This project has retired. For details please refer to its Attic page.
RssFeedServlet xref
View Javadoc
1   package org.apache.archiva.web.rss;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import com.rometools.rome.feed.synd.SyndFeed;
23  import com.rometools.rome.io.FeedException;
24  import com.rometools.rome.io.SyndFeedOutput;
25  import org.apache.archiva.metadata.repository.RepositorySessionFactory;
26  import org.apache.archiva.redback.authentication.AuthenticationException;
27  import org.apache.archiva.redback.authentication.AuthenticationResult;
28  import org.apache.archiva.redback.authorization.AuthorizationException;
29  import org.apache.archiva.redback.authorization.UnauthorizedException;
30  import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
31  import org.apache.archiva.redback.policy.AccountLockedException;
32  import org.apache.archiva.redback.policy.MustChangePasswordException;
33  import org.apache.archiva.redback.system.SecuritySession;
34  import org.apache.archiva.redback.users.UserManager;
35  import org.apache.archiva.redback.users.UserNotFoundException;
36  import org.apache.archiva.rss.processor.RssFeedProcessor;
37  import org.apache.archiva.security.AccessDeniedException;
38  import org.apache.archiva.security.ArchivaSecurityException;
39  import org.apache.archiva.security.PrincipalNotFoundException;
40  import org.apache.archiva.security.ServletAuthenticator;
41  import org.apache.archiva.security.UserRepositories;
42  import org.apache.archiva.security.common.ArchivaRoleConstants;
43  import org.apache.commons.codec.Decoder;
44  import org.apache.commons.codec.DecoderException;
45  import org.apache.commons.codec.binary.Base64;
46  import org.apache.commons.lang3.StringUtils;
47  import org.slf4j.Logger;
48  import org.slf4j.LoggerFactory;
49  import org.springframework.web.context.WebApplicationContext;
50  import org.springframework.web.context.support.WebApplicationContextUtils;
51  
52  import javax.servlet.ServletConfig;
53  import javax.servlet.ServletException;
54  import javax.servlet.http.HttpServlet;
55  import javax.servlet.http.HttpServletRequest;
56  import javax.servlet.http.HttpServletResponse;
57  import java.io.IOException;
58  import java.util.ArrayList;
59  import java.util.Collections;
60  import java.util.HashMap;
61  import java.util.List;
62  import java.util.Map;
63  
64  /**
65   * Servlet for handling rss feed requests.
66   */
67  public class RssFeedServlet
68      extends HttpServlet
69  {
70      public static final String MIME_TYPE = "application/rss+xml; charset=UTF-8";
71  
72      private static final String COULD_NOT_GENERATE_FEED_ERROR = "Could not generate feed";
73  
74      private static final String COULD_NOT_AUTHENTICATE_USER = "Could not authenticate user";
75  
76      private static final String USER_NOT_AUTHORIZED = "User not authorized to access feed.";
77  
78      private Logger log = LoggerFactory.getLogger( RssFeedServlet.class );
79  
80      private WebApplicationContext wac;
81  
82      private UserRepositories userRepositories;
83  
84      private ServletAuthenticator servletAuth;
85  
86      private HttpAuthenticator httpAuth;
87  
88      private RssFeedProcessor newArtifactsprocessor;
89  
90      private RssFeedProcessor newVersionsprocessor;
91  
92      /**
93       * FIXME: this could be multiple implementations and needs to be configured.
94       */
95      private RepositorySessionFactory repositorySessionFactory;
96  
97      @Override
98      public void init( ServletConfig servletConfig )
99          throws ServletException
100     {
101         super.init( servletConfig );
102         wac = WebApplicationContextUtils.getRequiredWebApplicationContext( servletConfig.getServletContext() );
103         userRepositories = wac.getBean( UserRepositories.class );
104         servletAuth = wac.getBean( ServletAuthenticator.class );
105         httpAuth = wac.getBean( "httpAuthenticator#basic", HttpAuthenticator.class );
106         // TODO: what if there are other types?
107         repositorySessionFactory = wac.getBean( "repositorySessionFactory", RepositorySessionFactory.class );
108 
109         newArtifactsprocessor = wac.getBean( "rssFeedProcessor#new-artifacts", RssFeedProcessor.class );
110         newVersionsprocessor = wac.getBean( "rssFeedProcessor#new-versions", RssFeedProcessor.class );
111     }
112 
113     @Override
114     public void doGet( HttpServletRequest req, HttpServletResponse res )
115         throws ServletException, IOException
116     {
117 
118 
119         String repoId = null;
120         String groupId = null;
121         String artifactId = null;
122 
123         String url = StringUtils.removeEnd( req.getRequestURL().toString(), "/" );
124 
125         if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) > 0 )
126         {
127             artifactId = StringUtils.substringAfterLast( url, "/" );
128             groupId = StringUtils.substringBeforeLast( StringUtils.substringAfter( url, "feeds/" ), "/" );
129             groupId = StringUtils.replaceChars( groupId, '/', '.' );
130         }
131         else if ( StringUtils.countMatches( StringUtils.substringAfter( url, "feeds/" ), "/" ) == 0 )
132         {
133             // we receive feeds?babla=ded which is not correct
134             if ( StringUtils.countMatches( url, "feeds?" ) > 0 )
135             {
136                 res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Invalid request url." );
137                 return;
138             }
139             repoId = StringUtils.substringAfterLast( url, "/" );
140         }
141         else
142         {
143             res.sendError( HttpServletResponse.SC_BAD_REQUEST, "Invalid request url." );
144             return;
145         }
146 
147         RssFeedProcessor processor = null;
148 
149         try
150         {
151             Map<String, String> map = new HashMap<>();
152             SyndFeed feed = null;
153 
154             if ( isAllowed( req, repoId, groupId, artifactId ) )
155             {
156                 if ( repoId != null )
157                 {
158                     // new artifacts in repo feed request
159                     processor = newArtifactsprocessor;
160                     map.put( RssFeedProcessor.KEY_REPO_ID, repoId );
161                 }
162                 else if ( ( groupId != null ) && ( artifactId != null ) )
163                 {
164                     // TODO: this only works for guest - we could pass in the list of repos
165                     // new versions of artifact feed request
166                     processor = newVersionsprocessor;
167                     map.put( RssFeedProcessor.KEY_GROUP_ID, groupId );
168                     map.put( RssFeedProcessor.KEY_ARTIFACT_ID, artifactId );
169                 }
170             }
171             else
172             {
173                 res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
174                 return;
175             }
176 
177             feed = processor.process( map );
178 
179             if ( feed == null )
180             {
181                 res.sendError( HttpServletResponse.SC_NO_CONTENT, "No information available." );
182                 return;
183             }
184 
185             res.setContentType( MIME_TYPE );
186 
187             if ( repoId != null )
188             {
189                 feed.setLink( req.getRequestURL().toString() );
190             }
191             else if ( ( groupId != null ) && ( artifactId != null ) )
192             {
193                 feed.setLink( req.getRequestURL().toString() );
194             }
195 
196             SyndFeedOutput output = new SyndFeedOutput();
197             output.output( feed, res.getWriter() );
198         }
199         catch ( UserNotFoundException unfe )
200         {
201             log.debug( COULD_NOT_AUTHENTICATE_USER, unfe );
202             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
203         }
204         catch ( AccountLockedException acce )
205         {
206             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
207         }
208         catch ( AuthenticationException authe )
209         {
210             log.debug( COULD_NOT_AUTHENTICATE_USER, authe );
211             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
212         }
213         catch ( FeedException ex )
214         {
215             log.debug( COULD_NOT_GENERATE_FEED_ERROR, ex );
216             res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, COULD_NOT_GENERATE_FEED_ERROR );
217         }
218         catch ( MustChangePasswordException e )
219         {
220             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, COULD_NOT_AUTHENTICATE_USER );
221         }
222         catch ( UnauthorizedException e )
223         {
224             log.debug( e.getMessage() );
225             if ( repoId != null )
226             {
227                 res.setHeader( "WWW-Authenticate",
228                                "Basic realm=\"Repository Archiva Managed " + repoId + " Repository" );
229             }
230             else
231             {
232                 res.setHeader( "WWW-Authenticate", "Basic realm=\"Artifact " + groupId + ":" + artifactId );
233             }
234 
235             res.sendError( HttpServletResponse.SC_UNAUTHORIZED, USER_NOT_AUTHORIZED );
236         }
237     }
238 
239     /**
240      * Basic authentication.
241      *
242      * @param req
243      * @param repositoryId TODO
244      * @param groupId      TODO
245      * @param artifactId   TODO
246      * @return
247      */
248     private boolean isAllowed( HttpServletRequest req, String repositoryId, String groupId, String artifactId )
249         throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException,
250         UnauthorizedException
251     {
252         String auth = req.getHeader( "Authorization" );
253         List<String> repoIds = new ArrayList<>();
254 
255         if ( repositoryId != null )
256         {
257             repoIds.add( repositoryId );
258         }
259         else if ( artifactId != null && groupId != null )
260         {
261             if ( auth != null )
262             {
263                 if ( !auth.toUpperCase().startsWith( "BASIC " ) )
264                 {
265                     return false;
266                 }
267 
268                 Decoder dec = new Base64();
269                 String usernamePassword = "";
270 
271                 try
272                 {
273                     usernamePassword = new String( (byte[]) dec.decode( auth.substring( 6 ).getBytes() ) );
274                 }
275                 catch ( DecoderException ie )
276                 {
277                     log.warn( "Error decoding username and password: {}", ie.getMessage() );
278                 }
279 
280                 if ( usernamePassword == null || usernamePassword.trim().equals( "" ) )
281                 {
282                     repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
283                 }
284                 else
285                 {
286                     String[] userCredentials = usernamePassword.split( ":" );
287                     repoIds = getObservableRepos( userCredentials[0] );
288                 }
289             }
290             else
291             {
292                 repoIds = getObservableRepos( UserManager.GUEST_USERNAME );
293             }
294         }
295         else
296         {
297             return false;
298         }
299 
300         for ( String repoId : repoIds )
301         {
302             try
303             {
304                 AuthenticationResult result = httpAuth.getAuthenticationResult( req, null );
305                 SecuritySession securitySession = httpAuth.getSecuritySession( req.getSession( true ) );
306 
307                 if ( servletAuth.isAuthenticated( req, result ) //
308                     && servletAuth.isAuthorized( req, //
309                                                  securitySession, //
310                                                  repoId, //
311                                                  ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS ) )
312                 {
313                     return true;
314                 }
315             }
316             catch ( AuthorizationException e )
317             {
318                 log.debug( "AuthorizationException for repoId: {}", repoId );
319             }
320             catch ( UnauthorizedException e )
321             {
322                 log.debug( "UnauthorizedException for repoId: {}", repoId );
323             }
324         }
325 
326         throw new UnauthorizedException( "Access denied." );
327     }
328 
329     private List<String> getObservableRepos( String principal )
330     {
331         try
332         {
333             return userRepositories.getObservableRepositoryIds( principal );
334         }
335         catch ( PrincipalNotFoundException e )
336         {
337             log.warn( e.getMessage(), e );
338         }
339         catch ( AccessDeniedException e )
340         {
341             log.warn( e.getMessage(), e );
342         }
343         catch ( ArchivaSecurityException e )
344         {
345             log.warn( e.getMessage(), e );
346         }
347 
348         return Collections.emptyList();
349     }
350 
351 }