1 | |
package org.apache.archiva.web.xmlrpc.security; |
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
|
20 | |
|
21 | |
|
22 | |
import java.util.List; |
23 | |
|
24 | |
import org.apache.maven.archiva.security.ArchivaRoleConstants; |
25 | |
import org.apache.maven.archiva.security.ArchivaSecurityException; |
26 | |
import org.apache.maven.archiva.security.UserRepositories; |
27 | |
import org.apache.xmlrpc.XmlRpcException; |
28 | |
import org.apache.xmlrpc.XmlRpcRequest; |
29 | |
import org.apache.xmlrpc.common.XmlRpcHttpRequestConfigImpl; |
30 | |
import org.apache.xmlrpc.server.AbstractReflectiveHandlerMapping.AuthenticationHandler; |
31 | |
import org.codehaus.plexus.redback.authentication.AuthenticationException; |
32 | |
import org.codehaus.plexus.redback.authentication.PasswordBasedAuthenticationDataSource; |
33 | |
import org.codehaus.plexus.redback.authorization.AuthorizationException; |
34 | |
import org.codehaus.plexus.redback.authorization.AuthorizationResult; |
35 | |
import org.codehaus.plexus.redback.policy.PolicyViolationException; |
36 | |
import org.codehaus.plexus.redback.system.SecuritySession; |
37 | |
import org.codehaus.plexus.redback.system.SecuritySystem; |
38 | |
import org.codehaus.plexus.redback.users.UserNotFoundException; |
39 | |
|
40 | |
|
41 | |
|
42 | |
|
43 | |
|
44 | |
|
45 | |
|
46 | |
|
47 | |
public class XmlRpcAuthenticator |
48 | |
implements AuthenticationHandler |
49 | |
{ |
50 | |
private final SecuritySystem securitySystem; |
51 | |
|
52 | |
private UserRepositories userRepositories; |
53 | |
|
54 | |
private String username; |
55 | |
|
56 | |
public XmlRpcAuthenticator( SecuritySystem securitySystem, UserRepositories userRepositories ) |
57 | 0 | { |
58 | 0 | this.securitySystem = securitySystem; |
59 | 0 | this.userRepositories = userRepositories; |
60 | 0 | } |
61 | |
|
62 | |
public boolean isAuthorized( XmlRpcRequest pRequest ) |
63 | |
throws XmlRpcException |
64 | |
{ |
65 | 0 | if ( pRequest.getConfig() instanceof XmlRpcHttpRequestConfigImpl ) |
66 | |
{ |
67 | 0 | XmlRpcHttpRequestConfigImpl config = (XmlRpcHttpRequestConfigImpl) pRequest.getConfig(); |
68 | 0 | username = config.getBasicUserName(); |
69 | 0 | SecuritySession session = |
70 | |
authenticate( new PasswordBasedAuthenticationDataSource( username, |
71 | |
config.getBasicPassword() ) ); |
72 | |
|
73 | 0 | String method = pRequest.getMethodName(); |
74 | 0 | AuthorizationResult result = authorize( session, method, username ); |
75 | |
|
76 | 0 | return result.isAuthorized(); |
77 | |
} |
78 | |
|
79 | 0 | throw new XmlRpcException( "Unsupported transport (must be http)" ); |
80 | |
} |
81 | |
|
82 | |
private SecuritySession authenticate( PasswordBasedAuthenticationDataSource authenticationDataSource ) |
83 | |
throws XmlRpcException |
84 | |
{ |
85 | |
try |
86 | |
{ |
87 | 0 | return securitySystem.authenticate( authenticationDataSource ); |
88 | |
} |
89 | 0 | catch ( PolicyViolationException e ) |
90 | |
{ |
91 | 0 | throw new XmlRpcException( 401, e.getMessage(), e ); |
92 | |
} |
93 | 0 | catch ( AuthenticationException e ) |
94 | |
{ |
95 | 0 | throw new XmlRpcException( 401, e.getMessage(), e ); |
96 | |
} |
97 | 0 | catch ( UserNotFoundException e ) |
98 | |
{ |
99 | 0 | throw new XmlRpcException( 401, e.getMessage(), e ); |
100 | |
} |
101 | |
} |
102 | |
|
103 | |
private AuthorizationResult authorize( SecuritySession session, String methodName, String username ) |
104 | |
throws XmlRpcException |
105 | |
{ |
106 | |
try |
107 | |
{ |
108 | |
|
109 | 0 | if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_MANAGE_CONFIGURATION.contains( methodName ) ) |
110 | |
{ |
111 | 0 | return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION ); |
112 | |
} |
113 | 0 | else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_RUN_INDEXER.contains( methodName ) ) |
114 | |
{ |
115 | 0 | return securitySystem.authorize( session, ArchivaRoleConstants.OPERATION_RUN_INDEXER ); |
116 | |
} |
117 | 0 | else if ( ServiceMethodsPermissionsMapping.SERVICE_METHODS_FOR_OPERATION_REPOSITORY_ACCESS.contains( methodName ) ) |
118 | |
{ |
119 | |
try |
120 | |
{ |
121 | 0 | List<String> observableRepos = userRepositories.getObservableRepositoryIds( username ); |
122 | 0 | if( observableRepos != null && observableRepos.size() > 1 ) |
123 | |
{ |
124 | 0 | return new AuthorizationResult( true, username, null ); |
125 | |
} |
126 | |
else |
127 | |
{ |
128 | 0 | return new AuthorizationResult( false, username, null ); |
129 | |
} |
130 | |
} |
131 | 0 | catch ( ArchivaSecurityException e ) |
132 | |
{ |
133 | 0 | throw new XmlRpcException( 401, e.getMessage() ); |
134 | |
} |
135 | |
} |
136 | 0 | else if ( methodName.equals( ServiceMethodsPermissionsMapping.PING ) ) |
137 | |
{ |
138 | 0 | return new AuthorizationResult( true, username, null ); |
139 | |
} |
140 | |
else |
141 | |
{ |
142 | 0 | return securitySystem.authorize( session, ArchivaRoleConstants.GLOBAL_REPOSITORY_MANAGER_ROLE ); |
143 | |
} |
144 | |
} |
145 | 0 | catch ( AuthorizationException e ) |
146 | |
{ |
147 | 0 | throw new XmlRpcException( 401, e.getMessage(), e ); |
148 | |
} |
149 | |
} |
150 | |
|
151 | |
public String getActiveUser() |
152 | |
{ |
153 | 0 | return username; |
154 | |
} |
155 | |
} |