1 | |
package org.apache.maven.archiva.security; |
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
|
20 | |
|
21 | |
|
22 | |
import javax.servlet.http.HttpServletRequest; |
23 | |
|
24 | |
import org.codehaus.plexus.redback.authentication.AuthenticationException; |
25 | |
import org.codehaus.plexus.redback.authentication.AuthenticationResult; |
26 | |
import org.codehaus.plexus.redback.authorization.AuthorizationException; |
27 | |
import org.codehaus.plexus.redback.authorization.AuthorizationResult; |
28 | |
import org.codehaus.plexus.redback.authorization.UnauthorizedException; |
29 | |
import org.codehaus.plexus.redback.policy.AccountLockedException; |
30 | |
import org.codehaus.plexus.redback.policy.MustChangePasswordException; |
31 | |
import org.codehaus.plexus.redback.system.DefaultSecuritySession; |
32 | |
import org.codehaus.plexus.redback.system.SecuritySession; |
33 | |
import org.codehaus.plexus.redback.system.SecuritySystem; |
34 | |
import org.codehaus.plexus.redback.users.User; |
35 | |
import org.codehaus.plexus.redback.users.UserNotFoundException; |
36 | |
import org.slf4j.Logger; |
37 | |
import org.slf4j.LoggerFactory; |
38 | |
|
39 | |
|
40 | |
|
41 | |
|
42 | |
|
43 | 0 | public class ArchivaServletAuthenticator |
44 | |
implements ServletAuthenticator |
45 | |
{ |
46 | 0 | private Logger log = LoggerFactory.getLogger( ArchivaServletAuthenticator.class ); |
47 | |
|
48 | |
|
49 | |
|
50 | |
|
51 | |
private SecuritySystem securitySystem; |
52 | |
|
53 | |
public boolean isAuthenticated( HttpServletRequest request, AuthenticationResult result ) |
54 | |
throws AuthenticationException, AccountLockedException, MustChangePasswordException |
55 | |
{ |
56 | 0 | if ( result != null && !result.isAuthenticated() ) |
57 | |
{ |
58 | 0 | throw new AuthenticationException( "User Credentials Invalid" ); |
59 | |
} |
60 | |
|
61 | 0 | return true; |
62 | |
} |
63 | |
|
64 | |
public boolean isAuthorized( HttpServletRequest request, SecuritySession securitySession, String repositoryId, |
65 | |
String permission ) |
66 | |
throws AuthorizationException, UnauthorizedException |
67 | |
{ |
68 | |
|
69 | |
|
70 | 0 | AuthorizationResult authzResult = securitySystem.authorize( securitySession, permission, repositoryId ); |
71 | |
|
72 | 0 | if ( !authzResult.isAuthorized() ) |
73 | |
{ |
74 | 0 | if ( authzResult.getException() != null ) |
75 | |
{ |
76 | 0 | log.info( "Authorization Denied [ip=" + request.getRemoteAddr() + ",permission=" + permission |
77 | |
+ ",repo=" + repositoryId + "] : " + authzResult.getException().getMessage() ); |
78 | |
|
79 | 0 | throw new UnauthorizedException( "Access denied for repository " + repositoryId ); |
80 | |
} |
81 | 0 | throw new UnauthorizedException( "User account is locked" ); |
82 | |
} |
83 | |
|
84 | 0 | return true; |
85 | |
} |
86 | |
|
87 | |
public boolean isAuthorized( String principal, String repoId, String permission ) |
88 | |
throws UnauthorizedException |
89 | |
{ |
90 | |
try |
91 | |
{ |
92 | 0 | User user = securitySystem.getUserManager().findUser( principal ); |
93 | 0 | if ( user == null ) |
94 | |
{ |
95 | 0 | throw new UnauthorizedException( "The security system had an internal error - please check your system logs" ); |
96 | |
} |
97 | 0 | if ( user.isLocked() ) |
98 | |
{ |
99 | 0 | throw new UnauthorizedException( "User account is locked." ); |
100 | |
} |
101 | |
|
102 | 0 | AuthenticationResult authn = new AuthenticationResult( true, principal, null ); |
103 | 0 | SecuritySession securitySession = new DefaultSecuritySession( authn, user ); |
104 | |
|
105 | 0 | return securitySystem.isAuthorized( securitySession, permission, repoId ); |
106 | |
} |
107 | 0 | catch ( UserNotFoundException e ) |
108 | |
{ |
109 | 0 | throw new UnauthorizedException( e.getMessage() ); |
110 | |
} |
111 | 0 | catch ( AuthorizationException e ) |
112 | |
{ |
113 | 0 | throw new UnauthorizedException( e.getMessage() ); |
114 | |
} |
115 | |
} |
116 | |
} |