This project has retired. For details please refer to its Attic page.
Source code 
001package org.apache.archiva.security;
002
003/*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements.  See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership.  The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License.  You may obtain a copy of the License at
011 *
012 *  http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied.  See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022import org.apache.archiva.redback.authentication.AuthenticationException;
023import org.apache.archiva.redback.authentication.AuthenticationResult;
024import org.apache.archiva.redback.authorization.AuthorizationException;
025import org.apache.archiva.redback.authorization.AuthorizationResult;
026import org.apache.archiva.redback.authorization.UnauthorizedException;
027import org.apache.archiva.redback.policy.AccountLockedException;
028import org.apache.archiva.redback.policy.MustChangePasswordException;
029import org.apache.archiva.redback.system.DefaultSecuritySession;
030import org.apache.archiva.redback.system.SecuritySession;
031import org.apache.archiva.redback.system.SecuritySystem;
032import org.apache.archiva.redback.users.User;
033import org.apache.archiva.redback.users.UserManagerException;
034import org.apache.archiva.redback.users.UserNotFoundException;
035import org.slf4j.Logger;
036import org.slf4j.LoggerFactory;
037import org.springframework.stereotype.Service;
038
039import javax.inject.Inject;
040import javax.servlet.http.HttpServletRequest;
041
042/**
043 *
044 */
045@Service( "servletAuthenticator" )
046public class ArchivaServletAuthenticator
047    implements ServletAuthenticator
048{
049    private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
050
051    /**
052     *
053     */
054    @Inject
055    private SecuritySystem securitySystem;
056
057    @Override
058    public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
059        throws AuthenticationException, AccountLockedException, MustChangePasswordException
060    {
061        if ( result != null && !result.isAuthenticated() )
062        {
063            throw new AuthenticationException( "User Credentials Invalid" );
064        }
065
066        return true;
067    }
068
069    @Override
070    public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
071                                 String permission )
072        throws AuthorizationException, UnauthorizedException
073    {
074        // TODO: also check for permission to proxy the resource when MRM-579 is implemented
075
076        AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
077
078        if ( !authzResult.isAuthorized() )
079        {
080            if ( authzResult.getException() != null )
081            {
082                log.info( "Authorization Denied [ip={},permission={},repo={}] : {}", request.getRemoteAddr(),
083                          permission, repositoryId, authzResult.getException().getMessage() );
084
085                throw new UnauthorizedException( "Access denied for repository " + repositoryId );
086            }
087            throw new UnauthorizedException( "User account is locked" );
088        }
089
090        return true;
091    }
092
093    @Override
094    public boolean isAuthorized( String principal, String repoId, String permission )
095        throws UnauthorizedException
096    {
097        try
098        {
099            User user = securitySystem.getUserManager().findUser( principal );
100            if ( user == null )
101            {
102                throw new UnauthorizedException(
103                    "The security system had an internal error - please check your system logs" );
104            }
105            if ( user.isLocked() )
106            {
107                throw new UnauthorizedException( "User account is locked." );
108            }
109
110            AuthenticationResult authn = new AuthenticationResult( true, principal, null );
111            SecuritySession securitySession = new DefaultSecuritySession( authn, user );
112
113            return securitySystem.isAuthorized( securitySession, permission, repoId );
114        }
115        catch ( UserNotFoundException e )
116        {
117            throw new UnauthorizedException( e.getMessage(), e );
118        }
119        catch ( AuthorizationException e )
120        {
121            throw new UnauthorizedException( e.getMessage(), e );
122        } catch ( UserManagerException e )
123        {
124            throw new UnauthorizedException( e.getMessage(), e );
125        }
126
127    }
128
129
130    public SecuritySystem getSecuritySystem()
131    {
132        return securitySystem;
133    }
134
135    public void setSecuritySystem( SecuritySystem securitySystem )
136    {
137        this.securitySystem = securitySystem;
138    }
139}