001package org.apache.archiva.webdav; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import org.apache.archiva.redback.authentication.AuthenticationException; 023import org.apache.archiva.security.ServletAuthenticator; 024import org.apache.jackrabbit.webdav.DavException; 025import org.apache.jackrabbit.webdav.DavServletRequest; 026import org.apache.jackrabbit.webdav.DavSessionProvider; 027import org.apache.jackrabbit.webdav.WebdavRequest; 028import org.apache.archiva.webdav.util.RepositoryPathUtil; 029import org.apache.archiva.webdav.util.WebdavMethodUtil; 030import org.apache.archiva.redback.authentication.AuthenticationResult; 031import org.apache.archiva.redback.authorization.UnauthorizedException; 032import org.apache.archiva.redback.policy.AccountLockedException; 033import org.apache.archiva.redback.policy.MustChangePasswordException; 034import org.apache.archiva.redback.users.UserManager; 035import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator; 036 037/** 038 */ 039public class ArchivaDavSessionProvider 040 implements DavSessionProvider 041{ 042 private ServletAuthenticator servletAuth; 043 044 private HttpAuthenticator httpAuth; 045 046 public ArchivaDavSessionProvider( ServletAuthenticator servletAuth, HttpAuthenticator httpAuth ) 047 { 048 this.servletAuth = servletAuth; 049 this.httpAuth = httpAuth; 050 } 051 052 @Override 053 public boolean attachSession( WebdavRequest request ) 054 throws DavException 055 { 056 final String repositoryId = RepositoryPathUtil.getRepositoryName( removeContextPath( request ) ); 057 058 try 059 { 060 AuthenticationResult result = httpAuth.getAuthenticationResult( request, null ); 061 062 //Create a dav session 063 request.setDavSession( new ArchivaDavSession() ); 064 065 return servletAuth.isAuthenticated( request, result ); 066 } 067 catch ( AuthenticationException e ) 068 { 069 // safety check for MRM-911 070 String guest = UserManager.GUEST_USERNAME; 071 try 072 { 073 if ( servletAuth.isAuthorized( guest, 074 ( (ArchivaDavResourceLocator) request.getRequestLocator() ).getRepositoryId(), 075 WebdavMethodUtil.getMethodPermission( request.getMethod() ) ) ) 076 { 077 request.setDavSession( new ArchivaDavSession() ); 078 return true; 079 } 080 } 081 catch ( UnauthorizedException ae ) 082 { 083 throw new UnauthorizedDavException( repositoryId, 084 "You are not authenticated and authorized to access any repository." ); 085 } 086 087 throw new UnauthorizedDavException( repositoryId, "You are not authenticated." ); 088 } 089 catch ( MustChangePasswordException e ) 090 { 091 throw new UnauthorizedDavException( repositoryId, "You must change your password." ); 092 } 093 catch ( AccountLockedException e ) 094 { 095 throw new UnauthorizedDavException( repositoryId, "User account is locked." ); 096 } 097 } 098 099 @Override 100 public void releaseSession( WebdavRequest request ) 101 { 102 request.setDavSession( null ); 103 } 104 105 private String removeContextPath( final DavServletRequest request ) 106 { 107 String path = request.getRequestURI(); 108 String ctx = request.getContextPath(); 109 if ( path.startsWith( ctx ) ) 110 { 111 path = path.substring( ctx.length() ); 112 } 113 return path; 114 } 115}