package org.apache.maven.archiva.web.repository;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ConfigurationNames;
import org.apache.maven.archiva.configuration.ManagedRepositoryConfiguration;
import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.authorization.AuthorizationResult;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
import org.codehaus.plexus.registry.Registry;
import org.codehaus.plexus.registry.RegistryListener;
import org.codehaus.plexus.webdav.DavServerComponent;
import org.codehaus.plexus.webdav.DavServerException;
import org.codehaus.plexus.webdav.servlet.DavServerRequest;
import org.codehaus.plexus.webdav.servlet.multiplexed.MultiplexedWebDavServlet;
import org.codehaus.plexus.webdav.util.WebdavMethodUtil;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.IOException;
import java.util.Map;
/**
* RepositoryServlet
*
* @author <a href="mailto:joakime@apache.org">Joakim Erdfelt</a>
* @version $Id: RepositoryServlet.java 574859 2007-09-12 09:33:41Z brett $
*/
public class RepositoryServlet
extends MultiplexedWebDavServlet
implements RegistryListener
{
private SecuritySystem securitySystem;
private HttpAuthenticator httpAuth;
private AuditLog audit;
private ArchivaConfiguration configuration;
private Map<String, ManagedRepositoryConfiguration> repositoryMap;
public synchronized void initComponents()
throws ServletException
{
super.initComponents();
securitySystem = (SecuritySystem) lookup( SecuritySystem.ROLE );
httpAuth = (HttpAuthenticator) lookup( HttpAuthenticator.ROLE, "basic" );
audit = (AuditLog) lookup( AuditLog.ROLE );
configuration = (ArchivaConfiguration) lookup( ArchivaConfiguration.class.getName() );
configuration.addChangeListener( this );
repositoryMap = configuration.getConfiguration().getManagedRepositoriesAsMap();
}
public synchronized void initServers( ServletConfig servletConfig )
throws DavServerException
{
for ( ManagedRepositoryConfiguration repo : repositoryMap.values() )
{
File repoDir = new File( repo.getLocation() );
if ( !repoDir.exists() )
{
if ( !repoDir.mkdirs() )
{
// Skip invalid directories.
log( "Unable to create missing directory for " + repo.getLocation() );
continue;
}
}
DavServerComponent server = createServer( repo.getId(), repoDir, servletConfig );
server.addListener( audit );
}
}
public synchronized ManagedRepositoryConfiguration getRepository( String prefix )
{
if ( repositoryMap == null )
{
repositoryMap = configuration.getConfiguration().getManagedRepositoriesAsMap();
}
return repositoryMap.get( prefix );
}
private String getRepositoryName( DavServerRequest request )
{
ManagedRepositoryConfiguration repoConfig = getRepository( request.getPrefix() );
if ( repoConfig == null )
{
return "Unknown";
}
return repoConfig.getName();
}
public boolean isAuthenticated( DavServerRequest davRequest, HttpServletResponse response )
throws ServletException, IOException
{
HttpServletRequest request = davRequest.getRequest();
// Authentication Tests.
try
{
AuthenticationResult result = httpAuth.getAuthenticationResult( request, response );
if ( result != null && !result.isAuthenticated() )
{
// Must Authenticate.
httpAuth.challenge( request, response, "Repository " + getRepositoryName( davRequest ),
new AuthenticationException( "User Credentials Invalid" ) );
return false;
}
}
catch ( AuthenticationException e )
{
log( "Fatal Http Authentication Error.", e );
throw new ServletException( "Fatal Http Authentication Error.", e );
}
catch ( AccountLockedException e )
{
httpAuth.challenge( request, response, "Repository " + getRepositoryName( davRequest ),
new AuthenticationException( "User account is locked" ) );
}
catch ( MustChangePasswordException e )
{
httpAuth.challenge( request, response, "Repository " + getRepositoryName( davRequest ),
new AuthenticationException( "You must change your password." ) );
}
return true;
}
public boolean isAuthorized( DavServerRequest davRequest, HttpServletResponse response )
throws ServletException, IOException
{
// Authorization Tests.
HttpServletRequest request = davRequest.getRequest();
boolean isWriteRequest = WebdavMethodUtil.isWriteMethod( request.getMethod() );
SecuritySession securitySession = httpAuth.getSecuritySession();
try
{
String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
if ( isWriteRequest )
{
permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
}
AuthorizationResult authzResult =
securitySystem.authorize( securitySession, permission, davRequest.getPrefix() );
if ( !authzResult.isAuthorized() )
{
if ( authzResult.getException() != null )
{
log( "Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteRequest +
",permission=" + permission + ",repo=" + davRequest.getPrefix() + "] : " +
authzResult.getException().getMessage() );
}
// Issue HTTP Challenge.
httpAuth.challenge( request, response, "Repository " + getRepositoryName( davRequest ),
new AuthenticationException( "Authorization Denied." ) );
return false;
}
}
catch ( AuthorizationException e )
{
throw new ServletException( "Fatal Authorization Subsystem Error." );
}
return true;
}
public void beforeConfigurationChange( Registry registry, String propertyName, Object propertyValue )
{
// nothing to do
}
public synchronized void afterConfigurationChange( Registry registry, String propertyName, Object propertyValue )
{
if ( ConfigurationNames.isManagedRepositories( propertyName ) )
{
if ( propertyName.endsWith( ".id" ) || propertyName.endsWith( ".location" ) )
{
repositoryMap = null;
}
}
}
}