Search in sources :

Example 11 with DefaultSecuritySession

use of org.apache.archiva.redback.system.DefaultSecuritySession in project archiva by apache.

the class SecuritySystemStub method authenticate.

@Override
public SecuritySession authenticate(AuthenticationDataSource source) throws AuthenticationException, UserNotFoundException, AccountLockedException {
    AuthenticationResult result = null;
    SecuritySession session = null;
    if (users.get(source.getUsername()) != null) {
        result = new AuthenticationResult(true, source.getUsername(), null);
        User user = new JpaUser();
        user.setUsername(source.getUsername());
        user.setPassword(users.get(source.getUsername()));
        session = new DefaultSecuritySession(result, user);
    } else {
        result = new AuthenticationResult(false, source.getUsername(), null);
        session = new DefaultSecuritySession(result);
    }
    return session;
}
Also used : User(org.apache.archiva.redback.users.User) JpaUser(org.apache.archiva.redback.users.jpa.model.JpaUser) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) JpaUser(org.apache.archiva.redback.users.jpa.model.JpaUser) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)

Example 12 with DefaultSecuritySession

use of org.apache.archiva.redback.system.DefaultSecuritySession in project archiva by apache.

the class DefaultUserRepositories method createSession.

private SecuritySession createSession(String principal) throws ArchivaSecurityException, AccessDeniedException {
    User user;
    try {
        user = securitySystem.getUserManager().findUser(principal);
        if (user == null) {
            throw new ArchivaSecurityException("The security system had an internal error - please check your system logs");
        }
    } catch (UserNotFoundException e) {
        throw new PrincipalNotFoundException("Unable to find principal " + principal + "", e);
    } catch (UserManagerException e) {
        throw new ArchivaSecurityException(e.getMessage(), e);
    }
    if (user.isLocked()) {
        throw new AccessDeniedException("User " + principal + "(" + user.getFullName() + ") is locked.");
    }
    AuthenticationResult authn = new AuthenticationResult(true, principal, null);
    authn.setUser(user);
    return new DefaultSecuritySession(authn, user);
}
Also used : UserNotFoundException(org.apache.archiva.redback.users.UserNotFoundException) User(org.apache.archiva.redback.users.User) UserManagerException(org.apache.archiva.redback.users.UserManagerException) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult)

Example 13 with DefaultSecuritySession

use of org.apache.archiva.redback.system.DefaultSecuritySession in project archiva by apache.

the class ArchivaServletAuthenticatorTest method testIsAuthorizedUserHasWriteAccess.

@Test
public void testIsAuthorizedUserHasWriteAccess() throws Exception {
    createUser(USER_ALPACA, "Al 'Archiva' Paca");
    assignRepositoryManagerRole(USER_ALPACA, "corporate");
    UserManager userManager = securitySystem.getUserManager();
    User user = userManager.findUser(USER_ALPACA);
    AuthenticationResult result = new AuthenticationResult(true, USER_ALPACA, null);
    SecuritySession session = new DefaultSecuritySession(result, user);
    boolean isAuthorized = servletAuth.isAuthorized(request, session, "corporate", ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD);
    assertTrue(isAuthorized);
    restoreGuestInitialValues(USER_ALPACA);
}
Also used : User(org.apache.archiva.redback.users.User) UserManager(org.apache.archiva.redback.users.UserManager) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) Test(org.junit.Test)

Example 14 with DefaultSecuritySession

use of org.apache.archiva.redback.system.DefaultSecuritySession in project archiva by apache.

the class RepositoryServletSecurityTest method testPutWithValidUserWithNoWriteAccess.

// test deploy with a valid user with no write access
@Test
public void testPutWithValidUserWithNoWriteAccess() throws Exception {
    servlet.setDavSessionProvider(davSessionProvider);
    ArchivaDavResourceFactory archivaDavResourceFactory = (ArchivaDavResourceFactory) servlet.getResourceFactory();
    archivaDavResourceFactory.setHttpAuth(httpAuth);
    archivaDavResourceFactory.setServletAuth(servletAuth);
    servlet.setResourceFactory(archivaDavResourceFactory);
    AuthenticationResult result = new AuthenticationResult();
    EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
    EasyMock.expect(servletAuth.isAuthenticated(anyObject(HttpServletRequest.class), anyObject(AuthenticationResult.class))).andReturn(true);
    // ArchivaDavResourceFactory#isAuthorized()
    SecuritySession session = new DefaultSecuritySession();
    EasyMock.expect(httpAuth.getAuthenticationResult(anyObject(HttpServletRequest.class), anyObject(HttpServletResponse.class))).andReturn(result);
    MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
    EasyMock.expect(httpAuth.getSecuritySession(mockHttpServletRequest.getSession(true))).andReturn(session);
    EasyMock.expect(httpAuth.getSessionUser(mockHttpServletRequest.getSession())).andReturn(new SimpleUser());
    EasyMock.expect(servletAuth.isAuthenticated(anyObject(HttpServletRequest.class), eq(result))).andReturn(true);
    EasyMock.expect(servletAuth.isAuthorized(anyObject(HttpServletRequest.class), eq(session), eq("internal"), eq(ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD))).andThrow(new UnauthorizedException("User not authorized"));
    httpAuthControl.replay();
    servletAuthControl.replay();
    InputStream is = getClass().getResourceAsStream("/artifact.jar");
    assertNotNull("artifact.jar inputstream", is);
    mockHttpServletRequest.addHeader("User-Agent", "foo");
    mockHttpServletRequest.setMethod("PUT");
    mockHttpServletRequest.setRequestURI("/repository/internal/path/to/artifact.jar");
    mockHttpServletRequest.setContent(IOUtils.toByteArray(is));
    mockHttpServletRequest.setContentType("application/octet-stream");
    MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
    servlet.service(mockHttpServletRequest, mockHttpServletResponse);
    httpAuthControl.verify();
    servletAuthControl.verify();
    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, mockHttpServletResponse.getStatus());
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) SimpleUser(org.apache.archiva.redback.users.memory.SimpleUser) SecuritySession(org.apache.archiva.redback.system.SecuritySession) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) InputStream(java.io.InputStream) UnauthorizedException(org.apache.archiva.redback.authorization.UnauthorizedException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) DefaultSecuritySession(org.apache.archiva.redback.system.DefaultSecuritySession) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) AuthenticationResult(org.apache.archiva.redback.authentication.AuthenticationResult) Test(org.junit.Test)

Aggregations

AuthenticationResult (org.apache.archiva.redback.authentication.AuthenticationResult)14 DefaultSecuritySession (org.apache.archiva.redback.system.DefaultSecuritySession)14 SecuritySession (org.apache.archiva.redback.system.SecuritySession)13 Test (org.junit.Test)10 User (org.apache.archiva.redback.users.User)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)6 UnauthorizedException (org.apache.archiva.redback.authorization.UnauthorizedException)5 Path (java.nio.file.Path)4 HttpSession (javax.servlet.http.HttpSession)4 UserManager (org.apache.archiva.redback.users.UserManager)4 SimpleUser (org.apache.archiva.redback.users.memory.SimpleUser)4 InputStream (java.io.InputStream)3 UserManagerException (org.apache.archiva.redback.users.UserManagerException)3 UserNotFoundException (org.apache.archiva.redback.users.UserNotFoundException)3 AuthenticationException (org.apache.archiva.redback.authentication.AuthenticationException)2 AuthorizationException (org.apache.archiva.redback.authorization.AuthorizationException)2 IOException (java.io.IOException)1