001    package org.apache.archiva.security;
002    
003    /*
004     * Licensed to the Apache Software Foundation (ASF) under one
005     * or more contributor license agreements.  See the NOTICE file
006     * distributed with this work for additional information
007     * regarding copyright ownership.  The ASF licenses this file
008     * to you under the Apache License, Version 2.0 (the
009     * "License"); you may not use this file except in compliance
010     * with the License.  You may obtain a copy of the License at
011     *
012     *  http://www.apache.org/licenses/LICENSE-2.0
013     *
014     * Unless required by applicable law or agreed to in writing,
015     * software distributed under the License is distributed on an
016     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017     * KIND, either express or implied.  See the License for the
018     * specific language governing permissions and limitations
019     * under the License.
020     */
021    
022    import org.apache.archiva.redback.authentication.AuthenticationException;
023    import org.apache.archiva.redback.authentication.AuthenticationResult;
024    import org.apache.archiva.redback.authorization.AuthorizationException;
025    import org.apache.archiva.redback.authorization.AuthorizationResult;
026    import org.apache.archiva.redback.authorization.UnauthorizedException;
027    import org.apache.archiva.redback.policy.AccountLockedException;
028    import org.apache.archiva.redback.policy.MustChangePasswordException;
029    import org.apache.archiva.redback.system.DefaultSecuritySession;
030    import org.apache.archiva.redback.system.SecuritySession;
031    import org.apache.archiva.redback.system.SecuritySystem;
032    import org.apache.archiva.redback.users.User;
033    import org.apache.archiva.redback.users.UserManagerException;
034    import org.apache.archiva.redback.users.UserNotFoundException;
035    import org.slf4j.Logger;
036    import org.slf4j.LoggerFactory;
037    import org.springframework.stereotype.Service;
038    
039    import javax.inject.Inject;
040    import javax.servlet.http.HttpServletRequest;
041    
042    /**
043     *
044     */
045    @Service( "servletAuthenticator" )
046    public class ArchivaServletAuthenticator
047        implements ServletAuthenticator
048    {
049        private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class );
050    
051        /**
052         *
053         */
054        @Inject
055        private SecuritySystem securitySystem;
056    
057        public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result )
058            throws AuthenticationException, AccountLockedException, MustChangePasswordException
059        {
060            if ( result != null && !result.isAuthenticated() )
061            {
062                throw new AuthenticationException( "User Credentials Invalid" );
063            }
064    
065            return true;
066        }
067    
068        public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId,
069                                     String permission )
070            throws AuthorizationException, UnauthorizedException
071        {
072            // TODO: also check for permission to proxy the resource when MRM-579 is implemented
073    
074            AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId );
075    
076            if ( !authzResult.isAuthorized() )
077            {
078                if ( authzResult.getException() != null )
079                {
080                    log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission + ",repo="
081                                  + repositoryId + "] : " + authzResult.getException().getMessage() );
082    
083                    throw new UnauthorizedException( "Access denied for repository " + repositoryId );
084                }
085                throw new UnauthorizedException( "User account is locked" );
086            }
087    
088            return true;
089        }
090    
091        public boolean isAuthorized( String principal, String repoId, String permission )
092            throws UnauthorizedException
093        {
094            try
095            {
096                User user = securitySystem.getUserManager().findUser( principal );
097                if ( user == null )
098                {
099                    throw new UnauthorizedException(
100                        "The security system had an internal error - please check your system logs" );
101                }
102                if ( user.isLocked() )
103                {
104                    throw new UnauthorizedException( "User account is locked." );
105                }
106    
107                AuthenticationResult authn = new AuthenticationResult( true, principal, null );
108                SecuritySession securitySession = new DefaultSecuritySession( authn, user );
109    
110                return securitySystem.isAuthorized( securitySession, permission, repoId );
111            }
112            catch ( UserNotFoundException e )
113            {
114                throw new UnauthorizedException( e.getMessage(), e );
115            }
116            catch ( AuthorizationException e )
117            {
118                throw new UnauthorizedException( e.getMessage(), e );
119            } catch ( UserManagerException e )
120            {
121                throw new UnauthorizedException( e.getMessage(), e );
122            }
123    
124        }
125    
126    
127        public SecuritySystem getSecuritySystem()
128        {
129            return securitySystem;
130        }
131    
132        public void setSecuritySystem( SecuritySystem securitySystem )
133        {
134            this.securitySystem = securitySystem;
135        }
136    }