This project has retired. For details please refer to its Attic page.
ArchivaServletAuthenticator xref
View Javadoc
1   package org.apache.archiva.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.authentication.AuthenticationException;
23  import org.apache.archiva.redback.authentication.AuthenticationResult;
24  import org.apache.archiva.redback.authorization.AuthorizationException;
25  import org.apache.archiva.redback.authorization.AuthorizationResult;
26  import org.apache.archiva.redback.authorization.UnauthorizedException;
27  import org.apache.archiva.redback.policy.AccountLockedException;
28  import org.apache.archiva.redback.policy.MustChangePasswordException;
29  import org.apache.archiva.redback.system.DefaultSecuritySession;
30  import org.apache.archiva.redback.system.SecuritySession;
31  import org.apache.archiva.redback.system.SecuritySystem;
32  import org.apache.archiva.redback.users.User;
33  import org.apache.archiva.redback.users.UserManagerException;
34  import org.apache.archiva.redback.users.UserNotFoundException;
35  import org.slf4j.Logger;
36  import org.slf4j.LoggerFactory;
37  import org.springframework.stereotype.Service;
38  
39  import javax.inject.Inject;
40  import javax.servlet.http.HttpServletRequest;
41  
42  /**
43   *
44   */
45  @Service( "servletAuthenticator" )
46  public class ArchivaServletAuthenticator
47      implements ServletAuthenticator
48  {
49      private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
50  
51      /**
52       *
53       */
54      @Inject
55      private SecuritySystem securitySystem;
56  
57      @Override
58      public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
59          throws AuthenticationException, AccountLockedException, MustChangePasswordException
60      {
61          if ( result != null && !result.isAuthenticated() )
62          {
63              throw new AuthenticationException( "User Credentials Invalid" );
64          }
65  
66          return true;
67      }
68  
69      @Override
70      public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
71                                   String permission )
72          throws AuthorizationException, UnauthorizedException
73      {
74          // TODO: also check for permission to proxy the resource when MRM-579 is implemented
75  
76          AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
77  
78          if ( !authzResult.isAuthorized() )
79          {
80              if ( authzResult.getException() != null )
81              {
82                  log.info( "Authorization Denied [ip={},permission={},repo={}] : {}", request.getRemoteAddr(),
83                            permission, repositoryId, authzResult.getException().getMessage() );
84  
85                  throw new UnauthorizedException( "Access denied for repository " + repositoryId );
86              }
87              throw new UnauthorizedException( "User account is locked" );
88          }
89  
90          return true;
91      }
92  
93      @Override
94      public boolean isAuthorized( String principal, String repoId, String permission )
95          throws UnauthorizedException
96      {
97          try
98          {
99              User user = securitySystem.getUserManager().findUser( principal );
100             if ( user == null )
101             {
102                 throw new UnauthorizedException(
103                     "The security system had an internal error - please check your system logs" );
104             }
105             if ( user.isLocked() )
106             {
107                 throw new UnauthorizedException( "User account is locked." );
108             }
109 
110             AuthenticationResult authn = new AuthenticationResult( true, principal, null );
111             SecuritySession securitySession = new DefaultSecuritySession( authn, user );
112 
113             return securitySystem.isAuthorized( securitySession, permission, repoId );
114         }
115         catch ( UserNotFoundException e )
116         {
117             throw new UnauthorizedException( e.getMessage(), e );
118         }
119         catch ( AuthorizationException e )
120         {
121             throw new UnauthorizedException( e.getMessage(), e );
122         } catch ( UserManagerException e )
123         {
124             throw new UnauthorizedException( e.getMessage(), e );
125         }
126 
127     }
128 
129 
130     public SecuritySystem getSecuritySystem()
131     {
132         return securitySystem;
133     }
134 
135     public void setSecuritySystem( SecuritySystem securitySystem )
136     {
137         this.securitySystem = securitySystem;
138     }
139 }