Search in sources :

Example 11 with UnauthorizedException

use of org.apache.archiva.redback.authorization.UnauthorizedException in project archiva by apache.

the class RepositoryServletSecurityTest method testPutWithValidUserWithNoWriteAccess.

// test deploy with a valid user with no write access
@Test
public void testPutWithValidUserWithNoWriteAccess() throws Exception {
    servlet.setDavSessionProvider(davSessionProvider);
    ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
    archivaDavResourceFactory.setHttpAuth(httpAuth);
    archivaDavResourceFactory.setServletAuth(servletAuth);
    servlet.setResourceFactory(archivaDavResourceFactory);
    AuthenticationResult result = new AuthenticationResult();
    EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
    EasyMock.expect(servletAuth.isAuthenticated(anyObject(HttpServletRequest.class), anyObject(AuthenticationResult.class))).andReturn(true);
    // ArchivaDavResourceFactory#isAuthorized()
    SecuritySession session = new DefaultSecuritySession();
    EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
    MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
    EasyMock.expect(httpAuth.getSecuritySession(mockHttpServletRequest.getSession(true))).andReturn(session);
    EasyMock.expect(httpAuth.getSessionUser(mockHttpServletRequest.getSession())).andReturn(new SimpleUser());
    EasyMock.expect(servletAuth.isAuthenticated(anyObject(HttpServletRequest.class), eq(result))).andReturn(true);
    EasyMock.expect(servletAuth.isAuthorized(anyObject(HttpServletRequest.class), eq(session), eq("internal"), eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD))).andThrow(new UnauthorizedException("User not authorized"));
    httpAuthControl.replay();
    servletAuthControl.replay();
    InputStream is = getClass().getResourceAsStream("/artifact.jar");
    assertNotNull("artifact.jar inputstream", is);
    mockHttpServletRequest.addHeader("User-Agent", "foo");
    mockHttpServletRequest.setMethod("PUT");
    mockHttpServletRequest.setRequestURI("/repository/internal/path/to/artifact.jar");
    mockHttpServletRequest.setContent(IOUtils.toByteArray(is));
    mockHttpServletRequest.setContentType("application/octet-stream");
    MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
    servlet.service(mockHttpServletRequest, mockHttpServletResponse);
    httpAuthControl.verify();
    servletAuthControl.verify();
    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus());
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) SimpleUser(org.apache.archiva.redback.users.memory.SimpleUser) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) InputStream(java.io.InputStream) UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) Test(org.junit.Test)

Example 12 with UnauthorizedException

use of org.apache.archiva.redback.authorization.UnauthorizedException in project archiva by apache.

the class RepositoryServletSecurityTest method testPutWithInvalidUserAndGuestHasNoWriteAccess.

// test deploy with invalid user, and guest has no write access to repo
// 401 must be returned
@Test
public void testPutWithInvalidUserAndGuestHasNoWriteAccess() throws Exception {
    InputStream is = getClass().getResourceAsStream("/artifact.jar");
    assertNotNull("artifact.jar inputstream", is);
    servlet.setDavSessionProvider(davSessionProvider);
    AuthenticationResult result = new AuthenticationResult();
    EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
    servletAuth.isAuthenticated(EasyMock.anyObject(HttpServletRequest.class), EasyMock.anyObject(AuthenticationResult.class));
    EasyMock.expectLastCall().andThrow(new AuthenticationException("Authentication error"));
    servletAuth.isAuthorized("guest", "internal", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
    EasyMock.expectLastCall().andThrow(new UnauthorizedException("'guest' has no write access to repository"));
    httpAuthControl.replay();
    servletAuthControl.replay();
    MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
    mockHttpServletRequest.addHeader("User-Agent", "foo");
    mockHttpServletRequest.setMethod("PUT");
    mockHttpServletRequest.setRequestURI("/repository/internal/path/to/artifact.jar");
    mockHttpServletRequest.setContent(IOUtils.toByteArray(is));
    mockHttpServletRequest.setContentType("application/octet-stream");
    MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
    servlet.service(mockHttpServletRequest, mockHttpServletResponse);
    httpAuthControl.verify();
    servletAuthControl.verify();
    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus());
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) AuthenticationException(org.apache.archiva.redback.authentication.AuthenticationException) InputStream(java.io.InputStream) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) Test(org.junit.Test)

Aggregations

UnauthorizedException (org.apache.archiva.redback.authorization.UnauthorizedException)12 AuthenticationResult (org.apache.archiva.redback.authentication.AuthenticationResult)9 SecuritySession (org.apache.archiva.redback.system.SecuritySession)7 DefaultSecuritySession (org.apache.archiva.redback.system.DefaultSecuritySession)5 Test (org.junit.Test)5 AuthenticationException (org.apache.archiva.redback.authentication.AuthenticationException)4 Path (java.nio.file.Path)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 AuthorizationException (org.apache.archiva.redback.authorization.AuthorizationException)3 AccountLockedException (org.apache.archiva.redback.policy.AccountLockedException)3 MustChangePasswordException (org.apache.archiva.redback.policy.MustChangePasswordException)3 User (org.apache.archiva.redback.users.User)3 DavException (org.apache.jackrabbit.webdav.DavException)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 IOException (java.io.IOException)2 InputStream (java.io.InputStream)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2