use of org.apache.archiva.redback.system.DefaultSecuritySession in project archiva by apache.
the class SecuritySystemStub method authenticate.
@Override
public SecuritySession authenticate(AuthenticationDataSource source) throws AuthenticationException, UserNotFoundException, AccountLockedException {
AuthenticationResult result = null;
SecuritySession session = null;
if (users.get(source.getUsername()) != null) {
result = new AuthenticationResult(true, source.getUsername(), null);
User user = new JpaUser();
user.setUsername(source.getUsername());
user.setPassword(users.get(source.getUsername()));
session = new DefaultSecuritySession(result, user);
} else {
result = new AuthenticationResult(false, source.getUsername(), null);
session = new DefaultSecuritySession(result);
}
return session;
}
use of org.apache.archiva.redback.system.DefaultSecuritySession in project archiva by apache.
the class DefaultUserRepositories method createSession.
private SecuritySession createSession(String principal) throws ArchivaSecurityException, AccessDeniedException {
User user;
try {
user = securitySystem.getUserManager().findUser(principal);
if (user == null) {
throw new ArchivaSecurityException("The security system had an internal error - please check your system logs");
}
} catch (UserNotFoundException e) {
throw new PrincipalNotFoundException("Unable to find principal " + principal + "", e);
} catch (UserManagerException e) {
throw new ArchivaSecurityException(e.getMessage(), e);
}
if (user.isLocked()) {
throw new AccessDeniedException("User " + principal + "(" + user.getFullName() + ") is locked.");
}
AuthenticationResult authn = new AuthenticationResult(true, principal, null);
authn.setUser(user);
return new DefaultSecuritySession(authn, user);
}
use of org.apache.archiva.redback.system.DefaultSecuritySession in project archiva by apache.
the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasWriteAccess.
@Test
public void testIsAuthorizedUserHasWriteAccess() throws Exception {
createUser(USER_ALPACA, "Al 'Archiva' Paca");
assignRepositoryManagerRole(USER_ALPACA, "corporate");
UserManager userManager = securitySystem.getUserManager();
User user = userManager.findUser(USER_ALPACA);
AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
SecuritySession session = new DefaultSecuritySession(result, user);
boolean isAuthorized = servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
assertTrue(isAuthorized);
restoreGuestInitialValues(USER_ALPACA);
}
use of org.apache.archiva.redback.system.DefaultSecuritySession in project archiva by apache.
the class RepositoryServletSecurityTest method testPutWithValidUserWithNoWriteAccess.
// test deploy with a valid user with no write access
@Test
public void testPutWithValidUserWithNoWriteAccess() throws Exception {
servlet.setDavSessionProvider(davSessionProvider);
ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
archivaDavResourceFactory.setHttpAuth(httpAuth);
archivaDavResourceFactory.setServletAuth(servletAuth);
servlet.setResourceFactory(archivaDavResourceFactory);
AuthenticationResult result = new AuthenticationResult();
EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
EasyMock.expect(servletAuth.isAuthenticated(anyObject(HttpServletRequest.class), anyObject(AuthenticationResult.class))).andReturn(true);
// ArchivaDavResourceFactory#isAuthorized()
SecuritySession session = new DefaultSecuritySession();
EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
EasyMock.expect(httpAuth.getSecuritySession(mockHttpServletRequest.getSession(true))).andReturn(session);
EasyMock.expect(httpAuth.getSessionUser(mockHttpServletRequest.getSession())).andReturn(new SimpleUser());
EasyMock.expect(servletAuth.isAuthenticated(anyObject(HttpServletRequest.class), eq(result))).andReturn(true);
EasyMock.expect(servletAuth.isAuthorized(anyObject(HttpServletRequest.class), eq(session), eq("internal"), eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD))).andThrow(new UnauthorizedException("User not authorized"));
httpAuthControl.replay();
servletAuthControl.replay();
InputStream is = getClass().getResourceAsStream("/artifact.jar");
assertNotNull("artifact.jar inputstream", is);
mockHttpServletRequest.addHeader("User-Agent", "foo");
mockHttpServletRequest.setMethod("PUT");
mockHttpServletRequest.setRequestURI("/repository/internal/path/to/artifact.jar");
mockHttpServletRequest.setContent(IOUtils.toByteArray(is));
mockHttpServletRequest.setContentType("application/octet-stream");
MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
servlet.service(mockHttpServletRequest, mockHttpServletResponse);
httpAuthControl.verify();
servletAuthControl.verify();
assertEquals(HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus());
}
Aggregations