Examples with AuthorizationException org.apache.archiva.redback.authorization.AuthorizationException used on opensource projects

Example 1 with AuthorizationException

use of org.apache.archiva.redback.authorization.AuthorizationException in project archiva by apache.

the class DefaultRepositoriesService method copyArtifact.

@Override
public Boolean copyArtifact(ArtifactTransferRequest artifactTransferRequest) throws ArchivaRestServiceException {
    // check parameters
    String userName = getAuditInformation().getUser().getUsername();
    if (StringUtils.isBlank(userName)) {
        throw new ArchivaRestServiceException("copyArtifact call: userName not found", null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getRepositoryId())) {
        throw new ArchivaRestServiceException("copyArtifact call: sourceRepositoryId cannot be null", null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getTargetRepositoryId())) {
        throw new ArchivaRestServiceException("copyArtifact call: targetRepositoryId cannot be null", null);
    }
    ManagedRepository source = null;
    try {
        source = managedRepositoryAdmin.getManagedRepository(artifactTransferRequest.getRepositoryId());
    } catch (RepositoryAdminException e) {
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    if (source == null) {
        throw new ArchivaRestServiceException("cannot find repository with id " + artifactTransferRequest.getRepositoryId(), null);
    }
    ManagedRepository target = null;
    try {
        target = managedRepositoryAdmin.getManagedRepository(artifactTransferRequest.getTargetRepositoryId());
    } catch (RepositoryAdminException e) {
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    if (target == null) {
        throw new ArchivaRestServiceException("cannot find repository with id " + artifactTransferRequest.getTargetRepositoryId(), null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getGroupId())) {
        throw new ArchivaRestServiceException("groupId is mandatory", null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getArtifactId())) {
        throw new ArchivaRestServiceException("artifactId is mandatory", null);
    }
    if (StringUtils.isBlank(artifactTransferRequest.getVersion())) {
        throw new ArchivaRestServiceException("version is mandatory", null);
    }
    if (VersionUtil.isSnapshot(artifactTransferRequest.getVersion())) {
        throw new ArchivaRestServiceException("copy of SNAPSHOT not supported", null);
    }
    // end check parameters
    User user = null;
    try {
        user = securitySystem.getUserManager().findUser(userName);
    } catch (UserNotFoundException e) {
        throw new ArchivaRestServiceException("user " + userName + " not found", e);
    } catch (UserManagerException e) {
        throw new ArchivaRestServiceException("ArchivaRestServiceException:" + e.getMessage(), e);
    }
    // check karma on source : read
    AuthenticationResult authn = new AuthenticationResult(true, userName, null);
    SecuritySession securitySession = new DefaultSecuritySession(authn, user);
    try {
        boolean authz = securitySystem.isAuthorized(securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS, artifactTransferRequest.getRepositoryId());
        if (!authz) {
            throw new ArchivaRestServiceException("not authorized to access repo:" + artifactTransferRequest.getRepositoryId(), null);
        }
    } catch (AuthorizationException e) {
        log.error("error reading permission: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    // check karma on target: write
    try {
        boolean authz = securitySystem.isAuthorized(securitySession, ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD, artifactTransferRequest.getTargetRepositoryId());
        if (!authz) {
            throw new ArchivaRestServiceException("not authorized to write to repo:" + artifactTransferRequest.getTargetRepositoryId(), null);
        }
    } catch (AuthorizationException e) {
        log.error("error reading permission: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    // sounds good we can continue !
    ArtifactReference artifactReference = new ArtifactReference();
    artifactReference.setArtifactId(artifactTransferRequest.getArtifactId());
    artifactReference.setGroupId(artifactTransferRequest.getGroupId());
    artifactReference.setVersion(artifactTransferRequest.getVersion());
    artifactReference.setClassifier(artifactTransferRequest.getClassifier());
    String packaging = StringUtils.trim(artifactTransferRequest.getPackaging());
    artifactReference.setType(StringUtils.isEmpty(packaging) ? "jar" : packaging);
    try {
        ManagedRepositoryContent sourceRepository = getManagedRepositoryContent(artifactTransferRequest.getRepositoryId());
        String artifactSourcePath = sourceRepository.toPath(artifactReference);
        if (StringUtils.isEmpty(artifactSourcePath)) {
            log.error("cannot find artifact {}", artifactTransferRequest);
            throw new ArchivaRestServiceException("cannot find artifact " + artifactTransferRequest.toString(), null);
        }
        Path artifactFile = Paths.get(source.getLocation(), artifactSourcePath);
        if (!Files.exists(artifactFile)) {
            log.error("cannot find artifact {}", artifactTransferRequest);
            throw new ArchivaRestServiceException("cannot find artifact " + artifactTransferRequest.toString(), null);
        }
        ManagedRepositoryContent targetRepository = getManagedRepositoryContent(artifactTransferRequest.getTargetRepositoryId());
        String artifactPath = targetRepository.toPath(artifactReference);
        int lastIndex = artifactPath.lastIndexOf('/');
        String path = artifactPath.substring(0, lastIndex);
        Path targetPath = Paths.get(target.getLocation(), path);
        Date lastUpdatedTimestamp = Calendar.getInstance().getTime();
        int newBuildNumber = 1;
        String timestamp = null;
        Path versionMetadataFile = targetPath.resolve(MetadataTools.MAVEN_METADATA);
        /* unused */
        getMetadata(versionMetadataFile);
        if (!Files.exists(targetPath)) {
            Files.createDirectories(targetPath);
        }
        String filename = artifactPath.substring(lastIndex + 1);
        boolean fixChecksums = !(archivaAdministration.getKnownContentConsumers().contains("create-missing-checksums"));
        Path targetFile = targetPath.resolve(filename);
        if (Files.exists(targetFile) && target.isBlockRedeployments()) {
            throw new ArchivaRestServiceException("artifact already exists in target repo: " + artifactTransferRequest.getTargetRepositoryId() + " and redeployment blocked", null);
        } else {
            copyFile(artifactFile, targetPath, filename, fixChecksums);
            queueRepositoryTask(target.getId(), targetFile);
        }
        // copy source pom to target repo
        String pomFilename = filename;
        if (StringUtils.isNotBlank(artifactTransferRequest.getClassifier())) {
            pomFilename = StringUtils.remove(pomFilename, "-" + artifactTransferRequest.getClassifier());
        }
        pomFilename = FilenameUtils.removeExtension(pomFilename) + ".pom";
        Path pomFile = Paths.get(source.getLocation(), artifactSourcePath.substring(0, artifactPath.lastIndexOf('/')), pomFilename);
        if (pomFile != null && Files.size(pomFile) > 0) {
            copyFile(pomFile, targetPath, pomFilename, fixChecksums);
            queueRepositoryTask(target.getId(), targetPath.resolve(pomFilename));
        }
        // explicitly update only if metadata-updater consumer is not enabled!
        if (!archivaAdministration.getKnownContentConsumers().contains("metadata-updater")) {
            updateProjectMetadata(targetPath.toAbsolutePath().toString(), lastUpdatedTimestamp, timestamp, newBuildNumber, fixChecksums, artifactTransferRequest);
        }
        String msg = "Artifact \'" + artifactTransferRequest.getGroupId() + ":" + artifactTransferRequest.getArtifactId() + ":" + artifactTransferRequest.getVersion() + "\' was successfully deployed to repository \'" + artifactTransferRequest.getTargetRepositoryId() + "\'";
        log.debug("copyArtifact {}", msg);
    } catch (RepositoryException e) {
        log.error("RepositoryException: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    } catch (RepositoryAdminException e) {
        log.error("RepositoryAdminException: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    } catch (IOException e) {
        log.error("IOException: {}", e.getMessage(), e);
        throw new ArchivaRestServiceException(e.getMessage(), e);
    }
    return true;
}

Example 2 with AuthorizationException

use of org.apache.archiva.redback.authorization.AuthorizationException in project archiva by apache.

the class ArchivaServletAuthenticator method isAuthorized.

@Override
public boolean isAuthorized(String principal, String repoId, String permission) throws UnauthorizedException {
    try {
        User user = securitySystem.getUserManager().findUser(principal);
        if (user == null) {
            throw new UnauthorizedException("The security system had an internal error - please check your system logs");
        }
        if (user.isLocked()) {
            throw new UnauthorizedException("User account is locked.");
        }
        AuthenticationResult authn = new AuthenticationResult(true, principal, null);
        SecuritySession securitySession = new DefaultSecuritySession(authn, user);
        return securitySystem.isAuthorized(securitySession, permission, repoId);
    } catch (UserNotFoundException e) {
        throw new UnauthorizedException(e.getMessage(), e);
    } catch (AuthorizationException e) {
        throw new UnauthorizedException(e.getMessage(), e);
    } catch (UserManagerException e) {
        throw new UnauthorizedException(e.getMessage(), e);
    }
}

Example 3 with AuthorizationException

use of org.apache.archiva.redback.authorization.AuthorizationException in project archiva by apache.

the class ArchivaDavResourceFactory method isAuthorized.

protected boolean isAuthorized(DavServletRequest request, String repositoryId) throws DavException {
    try {
        AuthenticationResult result = httpAuth.getAuthenticationResult(request, null);
        SecuritySession securitySession = httpAuth.getSecuritySession(request.getSession(true));
        return // 
        servletAuth.isAuthenticated(request, result) && // 
        servletAuth.isAuthorized(// 
        request, // 
        securitySession, // 
        repositoryId, WebdavMethodUtil.getMethodPermission(request.getMethod()));
    } catch (AuthenticationException e) {
        // safety check for MRM-911
        String guest = UserManager.GUEST_USERNAME;
        try {
            if (servletAuth.isAuthorized(guest, ((ArchivaDavResourceLocator) request.getRequestLocator()).getRepositoryId(), WebdavMethodUtil.getMethodPermission(request.getMethod()))) {
                return true;
            }
        } catch (UnauthorizedException ae) {
            throw new UnauthorizedDavException(repositoryId, "You are not authenticated and authorized to access any repository.");
        }
        throw new UnauthorizedDavException(repositoryId, "You are not authenticated");
    } catch (MustChangePasswordException e) {
        throw new UnauthorizedDavException(repositoryId, "You must change your password.");
    } catch (AccountLockedException e) {
        throw new UnauthorizedDavException(repositoryId, "User account is locked.");
    } catch (AuthorizationException e) {
        throw new DavException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Fatal Authorization Subsystem Error.");
    } catch (UnauthorizedException e) {
        throw new UnauthorizedDavException(repositoryId, e.getMessage());
    }
}

Example 4 with AuthorizationException

use of org.apache.archiva.redback.authorization.AuthorizationException in project archiva by apache.

the class RssFeedServlet method isAllowed.

/**
 * Basic authentication.
 *
 * @param req
 * @param repositoryId TODO
 * @param groupId      TODO
 * @param artifactId   TODO
 * @return
 */
private boolean isAllowed(HttpServletRequest req, String repositoryId, String groupId, String artifactId) throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException, UnauthorizedException {
    String auth = req.getHeader("Authorization");
    List<String> repoIds = new ArrayList<>();
    if (repositoryId != null) {
        repoIds.add(repositoryId);
    } else if (artifactId != null && groupId != null) {
        if (auth != null) {
            if (!auth.toUpperCase().startsWith("BASIC ")) {
                return false;
            }
            Decoder dec = new Base64();
            String usernamePassword = "";
            try {
                usernamePassword = new String((byte[]) dec.decode(auth.substring(6).getBytes()));
            } catch (DecoderException ie) {
                log.warn("Error decoding username and password: {}", ie.getMessage());
            }
            if (usernamePassword == null || usernamePassword.trim().equals("")) {
                repoIds = getObservableRepos(UserManager.GUEST_USERNAME);
            } else {
                String[] userCredentials = usernamePassword.split(":");
                repoIds = getObservableRepos(userCredentials[0]);
            }
        } else {
            repoIds = getObservableRepos(UserManager.GUEST_USERNAME);
        }
    } else {
        return false;
    }
    for (String repoId : repoIds) {
        try {
            AuthenticationResult result = httpAuth.getAuthenticationResult(req, null);
            SecuritySession securitySession = httpAuth.getSecuritySession(req.getSession(true));
            if (// 
            servletAuth.isAuthenticated(req, result) && // 
            servletAuth.isAuthorized(// 
            req, // 
            securitySession, // 
            repoId, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS)) {
                return true;
            }
        } catch (AuthorizationException e) {
            log.debug("AuthorizationException for repoId: {}", repoId);
        } catch (UnauthorizedException e) {
            log.debug("UnauthorizedException for repoId: {}", repoId);
        }
    }
    throw new UnauthorizedException("Access denied.");
}

Example 5 with AuthorizationException

use of org.apache.archiva.redback.authorization.AuthorizationException in project archiva by apache.

the class DefaultUserRepositories method getAccessibleRepositories.

private List<ManagedRepository> getAccessibleRepositories(String principal, String operation) throws ArchivaSecurityException, AccessDeniedException, PrincipalNotFoundException {
    SecuritySession securitySession = createSession(principal);
    List<ManagedRepository> managedRepositories = new ArrayList<>();
    try {
        List<ManagedRepository> repos = managedRepositoryAdmin.getManagedRepositories();
        for (ManagedRepository repo : repos) {
            try {
                String repoId = repo.getId();
                if (securitySystem.isAuthorized(securitySession, operation, repoId)) {
                    managedRepositories.add(repo);
                }
            } catch (AuthorizationException e) {
                // swallow.
                log.debug("Not authorizing '{}' for repository '{}': {}", principal, repo.getId(), e.getMessage());
            }
        }
        return managedRepositories;
    } catch (RepositoryAdminException e) {
        throw new ArchivaSecurityException(e.getMessage(), e);
    }
}