retired. For details please refer to its
Attic page.
AuthenticationInterceptor xref
1 package org.apache.archiva.redback.rest.services.interceptors;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23 import org.apache.archiva.redback.authentication.AuthenticationException;
24 import org.apache.archiva.redback.authentication.AuthenticationResult;
25 import org.apache.archiva.redback.authorization.RedbackAuthorization;
26 import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticationException;
27 import org.apache.archiva.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
28 import org.apache.archiva.redback.policy.AccountLockedException;
29 import org.apache.archiva.redback.policy.MustChangePasswordException;
30 import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;
31 import org.apache.archiva.redback.rest.services.RedbackRequestInformation;
32 import org.apache.archiva.redback.system.SecuritySession;
33 import org.apache.archiva.redback.users.User;
34 import org.apache.archiva.redback.users.UserManager;
35 import org.apache.archiva.redback.users.UserManagerException;
36 import org.apache.archiva.redback.users.UserNotFoundException;
37 import org.apache.cxf.jaxrs.ext.RequestHandler;
38 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
39 import org.apache.cxf.message.Message;
40 import org.slf4j.Logger;
41 import org.slf4j.LoggerFactory;
42 import org.springframework.stereotype.Service;
43
44 import javax.inject.Inject;
45 import javax.inject.Named;
46 import javax.servlet.http.HttpServletRequest;
47 import javax.servlet.http.HttpServletResponse;
48 import javax.ws.rs.core.Response;
49
50
51
52
53
54
55
56
57
58 @Service("authenticationInterceptor#rest")
59 public class AuthenticationInterceptor
60 extends AbstractInterceptor
61 implements RequestHandler
62 {
63 @Inject
64 @Named(value = "userManager#default")
65 private UserManager userManager;
66
67 @Inject
68 @Named(value = "httpAuthenticator#basic")
69 private HttpBasicAuthentication httpAuthenticator;
70
71 private Logger log = LoggerFactory.getLogger( getClass() );
72
73 public Response handleRequest( Message message, ClassResourceInfo classResourceInfo )
74 {
75
76 RedbackAuthorization redbackAuthorization = getRedbackAuthorization( message );
77 if ( redbackAuthorization == null )
78 {
79 log.warn( "http path {} doesn't contain any informations regarding permissions ",
80 message.get( Message.REQUEST_URI ) );
81
82
83 return Response.status( Response.Status.FORBIDDEN ).build();
84 }
85 HttpServletRequest request = getHttpServletRequest( message );
86 HttpServletResponse response = getHttpServletResponse( message );
87
88 if ( redbackAuthorization.noRestriction() )
89 {
90
91
92 SecuritySession securitySession = httpAuthenticator.getSecuritySession( request.getSession( true ) );
93
94 if ( securitySession != null )
95 {
96 RedbackRequestInformation redbackRequestInformation =
97 new RedbackRequestInformation( securitySession.getUser(), request.getRemoteAddr() );
98 RedbackAuthenticationThreadLocal.set( redbackRequestInformation );
99 }
100 else
101 {
102
103 try
104 {
105 AuthenticationResult authenticationResult =
106 httpAuthenticator.getAuthenticationResult( request, response );
107
108 if ( ( authenticationResult == null ) || ( !authenticationResult.isAuthenticated() ) )
109 {
110 return null;
111 }
112
113 User user = authenticationResult.getUser() == null ? userManager.findUser(
114 authenticationResult.getPrincipal() ) : authenticationResult.getUser();
115 RedbackRequestInformation redbackRequestInformation =
116 new RedbackRequestInformation( user, request.getRemoteAddr() );
117
118 RedbackAuthenticationThreadLocal.set( redbackRequestInformation );
119 message.put( AuthenticationResult.class, authenticationResult );
120 }
121 catch ( Exception e )
122 {
123
124 }
125 }
126 return null;
127 }
128
129 try
130 {
131 AuthenticationResult authenticationResult = httpAuthenticator.getAuthenticationResult( request, response );
132
133 if ( ( authenticationResult == null ) || ( !authenticationResult.isAuthenticated() ) )
134 {
135 throw new HttpAuthenticationException( "You are not authenticated." );
136 }
137
138 User user = authenticationResult.getUser() == null
139 ? userManager.findUser( authenticationResult.getPrincipal() )
140 : authenticationResult.getUser();
141
142 RedbackRequestInformation redbackRequestInformation =
143 new RedbackRequestInformation( user, request.getRemoteAddr() );
144
145 RedbackAuthenticationThreadLocal.set( redbackRequestInformation );
146 message.put( AuthenticationResult.class, authenticationResult );
147
148 return null;
149 }
150 catch ( UserNotFoundException e )
151 {
152 log.debug( "UserNotFoundException for path {}", message.get( Message.REQUEST_URI ) );
153 return Response.status( Response.Status.FORBIDDEN ).build();
154 }
155 catch ( AccountLockedException e )
156 {
157 log.debug( "account locked for path {}", message.get( Message.REQUEST_URI ) );
158 return Response.status( Response.Status.FORBIDDEN ).build();
159
160 }
161 catch ( MustChangePasswordException e )
162 {
163 log.debug( "must change password for path {}", message.get( Message.REQUEST_URI ) );
164 return Response.status( Response.Status.FORBIDDEN ).build();
165
166 }
167 catch ( AuthenticationException e )
168 {
169 log.debug( "failed to authenticate for path {}", message.get( Message.REQUEST_URI ) );
170 return Response.status( Response.Status.FORBIDDEN ).build();
171 }
172 catch ( UserManagerException e )
173 {
174 log.debug( "UserManagerException: {} for path", e.getMessage(), message.get( Message.REQUEST_URI ) );
175 return Response.status( Response.Status.FORBIDDEN ).build();
176 }
177 }
178 }