001package org.apache.archiva.redback.rest.services.interceptors; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import org.apache.archiva.redback.authentication.AuthenticationException; 023import org.apache.archiva.redback.authentication.AuthenticationResult; 024import org.apache.archiva.redback.authorization.RedbackAuthorization; 025import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator; 026import org.apache.archiva.redback.policy.AccountLockedException; 027import org.apache.archiva.redback.policy.MustChangePasswordException; 028import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal; 029import org.apache.archiva.redback.rest.services.RedbackRequestInformation; 030import org.apache.archiva.redback.system.SecuritySession; 031import org.slf4j.Logger; 032import org.slf4j.LoggerFactory; 033import org.springframework.core.annotation.AnnotationUtils; 034 035import javax.servlet.http.HttpServletRequest; 036import javax.servlet.http.HttpServletResponse; 037import javax.ws.rs.container.ContainerRequestContext; 038import javax.ws.rs.container.ResourceInfo; 039import javax.ws.rs.core.Context; 040import java.lang.reflect.Method; 041import java.util.HashMap; 042import java.util.Map; 043 044/** 045 * @author Olivier Lamy 046 * @since 1.3 047 */ 048public abstract class AbstractInterceptor 049{ 050 051 private static final Logger log = LoggerFactory.getLogger( AbstractInterceptor.class ); 052 053 private static final String API_DOCS = "api-docs"; 054 private static final String OPENAPI_JSON = "openapi.json"; 055 private static final String API_DOCS1 = "api-docs/"; 056 057 private Map<Method, RedbackAuthorization> authorizationCache = new HashMap<>( ); 058 059 public static final String AUTHENTICATION_RESULT = "org.apache.archiva.authResult"; 060 public static final String SECURITY_SESSION = "org.apache.archiva.securitySession"; 061 062 @Context 063 private HttpServletRequest httpServletRequest; 064 065 @Context 066 private HttpServletResponse httpServletResponse; 067 068 public HttpServletRequest getHttpServletRequest( ) 069 { 070 return httpServletRequest; 071 } 072 073 public HttpServletResponse getHttpServletResponse( ) 074 { 075 return httpServletResponse; 076 } 077 078 protected void setHttpServletRequest(HttpServletRequest request) { 079 this.httpServletRequest = request; 080 } 081 082 protected void setHttpServletResponse(HttpServletResponse response) { 083 this.httpServletResponse = response; 084 } 085 086 087 public static final boolean ignoreAuth(final String requestPath) { 088 final int len = requestPath.length( ); 089 return len >= 8 && ( ( len == 12 && OPENAPI_JSON.equals( requestPath ) ) || 090 ( requestPath.startsWith( API_DOCS ) && ( len == 8 || requestPath.startsWith( API_DOCS1 ) ) ) ); 091 } 092 093 public RedbackAuthorization getRedbackAuthorization( ResourceInfo resourceInfo ) { 094 Method method = resourceInfo.getResourceMethod( ); 095 RedbackAuthorization redbackAuthorization = getAuthorizationForMethod( method ); 096 log.debug( "resourceClass {}, method {}, redbackAuthorization {}", // 097 resourceInfo.getResourceClass( ), // 098 method, // 099 redbackAuthorization ); 100 return redbackAuthorization; 101 } 102 103 private RedbackAuthorization getAuthorizationForMethod(Method method) { 104 if (authorizationCache.containsKey( method )) { 105 return authorizationCache.get( method ); 106 } else { 107 RedbackAuthorization authorization = AnnotationUtils.findAnnotation( method, RedbackAuthorization.class ); 108 authorizationCache.put( method, authorization ); 109 return authorization; 110 } 111 } 112 113 protected SecuritySession getSecuritySession(ContainerRequestContext containerRequestContext, HttpAuthenticator httpAuthenticator, 114 HttpServletRequest request) { 115 if ( containerRequestContext.getProperty( SECURITY_SESSION ) != null ) { 116 return (SecuritySession) containerRequestContext.getProperty( SECURITY_SESSION ); 117 } 118 RedbackRequestInformation info = RedbackAuthenticationThreadLocal.get( ); 119 SecuritySession securitySession = info == null ? null : info.getSecuritySession( ); 120 if (securitySession!=null) { 121 return securitySession; 122 } else 123 { 124 return httpAuthenticator.getSecuritySession( request.getSession( true ) ); 125 } 126 } 127 128 protected AuthenticationResult getAuthenticationResult( ContainerRequestContext containerRequestContext, HttpAuthenticator httpAuthenticator, HttpServletRequest request ) 129 { 130 AuthenticationResult authenticationResult = null; 131 132 if ( containerRequestContext.getProperty( AUTHENTICATION_RESULT ) == null ) 133 { 134 try 135 { 136 authenticationResult = 137 httpAuthenticator.getAuthenticationResult( request, getHttpServletResponse( ) ); 138 139 if (authenticationResult!=null) { 140 containerRequestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult ); 141 } 142 143 log.debug( "authenticationResult from request: {}", authenticationResult ); 144 } 145 catch ( AuthenticationException e ) 146 { 147 log.debug( "failed to authenticate for path {}", containerRequestContext.getUriInfo().getRequestUri() ); 148 } 149 catch ( AccountLockedException e ) 150 { 151 log.debug( "account locked for path {}", containerRequestContext.getUriInfo().getRequestUri() ); 152 } 153 catch ( MustChangePasswordException e ) 154 { 155 log.debug( "must change password for path {}", containerRequestContext.getUriInfo().getRequestUri() ); 156 } 157 } else { 158 authenticationResult = (AuthenticationResult) containerRequestContext.getProperty( AUTHENTICATION_RESULT ); 159 } 160 log.debug( "authenticationResult from message: {}", authenticationResult ); 161 return authenticationResult; 162 } 163}